GE
The aim of these Candidate Data Protection Standards (“Standards”) is to provide adequate and consistent safeguards for the handling of candidate data by GE entities.
The identifiable information about yourself that you provide to a GE entity as a job seeker for a position with a GE entity (the “Candidate Data” or “Data”) will be used for recruitment purposes, and the Candidate Data will be protected in accordance with GE's Standards outlined below and all applicable laws.
By submitting your Candidate Data, you confirm and agree that:
Your consent is required in order to complete the submittal process. If you do not agree, click on the “x” button in the upper right-hand corner and the submittal process will discontinue.
These Standards, unless noted otherwise, do not form part of any contract of employment, where applicable, offered to successful hires.
These Standards apply to all GE entities that process Candidate Data.
Processing refers to any action that is performed on Candidate Data, whether in whole or in part by automated means, such as collecting, recording, organizing, storing, modifying, using, disclosing, or deleting such data.
Candidate Data are defined as any identifiable information about you that you or someone else provides (on your or GE's behalf) in the context of applying for a position with a GE entity.
These Standards do not cover data rendered anonymous or where pseudonyms are used. Data are rendered anonymous if individual persons are no longer identifiable or are identifiable only with a disproportionately large expense in time, cost, or labor. The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult. If Data rendered anonymous becomes no longer anonymous (i.e., individual persons are again identifiable), or if pseudonyms are used and the pseudonyms allow identification of individual persons, then these Standards will again apply.
These Standards are designed to provide a uniform minimum compliant standard for every GE entity with respect to its protection of Candidate Data worldwide. GE recognizes that certain laws may require stricter standards than those described in these Standards. GE entities will handle Candidate Data in accordance with local law applicable at the place where the Candidate Data are processed. Where applicable local law provides a lower level of protection of Candidate Data than that established by these Standards, then the requirements of the Standards shall apply.
GE respects the privacy rights and interests of each individual. GE entities will observe the following principles when processing Candidate Data:
You may use various methods to submit your Candidate Data to GE. These methods may include: (a) e-mail or paper submission to GE personnel; (b) online submittal of Candidate Data processed by a third party service provider into an electronic database based in the U.S. accessible by GE authorized personnel; or (c) via a GE employment application.
GE may periodically collect further information with your consent or in accordance with applicable laws. For example, GE may collect your feedback and opinions (e.g., surveys) for business purposes, such as improving processes. You may respond to these surveys voluntarily or may elect not to respond and will not suffer reprisals for your decision. These Standards will be applicable to any further information collected including any responses to such surveys.
GE and GE entities process Candidate Data for legitimate human resources purposes. Such processing will be conducted within such purpose limitations and in accordance with applicable law. These principal purposes include:
Human Resources Purposes Include: Identifying and/or evaluating candidates for GE positions; making a decision about whether the individual should be hired; maintaining appropriate record-keeping related to hiring practices; analyzing the hiring process and outcomes; and conducting background investigations, where permitted by law (the “Purposes“).
If a GE entity processes your Candidate Data for purposes that go beyond the Purposes described above, the GE entity responsible for the new purpose will ensure that you are informed of the new purposes for which your Candidate Data are to be used, and the categories of recipients of your Candidate Data.
Your Data will be accessed and processed by individuals who are involved in the hiring process for GE and who have a legitimate need to access and process your Data for the Purposes.
Candidate Data that is processed includes:
To the limited extent a GE entity needs to collect any Special Data (such as data containing personal information about racial or ethnic origin, political opinions, religious or political beliefs, trade-union membership, health or medical records, or criminal records), the GE entity will ensure that the individual is informed of such collection and processing. Where required by law, the person's explicit consent to the processing and particularly to the transfer of such data to non-GE entities will be obtained. Appropriate security and protection measures (e.g., physical security devices, encryption, and access restrictions) will be provided depending on the nature of these categories of data and the risks associated with the intended uses.
GE entities are committed to taking appropriate technical, physical, and organizational measures to protect Candidate Data against unauthorized access, unlawful processing, accidental loss or damage, and unauthorized destruction.
To safeguard against unauthorized access to Candidate Data by third parties outside GE, all electronic Candidate Data held by GE entities are maintained on systems that are protected by secure network architectures that contain firewalls and intrusion detection devices. The servers holding Candidate Data are “backed up” (i.e., the data are recorded on separate media) on a regular basis to avoid the consequences of any inadvertent erasure or destruction of data. The servers are stored in facilities with comprehensive security and fire detection and response systems.
GE entities limit access to internal systems that hold Candidate Data to a select group of authorized users who are given access to such systems through the use of a unique identifier and password. Access to Candidate Data is limited to and provided to individuals for the purpose of performing their job duties (e.g., a human resources manager may need access to a Candidate’s contact information for the purposes of setting up an interview). Compliance with these provisions will be required of third-party administrators who may access certain Candidate Data, as described in the Transferring Data section.
GE will conduct training regarding the lawful and intended purposes of processing Candidate Data, the need to protect and keep information accurate and up-to-date, and the need to maintain the confidentiality of the Data to which employees have access. Authorized users will comply with these Standards, and GE entities will take appropriate disciplinary actions, in accordance with applicable law, if Candidate Data are accessed, processed, or used in any way that is inconsistent with the requirements of these Standards.
Any person may inquire as to the nature of the Candidate Data stored or processed about him or her by any GE entity. You will be provided access to Candidate Data as is required by law in your home country, regardless of the location of the data processing and storage. A GE entity processing such data will cooperate in providing such access either directly or through another GE entity. All such requests for access may be made by sending a request in writing to:
Candidate Data will be available for access for a reasonable period of time, and GE will allow you to view your Candidate Data upon reasonable notice and at reasonable times.
You may also contact the Human Resources Data Protection Administrator to ask questions regarding these Standards or your Candidate Data or withdraw your consent. Any letters sent to the Administrator for any other purpose other than the above will not be responded to and will be discarded.
If access or rectification is denied, the reason for the denial will be communicated and a written record will be made of the request and reason for denial.
If you demonstrate that the purpose for which the data is being processed is no longer legal or appropriate, the data will be deleted, unless the law requires otherwise.
If any Candidate Data is inaccurate or incomplete, you may request that the data be amended by submitting a new resume/CV with the updated information (e.g., new home address or change of name).
In addition, you may open a ticket to withdraw your consent.
GE strives to ensure a consistent and adequate level of protection for Candidate Data that are processed and/or transferred between GE entities. A transfer of Candidate Data to another GE entity is considered a transfer between two different entities, which means that even in such “intra-group” cases, a data transfer shall be carried out only if applicable legal requirements are met and if:
GE entities will not disclose Candidate Data outside GE to offer any products or services to a Candidate for personal or familial consumption (“direct marketing”) without his or her prior consent.
The restrictions in this section apply only to contact data obtained in the context of applying for a position with GE. They do not apply to contact data obtained in the context of a consumer or customer relationship.
Some countries regulate the making of Automated Decisions, which are decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
In some circumstances, job seekers will be asked to complete a questionnaire where automated decisions will be made based on the Candidate’s responses.
Except in limited circumstances (e.g., the screening via computer or telephone for some open positions in GE), GE entities do not make Automated Decisions to evaluate individuals or for other purposes. If Automated Decisions are made, affected persons will be given an opportunity to express their views on the Automated Decision in question by contacting the Human Resources Data Protection Administrator.
All GE entities will ensure that these Standards are observed. All persons who have access to Candidate Data must comply with these Standards. In some countries, violations of data protection regulations may lead to penalties and/or claims for damages.
If at any time, a person believes that Candidate Data relating to him or her has been processed in violation of these Standards, he or she may report the concern to the Human Resources Data Protection Administrator.
If the concern relates to an alleged violation of these Standards by a GE entity located in a country other than that of the person or the exporting GE entity, he or she may request the assistance of the exporting entity. That GE entity will assist him or her in investigating the circumstances of the alleged violation. If the violation is confirmed, the exporting and importing entities will work together with any other relevant parties to resolve the matter in a satisfactory manner, consistent with the provisions of these Standards.
If the Human Resources Data Protection Administrator or the local GE entity does not resolve the concern, it may be escalated to GE’s Employment Data Privacy Committee. The Employment Data Privacy Committee, chaired by GE’s Chief Privacy Leader, is composed of senior compliance specialists who are independent of the business lines of management and who have oversight responsibility for all aspects of compliance with these Standards and for the resolution of all concerns and issues that arise with respect to GE’s handling of Candidate Data under these Standards. The Employment Data Privacy Committee may be contacted by email at EmpDataPvcy@corporate.ge.com or by fax at +1-203-373-2181. The Employment Data Privacy Committee will communicate its decision and any associated remedy to the relevant persons.
The processes described in these Standards supplement any other remedies and dispute resolution processes provided by GE and/or available under applicable law.
To further ensure enforcement of these Standards, GE’s Chief Privacy Leader, along with GE’s Global Privacy Council, which is composed of senior privacy officials from each of GE’s major businesses, will identify Candidate and employment Data procedures that should be audited. For this purpose, GE will engage its Corporate Audit Staff, who are independent of the business lines of management. Members of the Audit Staff report to GE’s Vice President, Corporate Audit Staff, who has an independent line of communication to the Audit Committee of GE’s Board of Directors. Reports of the Audit Staff’s findings will be submitted to GE’s Policy Compliance Review Board and/or GE’s Global Privacy Council for review and response. The Board or Council will require an action plan to ensure compliance with these Standards. To the extent such matters cannot be adequately handled with GE’s own resources, GE agrees to appoint an independent third party to conduct an investigation/audit of any procedures or issues involving Candidate or employment Data under the Standards.
In addition to the training on these Standards, GE will communicate these Standards to current and new employees by posting them on selected internal GE web sites and by providing a link to the Standards on information technology applications where Candidate Data are collected or processed.
GE reserves the right to modify these Standards as needed, for example, to comply with changes in laws, regulations, GE practices and procedures, or requirements imposed by data protection authorities. GE’s Chief Privacy Leader, or his/her designee, must approve all changes to the Standards for them to become effective. If GE makes changes to the Standards, GE will submit the Standards for renewed approval where required by law. GE will inform GE employees and other persons (e.g., persons accessing GE web sites to enter Candidate Data such as job application information) of any material changes in the Standards. GE will post all changes to the Standards on relevant internal and external web sites.
Effective with the implementation of these Standards, all existing intra-group agreements and applicable company privacy guidelines relating to the processing of Candidate Data will be superseded by the terms of these Standards. All parties to any such agreements will be notified of the effective date of implementation of the Standards.
GE will respond diligently and appropriately to requests from data protection authorities about these Standards or compliance with applicable data protection and privacy laws and regulations. GE employees who receive such requests should contact their local Human Resources manager or business legal counsel. GE will, upon request, provide data protection authorities with names and contact details of relevant contact persons. With regard to transfers of Candidate Data between GE entities, the importing and exporting GE entities will (i) co-operate with inquiries from the data protection authority responsible for the entity exporting the data, and (ii) respect its decisions, consistent with applicable law and due process rights.
Rights and Obligations with Respect to Candidate Data Collected Within the EU/EEA and Processed Elsewhere
In addition to any rights and obligations that are set forth in GE’s Candidate Data Protection Standards (“Standards”) or that otherwise exist, the following principles established in light of Directive 95/46/EC (“European Data Protection Directive”) will apply to Candidate Data collected by GE entities in the European Union/European Economic Area and processed elsewhere. In jurisdictions where this Addendum applies, the enforcement rights and mechanisms mentioned in the Standards also apply to the provisions of this Addendum. The following are not intended to grant employees further rights or establish further obligations beyond those already provided under the European Data Protection Directive: