SENTINEL'S PRIVACY POLICY

Candidate Privacy Notice for Switzerland and the EU

This Privacy Notice describes the processing of personal data by Sentinel Technologie AG, Zug, Switzerland; Sentinel Core Services Ltd, Kent, UK; Sentinel Technology Ltd, Kent, UK; Sentinel International Ltd, Kent, UK; Sentinel Employed SRO, Prague, Czech Republic; Sentinel Consulting SRO, Prague, Czech Republic; (hereinafter “Sentinel” individually, together “Sentinel Group”), within the recruitment and employment process, The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Sentinel Group such as the revised Swiss Federal Act on Data Protection which came into force on 1 September 2023 (FADP).

The goal of the data protection policy notice is to show the legal data protection aspects in one summarising document. It can also be used as the basis for statutory data protection inspections, e.g. by the customer and candidates within the scope of commissioned processing.

Data protection is a particularly high priority for the management of Sentinel Group. The use of the website of Sentinel Group is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The website of Sentinel Group collects a series of general data and information when a person or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using this general data and information, Sentinel Group does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, Sentinel Group analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our company, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

By means of this data protection declaration, our company would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, Sentinel Group (and the individuals mentioned below) has implemented technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data via alternative means, e.g. by telephone.


Definitions

  • Data subject is the identified or identifiable natural person. Within the recruitment process, the Data Subject is the Candidate who applies or is approached about a role with a prospective hirer.
  • Personal data is any information concerning a data subject that identifies or makes the data subject identifiable.
  • Processing is any operation or set of operations, performed with or without the aid of automated processes, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction of personal data.

 

Data Controller and Contact details

For Switzerland:

Sentinel Technologie AG

Bahnhofstrasse 21, 6300 Zug, Switzerland

Phone Number: +41 41 726 60 81

Email: GDPR@sentinelgroup.uk

Sentinel Technologie AG (also referred hereinafter as “we” and/or “us”) is responsible for the processing of personal data according to this Privacy Notice.


For the Czech Republic:

Sentinel Employed S.R.O.

Na Perštýně 342/1, 110 00 Staré Město, Czechia

Phone Number: +42 0228 881413

Email: GDPR@sentinelgroup.uk

Sentinel Employed S.R.O. (also referred hereinafter as “we” and/or “us”) is responsible for the processing of personal data according to this Privacy Notice.


For England & Wales:

Sentinel Core Services Limited

Northfields, 20-26 Saint John’s Road, Tunbridge Wells, Kent, TN4 9NT

Phone Number: +44 1892 550000

Email: GDPR@sentinelgroup.uk


Sentinel Core Services Limited (also referred hereinafter as “we” and/or “us”) is responsible for the processing of personal data according to this Privacy Notice.


What types of Personal Data do we process?

  • We process the following types of Personal Data:
  • Identification information (name, date of birth, ID card and passport numbers, immigration status, etc.);
  • Contact details (address, phone number, e-mail, etc.);
  • Education Information (scores, language skills, etc.);
  • Information about your current employment (remuneration, position, etc.);
  • Family information (marital status, etc.);
  • Information related to your application (recordings of phone calls, video interviews, and anything you submit in support of your application);
  • Emergency contacts and referees;
  • Bank account and payroll information (bank account number, social security number, etc.);
  • Background check results (references, criminal check results, employment verification, qualification verifications, etc.).

Before you provide information about third parties (emergency contacts, referees) you shall inform the relevant individuals that you will disclose personal data and provide a copy of the present Privacy Notice.


Where do we collect your Personal Data?

Your Personal Data are collected from information that you directly provide through the submission of the online application form and through uploading of your CV from our Website.

We may also collect Personal Data indirectly from third parties, such as recruitment agencies that you used to apply to us, background check providers such as CV Insight and other administration services providers (for instance who provide candidate shortlisting services), or from publicly available sources such as business- and employment-orientated social networking services and job boards.


Why do we process your personal data? (Purpose of processing)

We process your Personal Data for the purpose of:

  • recruitment activities (determine your suitability as a candidate, etc.);
  • managing the onboarding process (checking conflict of interests, preventing crime, fraud, and criminal activity, etc.);
  • prepare for and enter into a contractual employment relationship;
  • in case of entering into an employment relationship to perform the necessary acts to fulfil our obligations as your employers (such as administration of payment, social security, and benefits)
  • update our employee database and set up internal profiles;
  • sharing with you any job vacancy;
  • receive and handle complaints;
  • sharing information to other companies of the same Group (intra-group) and to third parties to benefit from cost-effective services (e.g. sharing of expertise, sharing of IT platforms);
  • compliance with legally and contractually required reporting requirements (such as intermediaries reports, SECO reporting, etc.).

 

Legal basis for processing of your Personal Data

The processing of your Personal Data may be based on one of the following grounds:

  • your implied or explicit consent;
  • safeguard of our legitimate interests;
  • compliance with legal requirements;
  • preparation and, if applicable, conclusion of an employment contract; 


Transfer of personal data within our Group and to third parties

We may transfer your personal data to other legal entities within Sentinel Group in Switzerland, in the UK, in the Czech Republic and abroad for the purpose of internal administration and for the processing purposes described in this Privacy Notice. This means that your personal data can also be processed and combined with personal data originating from another Sentinel Group company for the respective purposes.

The group’s companies are listed in this Privacy Notice.

We may also disclose your personal data to third-party service providers, in particular for the following services:

  • IT services, such as data storage, cloud services, etc.,
  • consulting services: tax consultants, lawyers, management consultants, recruiters, etc.,
  • administrative services,
  • business information, and debt collection.


Generally, these service providers process personal data on our behalf as processors. Our processors are obliged to process personal data exclusively in accordance with our instructions, taking appropriate security measures. We ensure an appropriate level of data protection when engaging service providers by way of contractual agreements.

There are cases where we may disclose your personal data to other third parties who may use personal data also for their own purposes, for instance:

  • We may disclose your personal data to third parties if this is required by law (e.g., the authorities). We also reserve the right to process your personal data to comply with a court order or to assert or defend legal claims or if we consider it necessary for other legal reasons.
  • We may disclose your personal data to third parties if this is necessary for a corporate transaction (for example an acquirer).

 

Transfer of personal data abroad

Recipients of your personal data mentioned in the section above may be located in Switzerland, the UK, the Czech Republic in the USA, and abroad worldwide, including in countries outside of the EU or the EEA that may not have laws in place that protect your personal data to the same extent as the laws as mentioned. If we disclose your personal data to a recipient in such a country, we typically enter into the European Commission’s standard contractual clauses (available here) and, if necessary, we implement other appropriate measures (e.g. binding corporate rules) in order to ensure the data protection level and safeguards required by the applicable law.


Data Retention

  • We retain your personal data:
  • as long as it is necessary for the purposes for which the data was collected. In case of contracts, we generally retain your personal data for the duration of the contractual relationship and the statutory period of limitation,
  • as long as we have a legitimate interest in retaining the data. This may be the case if we need personal data to enforce or defend claims, for backup and archiving purposes, and to ensure IT security,
  • to comply with statutory duties of retention.


If you have given us consent, we will store your data until you withdraw your consent, unless there are statutory retention periods preventing the deletion. After the expiration of the retention period, your personal data will be either deleted or retained in a form that does not allow your personal identification (e.g., through anonymization).

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of data.

Sentinel Group shall collect and process the personal data of candidates for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased six months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure.


 How do we protect your personal data?

We take appropriate technical and organisational security measures to maintain the required security of your personal data to protect it against unauthorised or unlawful processing and to prevent the risk of loss, unintentional alteration, unintentional disclosure or unauthorised access.

Examples of such guidelines include:

  • Multi-factor authentication
  • Minimal necessary user access privileges
  • Security fob access to all offices
  • Secure server room based at our headquarters
  • Clear desk policy for all personal data
  • Locked and fireproof filing cabinets
  • No third party devices or portable storage devices permitted on our network
  • Cloud data back-up on Azure

 

What are your rights with respect to your personal data?

As a data subject you have following rights:

Right of access: You are entitled to a copy of the personal information we hold about yourself and certain details on how we use it. Your personal data will usually be provided to yourself in writing unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.

Right to rectification: We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask Sentinel to update or amend it.

Right to erasure: In certain circumstances, you have the right to ask Sentinel to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors (e.g., we may have legal and regulatory obligations, which means we cannot comply with your request).

Right to restriction of processing: In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information, we hold about yourself, may be inaccurate or where you think that we no longer need to use your personal information.

Right to data portability: In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to another third party of your choice.

Right to object: You have the right to object to processing, which is based on our legitimate interests, which is the case here. Unless we do have a compelling legitimate ground for the processing, we will no longer process the personal data on that basis when you file an objection. Note however, that we may not be able to provide certain services if we are unable to process the necessary personal data for that purpose.


We do not use automated decision-making or profiling in any area of our operations.

To exercise the above rights, please send an email to GDPR@sentinelgroup.uk.


 Updates to this Privacy Notice

This privacy notice may be changed by us at any time. If we change this Privacy Notice in the future, we will advise you by a prominent notice via e-mail. If, at any time, you have questions or concerns about the present Privacy Notice, please feel free to email us at GDPR@sentinelgroup.uk or call our offices to speak to one of our representatives (tel. +41 41 726 60 81).


Contacts of the Sentinel Group’s companies based in the UK

If you have any enquires you can contact us at: GDPR@sentinelgroup.uk or by writing to us at one of the addresses listed below for the attention of Catherine Armstrong, Chief Financial Officer.


Sentinel Core Services Limited, Northfields, 20-26 St. John's Road, Tunbridge Wells, Kent, TN4 9NT, UK, Company No. 03234691 www.sentinelit.com

Sentinel International Limited, Northfields, 20-26 St Johns Road, Tunbridge Wells, Kent TN9 9NT, UK, Company No. 11320596 www.sentinelit.com

Sentinel Technology Limited, Northfields, 20-26 St. John's Road, Tunbridge Wells, Kent, TN4 9NT, UK, Company No. 09492780 www.sentinelit.com


Contacts of the Sentinel Group’s company based in the Czech Republic

If you have any enquires you can contact us at: GDPR@sentinelgroup.uk or by writing to us at one of the addresses listed below for the attention of Klára Březinová, Director.

Sentinel Employed S.R.O., Na Perštýně 342/1, Staré Město, 110 00 Praha 1, Czech Republic, Company No. 077 53 977 www.sentinelit.com


Contacts of the Sentinel Group’s company based in Switzerland

If you have any enquires you can contact us at: GDPR@sentinelgroup.uk or by writing to us at one of the addresses listed below for the attention of Jürgen Kob, Director.

Sentinel Technologie AG, Bahnhofstrasse 21, 6300 Zug, Switzerland, Company No. CH-170.3.038.781-9 www.sentinelit.com


Client Contacts

This relates to the personal information Sentinel Group collects about you whether you are a contact at one of our clients, at a prospective client contact, at an MSP, umbrella company, or personal service company involved in the supply of services to a hirer.

We may collect personal information about you when:

  1. We contact you with a view to providing services to you including via a telephone call
  2. You contact us by email or via portal expressing an interest in working with us or requesting ancillary information such as blog posts
  3. You provide us or our employees with your business card or other information
  4. You post information or advertisements on job boards or social media websites
  5. We provide services to you or you provide services to us
  6. We complete contractual documentation relevant to the services provided.

Incoming and outgoing telephone conversations may be recorded.  We have a legitimate interest in recording our telephone conversations with you.  We may refer to the recording to clarify the details of our conversation and for internal training purposes. 


We will usually collect the following information from or about you:

  1. Your name
  2. Your address
  3. Your phone and email details;
  4. Details of your role, title, and responsibilities within your organisation
  5. Where you are a client:
  • any opinion or feedback you share with us regarding a candidate or consultant;
  • details of any queries you raise with us regarding services;
  • details of any recruitment and/or resourcing requirements or plans you share with us.

Information is held, used, and disclosed by us as follows:

  1. To provide our services to you
  2. To maintain our business relationship with you
  3. To promote and share information about our other products and services that we think may be of interest to you
  4. To answer your enquiries
  5. To fulfil contractual obligations with our clients
  6. To third parties who perform functions on our behalf and who also provide services to us, such as professional advisors. These third parties comply with similar undertakings of privacy and confidentiality as Sentinel Group
  7. If Sentinel Group forms any additional companies, we may share personal information with the new employees of the company to enable them to provide services to you; we may also release personal information to regulatory or law enforcement agencies if they require us to do so. We will also disclose your information where we are permitted and requested to do so by law
  8. We may also seek your consent to collect, hold, use, and disclose your personal information for any other purpose not listed above.