# Candidate Privacy Policy **1. Policy title:** Candidate Privacy Policy **2. Version:** 1.0 **3. Effective date:** 15 October 2025 **4. Review date:** Annually **5. Policy owner:** Head of People & Culture **6. Policy sponsor:** Intersect Executive Director Updated on 15 October 2025 **7. Overview** Intersect MBO (“Intersect,” “we,” “our,” or “us”) is committed to protecting the privacy of all applicants participating in Intersect’s recruitment process. This policy explains how we collect, use, share, and protect personal data submitted during the hiring process, in accordance with applicable global data protection laws, including the EU General Data Protection Regulation (GDPR), UK Data Protection Act, and similar international frameworks. **8. Data we collect** We collect and process information provided through the application form or associated materials, including: * Contact details (e.g. name, email, country of residence) * Professional experience, qualifications, and references * Motivation statements or other supporting documents * Video recordings which supplement your application * Optional demographic or community-related information * Communication records relating to your application We may also create anonymised candidate summaries for community polling (Members and DReps). These summaries will not include personal identifiers such as full names, contact details, photos, gender, or specific location information. **9. Purpose and Legal Basis** We process your personal data for the following purposes: * Assessing your suitability for the role for which you have applied * Conducting fair and transparent recruitment involving Intersect Members, DReps, and the Board who often times will vote on the recruitment of a candidate, using the anonymised data we have referenced above. * Managing communications throughout the selection process * Meeting governance and accountability commitments Our legal bases for processing personal data include: * Legitimate interest (conducting recruitment activities) * Pursuant to Consent (each applicant understands the manner in which their personal data will be processed and has consented to such processing. If however, you do not agree with us using your personal data in this manner, you must notify the HRBP you are working with and we will withdraw you from the recruitment process and remove your personal data as requested. This will prohibit you from making future applications, providing you understand that we will need to process your personal data as a part of the recruitment process. **10. Data Sharing** Your personal data will only be shared as required for this hiring process. This includes: * With internal Intersect staff managing recruitment and the Board for offer selection * In anonymized form for Member and DRep polling * With third-party service providers (e.g. Typeform, secure document storage) acting under data processing agreements We will never sell or commercialise your data. **11. International Transfers** As a global organisation, your data may be transferred outside your country of residence. Where such transfers occur, we implement appropriate safeguards, including standard contractual clauses, undertake due diligence on how personal data is handled and stored and work to ensure that there are at minimum equivalent protections available under applicable law. **12. Data Retention** Your data will be retained securely for up to 12 months after the recruitment process concludes, unless you provide consent for a longer retention period. After this time, data will be securely deleted in its entirety or anonymised so you are no longer identifiable from it. **13. Your Rights** Depending on your location, you may have the right to: a. Access, correct, or delete your personal data b. Restrict or object to the processing of your personal data c. Withdraw consent at any time (without affecting prior lawful processing) d. Lodge a complaint with your local data protection authority In the instance you wish to enact any of 13a- c above, please send your requests to and we will get back to you within thirty days of the date of your request, complying as far as is reasonably practical. You understand that depending on the nature of your request, we may may charge you a reasonable fee in order to comply with your request. **14. Data Security** Intersect employs appropriate technical and organisational measures to safeguard personal data against unauthorised access, disclosure, alteration, or destruction. In the event there is a data breach, we will act to minimise any risk to you and notify you of said breach within twenty four business hours, if you are affected. **15. Updates to this Policy** We may update this policy periodically to reflect legal, operational, or organisational changes. The latest version is the one available on Intersect’s public Knowledge Base. If you have any questions that are not answered in this policy about how your data is processed during the recruitment process, please contact . \\ --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.intersectmbo.org/intersect-knowledge-base/legal/policies-and-conditions/intersect-internal-policies/privacy-policy/candidate-privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.