Privacy Policy for candidates

Last updated: November 2021
Introduction
This Policy is provided to inform individuals who apply for a job with or to provide services to the Kantar group of companies (collectively, “Kantar”) about how we collect, store and use the personal data you provide before and during the application process. We ask you to read this Policy carefully. For the purpose of this Policy, the definition of ‘personal data’ is information which relates to and can identify a living individual and/or a specific household, if you are located in California. The data controller responsible for your personal data is the Kantar entity to which you are applying or providing services.

Collection of personal data:

The table below describes the categories and types of personal data that Kantar may collect and process about
you in the preceding 12 months and that we may collect and process about you during the recruitment process.

 

 Category of Personal Data  Type of Personal Data
  • Contact information
  • Name, postal address, personal phone number, personal email
    address, and emergency contact details.
  • Identification information
  • Gender, date of birth, passport information, driver’s licence or
    government-issued ID number, vehicle licence plate number,
    national insurance number, immigration status and right to work
    documentation, nationality, and where permitted, personal data
    that is protected by applicable law, including information
    concerning your health, race, sexuality, religion and ethnicity to
    facilitate equal opportunities monitoring, trade union information
    and criminal background data.
  • Application information
  • Candidate details, CV/resume and covering letter, status, current
    employer, job history, work and corporate title, education,
    qualifications, references, desired function, salary and work
    location, licences, certificates, work experience, business travel
    information, information obtained from public searches, including
    social media, and information relating to outside business
    activities.
  • Assessment information
  • Assessments and interviews, screening and other information
    collected during the assessment process (including during phone
    or video calls, emails and other correspondence).
  • System information
  • Internet login information (including websites visited, applications
    downloaded, computer IP address, device identifiers and type of
    operating system and browser type used) as part of any
    application/candidate portal, information regarding
    communications sent or received via Kantar’s or third party
    systems, building access monitoring, including controls for
    building access, security controls and CCTV footage.
  • Any other information you submit
    to us or we request from you
  • Signatures, photographs, opinions, references, your location, and
    other personal data you provide.

 

 

We collect the personal data referred to above directly from you, from third parties and from public sources:

 

  • From you, such as through Kantar’s websites or to its internal or external teams, the application processed
    or via or forms or information you provide in connection with your job application.
  • From affiliated third parties, such as clients and colleagues.
  • From unaffiliated third parties, such as recruiters and employment agencies, websites and job boards, references from third parties, background check providers (subject to the requirements of applicable law), academic institutions, benefits providers (about benefit usage or eligibility), government agencies, certification bodies and other third parties as required or permitted by law.
  • From publicly available sources, such as websites, social media platforms and similar channels.

You may be requested to provide the personal data described above as part of the application and recruitment process. If you fail to provide certain personal data when requested, and it is necessary for Kantar to consider that personal data for your application (for example, evidence of your qualifications or work history) or otherwise to comply with our legal or contractual obligations, Kantar will not be able to process your application or continue the recruitment process. In all other cases the provision of your personal data is voluntary.

We will never misrepresent ourselves or what we are doing. If you receive an email that concerns you, purporting to be from us, please let us know as shown below in ‘How to contact us’.

Use of personal data:

We will only use your personal data for the purpose or purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose or we have another legal basis to do so. The table below describes the purposes for which Kantar processes your personal data, and any other personal data you give us or we receive, as well as the legal basis for the use of your personal data.

 Purpose of Processing  Legal Basis             
  • Processing your application and
    managing the recruitment process.
  • Assessing your skills, qualifications
    and suitability for the role.
  • Verifying your identity.
  • Communicating with you about the
    recruitment process.
  • Where necessary to review and assess your application in
    order to enter into a contract with you, including precontractual
    steps.
  • Keeping records relating to the hiring
    process.
  • Conducting business management
    and financial forecasting.
  • Maintaining the security of Kantar’s
    facilities, equipment and electronic
    platforms.
  •  Monitoring compliance with Kantar’s
    protocols and policies.
  • Taking reasonably necessary steps to
    ensure Kantar has appropriate and
    effective health screening measures in place.
  • Protecting our legitimate business
    interests and legal rights. This includes
    use in connection with legal claims,
    compliance, regulatory, auditing,
    investigative and disciplinary purposes
    (including disclosure of personal data
    in connection with legal process or
    litigation) and other ethics and
    compliance reporting tools.
  • Where necessary for Kantar’s legitimate interests and
    where our interests are not overridden by your data
    protection rights.
  • Personal data revealing race, ethnic
    origin, sexual orientation and any
    disability may be processed in order to
    facilitate effective equal opportunities
    monitoring and/or to comply with legal
    obligations.
  • Where necessary for the purposes of carrying out
    obligations in the field of employment and social security
    and social protection law under local law.
  • Where required or permitted by
    applicable law, Kantar may ask you for
    your consent to carry out certain
    processing activities, including
    verification and background checks,
    and to keep you informed about future
    job opportunities with Kantar.
  • Where you have given your consent if required by law.
  • Fulfilling our legal obligations to
    conduct background, screening and
    eligibility to work checks, where
    applicable.
  • Providing a safe working environment
    for Kantar’s employees and other
    individuals who visit its premises.
  • Disclosures to law enforcement
    agencies or in connection with legal
    claims, health and safety compliance,
    regulatory, investigative and
    disciplinary purposes (including
    disclosure of personal data in
    connection with legal process or
    litigation).
  • Where necessary to comply with a legal obligation.

 

Third parties and data transfer across borders:

We collect and process personal data for the purposes described above, but we do not share or sell your personal data to any third parties, unless it is required by law or you have agreed otherwise.

Your personal data may be collected, stored, transferred or processed by our sister companies within the Kantar group, or 3rd party service providers for application-related purposes, such as data processing, both within and outside the UK and the EEA. All parties are contractually bound to keep any information they collect and disclose to us, or we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own. If your personal data has been transferred to, stored, or otherwise processed to a territory outside the UK or EEA (as applicable) and that territory has not been recognised as providing an adequate level of protection of personal data, we will put in place an appropriate legal safeguard. For example,
standard contractual clauses approved by the European Commission and other relevant authorities, working with parties that have implemented binding corporate rules or other intra-group processes, obtaining your consent to transfer personal data, (where the transfer is necessary for the performance of a contract) between us or where a contract was entered into on your behalf, or where the transfer is necessary to establish, exercise or defend legal claims.

 

Confidentiality, security and industry requirements:

We have appropriate technological and organisational measures in place to protect your personal data and take all reasonable steps to ensure your personal data is processed securely. All information you provide to us is stored in secure servers and environments. Unfortunately, no data transmission can be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. Once we receive your transmission, we will take reasonable steps to ensure our systems are secure.

All our third party contractors, site service providers and employees are contractually obliged to follow our policies and procedures regarding confidentiality, security and privacy. We may disclose your personal data to third parties when you request or consent to sharing your identifying information and/or individual responses with a third party for a specified purpose.

Accuracy:

We take all reasonable steps to keep your personal data accurate, complete, current and relevant, based on the most recent information provided to us. If you would like to update your personal data, please contact us using the details provided below. We rely on you to help us keep your personal information accurate, complete and current and you are responsible for ensuring that we are notified of any updates or changes to your personal data.

 

Rights of individuals:

To request access to personal data that we hold about you, you should submit your request in writing to the email address or postal address shown below in “How to Contact Us”. When you make a request, you should indicate the division or entity of Kantar to which you are making the request.

If you contact us using an email address or contact details for which we do not hold a record of, you will also need to provide a copy of a valid government issued or official identification (such as driver’s licence or passport).

You may have the following rights in relation to your personal data:

  • Right to change your mind and to withdraw your consent
  • Right to access your personal data
  • Right to rectify your personal data
  • Right to erase your personal data from our systems, unless we have an overriding legitimate interest for continuing to process the information
  • Right to port your personal data (portability right)
  • Right to restrict processing of your personal data
  • Right to object to the processing of your personal data
  • Right to not be discriminated against for exercising any of the rights available to you under applicable data protection laws

 

You also have the right to lodge a complaint with your competent data protection regulator. However, we would appreciate the opportunity to address your concerns before you do this, so please contact us in the first instance.

Your rights may be limited – for example, if fulfilling your request would reveal personal data about another person, where it would infringe the rights of a third party (including our rights) or if you ask us to delete data which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.

If necessary, we will notify any other parties such as our suppliers or service providers to whom we have transferred your personal data of any changes that we make when you make a request. Note that while we communicate to these third parties, we are not responsible for the actions taken by these third parties to answer your request. You may be able to access your personal data held by these third parties and correct, amend or delete it where it is inaccurate.

 

Data storage and retention:

Personal data will be retained only for such period as is appropriate for its intended and lawful use, unless we are otherwise required to do so by law. Kantar retains the information collected about applicants until an application decision is made and for a certain period thereafter, unless you have asked us or otherwise agreed to us keeping your information on file so that we can let you know about relevant opportunities in the future. For applicants that are successful, Kantar will retain your personal data as described in our Employee Privacy Policy. Personal data that is no longer required will be disposed of in ways that ensure their confidential nature is not compromised.

As part of the Company Business Continuity plan and as required by ISO 27001, ISO 9001, ISO 20252 certifications where held, and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and the physical media destroyed to ensure the data is erased completely.

 

Notification of material changes:

We keep our Policy under regular review and it may be amended from time to time. We will record when the Policy was last revised.

 

Automated decision making / profiling:

In certain circumstances we shall carry out automated decision making or profiling about you. However, in the majority of cases this will not result in any legally significant decisions being made about you. You have the right to appeal if any automated decision made about you is legally significant. If you have any questions about this, please contact us.

 

How to contact us:

If you are not happy with the way we have processed your personal data, we’d like a chance to put that right. Please contact us at Info@kantar.com or in writing to Kantar, 6 More London Place, London SE1 2QY and we will have somebody contact you. If you are based in California, you can contact us on the toll-free number +1866-471-1399.

We will investigate all complaints and attempt to resolve those that we find are justified. If necessary, we will amend our policies and procedures to ensure that other individuals do not experience the same problem.

If you have any questions or comments, you may contact Kantar’s Data Protection Officer. Please email DataProtection@Kantar.com.