Fair Processing Notice

Fair Processing Notice

If you apply for a job or submit interest in certain job vacancies through Appcast, Inc. or APPCAST.IO LTD (“APPCAST”), APPCAST will collect and process your personal data as part of the selection and recruitment process. Your data will also be shared with companies to whose job vacancies you apply or submit interest. In accordance with the requirements of the General Data Protection Regulation (GDPR) this notice describes how we collect and use your data both during and after the recruitment process.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

For the purposes of the GDPR, APPCAST is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. As a data controller we are required under GDPR to notify you of the information contained in this privacy notice.

Your Data

In this section we outline the purposes for which we may process your data. For each ‘purpose’ we also list the types of data we may process and our legal basis for the processing of it.

Registration & Selection

  • Acknowledging your application or submission of interest
  • Determining your suitability for current and future vacancies
  • Alerting you to future vacancies

Types of personal data that may be processed:

  • Date & time of application
  • Personal data allowing identification : Title , surname, first name  and physical address 
  • Contact information : street address, telephone and email address
  • Data required to verify eligibility for vacancy: nationality (or immigration status), education, training, professional experience (prior jobs, tenure, employer name, contact details of employer, main tasks and responsibilities, linguistic and job related skills and competencies, current and prior salary, reason for leaving prior jobs)
  • Data included in application forms and your CV/ Resume  
  • Additional communication collected : cover letters , emails etc. where you personally express desire and suitability for a job vacancy  
  • Interview: candidates will be asked questions aimed at obtaining evidence of how they meet the requirement of the job vacancy. The same areas of questioning will be covered for each candidate and no questions will discriminate on grounds of race, sex, ethnic origin, religion, disability, age or sexual orientation. Candidate responses will be recorded in writing and may additionally be recorded electronically 
  • Admission tests: depending on the job vacancy, candidates may be requested to undertake tests targeted at identifying competencies deemed required or desirable for the job vacancy. The tests are designed not to create discriminatory bias based on grounds of race, sex, ethnic origin, religion, disability, age or sexual orientation. Test results will be recorded     
  • Data provided by third party placement firms, recruiters, job search websites to which you have affiliated.

Lawful basis for processing personal data:

  • To ensure equitable selection of the best candidate(s) for employment or service engagements based on  experience and ability (applying GDPR Art 6.1f – a legitimate interest)


  • Equal opportunities monitoring

Types of personal data that may be processed:

  • Information about your race or ethnicity, nationality, religious beliefs, gender, age, sexual orientation, political opinions
  • NOTE: you are NOT required to provide this information (other than when required by law) and therefore the supply of this data will be completely voluntary and a failure to provide will not affect your application

Lawful basis for processing ‘special categories’ of personal data:

  • We may use information about your race or nationality or ethnic origin, gender, age, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting with a view to preventing discrimination (applying GDPR Article 9 .2b and g).

Do we need your consent?

Under the GDPR, consent is not required if the processing is based on another ‘legal basis’ as listed in Article 6 GDPR. For each of the processing activities listed in this notice we have described which legal basis applies, such as for the performance of the contract with you, or to comply with a legal obligation, or necessary for the purposes of a legitimate interest of the Company. With regards to the latter and having taken into consideration the reasonable expectations of job applicants and we do not believe our legitimate interests are overridden by your interests or fundamental rights and freedoms

For ‘special categories’ of your personal information (health data, genetics, biometrics (where used for ID purposes), race or ethnicity, religious beliefs, sex life, sexual orientation, political opinions, and trade union membership) we ensure that the additional requirements of Article 9 GDPR are complied with.

For information about criminal convictions (and other ‘excluded party lists’), in accordance with Art 10 GDPR we may only use this data where the law allows us to do so. We do not envisage that we will hold information on criminal convictions, however there may be circumstances where the nature of a role requires us to request this information and if this is the case you will be provided with additional prior notification.  

If you fail to provide personal information

A failure to provide certain requested information may prevent us from completing selection and recruitment formalities.

Change of purpose 

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Will your personal data be subjected to automated decision making? 

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

  1. Where the answers that you provide to questions posed during the recruitment process can be used to automatically include or exclude you from consideration of a job vacancy.
  2. Where the frequency, mode, method or location of your submissions can be used to automatically include or exclude you from consideration of a job vacancy

If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes

Data sharing 

Your data will be accessed by individuals and companies involved in the selection and recruitment process for job vacancies to which you apply or submit interest.

Third parties

We may have to share your data with third parties, including third-party service providers and other entities in the group.

The following categories of third-parties will have access to your personal data:

  • Other APPCAST group companies
  • Third-party service providers involved with the processing, delivery, and retrieval of your data by the companies to whose job vacancies you apply or submit interest

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes, in accordance with our instructions and under the terms of a data processing agreement.

Note that in circumstances where you have first supplied your data to a third party, such as a recruitment agency, online employment service such as a job board, or social/professional network they will also operate as a data controller for the purposes of the GDPR and as such have their own responsibilities for the security of your data.

Transferring information outside of the EU

We may transfer the personal information we collect about you to countries outside the European Economic Area in order to perform our contract with you.

There is not an adequacy decision by the European Commission in respect of these countries, which means they are not deemed to provide an adequate level of protection for your personal information.

However, to ensure that your personal information does receive an adequate level of protection we have put in place relevant appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the laws on data protection.

You can contact us if you require further information about these protective measures.

The period for which data is stored 

The information collect during the selection and recruitment process will form part of your personal record and as such will be retained for 24 months commencing from the date that your application has been submitted.  At any time within this period, you have the right to request that your data be destroyed or returned to you.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may continue to use such information without further notice to you.

Data security 

When we process your personal data we will always apply the core principles of the GDPR to ensure it is:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us at: contact@appcast.io in writing and note in the subject line “GDPR Data Request – Please Forward to the Data Protection Officer”.

As stated above the processing of your personal data is based on legal basis other than your consent, however in the very limited circumstances where you may have provided your consent to the collection and processing of your data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at: contact@appcast.io and include in the subject line “GDPR Data Processing Termination Request – Please Forward to the Data Protection Officer”. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Contact details 

We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection Officer at the following email address:  contact@appcast.io and include in the subject line “GDPR Data Request – Please Forward to the Data Protection Officer”.

Raising a complaint 

If you are unhappy with the way in which your personal data has been processed you may in the first instance raise a complaint by contacting the Company using the contact details above.

If you remain dissatisfied then you have the right to apply directly to your local Data Protection Authority for a decision – contact details below:


Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Copyright © 2018 Appcast, Inc. All rights reserved.