Ooni Recruitment Privacy Notice

Important Information and Who We Are

We are Ooni Limited. We are a company incorporated and registered in England. Our company number is 08316049. Our registered address is 105 Hopewell Business Centre Unit 20, Hopewell Drive, Chatham, Kent, ME5 7DX. We are registered with the Information Commissioner's Office (ICO); our registration number is ZA241698.

When we refer to “we”, “us” or ”our” in this policy, we are referring to Ooni Limited, our subsidiaries, affiliates and associates. We are the data ‘controller’ in relation to the personal data you provide to us, which means we determine the purposes and the way in which your personal data is, or will be, processed.

The Purpose of this Privacy Notice

Ooni is committed to protecting the privacy and security of all prospective employees.

The purpose of this policy is to explain to you the personal data we hold about you, and how we collect, use and share it during the course of the recruitment process and afterwards (whether or not that recruitment process results in you becoming an employee). This policy explains:

• who we are;

• what personal information we collect about you;

• how, when and why we collect, store, use and share your personal data;

• how we keep your personal data secure;

• how long we keep your personal data;

• your rights in relation to your personal data; and

• how to contact us, or the relevant supervisory authorities, should you have a complaint.

The Data Protection Principles

Data Protection regulations (see Appendix 1) protect individuals' rights concerning information about them. We process HR-related personal data in accordance with the following data protection principles:

• We process personal data lawfully, fairly and in a transparent manner.

• We collect personal data only for specified, explicit and legitimate purposes.

• We process personal data only where it is adequate, relevant and limited to what is necessary for the purposes of processing.

• We keep accurate personal data and take all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.

• We keep personal data only for the period necessary for processing.

• We adopt appropriate measures to make sure that personal data is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage.

For these purposes, personal data means any information about an individual from which that individual is capable of being identified. It does not include data where the identity has been removed (anonymised data). 

The Data We Process

We may collect, store and process the following types of personal data relating to you:

• information provided by you such as your name, address and contact details, including email address and telephone number;

• details of your qualifications, skills, experience and employment history, including start and end dates with previous employers and with Ooni; and

• details of your referees; and

• any supplementary information you choose to disclose as part of your application.

We may also, in certain circumstances, require:

• information about any medical or health conditions, including whether or not you have a disability in connection with which we need to make reasonable adjustments;

• details of your pension arrangements, and any related information necessary to enable us to implement and administer them;

• information about your nationality and entitlement to work in the country of the role;

• details of your driving licence and vehicles you are entitled to drive;

• criminal records information, including the outcome of any Disclosure and Barring Service (‘DBS’) checks;

• equal opportunities monitoring information, including information about your gender, ethnicity, disabilities and veteran status; and

• other relevant information as applicable and as required by us in order to ensure that we fulfil our obligations as a prospective employer.

Note that some of this information is of the sort referred to as ‘special category’ data. The processing of special category data is subject to restrictions and requires a higher level of protection. 

How We Collect Your Data

We may collect personal data about you in various ways. These include from:

• application forms that you have submitted to us, and from CVs and cover letters;

• letters, emails and other forms of communication sent by you or on your behalf;

• your passport or other identity documents, such as your driving licence;

• conversations (in person and by telephone) with you;

• interviews, meetings or other assessments;

• government departments;

• your doctors and medical and occupational health professionals used by us;

• the Disclosure and Barring Service (‘DBS’);

• previous employers and referees; and

• consultants and others used by us to carry out personnel reviews, or to be involved in recruitment processes.

Please note that in some cases personal data about you may be obtained from third parties, (for example references supplied by former employers and information from employment background check providers).

Data Security

We will keep your personal data secure at all times.

Your personal data may be held at our offices, at third party agencies and service providers, and by our representatives We operate various security measures in order to prevent loss of, or unauthorised access to, your personal data. Ooni has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties. Where we engage a third party to process personal data on our behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

In the event that there is a data security breach which carries a risk to you we will notify you. We will also inform the appropriate regulator (including the UK Information Commissioner’s Office, for relevant data regulators see Appendix 1) of a data security breach where we are legally required to do so.

How We Store Your Data

Personal data that is processed by us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing, and will be retained for no longer than 12 months following your application date, unless you take up an offer of employment with us. How long we retain your personal data will depend on whether your application is successful and you become employed by us, the nature of the information concerned, and the purposes for which it was acquired.

Recruitment information, including any notes made during your interview, will be kept for no longer than is reasonable, taking into account the limitation periods for potential claims, such as race or sex discrimination, after which they will be destroyed. Should there be a proper business reason for retaining recruitment records beyond the period of your recruitment, we may do so, but will always try and ensure that such data is retained in an anonymised form.

In the event that your application is successful, we will retain only that recruitment information which is relevant to, and necessary for, your employment. Further information concerning our privacy policy in relation to employment will be supplied to you at the appropriate time.

Where your personal data is retained after the recruitment process has ended, this will generally be for one of the following reasons:

• so that we can respond to any questions, complaints or claims made by you or on your behalf;

• to contact you if a relevant opportunities that fits your skills and experience arises;

• to establish, exercise or defend a legal claim; or

• in order to comply with legal and regulatory requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you, for example for management reporting purposes.

How We Use Your Personal Information

We need to process your personal data in connection with the recruitment process, to meet our obligations to you in that regard, and to ensure that we have the necessary information in order to enable us to make a decision as to whom to recruit. This includes, for example, issues relating to qualifications, experience, ability to do the work in question, willingness to accept the terms being offered, and freedom to take up the offer, should it be made, within a reasonable timescale.

In some cases, we will also need to process your personal data to make sure that we are complying with our legal obligations. This includes, for example, checking to make sure that you are entitled to work in the country where the role is based, complying with health and safety laws and making reasonable adjustments (if necessary) to ensure that you are able to attend an interview.

We also need to process your personal data in order to ensure that we are able to protect your interests (or those of someone else).

In other cases, we have a legitimate interest in processing your personal data, not only during the recruitment period but before and after. This might include:

• carrying out promotion of the job and ensuring that you receive details (where for example we hold your information in the event that a job becomes available);

• maintaining accurate and up-to-date records and contact details;

• taking up references from current or former employers;

• establishing, exercising and defending legal claims; and

• maintaining and promoting equality in the workplace.

We may need to process special category data, such as information about ethnic origin, gender or health, for the purposes of equal opportunities monitoring. If we do process special category data, such data will be collected anonymously. However, you are free to decide whether you wish to provide such data, and there will be no consequences for you should you choose not to do so.

Sharing Your Data With Others

It may be necessary for us to share your personal data with others so that we can carry out the recruitment process, or to comply with legal or regulatory obligations to you or that we are subject to. These may include:

• professional advisers such as HR consultants, recruitment consultants, solicitors in relation to legal issues, accountants in relation to financial issues, advisors, experts, management consultants;

• others within our business, for example the hiring area;

• third parties authorised to carry out background checks; and

• suppliers of services required in relation to your potential employment.

We will ensure at all times that those with whom your personal data is shared with process it in an appropriate manner, and take all necessary measures in order to protect it.

Internally, your personal data may be shared with other staff members, including the People team, managers in the business area in which you may work, and accounts staff in relation to issues of affordability and the payment of any agreed expenses to you.

We may also share your personal data with third parties in order to obtain pre-employment references from other employers.

From time to time, we will be required to disclose personal data and exchange information about you, or relating to you, with government, law enforcement and regulatory bodies and agencies in order to comply with our own legal and regulatory obligations.

From time to time it may be necessary for us to share data for statistical purposes (for example with government agencies, or regulatory bodies). We will always take steps to try to ensure that information shared is anonymised; where this is not possible, we will require that the recipient of the information keeps it confidential at all times.

Transferring Your Data Out Of The UK

As a global organisation, it may be necessary, during the course of your recruitment, for us to transfer or share personal data relating to you to another country where Ooni operates, including the wider People Team. When we do we ensure that adequate safeguards are in place, such as an Adequacy Decision or regulatory approved data protection contractual clauses.

Your Rights In Relation To Your Data

Data protection legislation gives you, the individual, various rights in relation to your personal data that we hold and process (depending on your relevant data protection regulation, see Appendix 1). These rights are subject to specific time limits in terms of how quickly we must respond to you. They may include the right to request that we:

• provide you with a copy of the personal data we hold about you;

• stop processing, delete or remove personal data where there is no good reason for us continuing to process it;

• correct any inaccurate information that we hold about you (we may need to verify the accuracy of the new data that you provide to us); and 

• stop processing your personal data where we are relying on a legitimate interest (or those of a third party) if you feel that the processing impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Data Protection Contacts

If you would like access to your personal data or have any questions about this notice, please contact the Head of People and the General Counsel.

If you have any queries as to the collection, use, storage or disposal of any personal data relating to you please contact support@ooni.com.

You will always have the right to lodge a complaint with a supervisory body. The relevant authority in the UK is the Information Commissioner’s Office (the ICO), for your relevant data authority see Appendix 1. If you do have a complaint, we would appreciate the chance to deal with your concerns before you approach the data regulator, so please contact us in the first instance if possible.

Appendix 1: Relevant global data protection regulations for Ooni 

Ooni is a UK headquartered business but employs people in a number of key jurisdictions, including: the UK, USA, Canada, Australia, New Zealand, China, and the European Union (Germany, France, Italy, Norway, Finland). See the following table for relevant global data protection regulations and data regulators.