Recruitment Privacy Statement

NBI Infrastructure Designated Activity Company and NBI Deployment Designated Activity Company, each t/a National Broadband Ireland and, together with our affiliates, each an “Affiliate”, “NBI,” “NBID, ”“we”, “us” or “our”.

1. Who we are

NBI is Ireland’s independent wholesale provider of highspeed broadband services in accordance with its agreement with the Department  Department of Communications, Climate Action and Environment. NBI is designing, building and operating the new high-speed fibre broadband network for rural Ireland.

NBI’s team brings together some of the most talented individuals in Ireland and across the world, with deep knowledge and experience in delivering projects to the scale of the NBP. This includes developing, building and operating networks and coordinating all the elements required to finance and deliver a project of the size and complexity of Ireland’s NBP.

When recruiting and assessing the suitability of a job candidate or applicant (“you” or your”), NBI acts in a data controller capacity in relation to information held about you for the purposes of data protection law i.e. the General Data Protection Regulation (EU) 2016/679 and any applicable Irish implementation (i.e. the Irish Data Protection Act 2018) together, the “Data Protection Legislation”.

2. Introduction

In order to fill vacant positions, we will collect and store Personal Data you submit to us in your capacity as a candidate or job applicant. We have drafted this Recruitment Privacy Statement (“Privacy Statement”) in an easy and comprehensible way in order to help you understand who we are, what Personal Data we collect about you, why we collect it, and what we do with it during our recruitment process.

Under the Data Protection Legislation, “Personal Data” means any information relating to an identified or identifiable natural person (data subject)”. This essentially means that when you apply for a vacant position, any information that you provide which  identifies you as an individual or is capable of doing so is considered to be Personal Data. This results in you becoming a data subject for the purposes of the Data Protection Legislation.

As a data controller, NBI is required to comply with the data protection principles set down in the Data Protection Legislation and this Privacy Statement applies to all Personal Data collected, processed and stored by us in the course of our recruitment activities. 

This Privacy Statement extends to all Personal Data whether stored in electronic or paper formats.

3. What types of Personal Data do we hold?

As part of the recruitment process, we only hold candidate Personal Data that is directly relevant to our dealings with a given data subject. That Personal Data will be collected, held, and processed in accordance with the data protection principles and with this Privacy Notice in a reasonable and lawful manner. During the recruitment process, you will be requested to provide the following information for payroll, your personal file and/or for our Human Resources database:

We shall employ reasonable means to keep Personal Data information accurate, complete and up to date in accordance with the purposes for which it was collected.

It is the responsibility of the all employees and applicants to provide accurate and complete information. Should information need changing the onus is on employees and the applicants to keep NBI informed of these changes.

4. Your Personal Data and our recruitment process

During the recruitment process, your personal information (including Personal Data) is needed to complete one or more of the following activities:

  • Recruitment;
  • Background checks;
  • Changing salary;
  • Changing Department/ Job code;
  • Changing working hours;
  • Terminating a contract;
  • Process offers of employment etc. and processing work permits and visas where applicable;
  • Systems set up;
  • Processing payroll;
  • Processing benefits and expenses;
  • Arranging travel visas;
  • Organising training programmes; and/or
  • Other closely related reasons for ordinary personnel administration.

We may also use your Personal Data to:

  • Carry out research and analysis on you;
  • Track your performance and keep records of your development for the purposes of annual reviews;
  • Communicate any changes to our policies, procedures or to your contract including changes to salary);
  • Contact you or your dependants if there are any health and safety or absence issues (including long term illness and maternity leave);
  • Calculate any changes in your salary, bonus or commission; and/or
  • Retain contact information for the purposes of returning our property e.g. security cards, mobile phones, laptops, in connection with your departure from us.

5. Legal justification for processing (use) of your Personal Data as part of the recruitment process

The Personal Data you provide in your application and as part of the recruitment process will only be held and processed for the purpose of the selection processes leading to the selection of the successful candidate and, where relevant, in connection with any subsequent employment. Depending on the type of Personal Data that we obtain from you, we rely on one or more of the following lawful purposes (legal justifications) for our processing of your Personal Data:

(i) Processing of your Personal Data is necessary to establish a contractual relationship with you

Personal Data is collected to fill vacant positions and for the engagement and payment of employees, as follows:

  • To identify and evaluate candidature
  • In assessing skills, qualifications and interest against our career opportunities
  • To set up and conduct interviews and assessments
  • To evaluate, select and recruit applicants
  • To conduct recruitment assessments as required
  • To contact third party references provided by applicants
  • To evaluate applicant’s previous performances or as otherwise necessary in context of recruitment activities
  • To keep records related to our recruitment process

(ii) Processing of your Personal Data is necessary for us to comply with legal obligations

Legal obligations exist that require us to process Personal Data for prescribed reasons:

  • Complying with your information rights
  • Complying with candidates (data subjects) statutory responsibilities imposed by legislation. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax; social insurance; statutory sick pay; statutory maternity and paternity pay; paternity leave; and equal opportunities monitoring.

(iii) Processing of your Personal Data is based on your consent

Where you have given us permission in the form of consent (which you may withdraw at any time):

  • Using cookies in accordance with our Cookie Statement
  • Using special categories of data, or sensitive data

We do not normally rely on consent to support the processing of candidate related Personal Data. However, in exceptional cases where consent does apply (e.g. where you volunteer information to us that you participate in a discretionary extra-curricular activity), you will have the right to withdraw such information at any time.

(iv) Processing is necessary to protect your vital interests

Occasionally, it may be necessary to process Personal Data in order to protect a vital interest of an individual.

(v) To run our organisation on a day-to-day basis pursuant to a legitimate interest

We will only process your Personal Data for the purposes for which they were originally collected and your Personal Data will only be processed further for the following closely related business purposes:

  • Transferring the Personal Data to an archive;
  • Conducting internal audits or investigations;
  • Implementing business controls;
  • Protect our business, reputation, resources and equipment and manage the recruitment network systems, and information;
  • Conducting statistical analysis or research as required;
  • Preparing for or engaging in dispute resolution;
  • Provide security and prevent and detect crime including using CCTV at our premises
  • Manage and administer our legal and compliance affairs; or
  • Managing insurance issues.

6. Do we disclose your Personal Data to anyone else?

Personal Data may be disclosed internally when passed from one department to another in accordance with the data protection principles and this Privacy Statement. Personal Data is not passed to any internal department or any individual that does not reasonably require access to that Personal Data with respect to the purpose(s) for which it was collected and is being processed. Sensitive and/or restricted information shall have additional internal access restrictions as appropriate.

We shall disclose personnel information to third parties only when it is necessary as part of our business practices or when there is a legal or statutory obligation to do so. Categories of such third parties may include:

• Payroll;
• Bank;
• Pension provider;
• Health insurers;
• Human resource and recruitment partners; and
• Authorities to whom we are legally obliged to disclose Personal Data, e.g. law enforcement,
tax authorities, etc.

Whenever we disclose candidate Personal Data to third parties, we will only disclose that amount of Personal Data necessary to meet such business need or legal requirement. Third parties that receive Personal Data from us must satisfy us as to the measures taken to protect the Personal Data such parties receive.

Appropriate measures will be taken to ensure that all such disclosures or transfers of Personal Data to third parties will be completed in a secure manner and pursuant to contractual safeguards.

We may provide information, in response to properly made requests, for the purpose of the prevention and detection of crime, and the apprehension or prosecution of offenders. We may also provide information for the purpose of safeguarding national security. In the case of any such disclosure, we will do so only in accordance with the Data Protection Legislation.

We may also provide information when required to do so by law, for example under a court order. We may also transfer data to legal counsel where same is necessary for the defense of legal claims.

If there is any change in the ownership of NBI or any of its assets, we may disclose Personal Data to the new (or prospective) owner. If we do so, we will require the other party to keep all such information confidential.

7. Our Recruitment Partner

NBI utilises the services of Morgan McKinley (“MMK”) (https://www.morganmckinley.ie/) to provide specialised talent acquisition and onboarding of candidates for NBI. When providing these services to NBI, MMK is operating in a data processor capacity.

When providing these services, MMK uses a database system known as the Lumesse system (https://www.saba.com/uk) to store Personal Data on behalf of NBI. Saba Lumesse is a third party provider of this database system and when doing so, operates in a data (sub)processor capacity. Personal Data on this data system is hosted within the EEA (Germany) and is not accessed from outside of the EEA.

MMK complies with the Data Protection Legislation and have stringent privacy policies in place. For detailed information about MMK privacy policies and procedures please refer to https://www.morganmckinley.ie/about/privacy-policy.

NBI does not accept direct applications. When you apply via the NBI website you are connected to MMK.

Applications are currently made via our in writing or via e-mail.  You will receive written notification from us upon receipt of your application.  Your CV will be reviewed, and should your skill set and experience match a current vacancy, your application will be progressed to interview stage.  We hold applications and additional information which may be obtained during the course of the interview process, such as interview notes, education qualifications etc. electronically and/or manually.

All provisions of this Privacy Statement will apply to the processing of your application.  Your information may be shared with our agents or partners in connection with services that these individuals or entities perform for us, including recruitment agencies. These agents or partners are restricted from using this data in any way other than to provide specified recruitment related services to us.

8. How long do we keep Personal Data?

Personal Data will be retained pursuant to obligation under regulation, statute and legal obligation. The Irish Data Protection Commissioner considers a retention period of twelve months to be appropriate for Personal Data, where an applicant has applied for positions but has been unsuccessful. In the event that changes to regulation, statute and legal obligation are identified, then this policy will be updated. In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

For more information as regards our retention policy please refer to our Recruitment & Employee Records Retention Schedule.

9. How do we protect Personal Data about you when it is transferred out of Europe?

Countries in the EEA are required to have a similar standard of protection of Personal Data.  This is not always the case outside that area.  In limited circumstances, we may sometimes transfer data outside the EEA and before doing so take steps to ensure that there is adequate protection, as required by the Data Protection Legislation.  For example, if we use a third party service provider in the United States to process Personal Data on our behalf, we will ensure that the company is subject to a suitable data transfer mechanism approved by the EU to enable lawful transfers of such data.

10. How can you exercise your rights in respect of Personal Data we hold about you?

Under Data Protection Legislation, you have the following rights:

  • Right to request from us access to Personal Data, and to have any incorrect Personal Data rectified;
  • Right to the restriction of processing concerning you or to object to processing;
  • Right to have your Personal Data transferred to another employer or hiring organisation;
  • Right to have Personal Data erased (where appropriate); and
  • Right to information on the existence of automated decision-making, if any, as well as meaningful information about the logic involved, its significance and its envisaged consequences.

If you want to know what Personal Data we hold about you or exercise any of the above rights, you can do so by making your specific request in writing to the following address:  The Human Resources Department 3009 Lake Drive, Citywest, Dublin 24, D24 H6RR.

You can assist us in responding to your request by including any additional details that would help to locate your information – such as; the type of Personal Data involved, your customer account or reference number or the circumstances in which our recruitment process obtained your Personal Data.  NBI has templates available which may be issued to you to assist in responding to your request. .

We will confirm your request within 21 days of receipt and take action on your request within one month of receipt.  We may require you to provide validation information to support your request in which case the time frame will commence upon receipt of the relevant information. If the information we hold about you is inaccurate, we request that you advise us promptly so that we can make the necessary amendments and confirm that these have been made within one month of receipt of your request.

11. How do we protect your Personal Data?

We shall employ reasonable appropriate administrative, technical, personnel procedural and physical measures to safeguard Personal Data against loss, theft and unauthorised uses access, uses or modifications.  All Personal Data stored is either password protected or is locked away in cabinets.  Only a limited number of authorised personnel have access to this information. It is your responsibility to adhere to our workplace confidentiality and security policies and procedures.

12. How can you make a complaint to us about the use of your Personal Data?

Our data protection officer is responsible for advising NBI on compliance with Data Protection Legislation and monitoring its performance against it. If you have any complaints or concerns regarding the way in which NBI is processing your Personal Data, please contact the data protection officer:

Sana Khan
Data Protection Officer
E-mail: dpo@nbi.ie/sana.khan@nbi.ie

You also have the right to lodge a complaint with Ireland’s national data protection supervisory authority, the Data Protection Commission located at 21 Fitzwilliam Square South, Dublin 2, D02 RD28.

13. Review

This Privacy Statement will be reviewed from time to time and may, at the sole discretion of NBI, be amended and/or updated to take into account changes in the law and the experience of the Privacy Statement in practice. Where possible, any changes will be communicated to you or made available on this page and, where appropriate, notified to you by e-mail or when you contact MMK for  recruitment purposes.