AXA job applicant Data Protection statement

This document is the AXA Insurance Job Applicant Data Protection Statement. It contains all the information you need to understand how we use your data in the job application process. We reserve the right to change this Data Protection Statement from time to time at our sole discretion upon notice to you.

1. Who we are

References to “AXA”, “us”, “our” and “we” mean AXA Holdings Ireland Limited and its subsidiaries, including AXA Insurance dac, AXA Group Services Limited and any associated companies from time to time.

If you have any questions about to how we use your data or any complaints, please contact us.

Data Protection Officer

Compliance Department

AXA Insurance dac

Wolfe Tone House

Wolfe Tone Street

Dublin 1

Telephone: +353 (0)1 471 1812

Email: Compliance@AXA.ie

2. Collection

In order to gather the personal data we need for the purposes set out in Section 3 – ‘Use of Information’ below, we may obtain personal information:

  1. from you verbally, in your CV or through forms or tests, through recruitment agencies or the company, website or social media platform where you submitted your application;
  2. from the referees you provide to us (with your permission);
  3. through searches whether online (via social media, media outlets, industry registers, etc) or otherwise.

3. Use of Information

We may use the personal data we gather for any or all of the following purposes:

The Purposes for which we use your data:
  1. to carry out the interview process, including verification of information, aptitude and psychometric tests, background checking and entering contracts with successful applicants;
  2. to verify your (or your representative’s) identity in any interactions between AXA and you (or your representative);
  3. for statistical analyses and the review and improvement of AXA’s recruitment processes, systems and suppliers’ performance;
  4. to carry out market research on our recruitment process;
  5. in order to store personal data and make back-ups of that data for disaster recovery purposes;
  6. for carrying out training, performance reviews and disciplinary processes in relation to our staff who carry out the recruitment process;
  7. to manage and investigate any complaints or claims made arising out of our recruitment process;
  8. for compliance with all relevant laws and regulations; and/or
  9. as set out in this document or any other applicable documentation (whether online or provided to you by or on behalf of AXA).
Legal Basis for processing:

The legal bases we rely on for using your personal data for each of the above purposes are as follows:

Legal BasesPurposes (letters correspond to the table above)
The processing is necessary for compliance with a legal obligation to which the controller is subject:b, e, g, h
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract:a, e
The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. AXA’s legitimate interest is:
  • c. to engage in activities to improve and adapt the processes, systems, etc we use in our recruitment process to ensure that they are effective and efficient;
  • d. to engage in activities to improve and adapt our recruitment processes and to ensure that our systems are effective and efficient;
  • f. to run its business efficiently, effectively and legally and to prevent any issues that may arise in the recruitment process from happening again;
Sensitive Categories of Data:

We may require information relating to any convictions you may have for any relevant criminal offences. Where requested, this information will be required for the performance of a contract, where authorised or required by law, in particular employment law (such as the Minimum Competency Code).

We may need to gather information relating to any health conditions you may have. Where we gather this information it will be done where authorised or required by law, in particular employment law (such as health and safety legislation).

In Northern Ireland, under the Community Background Information legislation, we need to gather data relating to the religious beliefs of all job applicants and provide it to the Equality Commission. Under these rules, where you do not provide us with the information we request, we are required to provide a reasonable indication based on the information at our disposal. The legal basis for this processing is that this is a legal obligation imposed on us in relation to the area of employment.

Effect of not providing information:

You may refuse to provide any personal data requested from you. However if you decide not to provide information requested, it may affect our ability to consider your application for the position in question.

4. Sharing of Information

The table below contains examples of the types of recipient we share personal data with. The exact categories of recipient change from time to time and may vary depending on the circumstances of the recruitment process.

CategoryRecipient
Your Representativesany party you have given us permission to speak to and other people or companies associated with you (for example a referee, a recruitment agency or a lawyer).
Our Representativesfor example our employees, agents and contractors including companies that provide services in relation to recruitment (recruitment agencies, online jobs boards, social media platforms, newspapers, relevant institute websites), aptitude and psychometric tests, market research, telecommunications (including phone, email and video conferencing), data storage, IT and IT security, complaints and claims handling, external auditors, other AXA Group companies, etc.
OtherState or government departments, bodies or agencies (for example our regulators).
International Transfers

On occasion we or a service provider may transmit certain aspects of your personal data outside the European Economic Area (“EEA”) to other members of the AXA Group or to other recipients. In such circumstances, we will ensure that such transmissions are carried out securely and in accordance with data protection law.

The non-EEA countries/companies to which personal data is sent include the United States of America and AXA Group companies based outside the EEA. Personal data may also be processed in various EU countries (such as Ireland and France) and the United Kingdom. If you provide information to us (for example, in your CV) that involves educational institutions, previous employers or references that are based in countries that are outside the EEA, your personal data will also be processed in those locations as part of our pre-employment checks.

AXA complies with the law regarding international transfers of data by various means, including by relying on adequacy decisions of the European Commission, which state that certain countries ensure adequate levels of data protection in their law, the European Commission’s standard data protection contract clauses or Binding Corporate Rules.

If you would like more information about the relevant safeguards involved in the transfer of personal data to countries or companies outside the European Economic Area, please visit the European Commission’s website on data transfers outside the EEA or contact our Data Protection Officer using the details in Section 1 'General' above.

5. Data Collected

The table below contains a list of some examples of the types of data we collect. The exact categories of data will change from time to time and may vary depending on the applicant and the role in question.

CategoryType of Data Collected
Personal DetailsName, address/Eircode, date of birth, contact details, proof of identity, passport and visa information (for non-EEA nationals requiring permission to work in Ireland and/or the UK), CCTV footage from our offices, answers and result of aptitude, psychometric or other tests any other details provided in your CV, during an interview or otherwise.
Employment and Education DetailsEmployment history, education, qualification and training details, membership status of any relevant bodies, any information required for compliance with the Minimum Competency Code and/or Fitness and Probity Standards, any other details provided in your CV, during an interview or otherwise.
Information obtained from sources other than youInformation about your education and employment from the relevant institution and the referees you provide to us, any information from searches we carry out.

6. Retention of Data

Generally we keep personal information for the following periods:

Type of InformationRetention Period
Individuals who go through a job application process and are unsuccessful or do not take up a job offer.Up to 2 years in the Republic of Ireland. Up to 4 years in Northern Ireland.
Individuals who provide unsolicited CVs.12 months (for consideration if a position comes up).

However in some limited cases we may need to keep your information longer. Examples of these situations may include system back-ups required for disaster recovery and for handling complaints or claims.

If you become a member of staff (whether temporary, permanent, direct employee, contractor or any other variation), our Staff Data Protection Statement will explain how your personal data will be processed.

7. Your Rights

As a ‘data subject’ you have the following rights:

  1. to withdraw consent where we are processing your information on the legal basis of consent;
  2. of access to the personal data concerning you that we hold and to be informed why and how we process that data;
  3. to require us to correct any inaccurate information about you (including missing details);
  4. of erasure/right to be forgotten, which means you have a right to have personal data concerning you erased;
  5. to data portability, which means you may request from us all personal data that you provided to us. You may also request that we send this data to another company or person;
  6. to object to the processing of your personal data, where we do so on the basis of a ‘legitimate interest’ (see the Legal Bases in Section 3 – ‘Use of Information’ above). We will then stop processing the personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your right or unless we need to use it in a legal claim;
  7. to restrict processing of your personal data where you feel that it is inaccurate, that we are processing it unlawfully or that we no longer need it or where you have invoked your right to object (as set out in Section 7 (f) above).

Please send all requests in writing to the Compliance Department (details set out at Section 1 'Who we are' above), together with enough information to allow us to deal with your request. It may take up to a month to process your request, with the possibility of an extension of another two months. If we have reason to refuse your request, we will notify you within a month of the refusal and the reason for it.

You also have the right to lodge a complaint with the Data Protection Commission. Their contact details can be found on dataprotection.ie.