Privacy Policy for personal data

Last Updated: February 2024

This privacy policy (the "Privacy Policy") describes what personal data we collect and how we collect, use and process it, which is done in accordance with legal obligations. Your privacy is important to us. That's why we're committed to protecting and safeguarding your data privacy rights. We know that the text is long, but we encourage you to read this Privacy Policy carefully.

Below is a table of contents that, if you prefer, allows you to go directly to the relevant sections.

Some definitions

The following are first definitions of some of the terms used in this Privacy Policy.

In this Privacy Policy we will refer to you as the "Candidate" or "you", while when we talk about "we" or the "Company" we refer to Met T&S Ltd. The registered office of the Company is located in 75-77 Brook Street, W1K 4HX, London (UK). The Company is part of Maire Group (Maire) with registered office in Viale Castello della Magliana 27, 00148, Rome (Italy). Through its various companies and business lines, Met T&S Ltd also carries out various activities in the HR (Human Resources) sector such as personnel selection, placement, recruitment and selection, outplacement and international mobility.

To carry out its Activities, the Company uses various computer systems. In some cases, the Company makes available to its candidates/staff members a Portal that allows them to search for job vacancies advertised by the Company and its affiliates and in line with their interests, skills and/or experience, in the locations where they have expressed interest in working, as well as to submit their application.

Finally, this Privacy Policy explains how we process data relating to individuals, but does not deal with data relating to companies (although the two are sometimes the same). This information is sometimes referred to as "personal data," "personally identifiable information," or "IPI." In this Privacy Policy, we use the term "personal data" or "data". Finally, this Policy covers data about individuals, such as you and your family. It includes facts about you, but also opinions about yourself and/or your own opinions ("I'm passionate about football" for example).

What personal data does the Company collect and use?

The Company collects and uses the following categories of personal data, grouped as follows, to provide you with the best job opportunities tailored to your profile:

1. Identity Data means your name, username, title, place of birth, and proof of identity.
2. Contact Data means billing address, delivery address, email addresses and telephone numbers.
3. Qualification and Work Experience Data means your CV or resume, details of your education, training courses and traineeships, documents proving your right to work, and any other information contained in your CV or CV, photos and videos of your participation in an interview or training course via videoconference.
4. Social Media Data means profile data on social media such as LinkedIn and other information that you make public or otherwise share with us via social media.
5. Technical Data means the IP addresses from which you access the Portal and the products and services of MET T&S LTD or other parties, cookies (as indicated in the Cookie Policy), access data (such as time, date and duration), the type and version of the browser used to access the websites, apps and products and services of MET T&S LTD or third parties, the time zone settings and location of the device used, the types and versions of the browser plug-in used to access the Portal and the websites, apps and products and services of MET T&S LTD or third parties, the operating system and type of platform of the device used and the other technologies present on the devices used to access the Portal, to the apps, websites, products and services of MET T&S LTD.
6. Call Data means the number from which the call is made, the time, date and duration of the contact.
7. Profile Data means your username and password, interests, preferences, feedback, and survey responses.
8. Feedback Data means opinions made by our staff and third parties with whom or for whom you work, as well as other evaluation information; judgments made by you about others and about the Company and its services through satisfaction surveys or any other means of communication, feedback and survey responses.

In some cases, the personal data we collect also includes "special categories of data" (also known as "sensitive information"), referred to as Sensitive Data (i), which may include, as appropriate, information about any forms of disability and any necessary adjustments in the workplace. In some cases, we may also collect sensitive personal data, other than data relating to disability, only where required or permitted by and in accordance with applicable law.

Depending on the circumstances of the case as well as applicable local regulations and obligations, we may collect some of the above information in order to be able to offer you employment opportunities that are tailored to your situation and in line with your interests.

Why do we process your personal data and how long do we keep it?

Purpose of the processing	Type of data	Legal Basis for Processing Personal Data	Retention period
To provide you with the assistance you would like to receive, such as to find you suitable jobs/assignments to apply for, to help you with training, or to facilitate the application process for new jobs/assignments. This includes sending your CV to potential employers in order to bring them to their attention and keep you informed of future job opportunities via email, telephone, post and/or other means of communication;	Identity data Contact details Data on qualifications and work experience Social media data Profile data	Fulfilment of a contract or taking steps prior to entering into a contract Pursuit of our legitimate interest	Up to 36 months from registration or last activity on the Portal (but not limited to, last interview, job application, phone call or assessment).
to further develop and improve our website/Portal or our new or existing systems/processes in order to provide you with better services; This is done in the context of new IT systems and processes. Therefore, the information concerning you will be used for the testing of the aforementioned new IT systems or processes where the fictitious data is not able to perfectly replicate the functioning of that new IT system;	Technical data Profile data	Pursuing our legitimate interests in improving our systems	Up to 36 months from registration or last activity on the Portal (but not limited to, last interview, job application, phone call or assessment).
to carry out statistical and analytical studies and research, for example in order to compare the effectiveness of our candidate placement process with clients in different business sectors and in different locations and to try to identify factors that may influence any differences we identify;	Technical data Profile data Data relating to marketing communications	Pursuit of our legitimate interests in improving or developing our business	Up to 36 months from registration or last activity on the Portal (but not limited to, last interview, job application, phone call or assessment).
Transfer data to third parties in accordance with what stated below.	Any of the data categories listed above, where necessary	Pursuit of our legitimate interests in order to provide services and subcontract those services to third parties	Up to 36 months from registration or last activity on the Portal (but not limited to, last interview, job application, phone call or assessment).
Comply with our legal obligations.	Any of the data categories listed above, where necessary	Complying with legal obligations, such as keeping records for tax purposes or providing information to a government agency or law enforcement.	Up to 36 months from the registration or last activity on the Portal (but not limited to, last interview, job application, phone call or assessment) and any additional period provided for in accordance with applicable legal obligations
Promote the safety and security of people, premises, systems and assets.	Identity data Technical data Sensitive data	Pursuing our legitimate interests in order to ensure the safety and security of our business (and the people who work there)	Up to 36 months from registration or last activity on the Portal (but not limited to, last interview, job application, phone call or assessment).
Monitor compliance with internal policies and procedures.	Identity data Profile data	Pursuit of our legitimate interests in complying with internal policies and procedures.	Up to 36 months from registration or last activity on the Portal (but not limited to, last interview, job application, phone call or assessment).
Manage communications and other systems used by Maire Group (including internal contact databases).	Identity data Contact details Technical data Data relating to telephone calls Data relating to marketing communications	Pursuit of our legitimate interests in order to ensure the proper functioning of our systems	Up to 36 months from registration or last activity on the Portal (but not limited to, last interview, job application, phone call or assessment).
Investigate or handle incidents and complaints.	Identity data Contact details Data relating to telephone calls Sensitive data	Compliance with legal obligations, such as those provided for by labour legislation Pursuing our legitimate interests in resolving any incidents and complaints in accordance with our internal procedures.	Up to 10 years from the accident or claim, or for a longer period in the event of legal requirement.
Promote the training sessions internally and use their content	Identity data Contact details Data relating to marketing communications	Pursuing our legitimate interests (internally) for the purpose of training our candidates Consent (in the case of third parties)	Up to 36 months from registration or last activity on the Portal (but not limited to, last interview, job application, phone call or assessment).
In the case of photos and videos of the training sessions, to make an internal report of the training sessions that took place and the content covered (e.g. for internal updates) and also to market similar sessions internally and to third parties.	Identity data Contact details Data on qualifications and work experience Social media data Technical data Data relating to telephone calls Sensitive data	Consent	Until you revoke your consent.
Resolve technical issues related to calls on our networks.	Identity data Contact details Technical data Data relating to telephone calls	Pursuing our legitimate interests in resolving technical issues that affect our business	Until the technical problem is resolved.
To allow you to participate in video interviews and to proceed with identity verification through the online procedure	Any of the data categories listed above, where necessary	Fulfilment of a contract or taking steps prior to entering into a contract	Up to 36 months from registration or last activity on the Portal/Platform (but not limited to, last interview, job application, phone call or assessment).

How is your personal data collected?

The personal data we collect comes from application forms or other materials submitted by you, as well as from your interactions with the Company and others as part of the application process.

In some cases, the Company may decide to collect personal data even indirectly from third parties, such as recruitment agencies with which it collaborates, other entities of Maire Group if you have been transferred from them or from publicly available sources such as LinkedIn and Twitter in accordance with current legislation.

Are you required to provide us with the personal data requested?

You are not required to provide us with your personal data. However, if you do not provide us with the minimum information to be able to assess your suitability for an open job position at Met T&S Ltd, the Company will be unable to work with you or provide its services to you. In addition, if you choose to provide a small amount of personal data, we may limit the Services you may receive.

Do we transfer your personal data to third parties?

As indicated above, we normally disclose your personal data to third parties in order to pursue the purposes described above in the following circumstances:

• To suppliers. For example, we will entrust a supplier with the performance of administrative and operational activities that are useful for the purposes of the relationship with you. The supplier(s) will be subject to contractual and other legal obligations regarding data confidentiality and respect for privacy and will only have access to the data they need to perform their functions; These are generally IT service providers (who host or support the Company's IT systems, including information about you), location management companies (who are responsible for the physical security of buildings and therefore need to know your information in order to allow you to access the premises) and financial and accounting back-office service providers (who need to manage information relating to candidates in order to process debit and credit positions). We also use technology and IT service providers and solutions, including tools for conducting video conferencing interviews and skills assessment.
• To members of Maire Group and their subsidiaries (the "Members of Maire Group") inside or outside the European Union.
  • the data are shared with Maire Group Members who have IT functions at the service of Maire Group companies all over the world for the purposes described above. These IT functions are based in, among others, UK and Italy;
  • the data is also shared with Maire Group Members worldwide (including legal entities acquired after the data was collected) for the purposes described above or to offer you offers in line with your profile, if you have expressed interest in local or international opportunities in that market or where Maire Group Members believe that you may possess particular skills required or useful in that market.
• To our customers/potential employers. We will share data with our clients who offer positions/assignments that you may be interested in or who are interested in your profile. They are required to comply with contractual and data confidentiality obligations to both us and yours.
• To government authorities or law enforcement. If, in our sole discretion, we believe that we are legally required or authorized to do so or that it would be prudent to do so, we will share your data with governmental, law enforcement and regulatory authorities or law enforcement agencies.
• To potential sellers or buyers and their advisors. As part of due diligence in connection with or executing a merger, acquisition, or other business transaction, we may need to disclose your information to the prospective seller or buyer and their advisors.

Do we transfer your personal data abroad?

Your personal data may be transferred and processed in one or more countries, inside or outside the European Union.

We may transfer data to parties set out in the previous section that are located outside the European Economic Area or the United Kingdom:

• to countries that the European Commission or the UK National Data Protection Authority deem to offer an adequate level of protection under Article 45 of the UK and EU GDPR (a list of such countries can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en);
• where Maire Group has taken appropriate safeguards to try to preserve the privacy of your data (in respect of which it generally uses one of the forms of data transfer contract approved by the European Commission or the National Data Protection Authority of the United Kingdom, copies of which are available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_it and https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/). They are approved by the European Commission and the UK National Data Protection Authority pursuant to Art. 46 of the EU and UK GDPR.

By contacting us using the contact details below, you may request further information and obtain a copy of the relevant safeguards.

What are your rights with respect to your personal data?

In accordance with applicable data protection laws, you have the following rights:

• Right to access and obtain a copy of your personal data. You have the right to request confirmation from the Company as to whether your personal data is being processed. In this case, you will be able to access some of your personal data (via the Portal) and certain information on how it is processed. In some cases, you may ask us to provide you with an electronic copy of your data. In certain limited circumstances, you will also have the right to request from the Company the transfer ("portability") of your personal data, which will then be provided by us to a third party as per your request.
• Right to correct your personal data If you can prove that the personal data, we hold about you is incorrect, you can request that we update or correct it. Where possible, we recommend that you log in to the Portal and update your personal data directly.
• Right to be forgotten or to erasure of personal data. In certain circumstances you will have the right to request the erasure of your personal data. Such a request may be made at any time and it will then be up to the Company to determine whether it should be granted, without prejudice to the fact that this right is subject to the rights or obligations provided for by law in the event that the Company is required to retain data. If, in accordance with the law, it is determined that your request for erasure of your personal data should be granted, we will do so without undue delay. Please note that once you delete your data, the Company may no longer provide you with any services. If you wish to re-register, you will need to enter your details again.
  
  You can also erase your personal data after logging in to your digital profile in our recruitment digital system (https://careers.met-ts.net/Login):
  
  

If the processing of your personal data by the Company is based on your consent, you have the right to withdraw it at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. In the event that you withdraw your consent, we may not be able to provide you with certain products or services. We will inform you of this at the time you withdraw your consent.

In the event that you wish to exercise any of your rights contact us at the email address personaldata@sigmahrs.com.

Finally, you have the right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/make-a-complaint/) in case you believe that your personal data have not been treated in compliance with the applicable laws.

How is data security ensured when you use our systems?

You are responsible for keeping your access data to the Portal secure and, in particular, the password that has been provided to you or that you have chosen. These login credentials are for personal use. You may not share your credentials or other account information with anyone else.

How do we handle changes to this Privacy Policy?

The terms of this Privacy Policy may change from time to time. The Company will notify you of any material changes to this Privacy Policy by posting notices on the Portal.

Contacts

In the event that:

• you have questions or concerns about this Privacy Policy; or
• you would like to receive more information about how we protect your data (for example, when we transfer it outside of the country);

you can send an email to MET T&S Ltd at personaldata@sigmahrs.com.