Rituals Applicant Privacy Policy

1. Introduction

In this Rituals Applicant Privacy Policy (“Privacy Policy”), we describe how Rituals Cosmetics Enterprise B.V. (Keizersgracht 683, 1017 DW Amsterdam, The Netherlands) (hereinafter: " the Company") and its affiliated companies use the personal data of our applicants who apply for employment with us (“Applicants”, or “you”).

This Privacy Policy describes the information we collect, what we do with it, whom we share it with, how we secure it, how long we store it for and what rights and obligations you as an Applicant have.

The Company is the data controller of your personal data, together with the affiliate you apply to for a certain vacancy (together: “Rituals”, "we", "our" or "us"). A full overview of the Companies’ affiliates can be found in the appendix 1.


2. Personal data about you that we collect and use

We collect and use the following personal data about you: contact information (such as name, address, email address and phone number); education certificates; experience information (such as education, skills, work experience and/or CVs, photograph, video, references, employee records and appraisals), your working availability, demographic information (such as age, date of birth, gender); psychological test results; your answers provided on typical client interactions as part of the online 'Game', as part of the Rituals Match Identifier and other information necessary for making a recruitment decision or otherwise voluntarily provided by you (all such data hereinafter jointly referred to as “Applicant Data”).

In principle, we do not collect or use any special categories of personal data of you, such as health data or other sensitive types of data, unless you provide this to us voluntarily as part of your application letter, CV, during the interview or during contact with one of the Rituals employees during the application process. However, depending on the function you apply for, you may be required to take part in a screening procedure during which your judicial background will be checked. If such a screening procedure takes place, we will collect special categories of personal data of you relating to criminal convictions and offences.


3. Purposes for using your personal data

Rituals collects and uses your personal data for the purpose of administrating the application process. More specifically, we use your personal data:

  • to administer and manage your application process;
  • to assess your skills, qualifications and your suitability for our career opportunities;
  • to take measures to verify that the information you have provided is true and accurate, e.g. by means of reference checks;
  • to conduct background checks to the extent the applicable law permits as well as to the extent as is required for your role;
  • to keep your record for future hiring processes, including for the purpose of communicating with you and providing you with information regarding potential career opportunities that suit your profile (talentpool);
  • to comply with applicable (employment) laws and regulations.

As part of the online application process, you must complete the Rituals Match Identifier application experience. This means that you have to i) answer personal questions, ii) provide us with personal information and iii) undergo an online assessment. Based on the answers you provide, a personal profile of you is created in order to analyze or predict whether you are eligible for a job at Rituals. We do not conduct any solely automated individual decision-making activities and will ensure that your application is always handled through the intervention of a HR representative (and not by solely automated means).

You have the right to object to the profiling activities mentioned above. For more information please see paragraph 8 of this Privacy Policy (Your rights).

Please see paragraph 2 of this Privacy Policy for an overview of personal data that we collect and use for the above purposes.


4. Legal bases for personal data collection and use

At all times, we collect and use your personal data in accordance with the applicable data protection laws. This means that we will always collect and use personal data on one of the following legal bases:

  • in order to take steps to assess your suitability for the vacancy prior to entering into an employment contract;
  • where we need to comply with a legal obligation to which we are subject;
  • where this is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. Legitimate interest pursued by us are our interests to hire qualified and appropriate people, to find the right candidate for future vacancies, to make decisions regarding job applicants within a shorter time frame and to improve the efficiency of the application process and to secure, defend and develop our business;
  • where we have your free and explicit consent. For example if you choose to provide the personal data to us voluntarily. You may revoke your consent at any time as set forth in the "Your Rights" section below under paragraph 8 of this Privacy Policy.

5. Retention of your personal data

We will store your personal data for the duration of the application process. If you accept employment with Rituals, your personal data will be held on the basis set out in our Rituals Employee Privacy Notice, which we provide to all employees.

If your application process was not successful, we will store your personal data for a maximum period of 1 year, during which period we may inform you about other employment vacancies that we consider you suitable to applying for. If you have indicated that you don’t want to be informed about other vacancies, we will immediately delete your personal data upon your request.

In any case, we will store your personal date for a longer period of time if we have a legal obligation to do so.


6. Disclosure and transfer of your personal data

For the purposes listed under paragraph 3 of this Privacy Policy above, we may share your personal data on a need to know basis with Rituals employees if such is required for their function within Rituals. (both in the country where you apply and in other countries in which we have operations, including to countries outside the European Economic Area ("EEA")). This includes transfers to vendors and suppliers we use to process data on our behalf, successors in title of our business in case of a corporate transaction and competent regulatory authorities, enforcement authorities and other governmental agencies.

Rituals takes all reasonably necessary steps to ensure that your personal data is shared and treated securely and in accordance with this policy and applicable legislation. This means that we entered into legally necessary contracts with recipients of your data, including Standard Contractual Clauses ("SCC's") as approved by the European Commission or equivalent means with parties outside the EEA that do not provide for an adequate level of protection. You are entitled to receive a copy of any documentation showing the suitable safeguards that have been taken by making a request via [email protected]


7. Security

We will take all reasonable steps to ensure that your personal data are properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss.

We take all reasonable steps to limit access to your personal data to those persons who need to have access to it for one of the purposes listed in this Privacy Policy. Furthermore, we contractually ensure that any third party processing your personal data equally provide for confidentiality and integrity of your data in a secure way.


8. Your rights

If you would like to request access to, rectify or delete the personal date we have about you, if you would like to withdraw your consent given, if you would like to request to receiving an electronic copy of such personal data for purposes of transmitting it to another company, or if you would like us the restrict us to use your personal data, you may contact us as indicated in paragraph 9 of this Privacy Policy below. You also have the right to object to our data processing. More in particular, you have the right to object to the profiling activities conducted by Rituals as part of the application procedure. We will respond to your request consistent with applicable law.

In your request, please tell us what personal data you would like to have changed, whether you would like to have it suppressed from our database, or otherwise let us know what limitations you would like to put on our use of it. For your protection, we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain personal data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.

In the event your personal data is processed on the basis of your consent, you can withdraw consent at any time by sending an email to [email protected], specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.

You may lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the collection and use of your personal data infringes this Privacy Policy or applicable law.


9. Contact us

If you have any questions or concerns regarding our use of your personal data, or to exercise any of your rights, please send an email to [email protected].


APPENDIX 1 – AFFILIATES OVERVIEW RITUALS