GDPR Recruitment Privacy Policy

Terms in use in this policy:

Candidate:

Our policy discusses candidates, which is to be understood as having the same meanings and intentions as “data subjects” in the GDPR legislation. The GDPR legislation discusses “data subjects”, which in the context of DIGIT’s policy is taken to mean natural persons that are being considered for open roles, or natural persons who have submitted or otherwise been in contact with DIGIT in relation to potential employment opportunities.

Data Controller:

This is DIGIT, and DIGIT’s recruiting team, that collects the data for recruiting purposes.

Data Processor:

Applicant Tracking Systems (ATS) – the software provider(s) that process candidate information on DIGIT’s behalf.

Personal Data:

Any information related to a “data subject”, [candidate in DIGIT’s policy], that can be used directly or indirectly to identify that person. This data can range from their name, address, photo, email address, IP address bank details, medical information to social media posts. See point 3 below for the limited data collected and processed by DIGIT.

Policy Outline:

1. Location

DIGIT Game Studios is located at 4, Princes St South, City Quay, Dublin 2 DO2 NX57, Ireland.
Our recruitment team can be contacted at jobs@digitgaming.com.

2. How is data used?

Data obtained, from both actively-sourced candidates and passive application candidates (referred to as ‘candidate” or “candidates”), will be used solely in respect of the recruitment function. Data collected allows us to screen a candidate’s skillset, to make the appropriate decision on whether the application matches with the requirements of the role advertised/applied for.

3. What data is stored?

The data that we keep on candidates is confined to:

• relevant contact details – name, address, email address, phone number, CV.
• date application received

4. With whom is the data shared?

The data is first seen by the recruiting team, who :

• If for a current role, then shares the data with the relevant hiring manager.
• If an unsolicited/speculative/cold/passive application, contacts the applicant to tell them what will happen with their application and data.

5. Where is data sourced from?

The recruiting team actively sources candidate data from the mainstream hiring websites, such as:

• LinkedIn
• Indeed
• Unity
• as well as from relevant employment agencies, and internal referrals.

The team also receives unsolicited or cold applications, for roles that may or may not exist.

Any candidate contacted will be told, upon being contacted, where the recruiter found their data.

6. Where is data processed and stored?

All candidate data is processed at the Dublin office (address above), and stored on Workable, a third party Applicant Tracking System (ATS). Workable is DIGIT’s data processor.

7. How long does DIGIT retain data?

All candidates have the right to have their data deleted on request, and we ensure this action will be taken and completed no later than 30 days from the date of such request being received.

Once we have sourced data relating to a particular candidate, our policy is either to have contacted that candidate within 30 days of finding their data, and to continue to hold that data until the recruitment process is completed (i.e. the candidate is hired or not hired), or until the candidate requests their data be deleted. If the candidate is not hired, their data is deleted, unless we actively request and explicitly gain their free consent to retain it, this subsequent consent again being subject to this policy.

In the event we have not contacted that candidate within the 30 days outlined above, we will immediately delete their data from our ATS.

8. What rights does a candidate have under GDPR?

The candidate has the following rights under the GDPR:

• The Right to Be Forgotten: The candidate can ask that we stop processing, stop sharing and to delete their personal data. This request must be complied with, and all data deleted, within a month of receipt of the request. This right is also known as Data Erasure. We will fully comply with this right, noting only that we are required to compare the candidate’s rights with that of the “public interest in the availability of the data”, as prescribed under the GDPR regulation, when considering the data deletion request.
• Data Portability: A candidate can receive personal data concerning them, which they have previously provided in a “commonly used and machine readable format”, and the right to transmit that data to another controller.
• Right of Access and Rectification: Candidates can obtain whether their personal data is being processed by the data controller, where, and for what purpose. Candidates can also ask that such data is corrected, to address or rectify any inaccuracies. The timeline for the data controller to comply with these requests is 30 days from date of the request. In addition, the controller must make available to the candidate, free of charge and in an electronic format, a copy of the personal data.

9. How to contact DIGIT regarding the processing of personal data

A candidate can exercise their rights by:

• contacting DIGIT at jobs@digitgaming.com
• sending a letter or other written communication to the company Headquarters at 4 Princes St South, City Quay, Dublin 2, for attention of the Recruiting Team
• sending DIGIT a message via the social media channels

10. How a candidate’s data is protected by DIGIT

DIGIT and their ATS partners adhere to the highest international security standards.
Candidate data is stored offsite on the ATS partners servers, which themselves are highly protected.
When a data request is received, the requestor may be asked to identify themselves, in order to ascertain the authenticity of the requestor.