Advania TEAMTAILOR PRIVACY POLICY

THIS POLICY

This Policy is issued by each of the Data Controller entities listed in the “Details of Controllers” section below (together, “Advania”, “we”, “us” and “our”) and is addressed to individuals (“candidates”) who provide their personal data for the purposes of applying for job opportunities with us. The Data Controller processing your data is the relevant Data Controller with whom you apply for a job. Where the Data Controllers are operating as Joint Controllers, they will do so on the basis of an Intra-Group Data Protection Agreement to determine each party’s roles and relationships in relation to users.

Defined terms used in this Policy are explained in the “Definitions” section below.

This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.

INFORMATION ABOUT PROCESSING OF PERSONAL DATA

Advania protects your privacy, and we want you to feel safe when submitting your personal data to us. It is important to us to be open about how we manage your personal data and give you information in a way that makes you understand how we will process it.

Advania works continuously with privacy matters, and therefore we may update this Policy. You will find the latest version on this page. This Policy was last updated on 27 August 2025.

COLLECTION OF PERSONAL DATA

We collect personal information directly from you when you submit your details to apply for a job with us.

We may also receive personal data about you from third parties such as Recruitment Agencies or social media, such as LinkedIn.

If you proceed in the job application process, personal data may also be collected from our contracted third parties who carry out background checks on our behalf and any reference contacts which you provide. If you do not provide this data, then you may be excluded from the application procedure.

Purposes of PROCESSING PERSONAL DATA

Advania uses your personal data for the purposes and on the legal basis provided below:

Purpose

To stay updated on vacancies with Advania

Personal data

• Name
• Email
• Telephone number

• In our legitimate interests to assess your suitability for a role to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f)

• In our legitimate interests to assess your suitability for a role to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Section 11.1f)

Purpose

Obtaining contact details to enable us to get in touch with you regarding your application

Personal Data

• Name
• Email
• Telephone number

• The processing is necessary in connection with you making steps to enter as employment contract with us (Article 6.1b)

• The processing is necessary to carry out an employment contract with us (Section 11.1b)

Purpose

Carrying out eligibility to work checks

Personal Data 

• Government ID Documents
• Visa details or arrangements

• The processing is necessary to fulfil our legal obligations (Article 6.1c) under Immigration Law
• The processing is necessary in connection with you making steps to enter as employment contract with us (Article 6.1b)

• The processing is necessary to fulfil our legal obligation in the field of immigration and labour relations (Section 11.1c)
• The processing is necessary to carry out an employment contract with us (Section 11.1b)

Purpose

Providing reasonable adjustments within the selection process

Personal Data

• Disability details
• Physical/mental health details

• The processing is necessary to fulfil our legal obligations (Article 6.1c) under Equality Law
• The processing is necessary to fulfil our legal obligations (Article 9.2c) in regards Equality Law and Schedule 1, Paragraph 8 of the UK Data Protection Act* under Employment and Social Security Law by providing equal access to recruitment opportunities

* (only applicable to UK Data Controllers)

POPIA Conditions (for SA) 

• The processing is necessary to fulfil our legal obligations (Section 11.1c) under Equality Law
• The processing is necessary in your legitimate interests in regards promotion of equality and prevention of unfair discrimination (Section 27.1d)

Purpose

Diversity, equality and inclusion monitoring

Personal Data 

• Gender identity
• Pronouns
• Age range
• Ethnicity

• We have obtained your prior consent for the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way) Article 6.1a)).**

** If you submit health/sexual orientation data, this is with your explicit consent of providing that data (Article 9.2a).

POPIA Conditions (SA) 

• We have obtained your prior explicit consent for the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way) (Section 11.1a).**
• ** If you submit health/sexual orientation data, this is with your consent of providing that data (Section 27.1a).

Purpose 

Assessing your suitability for any role you apply for

Personal Data 

• Skills, passion and qualification details
• Salary expectations
• Notice periods
• CV details
• Cover letter
• Content of work-related social media profiles
• Geographical position
• Other information specifically requested for a particular service

• The processing is necessary in connection with you making steps to enter as employment contract with us (Article 6.1b)
• In our legitimate interests to assess your suitability for a role to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f)

• The processing is necessary to carry out an employment contract with us (Section 11.1b)
• In our legitimate interests to assess your suitability for a role to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Section 11.1f)

Purpose 

Background checks in connection with recruitment to assess your suitability for any role you apply for

Personal Data 

• Name
• Address
• E-mail address
• Credit history
• Identity
• Education history
• Employment history
• Employment References
• Criminal background checks
• Driving licence
• Vehicle ownership

• We have obtained your prior consent for the processing (Article 6.1a)
• Our legitimate interest (Article 6.1f) in verifying relevant background facts in recruitment
• Article 10 – GDPR – Processing of personal data relating to criminal convictions and offences
• Section 10 – UK Data Protection Act – Criminal Offence Data (in conjunction with Schedule 1, Part 2, Paragraph 10 – preventing or detecting unlawful acts* or Schedule 1, Part 2, Paragraph 11 – Protecting the public against dishonesty*)

* (only applicable to UK Data Controllers)

POPIA Conditions (for SA) 

• We have obtained your consent for the processing (Section 11.1a)
• Our legitimate interest (Section 11.1f) in verifying relevant background facts in recruitment**

** If, in performing criminal background checks, information is obtained relating to criminal behaviour, you agree that such data was provided and obtained with your consent (Section 27.1a).

Purpose 

Aggregated analysis and market research how you experienced the recruitment process and the Service

Personal Data 

• Survey responses

• Our legitimate interest (Article 6.1f) in being able to aggregate data in order to then monitor and analyse the use of the Service and evaluate the recruitment process

• Our legitimate interest (Section 11.1f) in being able to aggregate data in order to then monitor and analyse the use of the Service and evaluate the recruitment process

DATA SECURITY

Advania ensures that your personal data is handled in accordance with appropriate technical and organisational security measures to protect against illicit or unauthorised access to said information as well as destruction, loss, alteration, unauthorised disclosure and other unlawful or unauthorised forms of processing, in accordance with applicable law. At Advania, we only handle necessary information, and only by those who need it in order to provide the best service to you.

Because the internet is an open system, the transmission of information via the internet is not completely secure. Although Advania will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk, and you are responsible for ensuring that any personal data that you send to us are sent securely.

DISCLOSURE OF PERSONAL DATA

We may disclose your personal data to the following categories of recipients:

Recipient Category

Our third-party service providers (processors acting on our behalf and under our instructions), for example in the areas of IT hosting such as our recruitment website (Teamtailor***).

Purpose and Legal Basis

To fulfil our contractual obligations to you (Article 6.1b - GDPR/Section 11.1b - POPIA) and for the administration of our business needs, to the extent that such legitimate interest is not overridden by their interests, fundamental rights or freedoms (Article 6.1f - GDPR/Section 11.1f - POPIA)

Personal Data 

The personal data required according to the contractual obligation.

Receipt Category 

Accountants, auditors, consultants, lawyers and other outside professional advisors to Advania, subject to binding contractual obligations of confidentiality

Purpose and Legal Basis 

To fulfil our legal obligations (Article 6.1c - GDPR/Section 11.1c - POPIA) to achieve our legitimate interest for purposes necessary for the running of our business, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR/Section 11.1f - POPIA).

Personal Data 

• Contact details
• Job application details
• Communication content

Recipient Category 

Legal and regulatory authorities where required to by law.

Purpose and Legal Basis 

To fulfil our legal obligations (Article 6.1c - GDPR/Section 11.1c - POPIA).

Personal Data 

The personal data required according to the legal obligation.

Receipt Category 

Partners other than the one for whom you are applying for a role with.

Purpose and Legal Basis 

Our legitimate interest in managing cooperation agreements (Article 6.1c - GDPR/Section 11.1c - POPIA).

Personal Data

• Contact details
• Job application details
• Communication content

Receipt Category 

Law enforcement agencies, courts, agents, parties and counterparties.

Purpose and Legal Basis

To fulfil our legal obligations (Article 6.1c - GDPR/Section 11.1c - POPIA).

Our legitimate interest in establishing, asserting and defending legal claims (e.g., in the case of a dispute) to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f - GDPR/Section 11.1f - POPIA).

Personal Data 

• Contact details
• Job application details
• Communication content
• Other personal data depending on the situation

Your personal data may also be disclosed to relevant third-party providers, where our websites use third party advertising, plugins or content. We use such third-party providers to maintain the functionality of our websites (to achieve our legitimate interest, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f – GDPR/Section 11.1f POPIA)). If you choose to interact with any such advertising, plugins or content, your personal data may be shared with the relevant third-party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.

*** You can read our third-party recruitment website provider’s Privacy Policy (Teamtailor) on this link - https://www.teamtailor.com/en/privacy-policy/

DATA RETENTION

We take every reasonable step to ensure that your personal data is only processed for the minimum period necessary for the purposes set out in this Policy. When you enter your data into our Recruitment Website, we will retain this in our Recruitment System for a period of 2 years after which it will be automatically deleted. We retain your data for this period to enable us to contact you about career opportunities that may be of interest to you. We also retain your data in the event that we receive a legal claim regarding the recruitment process.

You can delete your data at any time by logging on to our Recruitment Website and clicking on “Data & Privacy”/”Remove my data”, or by contacting privacy@advania.co.uk, explaining that you would like your recruitment data Profile deleting.

Prior to the automatic deletion of your data after the 2-year deadline, you will receive an email notification giving you the opportunity to opt to retain your data in the system, for example, if you still have an interest in job opportunities at Advania.

If you are successful in obtaining employment with us, then you will be issued with the Employee’s Privacy Policy explaining how your personal data will be handled further during your employment with us.

CROSS-BORDER DATA TRANSFERS

Because of the international nature of our business, we may transfer personal data within the Advania group, and to the third parties listed above. For this reason, we may transfer personal data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.

If an exemption or derogation applies by law (e.g., where a transfer is necessary to establish, exercise or defend a legal claim) we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your personal data outside of your jurisdiction, we will do so on the basis of:

• For EU Data Controllers – Adequacy decisions by the European Commission or Standard Contractual Clauses
• For UK Data Controllers – Adequacy decisions by the Data Protection Authority (Information Commissioner’s Office), Standard Contractual Clauses with an International Data Transfer Addendum or an Internation Data Transfer Agreement
• For South Africa Data Controllers – Intra-Company Agreement or appropriate Contractual Clauses

Please note that when you transfer any personal data directly to any Advania entity established outside the EEA or South Africa, we are not responsible for that transfer of your personal data. We will nevertheless process your personal data, from the point at which we receive those data, in accordance with the provisions of this privacy information.

YOUR RIGHTS

Subject to applicable law, you may have the following rights regarding the processing of your personal data:

• Right to access your data (Article 15 GDPR/Section 23 POPIA)

Subject to applicable law, you may have the right to receive confirmation from Advania that your personal data is being processed by Advania and, if so, to access the personal data and the following information:

• the purpose of the processing;
• the categories of personal data being processed;
• the recipients of personal data (in particular if they are located outside the EEA/South Africa and if that is the case, the appropriate safeguards pursuant to Article 46 – GDPR/Section 72 - POPIA relating to the transfer;
• the period during which the personal data is processed;
• information on the rights set out in this section (such as your right to the rectification or erasure of your personal data);
• information about the source from which the personal data has been collected; and
• whether your personal data has been subjected to any automated decision-making, including profiling.

Subject to applicable law, you may also have the right, upon request, to receive a copy of your personal data in a commonly used electronic format. Please note that Advania has the right to charge a fee if you request more than one (1) copy of your personal data.

• Right to rectification (Article 16 - GDPR/Section 24 - POPIA)

Subject to applicable law, you may have the right to rectification of incomplete or incorrect personal data processed by us. Depending on the purpose of the processing you also have a right to have incomplete personal data completed, including by means of providing a supplementary statement.

• Right to deletion (Article 17 - GDPR/Section 24 - POPIA)

Subject to applicable law, you may have the right to erasure of your personal data. The right to erasure may apply:

• if you have withdrawn a previously given consent under Article 6.1 a – GDPR/Section 11.1a - POPIA and there is no legal basis for the continued processing of your personal data;
• if the personal data processed is no longer necessary for the purpose or the personal data is otherwise unlawfully processed;
• if you object to the processing under Article 21 – GDPR/Section 11.3 - POPIA where the processing is based on a legitimate interest (Article 6.1 f – GDPR/Section 11.1f - POPIA) and there are no compelling reasons to continue the processing or you object to processing for direct marketing purposes; and
• if the personal data have to be erased in compliance with a legal obligation.

Where we have made the personal data public and are obliged to erase the personal data according to the above, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

• Right to restrict processing (Article 18 GDPR/Section 11.3 POPIA (where applicable))

Subject to applicable law, you may have the right to obtain restriction of processing where one of the following grounds applies:

• the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
• the processing is unlawful, you oppose the erasure of the personal data, and you request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; and
• you have objected to processing pursuant to Article 21.1 – GDPR (pending the verification of overriding legitimate interests)/Section 11.3 POPIA (unless legislation provides for such processing).

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. If you have obtained restriction of processing, you shall be informed by us before the restriction of processing is lifted.

• Right to withdraw consent (Article 7.3 – GDPR/Section 11.2b – POPIA)

You have the right to withdraw your consent to the extent that Advania’s processing of your personal data is based on consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your personal data in reliance upon any other available legal bases).

• Right to data portability (Article 20 - GDPR/POPIA not applicable)

When the processing of your personal data takes place on the basis of your consent or because the processing is necessary to fulfil or enter into an agreement with you, and provided that the personal data has been collected directly from you, you have the right to receive a copy of your personal data in a common machine-readable format. To submit a request to exercise your rights, please contact us using the details provided in the “Details of Controllers” Section below.

• Right to object to processing (Article 21- GDPR/Section 11.3 POPIA)

Subject to applicable law, you may also have the following additional rights regarding the processing of your personal data:

• the right to object, on grounds relating to your particular situation, to the processing of your personal data by us or on our behalf, where such processing is based on Articles 6.1e - GDPR (public interest) or Article 6.1f – GDPR/Sections 11.1d to 11.1f - POPIA; and
• the right to object to the processing of your personal data by us or on our behalf for direct marketing purposes

To submit a request in accordance with your rights, you may contact us using the details provided in the “Details of Controllers” section below. If we receive a request from you, we may request additional information to ensure that we are providing the information to the right person.

COMPLAINTS

You are welcome to contact us with questions or complaints regarding the processing of your personal data, using the details provided in the “Details of Controllers” section below. However, you also always have the right to file a complaint regarding the processing of your personal data to the relevant Data Protection Authority:

• UK - Information Commissioner’s Office can be found here.
• Ireland – Data Protection Commission can be found here.
• South Africa – Information Regulator can be found here.

DETAILS OF CONTROLLERS

For the purposes of this Policy, the relevant controllers and contact details of the Data Protection Officer are:

Controller Entity

Advania UK Limited

Contact Details

Registered Address: Lowry Mill, Lees Street, Swinton, Manchester M27 6DB

Registered Number: 03645998

Telephone: +44 333 241 7689

Email: privacy@advania.co.uk

Controller Entity 

Advania Ireland Limited

Contact Details

Registered Address: 3rd Floor, 40 Mespil Road, Dublin D04 C2N4

Registered Number: 669426

Telephone: +35 1 253 0180

Email: privacy@advania.co.uk

Controller Entity

Mirus IT Solutions Limited (UK)

Contact Details

Registered Address: Lowry Mill, Lees Street, Swinton, Manchester M27 6DB

Registered Number: 04569266

Telephone: +44 333 241 7689

Email: privacy@advania.co.uk

Controller Entity

Advania SA (PTY) LTD

Contact Details

Registered Address: The Annex Building, 2 Energy Lane, Bridgeways Precinct, Cape Town 7441, South Africa

Registered Number: 2008/024432/07

Telephone: +27 21 180 4171

Email: informationofficer.sa@advania.co.uk

DEFINITIONS

• “Data Controller” means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the controller has primary responsibility for complying with applicable data protection laws.
• “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
• “EEA” means the European Economic Area.
• “GDPR” means the General Data Protection Regulation (EU) 2016/679.
• “International Data Transfer Addendum" means template transfer clauses adopted by the Information Commissioner’s Office (UK) to add to existing Standard Contractual Clauses
• “International Data Transfer Agreement" means template transfer clauses adopted by the Information Commissioner’s Office (UK)
• “Joint Controllers” means two or more Data Controllers jointly determining the purposes and means of processing
• “personal data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
• “POPIA” means the Protection of Personal Information Act of 2013 in South Africa, including any regulations of codes of conduct promulgated under it
• “process”, “processing” or “processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “processor” means any person or entity that Processes Personal Data on behalf of the controller (other than employees of the controller).
• “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
• “UK GDPR” means the GDPR as it forms part of the laws applicable in the UK by virtue of section 3 of the European Union (Withdrawal) Act 2018, and as applied and modified by Schedule 2 of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419) or as modified from time to time by other laws applicable in the UK).