Recruitment Privacy Notice

1.1 In this Recruitment (Privacy) Notice, ‘SCOTT’ refers to Scott and company limited, Scott Health Ltd, ForMe Bagatelle Health Ltd, Riverside Health Ltd, Grand Baie ForMe Health Ltd, Standard Pharmacy Ltd, Scott Pharmacy Tribeca Ltd and any other future companies which may form part of the Scott Group. All the words and expressions used in this Recruitment (Privacy) Notice shall be interpreted and construed in line with the definitions used in SCOTT’s General Data Protection Policy available online at www.scott.mu

1.2 This Recruitment (Privacy) Notice should be read and interpreted in conjunction with and subject to SCOTT’s General Data Protection Policy that governs all the personal data processing activities of SCOTT.

1.3  This Recruitment (Privacy) Notice is relevant to all persons who apply or are likely to apply for a job at SCOTT and whose personal data may be collected by SCOTT, whether by automated or non-automated means, in line with the requirements of the Mauritius Data Protection Act 2017 (‘DPA’) or the European Union’s General Data Protection Regulation (‘GDPR’).

 

2. Responsibilities

2.1  SCOTT will ensure that this Recruitment (Privacy) Notice is brought to the knowledge of all persons who apply or are likely to apply for jobs at SCOTT in order to provide to the said persons with all relevant information pertaining to the collection/processing of their personal data when they apply for jobs at SCOTT.

2.2  SCOTT has ensured that all its relevant préposés who interact or otherwise deal with the personal data of job applicants are responsible for ensuring that:

2.2.1 this Recruitment (Privacy) Notice is drawn to the attention of the applicants when processing the latter’s personal data; and

2.2.2  they obtain the consent of the said applicants prior to the processing of their data wherever consent is required under the DPA or the GDPR where applicable.

3. PRIVACY STATEMENT

3.1  What personal data of job applicants does SCOTT process?

3.1.1 The personal data SCOTT is likely to collect from job applicants and process is:

(a) personal details such as name, address, date of birth and marital status and other related details;

(b) professional details such as previous or current work details, previous or current job position and career data, CV, qualifications, professional expertise and experience;

(c) identification documentation such as copies of your National Identity Card and/or passport, driving licence if the latter is necessary for the applicant’s new job and/or other documentation as may be required by law;

(d) further employment-related information necessarily processed in connection with the applicant’s previous or current employment or other documents voluntarily provided by the applicant such as training certificates and/or attestations, job appraisals, performance assessments and other related background checks;

(e) a certificate of character where the latter is necessary and relevant for assessing the job applicant’s conformity with the occupational requirements of the job applied for; and

(f) a medical certificate where the latter is necessary and relevant for assessing whether the applicant is fit for the job applied for given the occupational requirements of the said job.

3.1.2 All the personal data SCOTT collects from job applicants will be used for the purpose of assessing the suitability of the applicant for the job applied for. And should the applicant be successful in its application and that SCOTT offers him or her the job, SCOTT will collect all personal data that are necessary for the preparation of a contract of employment.

3.1.3 In any event, SCOTT is committed to ensuring that the information it collects and uses is appropriate for the purpose for which it was collected and does not constitute an invasion of the applicants’ privacy.

3.1.4 SCOTT’s aim is not to be intrusive, and SCOTT undertakes not to ask irrelevant or unnecessary questions. Moreover, the personal information collected from the applicants will be subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.

 

3.2 Consent 

3.2.1 SCOTT will ask and obtain explicit written consent from job applicants before processing any special categories of personal data or sensitive personal data on them.

3.2.2 Special categories of personal data or sensitive personal data is as per the special categories of personal data or sensitive personal data as defined under the Data Protection Act.

3.2.3 Where asking special categories of personal data or sensitive personal data from job applicants, SCOTT will always tell them why and how the information will be used.

3.2.4 As a rule, SCOTT will not ask job applicants information about their special categories personal data or sensitive personal data save and except when it is necessary to assess whether the applicant is medically fit for the job applied for and/or where the applicant’s criminal record is relevant given the nature of the job applied for.

3.2.5 When applicants have been requested to and do submit written explicit consent, they will be informed that they have the right to withdraw their consent at any time by informing SCOTT and/or SCOTT’s Data Protection Officer in writing of their wishes to withdraw their consent without having to assign any reason for their decisions.

3.2.6 SCOTT may exceptionally process special categories personal data of job applicants without their explicit written consent if such processing is required by law, for compliance with a Court order, for determining whether the said applicants are medically fit for the jobs applied for, for protecting the legitimate interests of SCOTT should the latter need to defend civil claims including but not limited to complaints instituted under the Equal Opportunities Act or where the information is already in the public domain.

3.3 Disclosure and transfer

3.3.1 SCOTT may pass on personal data of job applicants to third-party service providers contracted by SCOTT for specific purposes (e.g., recruitment agencies). Any third parties, with whom SCOTT may share personal data of job applicants, are obliged to keep the same securely, and to use them only to fulfil the service they provide to SCOTT. When they no longer need the said data to fulfil this service, they will dispose of the details in line with SCOTT’s procedures.

3.3.2 Save and except as provided at clause 3.3.1 above, SCOTT will not pass on the personal data of job applicants to third parties unless such disclosure is necessary for the processing activities of SCOTT in furtherance of a contractual relationship to which SCOTT and the said applicants are privy.

3.3.3 As a rule, SCOTT will not transfer the personal data of job applicants to another country or to another legal entity including a company within the same group of companies as SCOTT unless the applicants have so requested.

3.3.4 Furthermore, SCOTT will not transfer the personal data of job applicants to a different country without having carried out an adequacy test as explained in SCOTT’s General Data Protection Policy and informed the applicants concerned about the adequacy of protection afforded to the personal data in that country.

3.4 Report of Breach

Whenever SCOTT is on notice that a breach of personal data has been committed or reasonably suspects that a breach of personal data is likely to be committed, SCOTT shall as soon as reasonably practicable inform the relevant supervisory authority about the same. The job applicant concerned shall also be informed about the same especially where such a breach is likely to impact on the rights and freedoms of the said applicant.

3.5 Retention Period

3.5.1 Subject to paragraph 3.5.2 below, SCOTT will process and store the personal data of job applicants for no longer that it is required for the purpose for which it is initially collected.

3.5.2 Notwithstanding paragraph 3.5.1 above, SCOTT may store the personal data of job applicants for such period as may be necessary for SCOTT’s compliance with legal obligations and for SCOTT’s legitimate interests such as the defense by SCOTT of legal claims that may be brought against it.

3.6 Rights of job applicants

At any point, while SCOTT is in possession of or processing the personal data of job applicants, the latter shall have the following rights:

• Right of access – a job applicant has the right to request a copy of the information that SCOTT holds about him or her.

• Right of rectification – a job applicant has the right to correct data that SCOTT holds about him or her that is inaccurate or incomplete.

• Right to be forgotten – in certain circumstances a job applicant can ask for the data SCOTT holds about him or her to be erased from its records save and except if the retention of the data is necessary by law and/or necessary for the legitimate interests of SCOTT (e.g., retention of 10 years in order to defend possible civil claims that can be brought within the civil prescription time-line).

• Right to restriction of processing – where certain conditions apply; a job applicant has a right to restrict the processing.

• Right of portability – a job applicant has the right to have the data SCOTT holds about him or her transferred to another organisation.

• Right to object – a job applicant has the right to object to certain types of processing.

• Right to object to automated processing – a job applicant also has the right not to be subject to the legal effects of automated processing.

• Right to judicial review: in the event that SCOTT refuses to accede to a request under rights of access, SCOTT will provide a reason as to why. In such as case, the job applicant has the right to complain as outlined in clause 3.7 below.

3.7 Complaints

3.7.1 In the event that a job applicant wishes to make a complaint about how his or her personal data is being processed by SCOTT, or how his or her requests under clause 3.6 above have been handled, the applicant has the right to lodge a complaint directly with the relevant supervisory authority and SCOTT’s Data Protection Officer.

3.7.2 The supervisory authority in Mauritius is the Data Commissioner of the Mauritius Data Protection Office.

3.8 What does SCOTT hold about job applicants?

3.8.1 At any point in time, job applicants can find out the personal data that the SCOTT holds about them.

3.8.2 Upon a written request being received from a job applicant, SCOTT can confirm what information it holds about that applicant and how it is processed.

3.8.3 Where SCOTT holds personal data about a job applicant, the latter can request the following information from SCOTT:

• Identity and the contact details of the person or organisation that has determined how and why to process that data.

• The purpose of the processing as well as the legal basis for processing.

• If the processing is based on the legitimate interests of SCOTT or a third party, information about those interests.

• The categories of personal data collected, stored and processed.

• Recipient(s) or categories of recipients that the data is/will be disclosed to.

• If SCOTT intends to transfer the personal data to a third country or international organisation, information about how SCOTT ensures this is done securely. Please note that supervisory authorities in the European Union have approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, SCOTT will ensure there are specific measures in place to secure the data by carrying out an adequacy test as explained in SCOTT’s General Data Protection Policy.

• How long the data will be stored.

• Details of about rights to correct, erase, restrict or object to such processing.

• Information about the right to withdraw consent at any time.

• How to lodge a complaint with the relevant supervisory authority.

• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the job applicant is obliged to provide the personal data and the possible consequences of failing to provide such data.

• The source of personal data if it wasn’t collected directly from the job applicant.

• Any details and information of automated decision-making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

3.8.4 When making a written request to SCOTT pursuant to this clause 3.8, the job applicant will need to provide to SCOTT an appropriate form of ID in order to access to the information set out at paragraph 3.8.3 above. An appropriate form of ID is either a National Identity Card or a passport (provided the same has not expired).

 

Ownership and Authorisation

3.8.4 When making a written request to SCOTT pursuant to this clause 3.8, the job applicant will need to provide to SCOTT an appropriate form of ID in order to access to the information set out at paragraph 3.8.3 above. An appropriate form of ID is either a National Identity Card or a passport (provided the same has not expired).SCOTT is the owner of this document.

 

This document may, from time to time, be reviewed in line with any changes in SCOTT General Data Protection Policy and the law.

This Recruitment (Privacy) Notice been duly approved by the Board of Directors of SCOTT on 08 May 2023

By order of the Board of Directors of SCOTT

Made in good faith on 08 May 2023