FSMA privacy Policy - Recruitment

The present Privacy Policy applies to the processing of Data as part of the FSMA’s recruitment process, including in spontaneous applications filled via the ‘Jobs’ page of the FSMA’s website.

If you are hired by the FSMA, your Data may be used for the employee-employer relationship under the conditions provided for by the laws and regulations in force.

Please read this Policy together with our Cookie Policy.

The Financial Services and Markets Authority (FSMA), Rue du Congrès/Congresstraat 12-14, 1000 Brussels, registered with the Crossroad Bank of Enterprises under number 0544.279.965, is the controller of your Data. This means that the FSMA determines the purposes and means of processing your Data.

The FSMA has designated a Data Protection Officer (‘DPO’), who is your point of contact for all questions or requests in connection with the processing of your Data. You will find the contact details of the DPO in the answer to the question 'How can you contact us?' in this Policy.

The FSMA collects your Data in several ways:

1. The Data you have supplied yourself

Generally, the Data and information about you that the FSMA needs to process are limited to the data necessary to evaluate the suitability of your professional skills for the vacancies.

These data are, in particular:

• identification/marital status data: surname, first name, postal and e-mail address and telephone number;
• professional data: education/training, qualifications, professional experience (current or last employer, job title, date of start of employment), curriculum vitae, cover letter and language skills;
• personal data: gender, date and place of birth and nationality;
• economic and financial data: gross monthly salary and perks (company car, mobile phone, internet, group insurance, hospitalization insurance, meal vouchers or other perks).

As part of the application process, the FSMA will also process the personal data you have made accessible to the public through social media (such as LinkedIn, Facebook, Twitter, Instagram and Google).

Under no circumstances will the FSMA search for or collect sensitive data (such as racial or ethnic origin, political, philosophical or religious opinions, data on health or sexual life) unless the law so obliges for filling a vacancy at the FSMA. In such a case, you would be informed and have to expressly consent thereto.

2. Data obtained from a third party

In some cases, the FSMA receives your Data from third parties such as:

• referees: if during the application process you provide us with referees, this means you are giving us permission to contact them on the subject of your education or professional career;
• selection and recruitment agencies: data such as your contact details and curriculum vitae;
• assessment centres: results of tests conducted by such centres as part of the recruitment process.

3. Data collected automatically

We obtain data about you through cookie providers. Important statistical data for website optimization are registered with the use of cookies. The cookies collect data on visits to the website, personal settings, and browsing behaviour. This information is collected automatically during website navigation. For more information, please see the Cookie Policy.

The FSMA processes your Data only as part of managing the recruitment process.

These same Data, anonymized, may also be processed for the purposes of statistical analyses and for preparing reports, in particular with a view to evaluating the frequency of visits to our site and the application process. For more information, please see the Cookie Policy.

Depending on the case, we collect, store, use and process your Data based on:

• pre-contractual measures, for example if you send us your application. Based on these measures, we may also share your Data with third parties such as assessment centres, which provide services to us as part of the application process;
• your consent, for example to contact referees you have provided to us in your application;
• our legitimate interest, including consulting a candidate’s public data, identifying, pre-selecting and assessing candidates for a potential job, maintaining our CV database and improving the ‘Jobs’ page of our website.

Once the application process is complete, the FSMA will store your data in the CV database as part of conducting an effective human resources policy.

We will store your Data used for our application process and our CV database for the period necessary to manage your application and within the limits provided for by the law if it allows a longer period.

Under no circumstances will your personal data be stored longer than 3 years after the year in which we have informed you of the result of the selection procedure.

The FSMA is very selective when it comes to the parties it communicates your personal data to and chooses them carefully.

Your Data may be communicated to service providers with which the FSMA works (e.g. assessment centres, selection and recruitment agencies, or IT service providers that offer technical support for the processing necessary to manage the website). Access by these providers to your Data shall be limited to the strictly necessary for their tasks.

We may also disclose your Data: (i) if we are obliged to do so by law or as part of legal proceedings, (ii) to State authorities or other government officials by virtue of their competencies or (iii) as part of an inquiry into a suspected or demonstrated fraudulent or illegal activity.

The FSMA will not itself process your Data outside the European Economic Area (EEA).

Service providers who work for the FSMA may process your Data outside the EEA. Where this is the case, the FSMA ensures that the service provider enters into a contract with the FSMA and that the level of protection is guaranteed, for example by way of a decision by the European Commission determining that a third country provides an adequate level of protection (Article 45 of the GDPR), using standard data-protection clauses adopted by the European Commission and entered into by the parties for the purposes of processing data outside the EEA (Article 46 of the GDPR) or by way of another legal instrument that provides appropriate guarantees.

If you have any questions on this subject or if you would like to obtain more information, please feel free to send a dated and signed request to the FSMA for the attention of the Data Protection Officer. You will find the DPO’s contact details in the answer to the question 'How can you contact us?’ of this Policy.

The FSMA puts in place technical means and security measures to protect your Data and to prevent any accidental or illegal destruction, loss, alteration or amendment, as well as any unauthorized access or disclosure.

FSMA employees who have access to your Data commit to respecting their confidentiality.

Moreover, the FSMA asks its service providers that process Data for the FSMA also to always take the necessary security measures.

Our website contains links to third-party websites (in particular, to social media such as LinkedIn or Twitter). If you click on an external website via a link on our site, the confidentiality policy of that website applies. We therefore recommend that you carefully read the confidentiality policy of the third parties in question to understand how they respect your privacy.

You have a set of rights as regards your Data. Some of these rights have a very specific scope or are subject to special conditions or exceptions.

You may at any time exercise your right to access the personal information about you in order to supplement it, amend it, rectify it, delete it or object to its processing for legitimate reasons in accordance with the applicable laws on data protection.

Furthermore, you may at times ask for a restriction to the processing of your Data and, in some cases, you may ask us to send your Data to you or (if possible from a technical point of view) to another controller.

Where the processing of your Data is based on consent, you have the right at all times to withdraw your consent. A withdrawal of consent will have no effect on the validity of the processing of your personal data prior to the withdrawal.

If you wish to exercise these rights, just send a request with a copy of the front of your ID card, your passport or any other proof of identity by email to dataprotection@fsma.be, or in writing to the FSMA’s Data Protection Officer. You will find the contact details of the DPO in the answer to the question ‘How can you contact us?’ of this Policy. We ask that you provide proof of your identity in order to be certain that we are respecting your Data and are not sending it to a third party.

If you contact us to exercise your rights, we will inform you within one month of receiving your request of the action taken on it. If necessary, this deadline may be extended by two months to take account of the complexity and number of requests. In this case, we will inform you within one month of receiving your request. We reserve the right not to respond to clearly unfounded or excessive requests. Your request will be kept for as long as legal remedies are possible.

At any time, if you consider that your rights have not been respected, you may also make a complaint to the Commission for the Protection of Privacy, Rue de la Presse/Drukpersstraat 35, 1000 Brussels, email: contact@apd-gba.be (see also www.dataprotectionauthority.be).

This Policy may be amended. You can always find the most recent version of our Policy on our website. Moreover, we will do our best to keep you updated as to any major amendments via other communication channels.

The present Policy was last amended on 17 September 2020.

If you have questions or comments on the subject of the present Policy, or if you would like to exercise your rights, please send:

• an email to dataprotection@fsma.be; or
• a letter to:

Financial Services and Markets Authority (FSMA)
Attn: Data Protection Officer
rue du Congrès/Congresstraat 12-14
1000 Brussels (Belgium)