Candidate Data Protection Standards

I.  OBJECTIVE

The objective of these Candidate Data Protection Standards (“Standards”) is to provide adequate and consistent safeguards for the handling of candidate data by P.  Murphy & Associates, Inc. (PMA).
The identifiable information about yourself that you provide to PMA in the context of applying for a position “referred to as Candidate Data” or “Data” will be used for recruitment purposes and the Candidate Data will be protected in accordance with PMA Standards outlined below and applicable law. 

By submitting your Candidate Data, you confirm and agree that:

•    You have reviewed PMA’s Standards and accompanying Data Privacy Statement;
•    PMA will process Candidate Data according to the recruitment purposes set out in the standards;
•    your Candidate Data will held and stored at PMA headquarters.

These Standards, unless noted otherwise, do not form part of any contract of employment, where applicable, offered to successful hires.

II.  SCOPE

These Standards apply to all Candidate Data received by PMA via our online submission process.

Processing/Processes refers to any action that is performed on Candidate Data, whether in whole or in part by automated means, such as collecting, recording, organizing, storing, modifying, using, disclosing, or deleting such data.

Candidate Data are defined as any identifiable information about you that you in the context of applying for a position with PMA.

These Standards do not cover data rendered anonymous or where pseudonyms are used.  Data are rendered anonymous if individual persons are no longer identifiable or are identifiable only with a disproportionately large expense in time, cost, or labor.  The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult.  If Data rendered anonymous become no longer anonymous (i.e., individual persons are again identifiable), or if pseudonyms are used and the pseudonyms allow identification of individual persons, then these Standards will again apply.

III.  APPLICATION OF LOCAL LAWS

These Standards are designed with the intention of providing a uniform compliant standard for PMA with respect to its protection of Candidate Data.  PMA is committed to fair information practices that are compliance with applicable, local law.  Where applicable law provides a lower level of protection of Candidate Data than that established by these Standards, then the requirements of the Standards shall apply. 

IV.  PRINCIPLES FOR PROCESSING CANDIDATE DATA

PMA respects the privacy rights and interests of each individual.  PMA entities will observe the following principles when processing Candidate Data:

•    Data will be processed in compliance with applicable law.
•    Data will be collected for specified, legitimate purposes and processed in ways compatible with those purposes. 
•    Data will be relevant to and not excessive for the purposes for which they are collected and used.  For example, Data may be rendered anonymous when feasible and appropriate, depending on the nature of the Data and the risks associated with the intended uses. 
•    Data will be accurate and, where necessary, kept up-to-date.  Reasonable steps will be taken to rectify or delete Candidate Data that is inaccurate or incomplete. 
•    Data will be processed in accordance with the individual’s legal rights (as described in these Standards or as provided by law). 
•    Appropriate technical, physical, and organizational measures will be taken to prevent unauthorized access, unlawful processing, and unauthorized or accidental loss, destruction or damage to Data.
 
V.  DATA COLLECTION

These Standards cover the various methods you may use to submit your Candidate Data to PMA depending on the position for which you are applying.  These methods may include but are not limited to: (a) e-mail or paper submission to PMA personnel; (b) online submittal of Candidate Data processed by a third party service provider into an electronic database accessible by PMA authorized personnel; or (c) via an PMA employment application.
 
PMA may periodically collect further information with your consent or in accordance with applicable laws.  For example, PMA may require additional information to perform background checks or obtain approvals which may be a condition to employment.  In addition, PMA may collect your feedback and opinions (e.g., surveys) for business purposes, such as improving processes.  You may respond to these surveys voluntarily or may elect not to respond and will not suffer reprisals for your decision not to participate in such surveys.  These Standards will be applicable to any further information collected including any responses to such surveys. 

VI.  PURPOSES AND ACCESS FOR CANDIDATE DATA PROCESSING

PMA processes Candidate Data for legitimate human resources purposes.  Such processing will be conducted within such purpose limitations and in accordance with applicable law.
 
Human Resources Purposes Include: Identifying and/or evaluating candidates for PMA positions; making a decision about whether the individual should be hired; maintaining appropriate record-keeping related to hiring practices; analyzing the hiring process and outcomes; and conducting background investigations, where permitted by law (the “Purposes”).

Your Data will be accessed and processed only by individuals who are involved in the hiring process at PMA and only with your express permission forwarded to client managers who have a legitimate position you have expressed interest in.

VII.  TYPES OF CANDIDATE DATA

Candidate Data that is processed includes:
•    Candidate status
•    Work history/job data
•    Education
•    Compensation
•    Employer feedback
•    Online questionnaire results
•    Candidate contact information
•    Previous addresses or names of the Candidate
•    Additional information provided by the Candidate (e.g., a cover letter)
•    References
•    Race and ethnic origin (optional as required by law)

VIII.  SPECIAL CATEGORIES OF DATA

To the limited extent PMA needs to collect any Special Data (such as data containing personal information such as state or national ID numbers, or other information regarding racial or ethnic origin, political opinions, religious or political beliefs, trade-union membership, health or medical records, or criminal records, where permitted by law), PMA will ensure that the individual is informed of such collection and processing.  Where required by law, the person’s consent to the processing and particularly to the transfer of such data to non-PMA entities will be obtained.  Appropriate security and protection measures (e.g., physical security devices, encryption, and access restrictions) will be provided depending on the nature of these categories of data and the risks associated with the intended uses.

IX.  SECURITY AND CONFIDENTIALITY

PMA is committed to taking appropriate technical, physical, and organizational measures to protect Candidate Data against unauthorized access, unlawful processing, accidental loss or damage, and unauthorized destruction.

Equipment and Information Security

To safeguard against unauthorized access to Candidate Data by third parties outside PMA, all electronic Candidate Data held by PMA entities are maintained on systems that are protected by secure network architectures that contain firewalls and intrusion detection devices.  The servers holding Candidate Data are “backed up” (i.e., the data are recorded on separate media) on a regular basis to avoid the consequences of any inadvertent erasure or destruction of data.  The servers are stored in facilities with comprehensive security and fire detection and response systems.
 
Access Security

PMA entities limit access to internal systems that hold Candidate Data to a select group of authorized users who are given access to such systems through the use of a unique identifier and password.  Access to Candidate Data is limited to and provided to individuals for the purpose of performing their job duties (e.g., a recruiter will have access to a Candidate’s contact information for the purposes of setting up an interview). 

Training

PMA will conduct training regarding the lawful and intended purposes of processing Candidate Data, the need to protect and keep information accurate and up-to-date, and the need to maintain the confidentiality of the Data to which employees have been given access.  Authorized users will comply with these Standards, and PMA entities will take appropriate disciplinary actions, in accordance with applicable law, if Candidate Data are accessed, processed, or used in any way that is inconsistent with the requirements of these Standards.

X.  RIGHTS OF DATA SUBJECTS

Any person may inquire as to the nature of the Candidate Data stored or processed about him or her by any PMA entity.  All such requests for access may be made by sending a request in writing to:

Phyliss Murphy, President
P. Murphy & Associates, Inc.
4405 Riverside Drive #105
Burbank, CA 91505

You may also contact the Senior Manager, Recruiting to ask questions regarding these Standards or your Candidate Data or withdraw your consent.  Any letters sent to the Manager for any other purpose other than the above will not be responded to and will be discarded.

If access or rectification is denied, the reason for the denial will be communicated and a written record will be made of the request and reason for denial.

If you demonstrate that the purpose for which the data is being processed is no longer legal or appropriate, the data will be deleted, unless the law requires otherwise.

If any Candidate Data is inaccurate or incomplete, you may amend your information by submitting a new resume/CV with the updated information (e.g., new home address or change of name).
 
In addition, you may send an email to [PMurphy@PMurphy.com] to withdraw your consent.

Transfers to non-PMA entities:

•    Selected Third Parties: At times based on legal requirements, PMA may be required to transfer Candidate  Data to selected external third parties that have been contracted to perform certain  employment-related or government compliance services on their behalf.  These third parties may process the data in accordance with the PMA’s instructions or make decisions regarding the data as part of the delivery of their services.  In either instance, PMA will select reliable suppliers who undertake, by contract or  other legally binding and permissible means, to put in place appropriate security  measures to ensure an adequate level of protection.  PMA will require external third-party suppliers to comply with these Standards or to guarantee the same levels of protection as PMA when processing Candidate Data.  Such selected third parties will have access to Candidate Data solely for the purposes of performing the services specified in their applicable service contract with PMA.  If PMA concludes that a supplier is not complying with these obligations, it will promptly take appropriate actions.

•    Other Third Parties: PMA entities may be required to disclose certain Candidate Data  to other third parties, including but not limited to governmental authorities (1) as a  matter of law (e.g., to tax and social security authorities); (2) to protect PMA’s  legal rights (e.g., to defend a litigation suit); (3) in an emergency where the health or security of a Candidate or Candidate Data is endangered (e.g., a fire); or, (4) for any other purpose required by local laws.

XII.  DIRECT MARKETING

PMA entities will not disclose Candidate Data outside PMA to offer any products or services to a Candidate for personal or familial consumption (“direct marketing”).  

XIII.  ENFORCEMENT RIGHTS AND MECHANISMS

PMA will ensure that these Standards are observed.  All persons who have access to Candidate Data must comply with these Standards. 

If at any time, a person believes that Candidate Data relating to him or her has been processed in violation of these Standards, he or she may report the concern to the Phyliss Murphy, President.