Candidate Privacy Notice.
1. PURPOSE AND SCOPE
We are committed to the protection and promotion of your privacy. In connection with your application for a job with us at The Foundry Visionmongers Ltd or its group company, (“Foundry”, "we", "us"), it is necessary for us to collect, store and use information about you to administer and evaluate your application. We are the “Controller” of the Personal Data you provide us and will Process any such Personal Data in accordance with Applicable Data Protection Laws and the statements contained in this Candidate Privacy Notice.
In order to promote the coordinated and secure Processing of your data for purposes of administering the application process, we rely on one or more services and/or centralized human resource information systems that may be operated or administered either by us, by our parent company, Roper Technologies, or by one of its affiliates (collectively, the “Roper Group”). We also may share information about your application with other members of the Roper Group in the event that they have openings that may be a fit for your skillset. This notice (“Notice”) provides relevant information about the Personal Data that is Processed using those systems.
2. ROLES AND RESPONSIBILITIES
Foundry’s Cyber Committee (the “Committee”) has overall responsibility for ensuring compliance with Applicable Data Protection Laws and with this Notice.
If this Notice does not answer your questions, or if you consider that we have not followed this Notice in respect of your Personal Data, then you can get in touch with the Committee by contacting Foundry’s General Counsel by phone, email or post and we will be happy to help.
How to contact us:
- Phone
- +44 (0)20 7479 4350
- legal@foundry.com
- Address
- The General Counsel The Foundry Visionmongers Ltd. 5 Golden Square London W1F 9HT United Kingdom
3. DEFINITIONS
In this Notice the terms set out below have the following meanings:
Applicable Data Protection Laws means to the extent UK GDPR applies means the UK GDPR being the UK retained EU law version of the EU GDPR as defined in the Data Protection Act 2018, to the extent the EU GDPR applies means the General Data Protection Regulation (EU) 2016/679 being the law of the European Union or any member state of the European Union, to the extent the California Consumer Privacy Act applies means the California Consumer Privacy Act, to which you are subject to which relates to the protection of Personal Data; and in each case together with and any associated regulations or instruments, plus other local data protection laws, regulations, regulatory requirements and codes of practice applicable in the jurisdictions Foundry offices are located. It also includes any other legislation, regulations, rules and codes of practice that transpose or supersede the above including any Applicable Data Protection Law amending, replacing and superseding the regulations.
Controllers are the people who or organisations which determine the purposes and manner in which any Personal Data is Processed. They have a responsibility to establish practices and policies in line with Applicable Data Protection Law. Foundry acts as a Controller in respect of some of the Personal Data Processed within our business.
Data Subjects means a living, identified or identifiable individual about whom we hold Personal Data. Data subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
EEA refers to the European Economic Area.
Personal data means data or information relating to a Data Subject. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Personal Data to third parties.
Special Category Data means information about a person's racial or ethnic origin, political opinions, religious or philosophical belief, trade union membership, genetic or biometric data, health, sex life or sexual orientation. Personal Data relating to criminal convictions and offences or related security measures are treated separately under Applicable Laws, but shall be treated as Special Category Data for the purposes of this Notice.
UK GDPR means the retained EU law version of the EU GDPR as defined in the Data Protection Act 2018.
4. THE PERSONAL DATA WE COLLECT
We collect Personal Data to manage and administer our relationship with you beginning when you apply for a role with us, during your role, and through your departure from the company. The categories of data we may collect about you fall into the following categories under Applicable Data Protection Laws:
• Personal and contact details: Identification data (e.g., name, identifying numbers, etc.), gender, age and contact details (e-mail, phone numbers, physical address).
• Working status: National Insurance number, driver’s license, health data, ID card data, citizenship, passport data, details of residency, visa or work permit and disability status.
• Personal History: resume data, previous salary information, background check information, previous employment information.
• Candidate information: we create profiles of potential recruits to the business including the individual’s contact details, CV, employment history, salary expectations, work preferences and availability, nationality, notice period, interview-feedback, assessment details, screening question responses, job interview notes, and recruitment-related or professional-presence social media profiles.
We may also collect following types of Special Category Data:
• Health Information: details about your health, including any medical condition or disabilities, symptoms and/or test results of Covid-19.
• Ethnicity information: Information about your race or ethinicty.
• Veteran Status (US only): We treat information pertaining to veteran status as Special Category Data.
5. WHAT WE USE YOUR PERSONAL DATA FOR AND WHY
Applicable Data Protection Laws require that we Process your Personal Data for purposes that we tell you about and only where we have a lawful basis to do so. The below table sets out our purposes of Processing, the lawful basis of Processing we rely on, and the Personal Data Processed for that purpose.
Where we Process your Personal Data because we have a legitimate interest
We Process these items of your Personal Data because we have legitimate interests in recruiting suitable candidates for our business, to manage and monitor diversity, equality and inclusion, communicating with you, protecting our business operations and assets:
| Our specific legitimate interest | Reason or purpose | Personal data used |
|---|---|---|
| To recruit suitable candidates for our business | To assess your skills, qualifications, and interests against our job opening requirements to further our legitimate interest in identifying qualified applicants |
|
| To protect our business operations and assets | To verify the information you provide us during the application process and conducting reference checks and background checks (where applicable) if you are offered a job |
|
| To communicate with you | To communicate with you about your applications and the recruitment process |
|
Where we process your personal data because you have consented
| Reason or purpose | Personal data used |
|---|---|
| Keeping you informed about other potential job opportunities within the Roper Group |
|
Where we process your Personal Data to comply with our legal obligations
| Reason or purpose | Personal data used |
|---|---|
| We process your Personal Data to meet our legal obligations, including complying with applicable laws, regulations, or legal requirements, responding to legal requirements, or completing any reports required by law. |
|
Where we Process Special Category Data because we are legally obliged to
We collect and use certain types of Special Category Data in limited circumstances where it is necessary for us to protect your interests (e.g., to provide certain job-related accommodations), where we need to do so to comply with specific legal obligations (e.g., equal opportunity or anti-discrimination legislation or employment law), or where we have your explicit consent to use it:
Where we process Special Category Data because we are legally obliged to under employment law
| Reason or purpose | Personal data used |
|---|---|
|
Comply with equal opportunity or anti-discrimination legislation or regulations (where applicable) |
|
| In the course of legal proceedings (including prospective legal proceedings), complying with applicable laws and regulations, obtaining legal advice, establishing or defending legal claims, or otherwise where strictly necessary for the administration of justice in accordance with applicable laws. |
|
6. SOURCES WE COLLECT YOUR PERSONAL DATA FROM
We collect personal data from a range of different sources but primarily directly from you. We collect personal data by the following means:
• Directly from you in the form of your application, resume, and other materials submitted to us;
• Referees you named;
• Publicly available sources: for recruitment purposes, we make use of public records including company websites, industry publications, industry news websites, LinkedIn and other social media where it is used in a professional context.
• Background check service providers (if we extend a conditional offer of a role to you).
If you fail to provide Personal Data when requested and the Personal Data is necessary for us to evaluate your application (e.g., work history), we may not be able to process your application further.
7. WHO WE SHARE YOUR PERSONAL DATA WITH
In certain circumstances, we will share your personal data with third parties:
| Who | Examples of Sharing |
|---|---|
|
Roper UK Limited and Roper Technologies, Inc. (Foundry’s parent companies) |
We may disclose your Personal Data to Roper Group companies for the purpose of you being considered for other roles within the Roper Group. |
|
IT and cloud service providers, support teams and advisors |
We use IT systems and cloud platforms for our everyday business functions including email and document storage and processing recruitment candidates. We also engage third parties to support our systems. |
|
The government or regulators |
Where we are required to do so by law or to assist with their investigations or initiatives, including, in the UK, HMRC and the local health protection team (e.g. a Covid-19 taskforce). |
| Police and law enforcement |
To assist with the investigation and prevention of crime. |
|
Business acquisitions |
If we sell or buy any business or assets, or the shareholders in our corporate group decide to sell any shares, we may disclose your Personal Data to the prospective seller or buyer of such business, assets or shares. |
We will obtain assurances from each third party with whom we share your Personal Data that it will safeguard your Personal Data in a manner consistent with this Notice. If we have knowledge that a third party is using or disclosing Personal Data in a manner contrary to this Notice, we will take reasonable steps to prevent or stop the use or disclosure.
We do not sell or share Personal Data about you to unrelated companies for their independent use.
8. TRANSFERRING YOUR DATA INTERNATIONALLY
If you live in a country in the UK and/or EEA, the Personal Data that we collect from you may be transferred to, and stored at, a destination outside the UK and/or EEA (including to other affiliates of the Roper Group in the US). It may also be Processed by staff operating outside the UK and/or EEA who work for us or for one of our suppliers.
To ensure that your Personal Data is secure, we will only transfer information to a country outside of the UK and/or EEA where we do so in accordance with the Applicable Data Protection Laws. This requires that one of the following conditions apply:
• the European commission or the UK government has decided that the country to which we transfer the Personal Data provides an adequate level of protection for your Personal Data;
• appropriate safeguards are in place such as binding corporate rules, standard contractual clauses approved for use in the UK, an approved code of conduct or a certification mechanism is in place;
• you have provided explicit consent to the proposed transfer after being informed of any potential risks; or
• the transfer is based on an exemption from the GDPR and UK GDPR restrictions on transferring Personal Data outside of the EEA or the UK as applicable.
Foundry and the Roper Group have executed Standard Contractual Clauses, as approved by the European Commission and/or by the United Kingdom’s Information Commissioners’ Office. These clauses permit us (or the Roper Group) to transfer data from the EEA and the UK to third countries, including the United States. Regardless, in all events, we shall apply the provisions of this Notice to your Personal Data wherever it is located.
9. AUTOMATED DECISION MAKING AND PROFILING
Automated decision making happens when a computer uses Personal Data to make decisions about a person without any human intervention which have legal effects or similarly significant effects for the person. We do not engage in any form of automated decision making.
10. HOW LONG WE KEEP YOUR DATA
We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected, unless there is a legal right or obligation to retain the data for a longer period.
11. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
You may have certain rights relating to your Personal Data based on local Applicable Data Protection Laws. These include::
Under certain circumstances, you have the following rights in relation to your Personal Data:
• The right of access to your personal data: This enables you to receive a copy of the personal information we hold about you and check that we are lawfully processing it.
• The right to have your personal data rectified: This enables you to have any incomplete or inaccurate information we hold about you corrected.
• The right to deletion of your personal data: This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it, you withdraw your consent, we are unlawfully holding your personal data or we should erase your personal data to comply with applicable data protection laws. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• The right to object to processing of your personal data: This applies where we are relying on a legitimate interest (or those of a third party) as a legal basis for our processing and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object to us processing your personal data where we are processing your personal information for profiling and/or for direct marketing purposes.
• The right to restriction of processing of your personal data: This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or stop us deleting personal data which you need for a legal claim.
• The right to have your data transferred to another services provider: This enables you to have the personal data you have provided us to be transferred to another party.
• Withdraw your consent to the Processing of your Personal Data (to the extent we base Processing on consent and not on another lawful basis).
We will not discriminate against you for exercising these rights. You may exercise these rights, to the extent applicable, by sending us an email to Foundry’s General Counsel, Natasha Ballantine, at natasha.ballantine@foundry.com or writing to us at Foundry Legal, 5 Golden Square, London, W1F 9HT or by making the request via our website support pages. We will aim to respond to any such requests within 1 month of receipt.
If you wish to pursue any of these rights, please contact us using the details set out at the end of this Notice below.
12. CHANGES TO THIS NOTICE
This Notice has been updated in October 2024. We reserve the right to update this Candidate Privacy Notice from time to time. When we do, we will revise the "last updated" date at the top of this Notice. If there are material changes to this Notice or in how Foundry will use your Personal Data, we will use reasonable efforts to notify you by posting a notice of such changes before they take effect.
13. CONTACT AND COMPLAINTS
If you have any questions, please contact legal@foundry.com or info@foundry.com.
If you are not happy with how Foundry handles your Personal Data and we cannot provide you with a satisfactory resolution to your request, you also have the right to lodge a complaint with a supervisory body for data protection in your jurisdiction.