Job Applicant Data Processing Notice
The Open Society Foundations (“Open Society”, “we”, “us”, “our”) are committed to upholding data protection laws and providing you with transparent information about how we deal with your data.
This Job Applicant Data Processing Notice (“Notice”) provides information about the data we collect from you when you apply for a role with us, what we do with it, how we retain it, the legal basis for this, and your rights as they may apply under relevant data protection laws.
The Open Society Foundations have offices located throughout the world. You can learn more about where we are located on our Offices and Foundations page.
In general, the data controller of your application will be the Open Society office managing your recruitment—usually the office where you’re applying for a role. Your application data may also be shared with other Open Society offices for certain positions or in certain cases—only for the purposes of facilitating your recruitment. Where your data is shared with another Open Society office, this will be in accordance with underpinning agreements (see the Data sharing and subprocessors section below).
If you have any questions or concerns about recruitment data processing, you can contact firstname.lastname@example.org.
What data we process, why and the legal basis for this
When you apply for a role with us, we collect the following information—a copy of your CV, a cover letter, your name, address, contact details, any languages you speak, whether you would require visa sponsorship for the role, and further information about your skills, education, experience, and links to social media accounts if you choose to provide these. We process this information on the basis of our legitimate interest in assessing your suitability for the role.
Your application will be assessed by Open Society staff and may be selected for interview shortlisting. During the interview process, further information will be collected from you about your work experience to determine your suitability for the role. We process this information on the basis of both our legitimate interest in finding a suitable candidate for a role and in preparation for entering into a contract with you for employment.
Offer and hiring
If you are successful during the interview and selected for a role, details of your references will be requested and your references will be contacted. If you require a working visa for the role, we will also collect further information to facilitate the visa process at this time. We process this information on the basis of preparation for entering into a contract with you for employment.
Under the GDPR, “special category” data includes information related to race, sexual orientation, political opinions and trade or union membership (see Article 9).
We do not request or require any special category data from you in the application process, however if you choose to share this with us, this is on the basis of your consent.
Data sharing and subprocessors
Sharing within the Open Society Foundations network
In order to facilitate your recruitment, your application may need to be shared between Open Society offices. Where this is the case, your data will always be appropriately protected and kept confidential in line with agreements that include international transfer safeguards where applicable.
We use the Workday platform to manage our recruitment process. We also work with certain carefully selected third-party service providers who perform data processing tasks on the basis of our legitimate interests in facilitating the job application process. These include travel agents, consultants, and cloud computing providers. These third parties are engaged by us on terms which ensure confidentiality and compliance with data protection laws. A list of the subprocessors we engage is available upon request.
International transfers of data
Where applicable, international transfer safeguards are in place to ensure your data is protected, for example the Standard Contractual Clauses issued by the European Commission.
Your application data will be retained for one year after it is collected on the basis of our legitimate interest in recording, reviewing, and evidencing the fairness of our hiring process. Where a successful candidate requires visa or immigration sponsorship, their application data, along with shortlisted candidates’ application data, will be retained for a period of up to five years in compliance with legal obligations on us.
With your consent, we will retain your data for three years to be considered for other potentially relevant roles. After this time, we will delete your data.
We retain some anonymized data for the purposes of reporting on and understanding our hiring process. This data relates to gender, country of application, and source of application, and is fully anonymized, aggregated, and cannot be linked back to any individual.
We take all reasonable steps to ensure that personal data is processed securely and treated in accordance with this Notice. The technical and organizational measures to prevent unauthorized access to personal data include limiting staff and subprocessor access to personal data in accordance with specific job responsibilities or contractual obligations, the encryption of data where possible, the institution of security protocols, and staff training.
Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to interception—for this reason, the transmission of any personal data to our websites or via email to us is therefore at the data subject’s own risk.
Please note that we will honor your requests to exercise your rights to the extent possible and required under applicable law. Certain of these rights may only be available to individuals who interact with our United Kingdom or EU offices and to individuals who are located in the United Kingdom or the EU.
As a data subject, you have the right to request access to, rectification or erasure of your data. In addition, you may object to processing, or withdraw your consent and you may also have the right to limit the processing of your data and the right to receive the data you have provided to us in a structured, commonly used and machine-readable format, or the right to have such data transmitted to a third party.
You also have the right to bring concerns to your national data protection regulator if you feel that your personal data has been unlawfully processed. For example, data subjects covered by EU law may also be entitled to lodge complaints in regard to data processing or the handling of subject access requests with the data protection supervisory authority in their country of residence. Relevant supervisory authority names and contact details are listed here for the EU and United Kingdom.