Data Protection Notice - Recruitment

WHO WE ARE

Elmo Insurance Limited (C-3500) of Elmo, Abate Rigord Street, Ta’ Xbiex, XBX 1111, Malta (“We/Us/Our”) is the data controller in relation to personal information which We hold about you (“Personal Data”) during the registration and application process.  Queries relating to data protection matters may be referred to Our Data Protection Officer at:  The Data Protection Officer, Elmo Insurance Limited, Abate Rigord Street, Ta’ Xbiex, XBX 1111, Malta or at: dpo@elmoinsurance.com.

INFORMATION WE HOLD ABOUT YOU

As data controllers, We may collect, store and use the following Personal Data throughout the recruitment process:

  1. Your name and surname and contact details (address, home and mobile phone numbers and email address);
  2. Details of your qualifications, work experience, employment history and interests;
  3. Information regarding your criminal record;
  4. Details of your referees;
  5. Information from references obtained about you from previous employers and/or education providers authorised by you to provide us with such references;
  6. Information regarding your academic and professional qualifications and your Continuous Professional Development (CPD);
  7. Personal Identification document details;
  8. Tax Identification details, such as social security and income tax numbers;
  9. Proof of address;
  10. A copy of your driving licence (if applicable).

 

Please note that this list is not exhaustive and may vary depending on the role applied for.

HOW WE WILL PROCESS INFORMATION ABOUT YOU

We will only process your Personal Data when the Law allows Us to.  We will typically collect and use your Personal Data:

  1. To qualify your ability to perform a particular role;
  2. To take steps to enter into a contract;
  3. To comply with a legal obligation; and
  4. Where it is necessary for Our legitimate interests, or those of third parties, provided that such legitimate interests are not overridden by your interests or fundamental rights and freedoms which require the protection of Personal Data.

 

HOW WE USE PARTICULARLY SENSITIVE PERSONAL DATA

Special categories of Personal Data require higher levels of protection.  We need to have further justification for collecting, storing and using this type of Personal Data.  We may process special categories of Personal Data in the following circumstances:

  1. In limited circumstances, with Your explicit written consent;
  2. Where We need to carry out Our legal obligations;
  3. Where it is needed in the public interest;
  4. Where it is needed to assess Your working capacity on health grounds, subject to appropriate confidentiality safeguards; and
  5. Where it is needed in relation to the exercise or defence of legal claims.

 

We will not use Personal Data for any other purpose which is incompatible with the purposes described in this Notice, unless such use is required or authorised by Law or authorised by You.

HOW WE MAY SHARE YOUR PERSONAL DATA

We treat job applications with strictest confidentiality.  However, at times, We may share your Personal Data within Our different departments and Our affiliated companies which have vacancies relating to roles which might fit your profile.  In such case we will obtain your express consent prior to sharing your Personal Data.  We may also be required to share your Personal Data with regulatory authorities.  Additionally, in limited circumstances, your Personal Data may be made accessible to third party service providers for IT system testing and maintenance purposes.  In all cases, the sharing of your Personal Data is made subject to appropriate confidentiality safeguards.

TRANSFER OF PERSONAL DATA OUTSIDE MALTA

We will not typically share Your Personal Data with third parties established outside the European Economic Area.  However, if we do so, this will be subject to this Notice and subject to observance with all confidentiality safeguards applicable according to Law.

HOW WE MAY OBTAIN PERSONAL DATA ABOUT YOU

Apart from the Personal Data which you provide Us with, We may obtain Personal Data about you from third parties to safeguard Our legitimate expectations in so far as this is permitted by Law.  In particular, We may receive Personal Data about you from previous employers and/or education providers authorised by you to provide us with such references, the Malta Association of Credit Management (MACM) (to which we are members), Credit Info and any other credit referencing agency, and other entities which have authority to disclose Personal Data to Us.  We may also record telephone conversations for quality and assurance purposes.  Our offices are equipped with CCTV cameras for security purposes. 

SECURITY

We will take appropriate measures to protect Personal Data which are consistent with the applicable privacy and data security Law and regulations, including requiring third party service providers to use appropriate measures to protect the confidentiality and security of Personal Data.

DATA INTEGRITY AND RETENTION

We will take reasonable steps to ensure that Personal Data processed by Us, is reliable for its intended use and is accurate and complete for carrying out the purposes described in this Notice.  We will retain Personal Data for the period necessary to fulfil the purposes outlined in this Notice, unless a longer retention period is required or permitted by Law.

YOUR RIGHTS

You have the right to object at any time to the processing of your Personal Data.  You also have the right to access your Personal Data, the right to correct inaccurate Personal Data, the right to erase your Personal Data in certain circumstances and the right to receive the Personal Data which you have provided to Us in a structured, commonly used and machine-readable format for onward transmission by you to another entity, without hindrance from Us.  If you wish to exercise any of these rights, please contact Our Data Protection Officer.  Please note however that, certain Personal Data may be exempt from such access, correction and/or erasure pursuant to the applicable data protection Law or other legislation and regulations.

You can also file a complaint on data protection matters with the Office of the Information and Data Protection Commissioner by following this link: ? https://register.idpc.org.mt/report-breach/complaint/