Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Purpose 

This Data Privacy Policy sets out how Oceonix Services Limited ("Oceonix") handles the personal data of its Employees. 

Policy Details 

 

Oceonix’s obligations to you 

The Data Protection Principles  

The Data Protection Principles represent the key rules with which compliance is required and are the foundation for the design of our policies and procedures, including this Data Protection Policy. Oceonix strives to comply with all applicable laws designed to protect individual privacy, however, this Data Privacy Policy has been drafted in compliance with GDPR. Some of Oceonix’s obligations and the rights under GDPR identified in this document or any other policy, procedure or guideline may not be applicable to non-UK or non-EU Data Subjects, who will be subject to the rights available to them in their jurisdiction and as per the local data protection laws that may be applicable. This Data Privacy Policy does not override any applicable national data privacy laws and regulations in countries where Oceonix operates. A brief description of each Data Protection Principle under GDPR (the “Principles”) is set out below. 

  • Processing: Personal Information will be collected, used and processed by Oceonix fairly and lawfully. Individuals must not be misled as to the purpose for which their Personal Information is to be processed. 

  • Purpose: Personal Information will only be processed for the purposes outlined prior to, or at the time of collection; or following a revised notice for additional purposes added post collection. 

  • Adequacy: Personal Information shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is collected and processed. 

  • Accuracy: Personal Information will be kept accurate and up to date. 

  • Retention: Personal Information shall not be kept for longer than is necessary to meet legitimate operational, legal and regulatory requirements. 

  • Data Subject Rights: Personal Information shall be processed in accordance with the rights of Data Subjects, such as the right to request a copy of the data processed in respect to them. 

  • Security: Appropriate technical and authorised measures shall be taken to prevent unauthorised or unlawful processing of Personal Information and against accidental or unlawful loss, misuse, alteration, unauthorised access, theft, modification, unauthorised disclosure and destruction. No Employee will be permitted to access any Personal Information unless they are authorised to do so and have a valid business reason for such access. It is a legal requirement that any third party engaged to process any Personal Information on behalf of Oceonix (as further described under “collection of Personal Information” below) can only process such Personal Information under a contract with Oceonix which stipulates exactly how the Personal Information may be processed. 

  • Trans-border data flows: There are restrictions imposed by law on the transfer of Personal Information from a UK and EEA country to a country that does not have equivalent or adequate data privacy legislation. To enable such transfers, specific requirements have to be met which includes the EU Standard Contractual Clauses and, in some countries, approval of the local data privacy regulator may be required. 

In limited circumstances prescribed by law, Personal Information may be processed without complying with the above Principles. For example, it is sometimes possible to process Personal Information for crime prevention and detection purposes or national security without complying with all of the above Principles. Oceonix shall comply with GDPR and any other applicable legislation when carrying out such processing. 

Collection of Personal Information 

Personal Information may be collected or accessed in a number of ways, including: 

  • directly from the Employees (in writing or verbally); 

  • generated by Oceonix in conversations, correspondence, appraisals, etc.; 

  • received by third parties so that such third parties may, for example, administer the employment application process, benefits, payroll or provide other services for employment purposes on behalf of Oceonix; 

  • through the use of Oceonix facilities (including but not limited to, computer and telephony equipment, including mobile phone, smart phones and tablet devices, and software, including electronic messaging, e-mail and internet applications); 

  • through the use of Oceonix approved software when installed on the Employees’ own personal device (as detailed below under Personal Devices); and 

  • generated by Oceonix in reports, metrics or other statistical process. You should also be aware of the following: 

  • Access Cards/ Badges: for security purposes, entry to Oceonix buildings is controlled through use of access cards issued to Employees.  

  • Personal Devices: on a personal device, Oceonix only monitors the in-transit data, (‘in-transit data’ – data that goes to and from the device) that passes through a Certified Mobile Application. A ‘Certified Mobile Application’ is an application that has been vetted by Oceonix as safe to use and compliant with local legislation in the jurisdictions where it is available for download. Oceonix will also have access to limited device information required to allow a secure connection to Oceonix systems (such as the make of the device, operating system version, and language settings). 

  • Photographs: the photographic images collected may be accessible by Oceonix in any location when there is a legitimate business need; for example photographs may be viewed on screen by Oceonix building receptionists as a means of identifying Employees. Appropriate measures are in place to ensure the security of the image. Photographs processed for security purposes may not be used for other purposes such as an internal or external publication without the Employees’ prior consent. 

  • Monitoring of Employee Electronic Communications: Oceonix’s facsimile, internet, e-mail, instant messaging, telephone, voicemail and other facilities are intended for use in relation to business purposes and in general, should not be used for your personal activities. Reasonable occasional personal use of such facilities is permitted on the basis that: 

you understand that all use of such facilities may be subject to monitoring (as allowed by applicable local laws and legislation); 

your usage does not contravene any law, any Oceonix internal rule, procedure or policy, or the Code of Conduct; and 

your usage is kept to a reasonable minimum and should not interfere with your work commitments. 

A Systems Monitoring Notice is attached to this document as an Annex. All information collected as a result of the monitoring of systems and communications or any ancillary services as described in this policy and the Annex, will be stored, processed and accessed by Oceonix, its agents or authorised third parties worldwide in accordance with this Data Privacy Policy and any other relevant policy or procedure, as well as applicable laws, including the GDPR. 

Purpose 

When applying to join Oceonix and throughout your employment, Oceonix, its affiliates and agents, will collect and process Personal Information about you (which may include Sensitive Personal Information) where it is required (and permissible) to ensure compliance with any legal or regulatory requirement or for legitimate employment and business purposes only, which include, but may not be limited to, the following:  

Personnel management: including but not limited to the normal business practices related to the establishment, maintenance and termination of employment relationships, for example, the Employee’s application for employment, hiring, his or her role and function in the firm, Employee management and administration generally (including both before, during and after employment), pre- and ongoing employment screening and verification, administering benefits, administering personal short or long term compensation programs, conducting investigations, grievance and/or disciplinary proceedings, addressing employee relations issues and processing health insurance claims. 

Operations Management: including but not limited to establishment, performance and management of business activities of Oceonix, for example, maintaining and monitoring usage of internal networks and IT systems; 

Security Management: including but not limited to ensuring the security of the Oceonix premises and information held by Oceonix as well as the safety of Employees; 

Legal and Regulatory Compliance: including but not limited to obtaining and releasing Personal Information as required by law and/or regulatory reasons (e.g. tax, health and safety, anti- discrimination laws etc.), civil legal process or judicial authorisation and to maintain records that can include Personal Information, such as government identifiers, information relating to sickness, maternity or parental leave, pension and retirement, etc. 

Your Personal Information is collected and used in line with this Data Protection Policy and applicable laws. Failure to provide such Personal Information may result in Oceonix being unable to offer you employment. It is important that you notify HR immediately of any changes to your personal details.  

Personal Information sharing 

Oceonix will disclose Personal Information to its attorneys, regulators, including tax authorities, law enforcement agencies, courts of competent jurisdiction or other official bodies, with competency to regulate Oceonix and its affiliates anywhere in the world as Oceonix may, in good faith and at all times in compliance with applicable laws and regulations, consider necessary or desirable (or as may be mandatory due to, for example a local or foreign law, regulation or court order) for any purposes required including but not limited to: 

  • in connection with any legal proceedings, to obtain legal advice, or to establish, exercise or defend legal rights; and 

  • to comply pursuant to legal process or to any other foreign, regional or local legal or regulatory request or to cooperate with any regulatory, supervisory or governmental authority, institution or department; and/or to comply with legal, regulatory or self- regulatory requirements, or with the rules of professional associations, any local or foreign voluntary code or action, or internal policy we may adopt for good practice. 

Your Personal Information may also be disclosed if Oceonix has a right or duty to disclose the data or is permitted or compelled by law to do so in any jurisdiction in which Oceonix operates. 

Finally, Oceonix will disclose Personal Information to third parties based outside of the UK and the EU to assist with its business and HR functions. Any such transfers will be carried out by Oceonix in full compliance with this Data Protection Policy and applicable laws, including adoption of adequate safeguards under GDPR. 

When you leave the employment of Oceonixsome Personal Information we hold about you will be retained for various purposes according to the firm’s retention policy set out below under “accuracy and retention as required and/or allowed by law and regulatory obligations, including, but not limited to, the following: 

  • maintaining historical records; 

  • analysis of employment trends; 

  • monitoring of diversity statistics; 

  • provision of references to third parties; 

  • pensions administration; and 

  • purposes required by law or regulatory requirement. 

Accuracy and retention 

Oceonix will keep Personal Information for the minimum length of time required for its intended purpose set out in this Data Protection Policy. Once Personal Information is no longer required for that purpose, Oceonix will take steps to anonymise or destroy such Personal Information in compliance with GDPR[,][and] any applicable law [and Oceonix’s other policies and procedures] 

Oceonix will employ reasonable means to keep Personal Information accurate, complete, up-to-date and reliable for its intended use. With limited exceptions, Employees will be permitted to review and, where inaccurate, correct Personal Information. Oceonix will amend the Personal Information or, where the firm considers that the Personal Information is accurate the firm will include in the file the alternative text that the Employee believes to be appropriate alongside the original information. If it is determined that Personal Information needs to be updated or corrected, the firm shall use reasonable efforts to inform relevant third parties which were provided with inaccurate information in compliance with this Data Privacy Policy and applicable laws. 

Where Oceonix does not provide Employees with the ability to review their Personal Information in full, it will give reasons for refusing to do so and provide a contact point for further inquiries. Oceonix will, in any event, comply with all applicable local laws and regulations and ensure that Employees can review any Personal Information they have a right to access under the law applicable in their country of residence. 

Safeguarding Personal Information 

Oceonix will use appropriate administrative, technical, personal and physical measures to safeguard Personal Information against accidental or unlawful loss, misuse, alteration, unauthorised access, theft, modification, unauthorised disclosure and destruction. The firm will restrict access to Personal Information under its control to those employees, agents and contractors of the firm who have a legitimate business need for such access in accordance with this Data Privacy Policy, any other applicable policy or procedure and applicable laws. 

Your rights 

Oceonix will assist Employees in protecting their privacy and will provide Employees with opportunities to raise concerns about the processing of their Personal Information. Employees who have questions or who would like to raise concerns about the processing of their Personal Information should contact the HR team. 

Individuals may request a copy of the personal data held in relation to them by the firm. We may, where allowed by law, charge a fee for this. If any personal data is found to be wrong, the individual concerned has the right to ask us to amend, update or delete it, as appropriate. In some circumstances individuals also have a right to restrict processing or object to the processing of their personal data. To exercise any of these rights, Employees should contact a member of the HR team as above. 

Oceonix would appreciate the opportunity to resolve any complaint or concern of their Employees in relation to this Policy. However, Data Subjects have the right to contact a data protection supervisory authority of their choice at any time. In relation to EU Data Subjects, for a list of European supervisory authorities, please click here. In relation to UK Data Subjects, please contact the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues: 

The ICO’s address:             

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

Helpline number: 0303 123 1113 

ICO website: https://www.ico.org.uk 

 

Your Obligations to Oceonix 

All Employees are required to adhere to this Data Privacy Policy, which must be read in advance of commencing their employment or engagement (as applicable) with the firm. 

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.