Thank you for your interest in the Financial Services and Markets Authority (hereinafter also referred to as the ‘FSMA’ or ‘us’) and for your visit to our recruitment site.
The FSMA attaches great importance to protecting your personal data and ensures compliance with the European data-protection legislation, the GDPR (General Data Protection Regulation), and with the Belgian legislation concerning the protection of personal data.
If you are hired by the FSMA, your Data may be used for the employee-employer relationship under the conditions provided for by the laws and regulations in force.
Who is the controller of the personal data?
The FSMA (Rue du Congrès/Congresstraat 12-14, 1000 Brussels) is the controller of your Data. This means that the FSMA determines the purposes for and means of processing your Data.
The FSMA has designated a Data Protection Officer (‘DPO’) who is your point of contact for all questions or requests in connection with the processing of your Data. You will find the contact details of the DPO in the answer to the question 'How can you contact us?' in this Policy.
What personal data do we process? (recruitment)
The FSMA collects your Data in several ways:
1. The Data you have supplied yourself
Generally, the Data and information about you that the FSMA needs to process are limited to the data necessary to evaluate the suitability of your professional skills for the vacancies.
These data are, in particular:
- identification/marital status data: surname, first name, postal and e-mail address and telephone number;
- professional data: education/training, qualifications, professional experience (current or last employer, job title, date of start of employment), curriculum vitae, cover letter and language skills;
- personal data: gender, date and place of birth and nationality;
- economic and financial data: gross monthly salary and perks (company car, mobile phone, internet, group insurance, hospitalization insurance, meal vouchers or other perks).
As part of the application process, the FSMA will also process the personal data you have made accessible to the public through social media (such as LinkedIn, Facebook, Twitter, Instagram and Google).
Under no circumstances will the FSMA search for or collect sensitive data (such as racial or ethnic origin, political, philosophical or religious opinions, data on health or sexual life) unless the law so obliges for filling a vacancy at the FSMA. In such a case, you would be informed and have to expressly consent thereto.
2. Data obtained from a third party
In some cases, the FSMA receives your Data from third parties such as:
- referees: if during the application process you provide us with referees, this means you are giving us permission to contact them on the subject of your education or professional career;
- selection and recruitment agencies: data such as your contact details and curriculum vitae;
- assessment centres: results of tests conducted by such centres as part of the recruitment process.
3. Data collected automatically
What are the purposes of and basis for our use of your personal data? (recruitment)
The FSMA processes your Data only as part of managing the recruitment process.
Depending on the case, we collect, store, use and process your Data based on:
- pre-contractual measures, for example if you send us your application. Based on these measures, we may also share your Data with third parties such as assessment centres, which provide services to us as part of the application process;
- your consent, for example to contact referees you have provided to us in your application;
- our legitimate interest, including consulting a candidate’s public data, identifying, pre-selecting and assessing candidates for a potential job, maintaining our CV database and improving the ‘Jobs’ page of our website.
Once the application process is complete, the FSMA will store your data in the CV database as part of conducting an effective human resources policy.
How long will we store your personal data? (recruitment)
We will store your Data used for our application process and our CV database for the period necessary to manage your application and within the limits provided for by the law if it allows a longer period.
Under no circumstances will your personal data be stored longer than 3 years after the year in which we have informed you of the result of the selection procedure.
With whom do we share your data? (recruitment)
The FSMA is very selective when it comes to the parties it communicates your personal data to and chooses them carefully.
Your Data may be communicated to service providers with which the FSMA works (e.g. assessment centres, selection and recruitment agencies, or IT service providers that offer technical support for the processing necessary to manage the website). Access by these providers to your Data shall be limited to the strictly necessary for their tasks.
We may also disclose your Data: (i) if we are obliged to do so by law or as part of legal proceedings, (ii) to State authorities or other government officials by virtue of their competencies or (iii) as part of an inquiry into a suspected or demonstrated fraudulent or illegal activity.
Does the FSMA process your data outside the European economic area? (recruitment)
The FSMA will not itself process your Data outside the European Economic Area (EEA).
Service providers who work for the FSMA may process your Data outside the EEA. Where this is the case, the FSMA ensures that the service provider enters into a contract with the FSMA and that the level of protection is guaranteed, for example by way of a decision by the European Commission determining that a third country provides an adequate level of protection (Article 45 of the GDPR), by way of a certification from the data importer under the EU-US Privacy Shield (Article 45 of the GDPR), using standard data-protection clauses adopted by the European Commission and entered into by the parties for the purposes of processing data outside the EEA (Article 46 of the GDPR) or by way of another legal instrument that provides appropriate guarantees.
If you have any questions on this subject or if you would like to obtain more information, please feel free to send a dated and signed request to the FSMA for the attention of the Data Protection Officer. You will find the DPO’s contact details in the answer to the question 'How can you contact us?’ of this Policy.
How do we protect your personal data? (recruitment)
The FSMA puts in place technical means and security measures to protect your Data and to prevent any accidental or illegal destruction, loss, alteration or amendment, as well as any unauthorized access or disclosure.
FSMA employees who have access to your Data commit to respecting their confidentiality.
Moreover, the FSMA asks its service providers that process Data for the FSMA also to always take the necessary security measures.
What about links to other websites and to social media?
What are your rights and how can you exercise them? (recruitment)
You have a set of rights as regards your Data. Some of these rights have a very specific scope or are subject to special conditions or exceptions.
You may at any time exercise your right to access the personal information about you in order to supplement it, amend it, rectify it, delete it or object to its processing for legitimate reasons in accordance with the applicable laws on data protection.
Furthermore, you may at times ask for a restriction to the processing of your Data and, in some cases, you may ask us to send your Data to you or (if possible from a technical point of view) to another controller.
Where the processing of your Data is based on consent, you have the right at all times to withdraw your consent. A withdrawal of consent will have no effect on the validity of the processing of your personal data prior to the withdrawal.
If you wish to exercise these rights, just send a request with a copy of the front of your ID card, your passport or any other proof of identity by email to firstname.lastname@example.org, or in writing to the FSMA’s Data Protection Officer. You will find the contact details of the DPO in the answer to the question ‘How can you contact us?’ of this Policy. We ask that you provide proof of your identity in order to be certain that we are respecting your Data and are not sending it to a third party.
If you contact us to exercise your rights, we will inform you within one month of receiving your request of the action taken on it. If necessary, this deadline may be extended by two months to take account of the complexity and number of requests. In this case, we will inform you within one month of receiving your request. We reserve the right not to respond to clearly unfounded or excessive requests. Your request will be kept for as long as legal remedies are possible.
At any time, if you consider that your rights have not been respected, you may also make a complaint to the Commission for the Protection of Privacy, Rue de la Presse/Drukpersstraat 35, 1000 Brussels, email: email@example.com (see also www.dataprotectionauthority.be).
How can you be updated as to any amendments to this data protection policy? (recruitment)
This Policy may be amended. You can always find the most recent version of our Policy on our website. Moreover, we will do our best to keep you updated as to any major amendments via other communication channels.
The present Policy was last amended on 8 May 2019.
How can you contact us?
If you have questions or comments on the subject of the present Policy, or if you would like to exercise your rights, please send:
- an email to firstname.lastname@example.org; or
- a letter to:
Financial Services and Markets Authority (FSMA)
Attn: Data Protection Officer
rue du Congrès/Congresstraat 12-14
1000 Brussels (Belgium)