NEXPAY.ES is the controller of your personal data. This means that we are responsible for deciding how we collect, use, process, store and share your personal data as described in this Privacy Policy and will be responsible for complying with the applicable data protection laws in United Kingdom, under the Data Protection Act 2018, which the UK’s transported and implementation from the General Data Protection Regulation (GDPR) in the EEA this notice is provided to you as per the provisions of the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”) and the local data protections laws.
Personal data: means any information relating to an identifiable natural person (i.e. using information and data in order to directly or indirectly identify a specific person).
Processing: means any operation(s) which is performed on personal data (or on sets of personal data) whether or not by automated means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction.
NEXOPAY.ES respects your privacy and will treat your personal information as confidential. Accordingly, we are committed to taking all reasonable steps in order to protect and safeguard the privacy, confidentiality, security and integrity of your personal data. Moreover, any personal data that we collect about you will only be used for the purposes we have collected it for, or as allowed under the GDPR and applicable legislation.
This Policy is applicable to the processing of personal data regardless of the form/environment that the personal data is provided (e.g. via email, on paper, electronically, by phone or otherwise) and whether or not the Company process it by automated means of manually.
Data Protection Principles
We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Maintained only for as long as necessary for the purposes we have told you about (i.e. in relation to the recruitment exercise)
- Kept securely and protected against unauthorized or unlawful processing and against loss or destruction using appropriate technical and organizational measures.
Personal information we collect about you
When you apply for a job at NEXOPAY.ES, we will ask you to provide us with certain personal information about yourself so we can evaluate your application. We will process that information & data to decide whether you meet the requirements for the advertised job position and if you do, we will invite you for an interview. During the interview we will use the personal information & data you have provided us to decide whether to offer you the position.
If this information is not provided, our ability to consider you as a candidate may be limited and we may not be able to process your application further. You may also provide us with your personal information that we have not specifically requested (for example, your CV may contain information about your hobbies and social preferences). All information is provided on a voluntarily basis and you determine the extent of information that you provide to NEXOPAY.ES.
Personal Information
During your job application and/or the recruitment process we will collect, use and store the following categories of personal data about you:
- Personal Details: name, surname, date of birth, passport/identity number, gender, nationality, citizenship etc.;
- Contact Details: residential address, email address, telephone number, landline and fax number or any other contact information;
- Employment Details: employment background/history, including current profession, position(s) previously held, employers’ name(s) and address/location, work experience, skills, employment references etc.;
- Educational Information: degrees, diplomas, certificates, professional qualifications, transcripts, professional memberships, educational achievements;
- Background Information: credit history and/or criminal background screenings (where relevant to your application and permitted under applicable law);
- Tax Information: tax identification number (TIN), country of tax residence, social security number or other taxpayer information as necessary;
- Financial Information: salary, benefits, expenses, company allowances, bank account details etc.;
- IT Information: such as certain technical information from your visit to our website using “cookies” and other similar technologies. For more information, please refer to NEXOPAY.ES’s online Privacy Policy and Cookies Policy on our website;
- Telephone/audio/video recordings, email correspondence or any other form of communication with the Company (i.e., live chats); Any other information in your application or during your interview that you choose to share with us – such as personal preferences, hobbies, social preferences, etc.;
- Any other personal data provide to us by yourself, your referees and/or your recruitment agents (fi applicable);
Any personal data derived or contained in the supporting documents which are part of the application / recruitment process, including but not limited to:
- Proof of identity (i.e. passport / national ID);
- Proof of residence (i.e. recent utility bill less than 3 months old or bank statement);
- Your image in photo and/or video form derived from your KYC identification documents, or by visiting our Company’s premises for an interview, or by conducting a video call with any our employees as part of the recruitment process;
- Resident permit (if applicable);
- Working visa (if applicable);
- Clean criminal record;
- Bankruptcy certificate;
- Curriculum Vitae (CV);
- Cover letter (if applicable);
- Bank Details (i.e. bank name & country, account no, IBAN);
- Tax details (i.e. TIC, social insurance number, IR63 form);
- Recent pay-slips (at least two);
- Copy of academic qualifications / diplomas;
- Credit Reference Search);
- DBS and/or other Criminal Screening Checks);
- Reference letters;
Sensitive Personal Information
NEXOPAY.ES does usually not request or require sensitive personal information regarding religion, health, sexual orientation, or political affiliation in connection with your application. If you have a disability and would like us to consider accommodation, you may provide that information during the recruitment process in order to enable us to make appropriate adjustments.
For some countries, NEXOPAY.ES may also ask for information such as race, ethnicity or gender for the purposes of monitoring equal opportunity and to help NEXOPAY.ES assess whether a work permit and/or visa will be required in order to be employed. However, for the purposes of your application this information is voluntary. If you provide us with this information, it will not be considered in the hiring or selection process.
To the extent that you provide us with sensitive personal information (race, gender, ethnicity, political opinions or beliefs, membership of a trade union or political party, physical or mental health information, sexual orientation or information related to criminal convictions or offences), you expressly authorize NEXOPAY.ES to handle such information in accordance with this Privacy Policy.
Information from other third parties
From time to time, we may obtain information about you from publicly available sources or third parties. For example, we may conduct background screenings through a third-party service provider and verify information that you have in your application that relates to your past education, employment, credit and/or criminal history, as allowed by applicable law. We may also obtain certain personal information stored by third parties such as job-related social media sites (for example, LinkedIn). By authorizing NEXOPAY.ES to have access to this information, you agree that NEXOPAY.ES may collect, store and use this information in accordance with this Privacy Policy.
How NEXOPAY.ES uses and processes your personal information
NEXOPAY.ES will use and process your personal information based on one or more of the following legal bases and purposes:
- For recruitment, selection, evaluation and appointment of job candidates (temporary or permanent) for the job opening you have applied for and for subsequent job opportunities;
- To assess your skills, qualifications and suitability for the advertised position;
- To decide whether to enter into an employment contract with you;
- For general HR administration and management (in case you become a NEXOPAY.ES employee);
- To carry out satisfaction surveys (for example, to manage and improve the recruitment process);
- For application analysis such as verification of your employment reference(s) that you have provided, conduct background checks, reference checks and related assessments. Specifically, personal data are used to verify your identity, credentials, knowledge, experience, skills, ethics, integrity as well as to conduct checks to ensure that you do not have a criminal record. It should be noted that these checks are conducted by third-party service providers on our behalf and upon our request;
- To investigate any grievances or complaints you may have with any employees of the Company and to settle any disputes;
- To notify you about any changes to your employment terms, and/or to any other policies and legal documents which form part of the employment agreement (i.e. employee handbook, code of ethics, dress code etc.), or to provide you with legal notifications in relation to your employment status (i.e. awarding bonus, warning letters for misconduct, termination etc.);
- To comply with corporate governance, legal and/or regulatory requirements (for example, to monitor diversity requirements), including court orders, policy investigations, request from the Company’s regulatory or other competent authorities (i.e. MOKAS);
- To communicate with you and to inform you of current status of your application and future opportunities (unless you have told us that you do not want us to keep your information for such purposes).
If it is necessary to use your personal data for any other reason which is not outlined above, then you will be duly informed. Before we can proceed with your job application, you will be asked to confirm whether you agree with this Privacy Policy.
Profiling and automated decision making
NEXOPAY.ES may also process your personal data in relation to your application for data and statistical analysis. We may deploy specific technologies for the purposes of enabling certain global-level recruiting analysis and diversity monitoring with your consent (where permitted by applicable law) to comply with legal requirements or in NEXOPAY.ES’s legitimate interests. NEXOPAY.ES does not make any automated decisions in relation to your application without human involvement.
Who does NEXOPAY.ES share your personal information with?
Any personal data or other confidential information that you provide to the Company will be treated as confidential and it will not be disclosed to any third parties, unless such a disclosure is necessary for the purposes described herein.
Below are the cases under which we will disclose your personal data and why:
(i) Other NEXOPAY.ES group companies
Your personal information may be shared for the purposes described above with other companies within the NEXOPAY.ES Group (i.e. mother company, subsidiaries, sister companies, branches, representative companies and its respective employees in order to contact you for the outcome of your job application, to inform you of future job opportunities, to complete the recruitment process, to evaluate your suitability for the advertised position, conduct background checks and fulfil our contractual obligations as per the terms of your employment agreement etc.). It should be noted that all the group entities and our employees are required to follow our privacy and security protocols when handling personal data;
(ii) Third party service providers
We may also share your personal information with third parties who provide services to us such as recruitment agencies, consultants, background services, fraud prevention agencies, identity verification providers, banks or other financial institutions, internal auditors, external auditors, legal advisors and attorneys; or any other service providers which are necessary to fulfil our contractual obligations under your employment agreement or ancillary to it (i.e. accounting systems to process salary payments, insurance companies for our medical insurance schemes, external training providers, event organizers, travel agencies, car rentals etc.).
If your personal information is shared in this way, NEXOPAY.ES do so only on a “need-to-know” basis and we will seek to ensure it is only used in connection with the functions or services these parties will be performing for NEXOPAY.ES and that your personal information is treated by them in a confidential manner. We do not allow our third-party service providers to use your personal data for any other purposes or for their own purposes, apart from the ones we they have been contracted for and we instructed them for.
These service providers that NEXOPAY.ES uses may change depending on the NEXOPAY.ES entity that employs you and may change over time but we will always seek to ensure that any third parties who handle your personal information will do so in a manner consistent with this Privacy Statement and in accordance with applicable law. Moreover, all our third-party service providers are required to take appropriate security measures to protect your personal data and prevent any data breach.
(iii) Other third parties
NEXOPAY.ES may also disclose your personal information to other third parties including but not limited to:
- Police, courts, regulatory authorities, governmental agencies, public authorities and law enforcement authorities: having control or jurisdiction over the company or companies of the NEXOPAY.ES group and our employees. In such a case, we will share your personal data only when it is required to comply with the applicable laws, rules and regulations such as to comply with a court order, subpoena, police investigations, search warrant, administrative, judicial or legal proceedings and/or to respond to official requests from these authorities. This may include authorities outside the employee’s country of residence or the Company’s country of operations;
- As necessary in the event of a merger, sale, company restructure, acquisition, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including bankruptcy/liquidations proceedings or equivalent);
- As necessary to secure the Company’s legitimate business interests and to establish, protect, exercise or defend our legal rights in front of any court, tribunal, arbitrator, regulatory or governmental authority, or the Financial Ombudsman as the case may be;
- As necessary to protect your vital interests (for example, we may need to share your personal information with third parties in the event of an emergency);
- At your request and to any person(s) authorised by you;
- Where we have otherwise obtained your consent.
Legal basis under which NEXOPAY.ES processes your personal information
If you are an individual residing in United Kingdom or within the European Economic Area (“EEA”), our legal basis for our collecting and processing of your personal information is as follows:
- NEXOPAY.ES’s legitimate interests, namely the recruitment, selection, evaluation and appointment of new employees and the management and administration of the recruitment and HR process, to the extent these activities do not prejudice or harm your rights and freedoms.
- Compliance with NEXOPAY.ES’s legal obligations where employment law or other laws require the processing of your personal information.
- Other legal grounds where applicable such as in your vital interests (for example, health and safety reasons if you attend an interview at our site) and agreements with employee work representations or associations.
Data Security, Confidentiality and Safeguards
We maintain (and require our third-party service providers to maintain) appropriate physical, organizational and technical measures designed to protect the security and confidentiality of your personal data from unauthorized access, use or disclosure, unlawful breach and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, destructed, damaged, altered or disclosed. The personal data you provided us with is protected in many ways. For more information, please read our Privacy Policy.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our specific instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
If you have any questions on the security measures that we use you may contact us at [email protected].
Your responsibilities
You are responsible for the information you provide to NEXOPAY.ES and that it is honest, truthful, accurate and not misleading in any way. If you provide information concerning any other person such as individuals you provide as references, you are responsible for providing any notices and ensuring your referee consents to NEXOPAY.ES collecting and processing that information as described in this Privacy Policy.
Data Retention
- For job applicants: If your job application is unsuccessful, we shall retain your personal data only for 6 months following the outcome of your application, or for a period of 2 years with your explicit consent in order to consider you for future job openings.
- For successful candidates: we will retain your personal data for a period of 3 years after your application date.
- For employees leaving the company: we will retain your personal data for a period of 2 years following the last day of your employment. However, your personal data may be retained for a longer period in case for example a dispute or legal claim arises between us, or due to legislative or regulatory reasons requiring us to do so. In any case, we will not keep your personal data for any longer than it is required.
As soon as the purpose has been fulfilled or at the end of the retention period, the Company will securely erase or destroy your personal data in accordance with our data retention policy.
Monitoring and Recordings
The Company will monitor and record any form of communication between the job candidate or the employee and the Company, including but not limited to, electronic correspondence (i.e. online chats, emails), video calls, fax, postage, telephone conversations, in person or otherwise, conducted during the recruitment process and/or for the duration of your employment. You accept such recordings as conclusive evidence of the orders, instructions, requests or conversations so recorded. The Company may use a third-party software or platform for audio/video recording during the interview process and this third-party service provider may have access to the recordings under their Privacy Policy. However, the Company will use its best efforts to limit such access.
Moreover, we hereby inform you that we have security measures in place both for the whole building and at our offices, including CCTV and building access controls. There are signs notifying you that CCTV is in operation. Accordingly, if you visit the Company’s premises for an interview or for any other reason, we may have CCTV footage which will record your image. However, these images are securely stored and only accessed by authorized personnel on a need-to-know basis (i.e. to look into an incident). CCTV recordings are typically erased after a short period of time unless an issue arises which requires us to maintain the recording for a longer period of time (i.e. to investigate a case of theft).
In addition, visitors to our offices may be requested to sign in at reception and we shall keep a record of visitors for a short period of time. Our visitor records are securely stored and are accessible only on a need-to-know basis. All the above-mentioned types of recordings will be the sole property of the Company and will constitute evidence of the communications between us, any business dealings and agreements made. The Company reserves the right to use these recordings in a court of law in case of a dispute or otherwise.
Your rights
In the European Economic Area and some other countries, you may have certain rights available to you under applicable data protection laws which may include the right to:
- Access: you have the right to request access to the personal data we hold for you, obtain information on how we use and process your personal data and obtain a copy of that personal data we hold within 30 days from the date of your request free of charge.
- Rectification: you have the right to request the rectification of inaccurate or incomplete personal data we hold for you and to update it with your current personal circumstances. Please note that the Company may require relevant supporting documents as proof in order to proceed with any changes.
- Objection: you have the right to object to the processing of your personal information which is based on our legitimate interests or those of a third-party (as described above). You also have the right to object where we are processing your personal data for direct marketing purposes.
- Erasure: you have the right to request the erasure of your personal data (partly or wholly) when there is no good reason for us to continue processing it, except to the extent that we are required to maintain it for legal or regulatory purposes.
- Automated decision-making: you have the right not to have a decision made about you that is based solely on automated processing, including profiling if that decision produces legal effects about you or significantly affects you. NEXOPAY.ES does not, as part of its recruitment process, make solely automated decisions about candidates.
- Restriction: you have the right to request us to restrict or suspend the processing of your personal data, so that we no longer process that information until the restriction is lifted (i.e. if you request us to establish its accuracy or the reason for the processing)
- Portability: you have the right to receive your personal information, which you have provided to us, in a structured, commonly used and machine-readable format in order to save it or to re-use elsewhere, and to request us to have that information transmitted to another data controller or third party under certain circumstances.
- Withdrawal: you may withdraw your previously given explicit consent with regards to the collection, use and processing of your personal data at any time by contacting our DPO. In that case subsequent data processing will no longer be carried out however, personal data processing carried out before the withdrawal will remain valid. Withdrawal of consent cannot result in the suspension of personal data processing which is carried out on legal grounds.
If you wish to exercise any of your rights or if you have any questions about these rights, please contact our DPO at [email protected]
Data Protection Officer
If you have any questions regarding this Policy, have any privacy concerns, wish to make a complaint or exercise any of your rights in relation to your personal data you may contact our DPO as follows:
Via email at: [email protected]
Via Postal Mail at:
- Registered & Head Office: Arrow Holding Oy trading as www.nexopay.es address; Antinkatu 3 D, 00100 Helsinki, Finland
If you are still not satisfied after having spoken to us, or you are unhappy with the outcome of the complaint, you also have the right to lodge a complaint to the Data Protection Commissioner (which is the supervisory authority/regulator for personal data protection issues in Europe, Spain or Finland.
Changes to this Privacy Policy
We will only use your personal information in the manner described in this Privacy Policy. However, we reserve the right to change the terms of this Privacy Policy at any time by posting revisions to our website. If at any time, we decide to use your personal information in a manner that is different from that stated at the time it was collected, you will be given notice.