Candidate Privacy Policy

This notice ws last revised on 23 August 2018.

Purpose of this notice

At Ixaris Group (consisting of Entropay Ltd and Ixaris Systems Ltd), it is our priority to ensure that the data your share with us will treated with utmost confidentiality and we are dedicated to protect this information during our recruitment and selection processes.

With this notice, we aim to provide you with all the information you need to know about

  • How and why your personal data will be used?
  • How long this information is retained?
  • Any other information we may request for the purpose of this recruitment exercise.

If you are successful in the recruitment process, and you are chosen to work with us you will be then be given more information about our Privacy Policy for employees, workers and contractors.

Our Principles

As Ixaris Group is based in Malta and the UK, we are subject to EU Data Protection Legislation, including the GDPR, and to follow its principles:

  • Lawfulness, fairness and transparency
  • Purpose limitation and Data minimisation
  • Accuracy
  • Storage Limitation
  • Integrity and confidentiality
  • Accountability

The kind of information we hold about you

When submitting your application at Ixaris Group, we may also collect and process the following data about you to help in the recruitment process and other administrative purposes. We will only collect information that is required for the career opportunity you are applying for.

  • This may be information which is included in your CV (such as address, location, work experience history, education history etc).
  • We may also ask you some specific questions to help during our selection process which may differ from one role to another and are listed on the respective application form.
  • Should your application be successful, we will ask you for more information and background checks which are required for us to formalise your employment with us.
  • This information is necessary for us to prepare your employment agreement and without it, we cannot give you the position at Ixaris Group.


How is your personal information collected?

The majority of the information that we have about you is the information you give to us in your application. However sometimes we also get information about you from other sources.

  • To help us find the best people to join our Group, we look through professional networking and social media sites to identify people that have the skills and talents we value at Ixaris Group. To do this, we only look at information that is publicly available.
  • We also contact your referees to get a reference regarding your work history with them. This is so that we can understand more about you and your background. We only contact people that you have provided to us as references, and we will let you know when we are going to contact them.
  • We also use cookies on our websites in order to understand how people use our websites to help us improve it. This information does not identify specific visitors and is not used for employment evaluation purposes.


How we will use information about you?

We will use this information namely for the purpose of this recruitment exercise, that is, assessing your suitability for the role and communicate with you about the progress of your application. Also linked with this purpose, we may also use this information to:

  • Carry out background and reference checks, where applicable
  • Keep records related to our recruitment processes
  • Comply with legal or regulatory requirements
  • Comply with our obligations towards the recruitment agency which recommended you

For more information about our recruitment process, you may visit this our “Hiring Process” page, which will give you a step-by-step guide on what to expect once you submit your application with us.

Data sharing

We might share your personal information with the following third parties for the purposes of processing your application:

  • recruitment agencies (only when/if applicable)
  • other companies within the Ixaris Group
  • Occasionally we may receive a request to disclose information about you with law enforcement, regulators and supervisory authorities where we are legally required to do so.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

We will retain your personal information for a period of 12 months, from our last interaction with you, unless we have another lawful reason for retaining the information for longer. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.

If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.

Where we might send your personal data (geographically)

We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognised by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.

We will only consider transferring your data outside of the EU if the following conditions are met.

A transfer, or set of transfers, may be made where the transfer is:

  • Made with your explicit informed consent
  • Necessary for the performance of a contract between you and this organisation or for pre-contractual steps we need to take at your request
  • Necessary for the performance of a contract made in your interest between this organisation and another person
  • Necessary for important reasons of public interest
  • Necessary for the establishment, exercise or defence of legal claims
  • Necessary to protect your vital interests or those of other persons, where you are physically or legally incapable of giving consent

or

Made from a register which under UK or EU law is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register).

Data protection officer (DPO)

We have appointed a data protection officer to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your personal information, please contact the data protection officer, Ms Denise Vella on 27330092 or [email protected]

Your rights about your information

We respect the rights and freedoms of individuals and as such we would like to make you aware of the following. You have the:

  • Right to access – you can ask us whether we’re processing your personal data, including where and for what purpose. You can also request an electronic copy of your personal data free of charge
  • Right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal data
  • Right to rectification – you can ask us to correct inaccurate personal data we hold about you
  • Right to erasure (right to be forgotten) – in certain circumstances, you can ask us to erase your personal data
  • Right to data portability – you can ask us to provide you with a copy of your personal data in a commonly used electronic format so that you can transfer it to other businesses
  • Right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal data that produce significant legal effects
  • Right to lodge a complaint – you can lodge a complaint with us or your local data protection authority

To exercise your rights above please contact our Data Protection Officer, Data Controller or Company representative via any of the channels provided.

In some circumstances, we may request that you provide us with more information to be able to verify your identity.

If you are unhappy with the way your information has been handled at Ixaris group, please contact our DPO via any of the channels provided in this section.

You also have the right to lodge a complaint with our supervisory authority. Ixaris’s main establishment is Malta, thus its supervisory authority is the IDPC in Malta. Their contact details are as follows: https://idpc.org.mt/en/Pages/contact/complaints.aspxx.

Quick Links for exercising your rights:


Your right to object processing of data and withdraw your consent

We always rely on your consent to process your information. This means that you:

  • Have the right to object to us processing your data even when we do so for our legitimate interests. If you wish to object please contact our DPO.
  • Can also withdraw your consent to process your data at any time. This will mean that your application will be withdrawn from consideration for the role and your information will be deleted.