WAVIN APPLICANT PRIVACY NOTICE

Effective date: 1.02.2022

This applicant privacy notice (“Privacy Notice”) describes how Wavin B.V. and its affiliates (hereinafter: “Wavin”, “we”, “our” or “us”), handle your Personal Data as part of the recruitment and selection process. Wavin is committed to handle your Personal Data in accordance with the law and in a fair and transparent matter.

This Privacy Notice applies to all applicants who apply for employment with us (“applicants” or “you”). When we refer to "Personal Data" under this Privacy Notice, we mean any information whereby Wavin can directly or indirectly identify you. When we refer to “Processing” of Personal Data, we mean all use of your Personal Data, such as collecting, storing, modifying, forwarding and deleting.
The Wavin entity at which you apply for a job is responsible for your Personal Data and acts as a “data controller”. Next to this, Wavin B.V. qualifies as data controller with respect to your Personal Data that is Processed for global recruitment purposes. An overview of the applicable responsible Wavin entities and, where applicable, their representatives, can be found here.

 

1. Where do we get your Personal Data from?

Wavin may collect your Personal Data from the following sources:

(i) We may obtain your Personal Data you provided to us as part of your job application process.
(ii) We may collect Personal Data that is publicly available, including via social media (to the extent that you choose to make your profile publicly visible).
(iii) We may receive your Personal Data from third parties who provide it to us, e.g.:
- Recruitment or executive search companies;
- References provided by referees;
- Background information provided or confirmed by academic institutions or certification providers; and/or
- Other Wavin entities for the purposes outlined in this Privacy Notice.

 

2. Which categories of Personal Data do we Process?

For the purpose of managing your application throughout the entire application process, Wavin Processes the following types of Personal Data:

• Personal details, including contact details: such as your first and last name(s), address, email address, telephone number, gender, nationality, citizenship, date of birth, degree/title, social security/national
identification number or national insurance number (where applicable), details of dependents and family members (where applicable).

• Recruitment data and professional qualifications: such as any Personal Data contained in your resume, application form and other application documentation such as education and work history, certificate of good conduct, certificates, licences, experience information, references and referee details, publicly available information displayed on platforms such as LinkedIn, language skills and memberships of committees or other (voluntary) bodies.

• Interview data and assessments results: such as records of interviews or interview notes. For certain roles, we will obtain the results from assessments we have conducted with you or from assessment agencies that have conducted an assessment with you.

• Documentation required under immigration laws: such as citizenship and residency information, visa number (where applicable), work permits (where applicable / required to comply with laws).

• Video surveillance (CCTV) footage: such as video surveillance footages recorded in our premises if you come to our site for an interview.

• Visitor logs: some of our premises have a registration log for visitors, logging first and last name, time of arrival & departure and, if applicable, vehicle registration number.

• Feedback information: any feedback or opinions you voluntarily provide to us during the recruitment process.

• Any other Personal Data: any other Personal Data which you choose to disclose to us during the course of the application process.

In principle, we do not collect or use any special categories of Personal Data of applicants, (also referred to as “sensitive personal data” under some applicable laws) such as health data or other sensitive types of data, unless you provide this to us voluntarily as part of your application documentation or during an interview.

 

3. Why do we Process your Personal Data?

Wavin only Processes your Personal Data for specific and limited purposes. These purposes are:

• To conclude an employment or other type of contract with you. To carry out the application process by assessing your skills, qualifications and suitability for our career opportunities, to verify references and to handle requests, complaints or questions from you.

• To manage our application process and to maintain our administration.

• To contact you for future vacancies. We may keep your record for future hiring processes for the purpose of communicating with you and providing you with information regarding potential career opportunities that suit your application profile.

• To protect the security of our premises and to be able to investigate any (security) incidents. Wavin has a legitimate interest in protecting its business and ensuring that all its employees are able to work in a safe environment. Therefore, we Process Personal Data to ensure the security of our physical assets. This includes on site security measures such as CCTV.

• To comply with our legal obligations. To comply with applicable (employment) laws and regulations, requests from governmental organizations or judicial services and to exercise and defend (potential) legal claims.

 

4. With whom does Wavin share your Personal Data?

To fulfill the purposes described above, we might need to share your data with Wavin employees or external third parties. We will only do so on a strict need-to-know basis. We share your Personal Data with the following parties:

Wavin employees: authorized (HR) employees within Wavin that are involved in the recruitment and selection process, such as your potential supervisor or the HR department. This may include employees of other Wavin entities.

Orbia Advance Corporation, S.A.B. de C.V. (“Orbia”) employees: Certain Wavin employees fall under the supervision or management of Orbia. We may share the personal data of those Wavin employees on a strict need-to-know basis with Orbia employees such as your supervisor or employees responsible for HR and finance services.

Service providers and Wavin’ partners: we engage third party vendors, service providers and affiliated entities to provide services to us, such as IT service providers for the storage of the Personal Data. Further, we may share your (contact) details with external assessment agencies in order to conduct an assessment with you.

Authorities and other third parties: Wavin may share Personal Data with other third parties, such as successors in title of our business in case of a corporate transaction and competent regulatory authorities, law enforcement authorities or other governmental organisations in case of legal requirement.

We take all reasonable necessary steps to ensure that your Personal Data is kept confidential and treated securely as required by applicable law, and in accordance with this Privacy Notice.

 

5. Is your Personal Data transferred outside the EEA or the jurisdiction in which the Personal Data was initially collected?

The recipients of Personal Data described above under Section 4 may be located inside or outside your own country, in countries whose laws regarding data protection do not offer an adequate level of protection compared to the laws in your country. For example, not all countries outside the European Economic Area (“EEA”) offer the same level of protection as in the EEA.

Wavin will take all necessary measures to ensure that transfers out of your country are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, Wavin may base the transfer on appropriate safeguards, such as the EU standard contractual clauses adopted by the European Commission or other approved data transfer or certification mechanisms together with binding and enforceable commitments of the recipient. In each instance, Wavin will review the transfer and ensure that any additional technical and organizational measures are put in place to ensure that an adequate level of protection is provided. Applicants can request a copy of the appropriate safeguards and measures by reaching out to us using the contact details provided in Section 9 below.

 

6. How is your Personal Data protected?

Effective security of your Personal Data is important to us. We have therefore taken adequate technical and organizational security measures to protect your Personal Data against loss, alteration, disclosure and unauthorized or unlawful use or access.
We take steps to limit access to your Personal Data to those individuals who need to have access for one of the purposes listed in this Privacy Notice. Furthermore, we contractually ensure that any third party Processing your Personal Data equally provide for confidentiality and integrity of your data in a secure way.

 

7. How long does Wavin store your Personal Data?

We retain your Personal Data for as long as necessary to fulfil the purpose for which it was collected, unless a longer period is necessary to comply with our legal obligations or to defend a legal claim.
If your application was not successful, we will only retain your Personal Data for a maximum period as allowed for under local laws and regulations. For example, if you are based in the EU, this will be 30 days.
If we want to keep your Personal Data longer, in order to inform you about possible future job opportunities with us, we will inform you accordingly and provide you with the possibility to object to such Processing.
If you accept employment with Wavin, we will keep and use your Personal Data in accordance with our Employee Privacy Notice, which is provided to all employees.

 

8. What are your rights with respect to your Personal Data?

Wavin will comply with the rights of applicants consistent with all local legal requirements. Any applicant may inquire as to the nature of the Personal Data stored or Processed about him or her by Wavin or through a third party authorized by us.
Annex A provides a full description of the rights you have over your Personal Data in certain jurisdictions.
If you have any questions about how we use or protect your Personal Data or about any of the information in this Privacy Notice, or if you wish to exercise one of your above-stated rights or submit any objections regarding the Processing of your Personal Data, you can contact us using the contact details provided in Section 9 below.
Wavin will aim to provide a response as soon as possible and in any case within 30 days of receipt of the request or within such other timeframe as required or permissible under applicable law. If a request is denied, the reason for the denial will be communicated within such response.

 

9. How to contact us?

If you have any questions or concerns regarding our use of your Personal Data, or if you wish to exercise any of your rights, please email our Legal Department at dataprivacy@orbia.com indicating the nature of your query.

 

10. Changes to this Privacy Notice?

This Privacy Notice will be located on Wavin Shared Services. This Privacy Notice may be revised from time to time. If a fundamental change to the nature of the use of your Personal Data is involved or if the change is in any other manner relevant to you, we will ensure that information is provided to you in advance of the change actually taking effect.

Annex A - Specific Requirements of Local Privacy Regulations

EEA

The General Data Protection Regulation (“GDPR”) applies to the Processing of Personal Data of applicants in the context of the activities of an establishment of Wavin in the European Economic Area (“EEA”), regardless of whether the Processing takes place in the EEA.

In addition to or in derogation of the Privacy Notice, the following applies to Processing of Personal Data by Wavin within the scope of the GDPR.

E.g. this applies when the Wavin entity that intends to employ you is based in EEA.

WHICH CATEGORIES OF PERSONAL DATA DO WE PROCESS

In relation to the categories of personal data that are marked as “where applicable”, we mean that they apply where we expressly ask you to provide this information to us.

LEGAL GROUNDS FOR PROCESSING PERSONAL DATA OF PERSONS SUBJECT TO THE GDPR

As described in the Privacy Notice, Wavin will Process Personal Data lawfully. This includes ensuring that there is always a legal basis for Processing Personal Data.

With respect to Processing Personal Data of applicants who are subject to the GDPR, Wavin will rely on one or more of the legal grounds listed in the table below for Processing Personal Data:

Purpose: Lawful Basis:
To conclude (and take steps prior to entering into) an employment or other type of contract with you. Necessary for the hiring decision/performance of contract of employment or other agreement with applicant Necessary for the purposes of a legitimate interest of Wavin or other third parties*
*To pursue our legitimate interests of hiring qualified people, to find the right candidates for future vacancies and to secure, defend and develop our business. We only use this legal basis if your interests and fundamental rights do not override our legitimate interests. Necessary for the purposes of a legitimate interest of Wavin or other third parties*
For handling emergencies and maintaining on site safety and security: (a) ·communicating with designated contacts in case of an emergency; (b) Processing as required to ensure the safety and protection of Wavin’s workers, facilities, resources, and communities including (without limitation) protecting occupational health and safety and authenticating worker status to authorize access to Wavin technology, resources and facilities; and (c) conducting security screenings, to the extent permitted by law. Necessary for the protection of the vital interests of the applicant or of another individual Necessary for the purposes of a legitimate interest of Wavin or other third parties*
For legal and regulatory purposes: (a) complying with applicable laws and statutory requirements such as income tax, national insurance deductions, and employment and immigration laws; and (b) responding to and complying with requests and legal demands from regulators or other authorities. Necessary for compliance with legal obligations to which Wavin is subject in particular in the area of labor and employment law, social security and protection law, data protection law, tax law, and corporate compliance laws
Where we have your consent: In principle, we do not rely on your consent to Process your Personal Data. We will only do so in very limited circumstances. If we do so, we will provide you with full details of the data that we would like and the reason we need it, so that you can carefully consider whether you wish to freely consent. Where we rely on consent as a lawful basis, you have the right to withdraw your consent for use of your Personal Data at any time using the contact details provided in Section 9 of this Privacy Notice. Consent

a. INFORMATION RELATING TO THE PROCESSING OF SENSITIVE PERSONAL DATA

Where local Wavin entities Process special category Personal Data (including data relating to criminal convictions) they will only do so where permitted by law and when one or more of the following justifications apply:

1. the Processing is necessary for the purposes of carrying out the obligations and exercising the rights of the applicant or Wavin in the field of employment law, social security and social protection law, to the extent permissible under applicable laws;
2. the Processing is necessary for reasons of substantial public interest as permitted by local law;
3. the Processing is necessary to protect your vital interests or of another person where you are physically or legally incapable of giving consent (for example in exceptional situations such as a medical emergency);
4. the Processing is necessary for the establishment, exercise or defense of legal claims; or
5. the applicant has given their explicit consent.

b. ADDITIONAL RIGHTS OVER PERSONAL DATA

In addition to the information set out in Section 8 above, you have the right to:

1. request access to your Personal Data (for example the right to be provided with certain information about Wavin’s Processing of Personal Data and access to that data (subject to exceptions));
2. request rectification or correction of your Personal Data (such as where your home address changes and Wavin needs to have the up-to-date information);
3. request erasure of your Personal Data in certain circumstances including where it is no longer necessary for Wavin to Process the Personal Data for the purpose it was collected;
4. request restriction of Processing of your Personal Data (for example, where you dispute the accuracy of Personal Data relating to you or where Wavin no longer needs the Personal Data but the applicant needs it for the establishment, exercise or defense of legal claims);
5. request data portability (such as the right to receive any Personal Data you have provided to Wavin in a structured, commonly used and machine-readable format, as well as to require Wavin to transmit it to another controller when technically feasible);
6. object to the Processing of their Personal Data (such as on grounds relating to their particular situation where such Processing is based on Wavin’s legitimate interests or on public interest); and
7. withdraw consent (where such consent was obtained and relied on for the purposes of the Processing).
You also have the right to lodge a complaint at the local supervisory authority.
Applicants wishing to exercise any of the above rights should contact Wavin using the details provided in Section 9.

 

Poland

The GDPR and the Polish Labour Code of 26 June 1974 applies to the Processing of Personal Data of applicants in the context of the activities of an establishment of Wavin in Poland, regardless of whether the Processing takes place in Poland.
In addition to or in derogation of the Privacy Notice, the following applies to Processing of Personal Data by Wavin within the scope of the GDPR and the Polish Labour Code.

E.g. this applies when the Wavin entity which is your (potential) employer, is based in Poland.

• Full details regarding data controller should be added to the Privacy Policy (i.e. in regard to the given Wavin entity based in Poland being the (potential) employer – full name and address (as well as contact details);

• Collecting candidate/employee personal data from their social media is not permissible, as for background information – only upon consent;

• Annex A point b) shall be amended as follows: Where local Wavin entities Process special category Personal Data (including data relating to criminal convictions, subject to the restrictions under Article 10 of the GDPR)(…);

• Annex A point b) 5): the applicant has given their explicit consent and the processing is done on their initiative.

• In addition to Annex A point c) You also have the right to lodge a complaint at the local supervisory authority the following provision shall be added: (the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw) if the processing may violate the provisions of law.