Recruitment Privacy Notice for Residents of the European Economic Area

 

1. Introduction.

We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. It is important that you read all of this Notice carefully as it sets out how Fiserv, Inc. on behalf of itself and its affiliated companies, including your prospective employer (collectively "the Company", “Fiserv, " "we" or "us") handles “personal information"? (information relating to an identified or identifiable natural person) that we hold about applicants who reside in Member States of the European Economic Area (collectively referred to as "you"). The term "applicants" is used in this Notice to refer to anyone who applies for a job role, joins our talent community, signs up for a job alert, or who otherwise seeks to carry out work with or for us (whether on a permanent or non-permanent basis).

If you are in any doubt, or have any comments or questions about this Notice, please contact us using the contact details set out at Section 9 below.

2. Types of personal information we collect when you apply

Information that we collect automatically

You can visit the recruitment section of our website https://www.careers.fiserv.com ("Website") and search for jobs without providing personal information. However, we do collect certain information automatically from your device when you visit our Website. For further information, please see the privacy notice that applies to the use of our Website at https://www.fiserv.com/en/about-fiserv/privacy-notice.html.

Personal Information collected from you

The types of personal information we collect and process when you apply for a job role, join our talent community or sign up for a job alert with Fiserv includes (but is not limited to):

• Identification data and contact details – including your name, address, email address, phone number and other contact information, gender, date of birth, nationality/ies, national identifiers (such as national ID/passport, social security number(s)).
• Employment history – such as previous employers and job titles/positions.
• Background information – such as academic/professional qualifications, job qualifications, education, details included in your CV/résumé (which might include details of any memberships or interests constituting sensitive personal information), transcripts and employment references.
• Details of your nominated referees (including their name, contact details, employer and job role).
• Details of your immigration/visa status.
• Previous applications/roles (information relating to previous applications you have made to the Company and/or any previous employment history with the Company).
• Other information captured throughout the process, including through assessment centres / exercises, interviews and any information captured through visitor logs and CCTV (security camera) systems.

As a general rule, during the recruitment process, we try not to collect or process any of the following: information that reveals your racial or ethnic origin, religious, political or philosophical beliefs or trade union membership; genetic data; biometric data for the purposes of unique identification; or information concerning your health/sex life ("Sensitive Personal Information"), unless authorised by law or where necessary to comply with applicable laws.

However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Information for legitimate recruitment-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring (for public interest purposes and in accordance with relevant law), to comply with anti-discrimination laws and for government reporting obligations; or information about your physical or mental condition to consider accommodations for the recruitment process and/or subsequent job role. You may provide, on a voluntary basis, other Sensitive Personal Information during the recruitment process.

In general, we will only collect Sensitive Personal Information where authorised by law or where necessary to comply with applicable laws.

Personal information collected from other sources

Usually you will have provided the information we hold about you but there may be situations where we collect personal information or Sensitive Personal Information from other sources. For example, we may collect the following:

• References provided by referees.
• Other background information provided or confirmed by academic institutions and training or certification providers.
• Criminal records data obtained through criminal records checks.
• Information provided by background checking agencies and other external database holders (for example credit reference agencies and professional / other sanctions registries).
• Information provided by recruitment or executive search agencies.
• Information collected from publically available sources, including any job boards, social media platforms you use or other information available online.

(in each case, where permissible and in accordance with applicable law).

3. Purposes for processing personal information

We collect and use this personal information primarily for recruitment purposes – in particular, to identify you as potential talent and gauge your interest in our open opportunities, determine your qualifications for employment and to reach a hiring decision. This includes assessing your skills, qualifications and background for a particular role, verifying your information, carrying our reference checks or background checks (where applicable) and to generally manage the hiring process and communicate with you about it.

If you are accepted for a role at Fiserv, the information collected during the recruitment process will form part of your ongoing staff member record and will be processed in accordance with our Staff Privacy Notice.

4. Who we share your personal information with and transfers abroad

We take care to allow access to personal information only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained.

Sharing with affiliated companies

We may share your personal information with Fiserv affiliates around the world in order to administer our recruitment processes and store data.

Sharing with third party service providers

We may make certain personal information available to third parties who provide services relating to the recruitment process to us, including:

• recruitment or executive search agencies involved in your recruitment;
• background checking or other screening providers and relevant local criminal records checking agencies;
• data storage, shared services and recruitment platform providers, IT developers and support providers and providers of hosting services in relation to our careers website, recruitment marketing and job alert notifications; and
• third parties who provide support and advice including in relation to legal, financial / audit, health and safety issues.

(ii) Sharing with other third parties

We may make certain personal information available to other third parties, including:

• public authorities, such as courts, government agencies, law enforcement authorities, national security authorities, and tax, immigration, health and safety authorities, in order to abide by our legal obligations and establish, exercise or defend against potential, threatened or actual legal claims, such as responding to a court order, subpoena, search warrant, government audit or other administrative or judicial process;
• third parties involved with the sale, assignment or other transfer of all or part of our business (as reasonably necessary);
• third parties that can assist to protect your vital interests or those of another person; and
• third parties for whom you have provided consent.

In some cases, the use and sharing described above may result in your personal information being transferred internationally, including from the European Economic Area to a country outside it (usually the United States, with some access as needed for support purposes by a Fiserv affiliate in India). These countries may have data protection laws that are different than the laws of your country (and, in some cases, may not be as protective).

However, for inter-Company transfers, we have entered into inter-Company agreements which implement the European Commission's Standard Contractual Clauses, which are available through the European Commissioner's website at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en, and which impose by contract the essential elements of EEA legal protections for personal information. Fiserv, Inc. and its affiliates also bind third parties outside the EEA with whom we share your personal information to contracts that include these clauses.

5. Legal basis for processing personal information

Our legal bases for processing personal information as described above include one or more of the following:

• our legitimate interests (as summarised above in Sections 3 and 4) (which are not overridden by your data protection interests or fundamental rights and freedoms, particularly taking into consideration the safeguards that we put in place, for example, those outlined in Section 4 above);
• to comply with applicable laws and regulations, including immigration and/or employment laws and regulations;
• to take steps prior to entering an employment contract with you, where you are considered for employment;
• in circumstances where you have made the data public;
• where we have your consent to do so;
• to protect the rights and interests of the Company, our employees, applicants and others, as required and permitted by applicable law; and/or
• where we consider that processing is necessary for reasons of substantial public interest, in accordance with relevant law.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided in Section 9 below.

6. Data retention periods

Personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Notice or as otherwise required by applicable law. Generally this means your personal information will be retained:

• in accordance with the retention periods set out in the Company's Staff Privacy Notice (where we employ or engage you); or
• for a period of 24 months after the last activity date on your candidate profile unless you request that we delete your application, except that back-ups of any information captured on our CCTV system and visitor logs will be retained for a longer period for security purposes.

7. Your data privacy rights

You may exercise the rights available to you under applicable data protection laws as follows:

• You may request to access, correct, update or delete your personal information by contacting us using the contact details provided below.
• You may object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information by contacting us using the contact details provided below.
• If we have collected and processed your personal information with your consent, then you may withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.)

8. Updates to this Notice

This Notice may be updated periodically to reflect any necessary changes in our privacy practices. In such cases, we will inform you, post a new notice here, and indicate at the top of the Notice when it was most recently updated.

9. Contact details

Please address any questions or requests relating to this Notice to GDPR@fiserv.com or alternatively, you can raise any concerns with your contact at the Company for recruitment.