MHI Group Privacy Notice for Job Applicants

Last updated March 24, 2023

Introduction

We take your privacy and the protection of personal data very seriously. We therefore ask that you read this Privacy Notice carefully as it contains important information about what to expect when we collect personal data about you, how we will use your personal data and what legal grounds we are relying on to process it.

This is the Group Privacy Notice for Job Applicants (Privacy Notice) for the global recruitment site of the MHI group (MHI Group) and includes the particular MHI Group entity you are applying to (we, our, or us).

This recruitment site is operated by Mitsubishi Heavy Industries EMEA, Ltd. (MHI-EMEA), a member of the MHI Group based in the UK (whose full details and contact information can be found in the ‘Contacting Us’ section at the end of this Privacy Notice). You can click here to see a list of MHI Group entities along with their contact details.

Laws protecting your data

Each member of the MHI Group is subject to different data protection laws, depending on where in the world it is located. As a result, the way in which your personal data will be used and your legal rights will depend on which member of the MHI Group you apply to and where it is located and, in particular, whether or not that entity is in the United Kingdom (UK) or in the European Economic Area (EEA).

Data protection in the EEA is governed by the General Data Protection Regulation 2016/679 (GDPR) and related national laws, and in the UK by the Data Protection Act 2018 (DPA 2018) and UK GDPR (as defined in the DPA 2018) (collectively, European Data Protection Laws). References to ‘Articles’ in this Privacy Notice are to Articles of (as applicable) GDPR or UK GDPR.

This Privacy Notice covers the MHI Group’s processing of personal data generally with respect to job applicants but also contains information which is specific to candidates from the UK or EEA, or individuals applying to MHI Group entities in the UK (including MHI-EMEA) and the EEA (including MHI-EMEA’s branches in Germany and the Netherlands).

What personal data we process

The information we collect about applicants will include information about your personal and contact details, as well as any information you provide to us (such as in resumes/CVs, cover letters, application forms), interview and application notes, references, information about your current employment and the applications you have made and, where appropriate and to the extent permitted by the applicable law, information from background checks. The information we process may also include special category data (such as health, religious or ethnicity information) as permitted by local applicable laws.

Our lawful basis for processing your data

When you apply using this recruitment site, your personal data will be sent to the MHI Group entity which is advertising the role you apply for. That entity will be the data controller of the personal data you provide during your application and will therefore be responsible for determining how and why your personal data will be used.

We will collect, process and disclose your personal data where necessary to perform pre-contractual steps taken at your request (being to process your job application with a view to possibly entering into an employment contract with you) (Article (6)(1)(b)). If you do not provide all the information we need in connection with your application then we might not be able to consider you for a job.

We will also process your personal data to the extent necessary to pursue our legitimate interests in managing and administering our recruitment process (Article 6(1)(f)) or, in certain cases (for example, health-related information about reasonable adjustments you require), to comply with our legal obligations under applicable legislation (Article 6(1)(c)).

In the event that, as required or permitted by the applicable law you provide us with any special category data (such as health, religious or ethnicity information) then the additional condition we will rely on to process such data is that it is necessary for us to carry out our obligations in the fields of employment and the safeguarding of your fundamental rights (Article 9(2)(b) and relevant provisions of related national UK/EEA laws).

Scope of this Privacy Notice

This Privacy Notice applies to all personal data you provide in connection with your job application and any information obtained from third parties such as prior employers, referees and further information obtained about you from any other sources.

We will process such personal data only for the purposes of carrying out the recruitment process. Your application and any personal data included therein will only be processed by the entities within the MHI Group which are involved in the recruitment process and, even then, only to the extent strictly necessary for that purpose.

How does the application system work?

Candidates can apply for a position within the MHI Group anywhere in the world using SuccessFactors, which is the MHI Group’s global workforce management system. Candidates can apply for a specific vacancy, a student position, or a position through the open applicant pool. If a candidate is an existing MHI Group employee, they can import information already stored in the SuccessFactors Employee Central system into their application.

Application information is stored in the central SuccessFactors database servers, which are located in Germany. MHI Group recruiters around the world will be able to match candidates with open vacancies within their respective MHI Group entities.

If you have previously applied for a role with a MHI Group entity through another means (for example, by email), your decision not to register with this recruitment site will not affect any previous applications you have made. However, for convenience and in order to ensure the safe delivery of your application, we recommend that you use the SuccessFactors online recruitment site where possible. You may also choose to submit an application by post by using the address of the relevant entity provided click here.

How will we use your data?

Your personal data will be used by the relevant entities in the MHI Group to assess your application, check references, verify information and (in some cases), as permitted by the applicable law, conduct credit, security and other background checks. If any vetting or checks are necessary you will be informed of these beforehand and we will only carry out such checks or seek references at the final stage of the recruitment process once you are selected for an offer of employment or as may be required by applicable laws.

We will not use your personal data to make decisions about you based on automated processing (including profiling) which could have a legal or other similarly significant effect on you.

Who has access to your data?

MHI Group recruiters and relevant managers in the MHI Group entities that you apply to will have access to your personal data.

International transfers

European Data Protection Laws generally prohibit personal data from being exported outside the UK or the EEA to any third countries unless such countries have been determined by the UK or the EU as offering adequate protection for personal data, appropriate safeguards are in place to protect the personal data, or a derogation (meaning an exemption) to GDPR applies.

Typically, when your personal data is transferred outside the UK or EEA it will be subject to the following conditions (International Transfer Protections):

  1. Applications to MHI Group companies outside the UK or EEA:
    In these situations we will transfer your personal data to the non-UK/non-EEA MHI Group company on the basis that it is necessary to do so in order for us to assess your application at your request with a view to them potentially entering into a contract with you. As this is an essential pre-contractual measure, the transfer will be based on a derogation from the GDPR (Article 49(1)(b)).
    The non-UK/non-EEA MHI Group company which receives your data will keep your information safe and adhere to the same high standards as the rest of the MHI Group when processing your personal data. However, you should be aware that not all countries outside the UK or EEA provide equivalent legal protection to personal data as that afforded by the GDPR and other European Data Protection Laws.
  2. Transfers to a country which has been recognised as providing adequate protection for personal data:
    Certain countries, including Japan, have been recognised by (as applicable) the UK or the EU as ensuring adequate protection for personal data under GDPR (Article 45). As SuccessFactors is a global database, personal data may be stored or processed by MHI Group companies and their service providers in Japan or other countries which ensure adequate protection for personal data.
  3. Appropriate safeguards are in place to protect your personal data:
    The continued operation of the SuccessFactors platform relies on services from MHI Group companies and their service providers around the world. Where these companies are located in third countries which are not recognised as providing adequate protection under GDPR, we ensure that appropriate safeguards (such as approved Standard Contractual Clauses for protecting personal data) (Article 46) are in place to protect your personal data.

In order to ensure the proper functioning of the SuccessFactors recruitment platform your personal data may need to be shared with other MHI Group entities and trusted third-party providers on a strictly as-needed basis for service delivery and maintenance purposes. As explained above, if such a provider is based outside (as applicable) the UK or the EEA then we shall ensure that your personal data is only transferred to them if there are International Transfer Protections in place.

We require all of the entities within the MHI Group, and any trusted third-party providers, that receive or have access to your personal data to treat it as confidential and only process it in accordance with the strict requirements of applicable UK, EEA and other data protection laws, regulations and other applicable legal safeguards (including the International Transfer Protections).

Your personal data will not be sold to third parties. If you wish to obtain further details of the safeguards we have in place for transfers concerning your personal data, please contact us using the details set out at the end of this Privacy Notice.

Your rights

Your legal rights as a data subject in relation to your personal data will depend on whether or not the MHI Group entity you are applying to is located in the UK/EEA or in another country.

If you apply to an MHI Group entity located in the UK/EEA to which the European Data Protection Laws apply then you will have the following rights in respect of your personal data:

  1. obtain a copy of your personal data in a commonly used format (Article 15);
  2. have your data corrected or updated (Article 16), (which you can do yourself as described below);
  3. have your data erased (Article 17) in certain circumstances;
  4. restrict how your data is used (Article 18) in certain circumstances;
  5. request your data be transferred to you or to a third party (Article 20) in certain circumstances; and
  6. object to your personal data being used (Article 21) in certain circumstances.

If you would like to exercise any of your rights, you can do so by contacting us using the details set out at the end of this Privacy Notice.

If the MHI Group entity you apply to is outside the UK or the EEA, then your legal rights will depend on the laws which apply in the relevant country. In this situation you should contact the local MHI Group entity’s HR Manager or recruitment contact, who will be able to assist you with exercising your data protection rights in that jurisdiction. If you do not have the relevant contact details for such individuals, then please contact us using the details set out at the end of this Privacy Notice.

We want to ensure that your personal data is accurate and up to date. If any of the information that you have provided to us changes, you will be able to amend, update and correct the information you have provided to us through the open applicant pool or by contacting us directly using the details set out at the end of this Privacy Notice.

How long will we keep your data?

We will keep your personal data for a maximum period of six months from the date that you last logged into the recruitment site. We may retain your data for a longer period of time where necessary to comply with our legal obligations or where we have other compelling legitimate interests or legal grounds for doing so (for example, to respond to ongoing requests or claims made by candidates). If you want us to erase your personal data before this time, you may delete your profile by logging into your account and selecting the ‘delete profile’ option. Please note, erasing your profile will only delete personal data stored in the SuccessFactors application system and will not, for example, erase emails or other correspondence between you and us.

Where you have a legal right to have your personal data erased and wish to exercise it, then please contact us.

Cookies

Cookies may be used to ease site navigation for visitors and to facilitate efficient registration procedures. Cookies are text files placed on your hard drive by a web page server. A web browser is part of your computer. These are usually set to accept cookies automatically but can normally be changed to decline them. If you are concerned about cookies, we suggest you modify your web browser setting. Please note, though, that you might not be able to use all site features without the use of cookies.

How will we secure your data?

We recognise our responsibility to protect the information and personal data you provide to us. We have implemented appropriate technical and organisational measures to ensure your information is kept safe, and use a variety of secure techniques to protect your information, including secure servers, firewalls, and encryption of application data and of your communications with our third party provider via the Internet. For more details on these measures, please contact us.

Modifications

We reserve the right to modify or amend this Privacy Notice at any time. The effective date of this Privacy Notice is displayed at the beginning of this notice. We may update you by email of any significant changes we make to this Privacy Notice but please check back periodically, and especially before you provide any personal data.

Contacting us

We welcome your views about our recruitment site and our Privacy Notice. If you have any queries or comments, please contact the HR Manager or other point of contact for the particular MHI Group entity you are applying for (whose details will usually be provided in the acknowledgement of your application). You can also click here to find contact details for the various entities in the MHI Group .

If you have a specific data protection query relating to recruitment by the MHI Group’s entities in the UK, or if you have not yet submitted an application and have a general data protection query you can e-mail us at [email protected], attention: Head of Legal.

European Data Protection Laws provide individuals with the right to lodge a complaint with the relevant data protection supervisory authority in the event of a breach of the law (Article 77). In the UK, the relevant authority is the Information Commissioner’s Office whose details can be found by visiting www.ico.org.uk. However, if you do have a concern or a complaint please contact us in the first instance at [email protected], attention: Head of Legal, and we will try our best to resolve it.

Each EEA country will have its own national data protection supervisory authority. This will generally be the supervisory authority in the country in which you usually live, work or where you consider that an alleged infringement of the GDPR has occurred. A list of supervisory authorities can be found on the website of the European Commission (click here).

Mitsubishi Heavy Industries EMEA, Ltd. is a limited liability company incorporated in England and Wales under company number 02282265, having its head office at Building 11, Chiswick Park, 566 Chiswick High Road, London W4 5YA United Kingdom. MHIE is registered as a data controller with the UK Information Commissioner’s Office under number ZA116343

Country-specific recruitment privacy notice addendum for United Kingdom

Notwithstanding the previous provision, the following provisions shall prevail for applicants if personal data is processed in the United Kingdom and/or the personal data is processed in context of an activity of an establishment of a controller or processor in the United Kingdom (in the following referred to as “UK Applications”).

What personal data we process, how will we use your data and our lawful basis:

To specify the information of the Group Privacy Notice for Job Applicants, we process the following categories of personal data for the following purposes on the following lawful bases:

Purpose of the processing Category of personal data processed for such purpose Lawful basis of the processing for UK Applications
Recruiting and processing your application for the position you applied for Any personal data you provided to us with your application and in the interviews (such as personal data included in resumes, CVs, cover letters, application forms, notes). Pre-contractual steps before an employment contract, Article 6(1)(b) UK GDPR;
legitimate interest in managing and administering the recruitment, Article 6(1)(f) UK GDPR; and
compliance with applicable (employment) laws, Article 6(1)(c) UK GDPR, Article 9(2)(b) UK GDPR, and Paragraph 1(1)(a), Schedule 1, Data Protection Act 2018.
Background checks See section about background checks below. Consent, Article 6(1)(a) UK GDPR and Paragraph 29, Schedule 1, Data Protection Act 2018.
[Informing you about future vacancies] [Any information you provided to us with your application and in the interviews (see above).] Legitimate interest in managing and administering recruitment, Article 6(1)(f) UK GDPR.
Defence against legal claims Any information you provided to us with your application and in the interviews (see above) or that we obtained in lawful background checks. Legitimate interest in defending legal proceedings, Article 6(1)(f) UK GDPR; and
defence of legal claims, Article 9(2)(f) UK GDPR.

How long will we keep your data?

Personal data relating to applications is stored for a period of 6 months from when the account was last accessed by the candidate, for the purpose of legal proceedings. Application data may be kept a period of up to 2 years in order to inform candidates about other opportunities that may be appropriate for them, or for further periods when the candidate has asked that we do so.

Background checks and data relating to criminal convictions and offences

For UK Applications we generally do not conduct criminal records checks, unless it is relevant and appropriate for the specific role and legally permissible. In such cases, we use your personal data to carry out our legal obligations.

Special categories of data in context of UK Applications

We only collect special categories of data if strictly required to comply with applicable laws.

Country-specific recruitment privacy notice addendum for Germany,Italy and Belgium

Notwithstanding the previous provision, the following provisions shall prevail for applicants if personal data is processed in Germany,Italy or Belgium and/or the personal data is processed in context of an activity of an establishment of a controller or processor in Germany,Italy or Belgium (in the following referred to as “German Applications”,“Italian Applications” or "Belgian Applications").

What personal data we process, how will we use your data and our lawful basis:

To specify the information of the Group Privacy Notice for Job Applicants, we process the following categories of personal data for the following purposes on the following lawful bases (whereas “BDSG” means the German Federal Data Protection Act (Bundesdatenschutzgesetz)):

Purpose of the processing Category of personal data processed for such purpose Lawful basis of the processing for German Applications Lawful basis of the processing for Italian/Belgian Applications
Recruiting and processing your application for the position you applied for Any personal data you provided to us with your application and in the interviews (such as personal data included in resumes, CVs, cover letters, application forms, notes). Pre-contractual steps necessary to decide about an employment contract Sec. 26 para 1 sentence 1 BDSG and compliance with applicable (employment) laws Sec. 26 para 1 sentence 1 and para 3 sentence 1 BDSG. Pre-contractual steps before an employment contract Article 6 (1) (b) GDPR; legitimate interest in managing and administering the recruitment Article 6 (1) (f) GDPR;
compliance with applicable (employment) laws (Article 6 (1) (c) and Article 9 (2) (b) GDPR).
Background checks See section about background checks below. Legal obligation necessary for employment-related purposes, Sec. 26 para. 1 sentence 1 BDSG. Legal obligation, Article 6 (1) (b) GDPR
Informing you about future vacancies Any information you provided to us with your application and in the interviews (see above). Consent Sec. 26 para 1 sentence 1 and para 3 sentence 2 BDSG. Consent Article 6 (1) a) or legitimate interest Article 6 (1) (f) GDPR.
Defence against legal claims Any information you provided to us with your application and in the interviews (see above) or that we obtained in lawful background checks. Carrying out the employment relationship Sec. 26 para 1 sentence 1 BDSG and defence of legal claims Article 9 (2) (f) GDPR. Legitimate interest Article 6 (1) (f) GDPR and defence of legal claims (Article 9 (2) (f) GDPR.

How long will we keep your data?

Generally we do not store personal data of German Applications, Italian and Belgian Applications for longer than 6 months, unless you consented to longer storage or longer storage is otherwise required by applicable laws or to establish or defend legal claims.

Background checks and data relating to criminal convictions and offences in context of German Applications, Italian Applications and Belgian Applications

For German Applications, Italian Applications and Belgian Applications, we generally do not conduct background checks and do not collect data related to criminal convictions and convictions, unless for the specific role collecting such information is relevant, appropriate given the nature of the role and legally permissible. In such cases, we use your personal data to carry out our obligations in respect of safeguarding.

For Belgian Applications, we delete background checks and criminal convinctions related data once the background check is performed.

Special categories of data in context of German Applications and Italian Applications

For German Applications and Italian Applications we only collect special categories of data if strictly required to comply with applicable law or to execute the employment law or following possible recruitment for other services and benefits offered to the employee.
No data about ethnicity is collected for German Applications and Italian Applications.

For Belgian Applications, we only collect special categories of data if strictly required to comply with applicable law, or when the characteristics of the position require certain information to assess the applicant's suitability.
Data about ethnicity may be processed for Belgian Applications for the purposes provided by the law. Should the processing of ethnicity data not be provided by law, we request your explicit consent to process such data and inform you of the purposes and with whom such data will be shared.
No data about religion is collected for Belgian Applications.

Contacting our data protection officer:

In addition to the means of contact in our Group Privacy Notice for Job Applicants you may also contact our data protection officer.

Country-specific recruitment privacy notice addendum for Austria

Notwithstanding the previous provision, the following provisions shall prevail for applicants if personal data is processed in Austria and/or the personal data is processed in context of an activity of an establishment of a controller or processor in Austria.

What personal data we process, how will we use your data and our lawful basis:

To specify the information of the Group Privacy Notice for Job Applicants, we process the following categories of personal data for the following purposes on the following lawful bases:

Purpose of the processing Category of personal data processed for such purpose Lawful basis of the processing
Recruiting and processing your application for the position you applied for Any personal data you provided to us with your application and in the interviews (such as personal data included in resumes, CVs, cover letters, application forms, notes). Pre-contractual steps before an employment contract according to Article 6 (1) (b) GDPR;
legitimate interest in managing and administering the recruitment according to Article 6 (1) (f) GDPR;
compliance with applicable (employment) laws according to Article 6 (1) (c) and Article 9 (2) (b) GDPR.
Background checks See section about background checks below. Legal obligation according to Article 6 (1) (c) GDPR or pre-contractual steps before an employment contract according to Article 6 (1) (b) GDPR.
Informing you about future vacancies Any information you provided to us with your application and in the interviews (see above). Consent according to Article 6 (1) (a) or legitimate interest in finding good employees accordint to Article 6 (1) (f) GDPR.
Defence against legal claims Any information you provided to us with your application and in the interviews (see above) or that we obtained in lawful background checks. Legitimate interest in defending against legal claims according to Article 6 (1) (f) GDPR and Article 9 (2) (f) GDPR.

Background checks and data relating to criminal convictions and offences

We generally do not conduct background checks and do not collect data related to criminal convictions unless for the specific role collecting such information is relevant, appropriate given the nature of the role and legally permissible. In such cases, we use your personal data to carry out our obligations in respect of safeguarding.

Special categories of data

We only collect special categories of data if strictly required to comply with applicable law or to execute the employment law or following possible recruitment for other services and benefits offered to the employee. No data about ethnicity is collected.

How long will we keep your data?

Generally we do not store personal data for longer than 6 months, unless you consented to longer storage or longer storage is otherwise required by applicable laws or to establish or defend legal claims.

Country-specific recruitment privacy notice addendum for Canada

If you are a Canadian resident applying for a position at a MHI Group entity located in Canada, then this section applies and provides you with further information about the way in which this entity handles and protects your personal data as well as any rights you may have with respect to your personal data.

How do we use your personal data?

In addition to the purposes listed in the Privacy Notice, the MHI Group entity may use relevant portions of your application information to establish and maintain your employment file, but only in the event a decision is made to hire you.

How do we manage consent?

By submitting information to us via the recruitment site or otherwise during the application process, we rely on your consent to collect, use and share your personal data as set out in this Privacy Notice, unless otherwise permitted under applicable laws. In some cases, your consent may be “implied”, meaning that your agreement is assumed based on your action or inaction at the point of collection, use or sharing of your personal data.

Where we rely on your consent to process your personal data, you may also have a right to withdraw your consent at any time, except in limited circumstances, including legal or regulatory requirements or as a result of our contractual obligations with you. If you choose not to provide us with certain personal data or if you withdraw your consent, where such withdrawal is available, we may not be able to process your job application or provide you with the information that you requested.

Where will your personal data be kept?

As we rely on the services of MHI Group entities and third-party service providers around the world to operate the MHI Group’s global workforce management system (i.e. SuccessFactors), your personal data may be transferred to other countries, including Japan, United Kingdom and America.

Although we employ contractual and other means to provide your personal data a comparable level of protection while it is being processed outside Canada, it may be subject to the laws of those other countries, including laws permitting or requiring information to be disclosed to foreign authorities, such as regulatory bodies and law enforcement in those other countries.

With whom do we share your personal data?

Personal data may also be shared in connection with the transfer of all or part of our operations, assets or activities to a third party, a merger with another entity, or another form of corporate transaction. In this case, we will comply with the legal requirements for the disclosure of personal data and ensure that the handling of your personal data complies with applicable laws.

Accessing and correcting your personal data

As a Canadian resident, you may have the right to access and rectify the personal data we hold about you in accordance with the laws applicable in the province in which you reside. If you believe that your personal data is inaccurate, incomplete or no longer up to date, or wish to access such personal data, you may send us a written request us at [email protected], attention: Head of Legal. We will respond to your request within a reasonable delay, in compliance with applicable laws.

Country-specific recruitment privacy notice addendum for Mexico

Notwithstanding the previous provisions, the following provisions shall apply when the personal data is processed in Mexico, on behalf of a controller located in Mexico, or by means located in Mexico.

Data controller

The data controller is Primetals Technologies Mexico S de RL de CV located at Carretera a Miguel Alemán km26 Parque Industrial Milimex, Apodaca, Nuevo Leon, México CP. 66637.

Purposes of the processing

We will process your personal data for the necessary purposes described in the section "How will we use your data?". In addition, we may use your personal data for the necessary purposes of establishing and maintaining an employment relationship with you, in case you are hired, to make the transfers specified in this addendum, to comply with legal obligations and requirements of the competent authorities, and where necessary to enforce or defend our rights, even before the competent courts/authorities. We may also use your personal data for the non-necessary purpose of informing you about future vacancies. You can always object to the processing of your personal data for "non-necessary" purposes by using the means set out in the "Contacting us" section or by contacting our Data Protection Officer as described below.

Our lawful basis for processing your data

We rely on the consent you provide us when you apply for a vacancy to process your personal data. We may also process your personal data based on an exemption to consent provided for by law (Art. 10 Federal Law on Protection of Personal data held by Private Parties).

Personal data may also be shared in connection with the transfer of all or part of our operations, assets or activities to a third party, a merger with another entity, or another form of corporate transaction. We require your consent for this transfer. When you provide us with your personal data for recruitment purposes you expressly accept this transfer. However, you may revoke your consent in accordance with the Section “Your rights” below.

Data transfers

As mentioned in the Section “International transfers”, we may transfer your personal data to MHI Group companies when necessary to assess your application. We do not require your consent to carry out this data transfer.

Personal data may also be shared in connection with the transfer of all or part of our operations, assets or activities to a third party, a merger with another entity, or another form of corporate transaction. We require your consent for this transfer. When you provide us with your personal data for recruitment purposes you expressly accept this transfer. However, you may revoke your consent in accordance with the Section “Your rights” below.

Your rights

In accordance with applicable law, you have the right to request access to your personal data, ask us to rectify or update your personal data if it is incorrect, incomplete, or outdated, request its cancellation or deletion, as well as oppose the processing of your personal data for non-necessary purposes or in other legitimate circumstances (known as ARCO rights). You also have the right to limit the use and disclosure of your personal data or to withdraw the consent you have given us for the processing of your personal data (if applicable). To exercise any of the above rights, you may send us your request through the means indicated in the "Contacting us" section or by contacting our Data Protection Officer as described below. You may also obtain further details on the applicable procedures by contacting us through the means indicated.

Data Protection Officer

In addition to the means of contact listed in this Privacy Notice, you may also contact our Data Protection Officer at [email protected] attention Ms. Fabiola Rosales, to exercise your rights or when you have any questions about our data protection practices.

Cookies

In addition to the information provided in this Privacy Notice with respect to the use of cookies, we inform you that the information collected by cookies is about your browsing habits, including your IP address, which may be considered personal data. As mentioned, we use these data to ease your site navigation and to facilitate efficient registration procedures. You may disable cookies through the configuration settings of your browser, for more information on how to disable cookies you can visit the following links: for Internet Explorer, for Chrome, for Mozzila Firefox.

Country-specific recruitment privacy notice addendum for Brazil

The following terms in this addendum to the Group Privacy Notice for Job Applicants dated [•] (“Privacy Notice”) (“Addendum”) apply apply in respect of our collection, use and disclosure of your personal data , if you are a job applicant applying to a member of the MHI Group in Brazil or if you are located in Brazil (collectively, “we”, “our”, “us”, as the case may be).

Unless the context otherwise requires, capitalised terms in this Addendum have the same meaning as in the Privacy Notice.

We may revise this Privacy Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Privacy Notice was last updated. Your continued participation in our job application process constitute your acknowledgement and acceptance of such changes.

What personal data we process, how will we use your data and our lawful basis:

To specify the information of the Group Privacy Notice for Job Applicants above, we process the following categories of personal data for the following purposes:

Purpose of the processing Category of personal data processed for such purpose
Recruiting and processing your application for the position you applied for Any personal data you provided to us with your application and in the interviews (such as personal data included in resumes, CVs, cover letters, application forms, notes) or that we obtained in lawful background checks.
Informing you about future vacancies Any information you provided to us with your application and in the interviews (see above).
Defence against legal claims Any information you provided to us with your application and in the interviews (see above) or that we obtained in lawful background checks.

WE MAY PROCESS SENSITIVE DATA SUCH AS HEALTH, RELIGIOUS OR ETHNICITY INFORMATION IF STRICTLY REQUIRED TO COMPLY WITH APPLICABLE LAW OR TO EXECUTE THE EMPLOYMENT LAW OR TO OFFER YOU EMPLOYMENT BENEFITS.

IT MAY BE NECESSARY TO REQUIRE YOUR CONSENT BEFORE PROCESSING SUCH INFORMATION. IN THOSE CASES, WE WILL CONTACT YOU TO ENSURE THAT YOUR CONSENT IS FREE, INFORMED AND UNAMBIGOUS, ACCORDING WITH LGPD.

Your rights

Pursuant to the LGPD, you have the right to:

  • Obtain confirmation that we process your data.
    In response to this request, we will inform you if we process your data or not.
  • Access your data.
    If you are interested, you can receive a report in which we present the data held by you that are processed by us.
  • Rectify incomplete, inaccurate or outdated data.
    If you consider that your data are incorrect, you can request the rectification, indicating what needs to be changed and why. It is possible that we request a proof to make this change.
  • Request the anonymization, blocking or erasure of data deemed unnecessary, excessive or processed in breach of the LGPD.
    If you consider that we are processing your data in an unnecessary and excessive manner or in breach of the LGPD, you can request that the data be anonymized, blocked or erased.
  • Request portability of your data to another service or product supplier, with due regard for our trade and industrial secrets, according to the regulation to be issued by the National Data Protection Authority (“ANPD”).
    You are the owner of your own data. Therefore, you can request that these data be transferred to another service or product supplier, according to ANPD’s regulation, provided that the trade and industrial secrets are respected.
  • Request erasure of data processed on the basis of your consent, except in the events of retention of data prescribed by law.
    If your data are processed based on consent, you may request the erasure of these data. However, the LGPD authorizes the preservation of data for fulfillment of legal or regulatory obligations; studies conducted by research bodies, ensuring, if possible, the anonymization; transfer to a third party and exclusive use by the controller, to the extent that the data be anonymized.
  • Obtain information about the entities with whom we share your data.
    You can request that we inform with which entities we share your data.
  • Obtain information about the possibility of refusing consent and the respective consequences.
    When the consent is used as legal basis for the processing of personal data, you are entitled to be informed about the possibility of refusing consent and the consequence of such refusal.
  • Withdraw your consent to the processing of your data.
    If your data are processed based on consent, you can withdraw this consent. With that, any processing of your data that is made based on consent will be interrupted.
  • Object the processing that violates the LGPD.
    If you consider that we are processing your data in violation of the LGPD, you can object this processing. The request will be carefully reviewed and, if we agree, the processing of your data that is in breach of the LGPD will be interrupted.
  • Request the revision of decisions taken solely based on the automated processing of your data.
    It is possible that decisions are taken based in the automated processing of your data. If this happens, you can request the revision of these decisions.
  • File a petition regarding your data with the National Data Protection Authority.
    If you consider necessary, you can file a petition regarding your data with the ANPD.

Before answering a request for exercise of the abovementioned rights, we can request that you provide us with some information to confirm your identity.

International transfer of personal data

We have a global business and our operations are spread around the world. As a result, we collect and transfer personal data on a global basis. That means that we may transfer your personal data to locations outside of your country / region. We will ensure that such transfer of your personal data takes place subject to this Privacy Notice and comply with applicable laws. For more information, please contact us using the details set out in “Data Protection Officer” section below.

Data Protection Officer

In case you, for any reason, need to contact us for matters involving your data, please, use the channel below:

  • Data Protection Officer (“DPO”): Mr. Murilo Moura GUINTHER
  • DPO’s email address: [email protected]

Country-specific recruitment privacy notice addendum for Singapore

The following terms in this addendum to the Group Privacy Notice for Job Applicants dated January 12, 2022 (“Privacy Notice”) (“Addendum”) apply in respect of our collection, use and disclosure of your personal data , if you are a job applicant applying to a member of the MHI Group in Singapore (collectively, “we”, “our”, “us”, as the case may be).

Unless the context otherwise requires, capitalised terms in this Addendum have the same meaning as in the Privacy Notice.

We may revise this Privacy Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Privacy Notice was last updated. Your continued participation in our job application process constitute your acknowledgement and acceptance of such changes.

1.Background

1.1 Subject to the data protection provisions of the Personal Data Protection Act of Singapore (No. 26 of 2012) (“PDPA”), our collection, use and disclosure of your personal data will be governed by the Privacy Notice read with this Addendum.

1.2 Without prejudice to any of the general terms in the Privacy Notice, if there is any inconsistency between the terms of this Addendum and the Privacy Notice, the terms of this Addendum shall apply to the extent of such inconsistency, provided always that where the terms of the Privacy Notice afford you a higher standard of personal data protection under any applicable laws, such term of the Privacy Notice shall apply instead.

2. Consent to Collection, Use and Disclosure of Personal Data

2.1 By proceeding with your job application with us, you expressly consent to the collection, use and disclosure of your personal data by us for the purposes of the PDPA. we reserves all our rights, including amongst others, not to proceed with your job application if you withdraw your consent to the collection, use and disclosure of your personal data. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for the purposes set out in the Privacy Notice by submitting your request in writing or via email to our data protection officer in paragraph 9 below.

2.2 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

3. Purposes of Collection, Use and Disclosure of Personal Data

3.1 We may collect, use and disclose your personal data for the purposes of the scope as set out in the Privacy Notice, and any purposes strictly necessary in connection thereto (including purposes and legitimate interests as provided for and in accordance with the PDPA).

4. Accuracy of Personal Data

4.1 We make reasonable efforts to ensure the personal data we collect from you is accurate and complete, in particular if it will be used to make a decision in relation to your job application with us.

4.2 You should ensure that all personal data you provide to us is accurate and complete. You may amend, update or correct your personal data in the manner set out in the Privacy Notice.

5. Access and Correction of Personal Data

5.1 You may access and/or correct your personal data in the manner stated in the Privacy Notice.

5.3 We will respond to your request as soon as reasonably possible. In general, our response will be within 10 business days. Should we not be able to respond to your access request within 10 business days after receiving your access request, we will inform you in writing within thirty 10 business days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

5.4 Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that our organisation has on record, if the record of your personal data forms a negligible part of the document.

6. Protection of Personal Data

6.1 Your personal data provided to us will be secured in the manner as set out in the Privacy Notice.

6.2 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures

7. Retention

7.1 We are permitted under the PDPA to retain your personal data for as long as:

(a) the retention of the personal data continues to serve any purpose for which it was collected; and

(b) we have a business or legal need for such retention.

7.2 In the event that retention of personal data is no longer necessary for any business or legal purposes or when the purpose for which the personal data was collected is no longer being served by the retention of the personal data, we will remove, destroy or anonymise the personal data.

8. Transfer of your Personal Data outside of Singapore

8.1 We will ensure that any organisation outside of Singapore (including any member of the MHI Group) which we transfer your personal data to for the purposes of processing your job application shall provide a standard of protection that is at least comparable to the data protection provisions of the PDPA.

9. Notification of Data Breach

9.1 We will notify the Personal Data Protection Commission of Singapore, being the regulatory authority administering the PDPA, in the event we incur a notifiable data breach as set out in the PDPA. We will also notify you of the occurrence of such data breach if you are affected by the same, in accordance with the PDPA.

10. Porting of your Personal Data

10.1 You may request for us to transmit your personal data that you have provided us to another organisation in a commonly used machine readable format in accordance with the PDPA.]

11. Data Protection Officer

11. 1 You may contact our data protection officer in respect of any request, queries or clarifications in connection with this Addendum at the contact details as set out in the Privacy Notice.

Country-specific recruitment privacy notice addendum for India

The provisions below supplement the information provided in the generally applicable portion of this Privacy Notice and apply solely to applicants applying to the MHI Group entity in India. This India-specific addedum provides additional information about how we collect, use, disclose and otherwise process the personal information of individuals, in accordance with applicable local law including the Information Technology Act, 2000 read along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

1.Consent

Through your acceptance of the terms of this Privacy Notice, you consent to the collection, storage, disclosure, processing and transfer of any special category data / sensitive personal data (as contemplated or defined under applicable local laws) for the purposes as disclosed in this Privacy Notice.

2.Grievance Redressal

If you find any discrepancies or have any grievances in relation to the processing of any special category data / sensitive personal data (as contemplated or defined under applicable local laws) of yours under this Privacy Notice, please contact our grievance officer at: [email protected], attention Ms. Nidhi Ray.

Country-specific recruitment privacy notice addendum for China

Notwithstanding the provisions of this Privacy Notice, if an applicant is applying to MHI Group Companies located in China (excluding Hong Kong, Macao, and Taiwan, such companies in the following referred to as “we”/“us”/“our”), the following provisions based on the Personal Information Protection Law of the People's Republic of China (in the following referred to as the “PIPL”) shall prevail for our handling of personal information of such applicants.

Purpose and method of handling personal information and types of personal information handled

In order to conduct recruitment activities, we may collect, store, use, transmit, provide, or delete the following types of personal information of applicants.

  • Name, contact information, residence, educational background, employment history, qualification information, gender, IDs such as identification card number and passport number, date of birth, health examination results and other data related to work capacity, certified photographs, nationality, ethnicity, salary level, and other information necessary for job application and recruitment.
  • Data on management, including access control by monitoring systems and surveillance cameras (video recordings, information on access, and time of information acquisition).

Among the types of personal information listed above,
IDs such as identification card numbers, passport numbers, etc., and data related to working capacity such as the results of medical examinations, etc.,
may be classified as sensitive personal information.
Such sensitive personal information is essential to confirm the identity and working capacity of applicants as part of recruitment activities.
In addition,
leakage or illegal use of sensitive personal information may cause disadvantages to the rights and interests of the individual (e.g., the individual's personal dignity may be violated, or the individual's personal or property safety may be endangered). To avoid such situations, we will take strict protective measures in handling sensitive personal information.

Provision and cross-border transfer of personal information to third parties

When providing personal information of applicants to a third party other than a contractor located in China to whom we entrust the handling of personal information, we will notify the applicant of the name or names of the third party, contact method, purpose and method of handling, type of personal information, and (if the third party is located outside of China) the method and procedure for exercising the rights stipulated by the PIPL against the third party, and will obtain individual consent from the applicant.
However, we may not obtain consent in situations where it is necessary to enter into or fulfill a contract with an applicant or in other situations where the PIPL does not require consent.

Country-specific recruitment privacy notice addendum for South Korea

If you are a South Korean resident, then this section applies and provides you with further information about the way in which your personal data will be handled and protected.

Laws protecting your data

Data protection in South Korea is governed by the Personal Information Protection Act (“PIPA”) and related laws and rules.

Transfer of personal data

Specifically, we provide personal information to or outsource the processing thereof to third parties as specified below.

 

  1. Provision of personal information to third parties
    Name of recipient Purposes of use and collection by recipient Items of personal information accessed by or disclosed to the recipient Period of use and collection
    N/A N/A N/A N/A

     

  2. Outsourcing of the processing of personal information to third parties
    Outsourced processors Outsourced tasks
    International Business Machines Corporation Operation of HR management platform "Success Factors"
    MHI Shared Services Americas Operation of HR management platform "Success Factors"
    Mitsubishi Heavy Industries Americas Operation of HR management platform "Success Factors"
    SAP Data storage and backup

When providing personal information of applicants to a third party other than a contractor to whom we entrust the handling of personal information, we will notify the applicant of the name or names of the third party, contact method, purpose and method of handling, type of personal information, and will obtain individual consent from the applicant.

Destruction and mandatory retetion of Personal data

The process and method for destroying personal information are set forth below.

  • Destruction Process

We select certain items of personal information to be destroyed, and destroy them with the approval of the Data Protection Officer.

  • Destruction Method

We destroy personal information recorded and stored in the form of electronic files by using a technical method (e.g., low level format) to ensure that the records may not be reproduced, while personal information recorded and stored in the form of paper documents would be shredded or incinerated.

If required to retain personal information pursuant to applicable Korean laws, such as those set forth below, we will retain personal information solely for the retention periods and purposes prescribed thereunder

  • Record of logins: 6 months (as required under the Protection of Communications Secrets Act)

Data Protection Officer

You may contact our data protection officer in respect of any request, queries or clarifications in connection with this Addendum at the contact details as set out below.

Name of the Data Protection Officer: Hyun Jin, Kang
Contact: [email protected] , 82-10-3936-9640