global applicant/ recruitment privacy policy
About us - who is the Charlotte Tilbury group?
We are a global make-up, skin-care and perfume business, with stores around the globe, and with companies that run and operate the Charlotte Tilbury business across the globe. This includes companies in the United Kingdom, Germany, the Netherlands, the United States and Hong Kong. When we refer to the “Charlotte Tilbury Group”, we are referring to the wider global group of Charlotte Tilbury companies.
Your personal data may also be shared with the Charlotte Tilbury Group companies for recruitment opportunity purposes if you have specifically given us your consent to do so, for example, if you have expressed a desire to work in a particular country in which Charlotte Tilbury operates, and so, in this Applicant/Recruitment Privacy Policy, references to ‘we’ or ‘us’ means the relevant Charlotte Tilbury Group company.
If you want to know more about the Charlotte Tilbury Group, please get in touch with us using the contact details provided at the end of this Applicant/Recruitment Privacy Policy.
Who processes your personal data
When you apply for a role with us, or provide us with your details at a Networking Event, your personal data will be processed by the relevant Charlotte Tilbury Group company named in the table below. That Charlotte Tilbury Group company will be the data controller of any personal data that it processes and is responsible for deciding how it holds and uses the personal data about you. It is required to notify you of the data contained in this Applicant/Recruitment Privacy Policy.
If you would like to get in touch with any of the data controllers set out below, you can do so at the address specified below or by emailing: legal@charlottetilbury.com
When you apply for a role with (or provide your data to) a Charlotte Tilbury Group company in the following country: | The data controller will be: |
---|---|
United Kingdom and Ireland | Charlotte Tilbury Beauty Limited 8 Surrey Street London United Kingdom WC2R 2ND |
Germany | Charlotte Tilbury Beauty Germany GmbH Am Sandtorkai 68, c/o Field Fisher (Germany) LLP 20457 Hamburg |
The Netherlands | Charlotte Tilbury Beauty Netherlands B.V. Buiding 5 8 Surrey Street London United Kingdom WC2R 2ND |
United States of America | Charlotte Tilbury Beauty Inc. National Registered Agents Inc 160 Greentree Drive, Suite 101, Dover DE 19904 |
Canada | Charlotte Tilbury Beauty Canada Inc. 199 Bay Street, Suite 5300 Commerce Court West, Toronto ON M5L 1B9 |
Hong Kong | Charlotte Tilbury Beauty Hong Kong Limited 29th floor, Edinburgh Tower, The Landmark 15 Queen’s Road Central Central, Hong Kong |
Ensuring the lawful use of your data
We will collect various types of personal data from you during the application process or Networking Event. Further details of how we use your personal data are set out below.
We only process personal data about applicants, or attendees at Networking Events, where the processing can be legally justified. This will usually be where the processing is necessary:
- If your application is successful, to enter into and/or to perform the employment contract;
- To ensure compliance with our legal obligations as a potential employer, e.g. to ensure you have the right to work;
- With your consent; and/or
- For our legitimate interests (or those of a third party), provided your interests and fundamental rights do not override those interests, e.g.to process your application, for effective management of the recruitment process, to assess and confirm a candidate’s suitability for employment and to decide whom to offer a job. For further information, please contact us using the details in the “Contacting Us” section at the end of this Applicant Privacy Policy.
We also may need to process personal data from job applicants to respond to and defend against legal claims.
What personal data do we collect?
To decide whether to shortlist you as an applicant and to contact you in relation to your application, we will need to collect the following information about you up to and including the shortlisting stage of the recruitment process:
- Your name and contact details (e.g. address, home and mobile phone numbers, email address);
- Your curriculum vitae/resume; and/or
- Details of your qualifications, experience, employment history and the role(s) you are applying for.
- We will not be able to process your application without this data.
After the shortlisting stage, we will need to collect and process the following data about you to allow us to make our final decision as to whether to recruit you:
- Data regarding your academic qualifications;
- If necessary, your nationality and information from related documents, such as your passport or other identification information and, if applicable, your immigration status and other relevant immigration information; and
- Any other information you may send to us or we may make about you as part of the recruitment process including, for example: CVs, covering letters and interview notes.
We are under a statutory obligation to collect the information regarding your nationality and immigration status and information to enable us to verify your right to work in the country where the position or role that you are applying for is located.
We will only process personal data that we obtained from you. If we collect your personal data from another source, we will provide you with the specific source of the data.
Any offer of employment will be subject to satisfactory references, and if we would like to make an offer of employment to you, we will ask a reference agency, such as XREF, to contact you so that you and your referee(s) can provide us with your references. If your application is successful, we will use the data provided above to the extent necessary to administer your employment. Further details about how we will process your personal data pursuant to your employment is provided in our Employee Privacy Policy which will be provided to you during the onboarding process, and can be found on the Charlotte Tilbury intranet “Charlotte’s Web”.
In the case of personal data collected at Networking Events, we will collect (with your consent), your name, the town/city of your residence, your email address, your telephone number and any other details we deem necessary for the purposes of contacting you about any roles with us that we think that you may be interested in applying for.
We will notify you of any significant changes which are applicable to your personal data, but we would encourage you to come back and review this Applicant/Recruitment Privacy Policy from time to time.
At the beginning of a recruitment search or exercise, we may employ filters using key words/phrases relevant to a particular search or exercise, which may result in the automated rejection of some CVs or applications. We only do this in order to establish that candidates have the right to work in the country in which a role they have applied for is located. This automated decision-making is necessary in order to make a shortlist of possible candidates, with the intention of entering into a contract with an applicant. The applicant has the right to obtain human intervention, to express his/her point of view and to contest the decision based on the automated decision-making at any time. If you wish to exercise any of these rights, please get in touch via the “Contacting Us” section.
Special categories of personal data - sensitive personal data
Where applicable (and if you have specifically given us your consent), we will process sensitive personal data, like information about your disability status to comply with our obligations to consider whether we need to provide appropriate adjustments during the recruitment process or if you are subsequently offered employment with us.
Disclosure of your data
Only representatives of Charlotte Tilbury who need access to your personal data in order to meet the purposes set out in this Applicant/Recruitment Privacy Policy will have access to your personal data. People who will have access to your personal data include IT, the People Team and payroll.
If you have specifically given us your consent to do so, we will share your personal data collected during the application process with other Charlotte Tilbury Group companies for recruitment opportunities, (for example if you have expressed a desire to work in a particular country in which Charlotte Tilbury operates), and with third parties, for instance external reference agencies (such as XREF), psychometric or skills based testers (such as Recruitmenttests.co.uk) or other third parties who assist us with the recruitment process and, where applicable if you are going to be working in one of our retail partner department stores (such as House of Fraser, The John Lewis Partnership etc), we will disclose your personal data to those partner stores for the purposes of that store’s induction process.
We will also disclose your personal data to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our applicants and employees will be one of the transferred assets; and/or
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our agreements; or to protect the rights, property, or safety of us, our applicants, employees, customers and providers.
International transfer of your personal data
As we have identified above, we are a global business and some of the Charlotte Tilbury Group companies and third party service providers (such as XREF mentioned above) are located in countries outside of the European Economic Area. As a result, it may be necessary for the personal data that we collect from you to be transferred to or accessed from outside the European Economic Area in order for us to use your personal data for the purpose for which we collected it. If we do this, we have measures in place to ensure that your data receives the necessary protections. Any transfer of your personal data will follow applicable laws and we will treat the information according to the principles set out in this Applicant Privacy Policy.
If you would like further information, please get in touch with us using the contact details provided at the end of this Applicant/Recruitment Privacy Policy.
Where data may be held
Where you are an applicant for a role within the Charlotte Tilbury Group, your personal data will be held on Workable, an online, cloud based recruiting solution based in North America using Amazon Web Services (AWS). In the case of personal data collected at a Networking Event it will be held securely on our system on a Google Analytics platform.
Storage of your personal data
We will keep your personal data for as long as we need to in order to complete our recruitment process. Where permissible in accordance with local law, personal data relating to unsuccessful applicants will then be deleted at the latest 12 months following completion of our recruitment process, unless you have agreed to us retaining your personal data so that we can inform you of any suitable vacancies that arise in which case we may retain your personal data for up to 5 years. We comply with the applicable law in each jurisdiction so that if the period(s) of time in some jurisdictions are less than those set out above, we will observe those lesser time periods. You can, however, request the deletion of your personal data at any stage before then.
In the case of personal data that we obtain about you at Networking Events, with your consent we will keep this for a period of 12 months in order to send you updates about any job vacancies that we think that you may be interested in. You can, however, request the deletion of your personal data at any stage before then.
If your application is successful, we will keep only the recruitment information that is necessary in relation to your employment in accordance with our Employee Privacy Policy and our Data Retention Policy.
Security of your personal data
We are committed to ensuring that your personal data is secure and we have put in place suitable physical, electronic, contractual and managerial procedures, including our Information Security Management System, to protect your personal data. Our employees who have access to and process your personal data are obliged to respect the confidentiality and security of your personal data. We maintain security policies and procedures that apply to internal and third party systems.
Unfortunately, the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your rights
Subject to certain exceptions, data protection laws provide you with the following rights, to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing your personal data;
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected and completed;
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below);
- Request the restriction of processing of your personal data, for example if you want to establish its accuracy or the reason for processing it; and
- Request the transfer of your personal data to another party.
You also have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Where we rely on your consent to process your personal data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out below in the “Contacting Us” section. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you are dissatisfied with how we have handled your personal data, you have the right to make a complaint to your data protection regulator. In the UK, this is the Information Commissioner’s Office (“ICO”). You can make a complaint to the ICO by calling their helpline on 0303 123 1113 or on their website at www.ico.org.uk/concerns. In Hong Kong, this is the Office of the Personal Data Privacy Commissioner (“PDPO”). You can make a complaint to the PDPO by calling their helpline on 2827 2827 or emailing them at enquiry at pcpd.org.hk. In Holland, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), and you can call them on (31) (0)70 888 85 00 or write to them at Postbus 73374, 2509 AJ DEN HAAG.
We would, however, appreciate the chance to deal with your concerns before you approach your data protection regulator, so please contact us in the first instance.
Application of local laws
If local laws in a particular country require different or stricter standards for the processing of data than those described in this Applicant/Recruitment Privacy Policy, the relevant Charlotte Tilbury Group company will treat such data in accordance with local laws.
Contacting us
If you have any queries, comments or requests regarding this Applicant Privacy Policy or you would like to exercise any of your rights set out above, you can contact us in the following ways:
- By email at legal@charlottetilbury.com; or
- By post at General Counsel, Charlotte Tilbury Beauty Limited, 8 Surrey Street, London, United Kingdom WC2R 2ND