Effective as of 22 March 2021
Contact Information: Mediaocean Systems Ltd, Blue Fin Building, 110 Southwark Street, London SE1 0TA UK; InfoSec&Compliance@mediaocean.com
Information we collect about you
When you respond to a Mediaocean job advert, or apply via the careers page on our website we will collect and pass your name, email address and other contact details to our Recruitment team. We will ask you to share CV details – work experience, education & qualifications etc.
We may also collect information that you allow us to access from a social networking profile that you make available to us as part of your job application. When we collect information from social media companies, they may provide us with your name and/or an identifier that the social media company has assigned to your account. We will only use this information in connection with your application process.
Before offering you a position at Mediaocean we’ll ask you to take an aptitude test; we will retain the results of your score. All job offers are contingent on your passing a background check. In the UK this will involve taking up your references.
If you are successful, and choose to accept the position at Mediaocean, HR will ask you for more information at that stage. This may include Sensitive Information. HR will provide you with full details of data protection for Mediaocean employees when you join the company.
How we store and share your information
Personal Information collected from applicants in the UK will be transferred from time to time to Mediaocean LLC and to our holding company, Vista Equity Partners, in the USA. Data transfer agreements (including the EU model clauses) have been put in place with these entities to ensure protection of Personal Information in line with European data protection requirements.
Mediaocean uses cloud-based software solutions for applicant tracking, background checking and aptitude testing. These run at Tier III, SOC1, SOC2, or ISO 27001 compliant data centers located in the USA. Mediaocean ensures that all Personal Information transferred by Mediaocean to the providers is covered by EU standard contractual clauses which govern the transfer, processing and use of the data and prohibit any further unauthorised onward transfer of the data. The Mediaocean recruitment team can provide further details on request.
We retain your Personal Information in accordance with Mediaocean’s Data and Document Retention Policies. These policies define retention rules based on the nature of the information and the purpose for which it is required. We destroy or dispose of all Personal Information securely when it is no longer needed. For successful applicants, we will retain the information you supply during application as part of your personnel file until after your employment is terminated; for unsuccessful candidates, we retain your information for 6 months.
How we keep your information secure
All information you provide to us is either stored on our secure servers at our data centre, or else in secure cloud solutions as described above. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or to use Mediaocean applications, you’re responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we’ll do our best to protect your Personal Information, we can’t guarantee the security of your Personal Information transmitted to our website; any transmission is at your own risk. Once we have received your information, we’ll use strict procedures and security features to try to prevent unauthorised access.
Logical access tools have been put in place to ensure that access to Personal Information is appropriately restricted. Administrative access to the information is restricted to authorized personnel. Physical and network security measures are in place to restrict access to the computing equipment. The security measures that we have in place to protect Personal Information are certified annually. We also obtain security reports from our cloud service providers to ensure that they are adhering to the required standards.
Your rights under this policy
- You have the right to ask us for confirmation of whether or not we hold any Personal Information about you. You may ask us about the purpose for which we hold the information, who we share it with and the criteria we use to determine how long to retain it. If your Personal Information is being held abroad, you can ask us how we’ve made sure that it will safeguarded. You may also ask us to provide you with a copy of your Personal Information that we hold, subject to confirmation of your identity (as long as this does not adversely affect the rights & freedoms of any other individuals). We will not charge you for providing this information, though we reserve the right to charge a reasonable fee based on administrative costs for any further copies.
- If you determine that the Personal Information we hold about you is incorrect, you have the right to ask us to correct the data we hold.
- You have the right to opt-out of any use of your Personal Information for marketing purposes by contacting us or by unsubscribing using the link provided at the bottom of our emails.
- You have a right, on certain grounds, to object to the processing of your Personal Information; you may also, on certain grounds, request erasure or restriction on processing of Personal Information. For more information about how to do this, please see the section on Complaints below.
- If you are not happy with the way that we have responded to a complaint, or with the way we are processing your Personal Information, you have a right to lodge a complaint with the Information Commissioner’s Office or your local Supervisory Authority.
We will cooperate with your local Supervisory Authority, for example the Information Commissioner’s Office and any other relevant government agencies, and law enforcement and judicial authorities in investigating any privacy complaints or suspected violations of privacy laws or Mediaocean’s privacy commitments, as well as in rectifying any noncompliant practices. Employees or contractors who violate the terms of these principles may be subject to disciplinary consequences up to and including termination of employment or termination or non-renewal of contract, in addition to any other legal measures that may be taken by Mediaocean, its clients, or the affected individuals and their representatives.
- Personal Information is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier, regardless of the medium or format in which the information is stored.
- Sensitive Information consists of Special Categories of Personal Data as defined by the EU General Data Protection Regulation, that is, information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health information, or sex life/orientation.
- A Supervisory Authority is an independent public authority which is established by an EU Member State in order to monitor the application of EU Data Protection law.
- A Third Party is an entity or person other than you, Mediaocean or its clients.