Go to the main content section.Welcome. You are not signed in. Sign In Beginning of the main content section. Printable Format The action cannot be completed. Cookies are not enabled on your browser. Please enable cookies in your browser preferences and refresh your browser to continue. 

Privacy Agreement 

GP Strategies Job Applicant
Data Privacy PROTECTION PRACTICES
WELCOME TO GP STRATEGIES     Version: May 2018

 

Introduction


GP Strategies is committed to protecting personal data provided to us by applicants, employees, clients and visitors.  This statement ("Statement") explains how we use and protect personal data we collect when you apply for possible employment with GP Strategies.  It applies to any personal data you provide to GP Strategies and any personal data we collect from other sources.

 

Throughout this Statement, "GP Strategies" refers to the GP Strategies Corporation and all affiliated companies and subsidiaries (also referred to as "we", "us", or "our"). 

 

GP Strategies Privacy Policy

 

GP Strategies uses the European Union General Data Protection Regulation (GDPR) and the EU-U.S. Privacy Shield Principles to guide its worldwide policy and compliance framework for data privacy.  Some countries have requirements beyond what the GDPR prescribes.  If GP Strategies conducts business in any such country, we will comply as applicable.  GP Strategies’ global privacy policy is available here.

 

Information Regarding Your Personal Data

 

As an applicant you are providing personal data to GP Strategies. In order to comply with our policy and applicable laws, we are required to provide you with the following information regarding our handling of your personal data.

 

Identity and contact details of the controller and data protection officers: The GP Strategies entity to which you are applying is the “controller” (as defined in the GDPR) of the data you submit for evaluation.  If you have any questions relating to this Statement, please contact us by regular mail at GP Strategies Global Privacy Office, GP Strategies Corporation, Suite 200, 70 Corporate Center, 11000 Broken Land Pkwy, Columbia, MD  21044 USA.  GP Strategies also has designated a group of data protection officers whom you can contact which serves as an alternate or in an ombudsman role for data protection information on our policy, standards and practices.  These designees change from time to time so contact the HR Department for the designee for your part of the world. 

 

Purpose and legal basis for the processing: We generally collect personal data from applicants only as needed in connection with the pursuit of our legitimate interests, to the extent these are not overridden by your rights. In some cases, we may collect information from you to comply with a legal obligation.
If we ask you to provide personal data to comply with a legal requirement, we will advise you whether the provision of the data is mandatory or not, as well as of the consequences if you do not provide the data.
It is in GP Strategies’ legitimate interest as an employer to collect information from applicants to learn about you and the talents you can bring to our organization, to assess your application, to ensure compliance with client and regulatory requirements for hiring, and to make decisions as part of our recruitment processes.  GP Strategies has a legitimate interest in fully assessing applicants to ensure that only suitable and appropriate candidates are selected, to compare candidates and make a fair decision on the most appropriate candidate for the position.

 

Categories of personal data we collect from applicants:  The information you may provide to us includes name, identification numbers (your driver’s license, passport details, identity card details, statutory details), location data (your home and correspondence addresses including zip codes/postal codes), date of birth, citizenship and nationality details, employment details, an online identifier (email address), contact information (personal phone number and potentially the personal data of reference contacts),  health information and economic data (salary requirements). We only request any of this information to the extent it is permitted by the laws of the location of the applicable GP Strategies entity.

 

Non-GP Strategies recipient(s) or categories of recipients of job applicant personal data: Except as provided in this section, the GP Strategies entity that is the controller of your personal data does not share this with any third party other than GP Strategies entities without your consent. In connection with the application process, GP Strategies uses a Taleo talent management system that is operated on behalf of GP Strategies under a contract with Oracle and hosted on Oracle’s servers which are located in the United States of America. Oracle is certified under the EU-US Privacy Shield Program and GP Strategies has a contract with Oracle that includes appropriate safeguards protecting applicants’ personal data as required by applicable data protection requirements.

 

Details of transfers to third country and safeguards: Applicants’ personal data will be transferred to a data center storage location either in the United Kingdom or the United States depending on the specific routing structure.  This data is transferred and stored in an encrypted format.  Job applicant data may be viewed when resident at the data center site or may be sent to application reviewers in countries outside of the United Kingdom, the United States, and the country of the job applicant.  These countries may not necessarily have data protection laws as comprehensive as those in your country. We will have taken appropriate safeguards to protect your personal information in accordance with this Statement and applicable law wherever it is processed.  These safeguards include implementing the European Commission Standard Contractual Clauses for transfers of personal information between GP Strategies companies and our self-certification to the Privacy Shield Framework for transfers to the United States.

 

Retention period or criteria used to determine the retention period of job applicant privacy data:  The period of retention for a job applicant who becomes an employee is continuous during the period of employment and is part of the Human Resources Department personnel file for the employee.  Job applicants who are not chosen for a position will have their privacy data held on file for five years.  The applicant data is then deleted.  The applicant data is held on file in the event an initial selectee is not retained or leaves the firm and the existing candidate files will be used to expedite an offer to an applicant.

 

Your rights as the data subject:  Under the GDPR and similar data protection laws, you have certain rights regarding the use of your personal data, which GP Strategies acknowledges and supports, including: 
  • The right of access; 
  • The right to rectification or erasure; 
  • The right to restrict processing; 
  • The right to portability;
  • The right to object (in certain circumstances); 
  • The right to withdraw consent (if we have obtained consent as the legal basis for our processing); and
  • The right to lodge a complaint with a supervisory authority.
 

GP Strategies encourages applicants with a potential complaint to first initiate contact with the Human Resources Department representative responsible for the application intake and review process.  Alternatively, the applicant can inquire with the HR representative for the name of the Data Protection Officer (DPO) responsible for ombudsman and information support for the geographical area of the applicant.
To review additional information about your rights, see our web and social media sites Frequently Asked Questions (FAQ) and Fact Sheets about protections, choices and to make changes, where allowed, for use of your personal information.

 

Information we obtain from sources other than you: As part of GP Strategies’ review of applicants, GP Strategies may be required by clients, government agencies and internal policies to fulfill requirements to conduct background checks that add to the information provided by the job applicant or to verify the information provided by the applicant.  These verifications and research activities do not include the collection of additional personal data.  GP Strategies routinely verifies higher education credentials, employment history, and criminal history and/or pending criminal charges as provided by the candidate. 
GP Strategies does engage third parties to conduct these additional research activities because these requirements are sometimes very specific on a country by country basis, after obtaining your consent to do so.  These research firms then become a sub-processor of personal data for GP Strategies.  As part of our contract with any sub-processor, we contractually require them to secure personal data to the same standards we do under the law.

 

Collection of personal data on GP Strategies social media or web sites:

 

GP Strategies collects contact information which is considered privacy information when anyone visits GP Strategies social media and web sites.  Automated collection technologies that GP and many firms use may include the use of web server logs to collect IP addresses, "cookies" and web beacons.  The collection of this information will allow us to improve the effectiveness of GP websites and our marketing activities. Information regarding our use of these means and the information we collect by them is available here.