The Onboard Spa
PRIVACY POLICY FOR CANDIDATES AND TRAINEES
Last
updated May 25, 2018
The Onboard Spa is committed
to protecting the privacy and security of your personal information.
This privacy notice describes how we
collect and use personal information about you during and after your
relationship with us, in accordance with the General Data Protection
Regulation (GDPR).
It applies to everyone who:
·
uses our website
·
applies through us for
roles with our group companies for work onboard spas at sea
·
is provided with
training by us.
It may also apply during the course of
your employment by one of our group companies as further explained below.
|
Introduction
We are responsible
for recruiting staff who want to work onboard in spas operated by our group
companies onboard cruise ships and we offer training to successful candidates
and in connection with that recruitment process and during any training
provided to you we will collect personal information from you.
If you are a
successful candidate and you are offered a role in an onboard spa, your
employment will be with one of our group companies, usually OneSpaWorld (Bahamas)
Limited, or on occasion with STO
Italy Limited and the privacy policy of your
respective employer company will then apply to the information they will hold
about you in connection with your employment. This policy will continue to
apply to the information you provided to us and to any further personal
information you may provide to us from time to time, for instance in connection
with any medical matter or application to work on a different vessel where we
deal with the process of transferring you to a different vessel.
Who we are
We are The Onboard Spa a company incorporated in England and Wales with company
number 00580061 and our registered office is at The Lodge, 92 Uxbridge Road,
Harrow Weald, Middlesex, HA3 6DQ. In this policy The Onboard Spa is
referred to as “we”, “us” or “The Onboard Spa”.
Our Contact Details
The
Data Protection Officer who has been appointed for the group of which we are a
member can be contacted by email at [email protected].
What is the
purpose of this document?
The Onboard Spa is a "data controller".
This means that we are responsible for deciding how we hold and use personal
information about you. You are being sent or asked to acknowledge or agree to
this policy because you are doing any or all of the following:
·
using our website;
·
applying for work with one of our group companies
for whom we act as a recruiter of staff;
·
traveling to our training facilities or to and
from vessels;
·
attending training offered by us;
·
joining or debarking a vessel.
This policy makes you aware of how and
why your personal data will be used, and how long it will usually be retained
for. It provides you with certain information that must be provided under the
General Data Protection Regulation ((EU) 2016/679) (GDPR).
Data protection
principles
We will comply with data protection law
and principles, which means that your data will be:
·
Used lawfully, fairly and in a transparent way.
·
Collected only for valid purposes that we have
clearly explained to you and not used in any way that is incompatible with
those purposes.
·
Relevant to the purposes we have told you about
and limited only to those purposes.
·
Accurate and kept up to date.
·
Kept only as long as necessary for the purposes
we have told you about.
·
Kept securely.
The kind of
information we hold about you
In connection with your browsing of our
website or applying online we may collect, store and use usage data including how you use our
website
In connection with your application for
work with our group, we will collect, store, and use the following categories
of personal information about you:
·
The information you have provided on our
application form, including name, title, address, telephone number, personal
email address, date of birth, gender, employment history, qualifications, passport
nationality.
·
Information provided to us by a recruitment
agent on your behalf including the information listed above and any curriculum
vitae and covering letter.
·
Any information you provide to us during an
interview.
·
The results of any tests you undertake as part
of the application or training process in order to determine the skills that
you have
We may also collect, store and use the
following "special categories" of more sensitive personal
information:
Information about
your health, including any medical condition, health and sickness records and
in particular the information necessary for undertaking the checks necessary
for a Pre Employment Medical Examination Certificate.
·
Information about criminal convictions and
offences.
How is your
personal information collected?
We collect personal information about
candidates from the following sources:
·
You, the candidate.
·
Recruitment agencies where your application is
forwarded to us from a recruitment agency.
How we will use
information about you
We will use the personal information we
collect about you to:
·
Assess your skills, qualifications, and
suitability for a role at an onboard spa with one of our group companies.
·
Communicate with you about the recruitment
process.
·
To offer and provide training at our training
academy to you and to record whether you have successfully fulfilled the
training requirements.
·
Provide your details to our group companies for
the purpose of our group companies employing you for a role in one of their
onboard spas.
·
Provide your details to the cruise lines on whose
ships our group companies operate to comply with legal or contractual requirements.
Those obligations include legal requirements to provide your name, nationality,
passport details, and medical information to the cruise lines on whose vessels
you will work.
·
To
administer and protect our business and our website (including troubleshooting,
data analysis, testing, system maintenance, support, reporting and hosting of
data)
·
To use
data analytics to improve our website, services, marketing, candidate
relationships and experiences
·
Comply with legal or regulatory requirements.
It is in our legitimate interests to
decide whether to recruit you for the purposes of providing you with training
since our business is the recruitment and training of staff for onboard spa
roles with our group companies and it is beneficial to our business and that of
our group companies for us to train staff who can on successful conclusion of
training be employed by our group companies to provide onboard spa services.
Necessary
for our legitimate interests (to define types of candidates, to keep our website updated and relevant, to
develop our business and to inform our marketing strategy).
Necessary
for our legitimate interests (for running our business, provision of
administration and IT services, network security, and in the context of a
business reorganisation or group restructuring exercise)
We also need to process your personal
information to decide whether to recommend to our group companies that they
recruit you and once you are recruited by a group company in order for them to
carry out a contract of employment with you it will be necessary for us to
provide the personal information that cruise lines require in respect of all
staff who work onboard their vessels.
Having received your application form we
will then process the information received to decide whether you meet the basic
requirements to be invited for an interview. If you are invited for an
interview we will use the information you have provided and the results from
any aptitude test that you take to decide whether you meet the requirements to
be offered training at our training academy. If you are offered and you accept
training with us we will use the information you have provided to us to provide
you with training, to assess whether you have satisfied the training
requirements and to recommend to our group companies whether you should be
offered work
If you fail to provide personal
information
If you fail to provide information when
requested, which is necessary for us to consider your application (such as
evidence of qualifications, medical certificate or work history), we will not
be able to process your application successfully. For example, if we require
references for this role and you fail to provide us with relevant details, we
will not be able to take your application further. If you fail to provide the
information or refuse to let us provide your information to a cruise line on
whose vessel you are to work our group company who employs you would be unable
to continue your employment as employment is conditional on the cruise line
being provided with information it requires from us by law and contract.
How we use
particularly sensitive personal information
We will use your particularly sensitive
personal information in the following ways:
·
We will use information about your disability
status to consider whether we need to provide appropriate adjustments during
the recruitment process, for example whether adjustments need to be made during
a test or interview.
·
We use information about your health
particularly with regard to whether you have been issued with an Employment
Medical Examination Certificate or not to determine whether we can offer
training to you and if your training commences before you have obtained an
Employment Medical Examination Certificate then in order to decide whether you
can successfully complete your training on the basis of the requirement to have
an Employment Medical Examination Certificate in order to have successfully
completed your training
Information
about criminal convictions
We envisage that we will process
information about criminal convictions as we are required by the cruise lines
for who we operate spas to obtain certain information from you in respect of
your criminal convictions history to ensure that there is nothing which makes
you unsuitable for a role onboard a cruise ship and in order that we can
confirm to the cruise line that this is the case. All information in respect
of criminal convictions is treated by us as sensitive personal information and
we ensure that the persons in our organisation with access to that information
is limited to only those persons who have a need to know it.
We do not provide the details of your
conviction history to the cruise lines where we consider your conviction
history will make you unsuitable for a role onboard unless we have warned you
we consider you are unlikely to be able to work onboard and we have obtained
your agreement to share this information with the cruise line. The information
you provide to us will be used by us to confirm to the cruise line that you
meet their requirements for a role onboard.
Additionally we store this information
separately to other information we hold in respect of you in order to ensure
that we can limit access to this information to only those persons who have a
need to know or access it. We review our storage and retention policies in
respect of documents and data from time to time and in doing so we consider and
will continue to consider whether the measures we have taken to keep this
information secure could be improved.
By agreeing to this policy you are
consenting to the processing of information about your criminal convictions as
described above.
If you want to
check what information we hold with regard to your criminal convictions history
or to request we delete the information we hold please contact us at
[email protected]
Automated
decision-making
You will not be subject to decisions that
will have a significant impact on you based solely on automated
decision-making.
Data sharing
Sharing of personal information with
third parties?
Our group of companies are required to
take appropriate security measures to protect your personal information in line
with our policies. We do not allow our third-party service providers to use
your personal data for their own purposes. We only permit them to process your
personal data for specified purposes and in accordance with our instructions.
Transfers outside the EEA
Whenever
we transfer your personal data out of the EEA including to our group companies,
we ensure a similar degree of protection is afforded to it by ensuring at least
one of the following safeguards is implemented:
·
We will only transfer your
personal data to countries that have been deemed to provide an adequate level
of protection for personal data by the European Commission
·
Where we use certain
service providers, we may use specific contracts approved by the European
Commission which give personal data the same protection it has in Europe.
·
Where we transfer
information between different entities in our corporate group we will use data
processing agreements which are based on the Standard Contractual Clauses which
are clauses which have been approved by the European Commission and by using
these we give your personal data the same protection it has in Europe.
·
Please contact us at
[email protected] if you want further information on the specific
mechanism used by us when transferring your personal data out of the EEA.
Cookies
Where you are accessing our website you can disable or
refuse cookies, but please note that some parts of this website may become inaccessible or not function properly.
How to provide or withdraw consent to the
installation of cookies
In addition to what is specified in this document, the
User can manage preferences for Cookies directly from within their own browser
and prevent – for example – third parties from installing Cookies.
Through browser preferences, it is also possible to delete Cookies installed in
the past, including the Cookies that may have saved the initial consent for the
installation of Cookies by this website. Users can, for example, find
information about how to manage Cookies in the most commonly used browsers at
the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet
Explorer.
With regard to Cookies installed by third parties, Users
can manage their preferences and withdrawal of their consent by clicking the
related opt-out link (if provided), by using the means provided in the third
party's privacy policy, or by contacting the third party.
Data security
We have put in place appropriate security
measures to prevent your personal information from being accidentally lost,
used or accessed in an unauthorised way, altered or disclosed. In addition, we
limit access to your personal information to those employees, agents,
contractors and other third parties who have a business need-to-know. They will
only process your personal information on our instructions and they are subject
to a duty of confidentiality.
We have put in place procedures to deal
with any suspected data security breach and will notify you and any applicable
regulator of a suspected breach where we are legally required to do so.
Data retention
How long will you use my information
for if my application/training is unsuccessful?
Where our system declines your
application immediately on receipt of your online application your information
will be automatically deleted and is not retained by us.
Where your application is declined other
than as set out above or if you do not successfully complete your training with
us we will retain your personal information for a period of six (6) months
after we have communicated to you our decision about whether to accept you as a
candidate for training or after we have communicated to you that you have not
successfully completed your training. We retain your personal information for
that period so that we can show, in the event of a legal claim, that we have
not discriminated against candidates on prohibited grounds and that we have
conducted the recruitment exercise in a fair and transparent way. After this
period, we will securely destroy your personal information in accordance with
our data retention policy.
How long will you use my information
for if I am successful?
We will retain your personal information for
so long as you remain an employee of a group entity and for further seven (7) years
after termination of your employment. We retain your personal information for
that period so that we can comply with our regulatory obligations including in
respect of Maritime Labour Convention and/or tax laws to which we are subject.
After this period, we will securely destroy your personal information in
accordance with our data retention policy.
Rights of
access, correction, erasure, and restriction
Your rights in connection with
personal information
If you
are a resident of the European Union (“EU”) or the United Kingdom (“UK”) you
may have certain addition rights as detailed below.
Under certain circumstances, by law you
have the right to:
·
Request access to
your personal information (commonly known as a "data subject access
request"). This enables you to receive a copy of the personal information
we hold about you and to check that we are lawfully processing it.
·
Request correction of the personal information that we hold about you. This enables you
to have any incomplete or inaccurate information we hold about you corrected.
·
Request erasure of
your personal information. This enables you to ask us to delete or remove
personal information where there is no good reason for us continuing to process
it. You also have the right to ask us to delete or remove your personal
information where you have exercised your right to object to processing (see
below).
·
Object to processing of your personal information where we are relying on a legitimate
interest (or those of a third party) and there is something about your
particular situation which makes you want to object to processing on this
ground. You also have the right to object where we are processing your personal
information for direct marketing purposes.
·
Request the restriction of processing of your personal information. This enables you to ask us to suspend
the processing of personal information about you, for example if you want us to
establish its accuracy or the reason for processing it.
·
Request the transfer of your personal information to another party.
If you want to review, verify, correct or
request erasure of your personal information, object to the processing of your
personal data, or request that we transfer a copy of your personal information
to another party, please contact us at [email protected] in writing.
Data protection
officer
The corporate group of which we are a
part has appointed a data protection officer (DPO) to oversee compliance with
this privacy notice. If you have any questions about this privacy notice or how
we handle your personal information, please contact the DPO at
[email protected] You have the right to make a complaint at any time to
the Information Commissioner's Office (ICO), the UK supervisory authority for
data protection issues.