Recruitment Privacy Policy
Ryanair is committed to complying with applicable data protection and privacy standards at all times and takes its responsibility regarding information security very seriously. Any personal data collected by the company through the recruitment process is processed in accordance with this Recruitment Privacy Policy (“Privacy Policy”), and in compliance with the Data Protection Acts 1988 and 2003, the ePrivacy Regulations 2011 and related legislation (together “the DPAs”), and as from 25 May 2018, the EU General Data Protection Regulation (EU Regulation 679/2016) (“the GDPR”) and related Irish data protection legislation. This Privacy Policy only applies to the personal data of job applicants, potential candidates for employment and those who participate in our recruiting programs and events.
1. Data Controller
“Ryanair” (referred to as “we”, “us”, “our” or “Ryanair” in this policy) in this policy primarily refers to Ryanair D.A.C., the main operating company of the Ryanair group, and, where appropriate, to other companies in the Ryanair group or other entities over which Ryanair exercises management control. Ryanair D.A.C. is the “data controller” of all personal information that is collected and used about Ryanair job applicants. Ryanair is registered in Ireland with registration number 104547 and registered offices at Ryanair Dublin Office, Airside Business Park, Swords, Co. Dublin.
2. Data Protection Officer
We have appointed a DPO to oversee compliance with this policy. The DPO can be reached via e-mail: dpo@ryanair.com.
3. What Personal Data We Process
Personal data can be defined broadly as information that directly identifies an individual or that makes an individual identifiable when combined with other information. We will only collect that personal data which we need to fulfil the purposes outlined in this Policy and we will not retain it for any longer than is necessary.
Candidate Data is personal data about yourself that may be processed when you are applying for a specific position with us or joining our talent pool. We may collect various types of Candidate Data about you, including:
- Identity Data: such as name, gender, marital status, personal email, job title, nationality, passport number, visa information, eligibility for work in certain countries, home address, telephone numbers, previous residential address, photograph and bank details,
- Recruitment Data: such as education and training, qualifications, languages spoken, driving license number, CV and application data, interview and assessment data, previous work history, prior application history, recruitment interviews,
- Background Data: such as references, vetting and verification information, public information displayed on LinkedIn and other social media or public forums; and
- Feedback Data: such as your feedback and opinions (e.g. surveys) on the recruitment process.
- Third party Data: In certain circumstances we may process personal data of third parties, such as referees or your emergency contacts. The personal data regarding third parties that you provide to us will be processed for the purposes of your application. We typically request and contact referees once the job has been offered. Before you provide data relating to third parties to us, you should ensure you are permitted to do so and provide them with the information contained in this notice. The data that we have obtained from referees will be treated as confidential and will not be shared with anyone.
Sensitive personal and criminal records data
Sensitive personal data is a subset of personal data that includes ethnicity, health (physical or mental), trade union membership, philosophical beliefs, sexual orientation. Under limited circumstances and to the extent permitted by applicable laws, as a part of the recruitment process, we may collect and process “sensitive personal data”. This data can also include details of physical health (eyesight etc.) necessary for particular roles, accommodations/adjustments made to address our public health and workplace safety obligations, to provide reasonable accommodations to facilitate the interview process (in case of disabilities).
In addition, depending on the role that you have applied for and to the extent permitted and required by applicable laws, we may also process criminal records and information regarding criminal offences or proceedings.
Please do not include any personal data in your CV or other materials that you submit to Ryanair that you do not wish to be used for the purposes below.
4. How does Ryanair collect data?
We mainly collect your Candidate Data directly from you when you create a candidate profile and / or apply for a role with us either through our online application process, where you enter it into our systems or provide directly to the local human resources contact, for instance during Careers Open Day. Our application is set up to ensure that only one candidate profile can be created per person and it cross references unique identifiers such as email and phone number to ensure only one account can be created with this information.
We also collect data about you which is created by our recruiting personnel in the course of their interactions with you through the recruiting process, including assessment results, interview feedback.
In some cases we may obtain your personal data from third parties, such as recruitment agencies/firms, your references, prior employers including Ryanair group companies, or through a Ryanair contact and to the extent permissible by law, employment background check providers.
5. What is the purpose and lawful basis for personal data processing?
We process your Candidate Data for several legitimate business purposes but only where we have a lawful basis for such processing as set out in the table below:
| No. | Purpose for processing | Lawful basis |
|---|---|---|
| a) | Assessing the suitability of a candidate for a specific position at Ryanair. | Performing contractual and precontractual measures relating to our potential employment relationship with you. Our legitimate business interests in evaluating your application to manage our relationship with you and to ensure we recruit appropriate employees. For sensitive personal data, the processing is necessary for: the purposes of carrying out the obligations and exercising the rights of you or Ryanair in the field of employment law, social security and social protection law, to the extent permissible under applicable laws, the establishment, exercise or defense of legal claims. |
| b) | Appropriate vetting including, where relevant and to the extent permitted by applicable laws, right to work verification, identity fraud checks, criminal record checks), relevant employment history, relevant regulatory status and professional qualifications. | This processing is necessary for the compliance with legal and regulatory obligations to which Ryanair is subject including in regard to public health and workplace safety. This processing is also necessary for the purpose of the legitimate interests pursued by Ryanair to ensure we recruit appropriate employees. For sensitive personal data, the processing is necessary for reasons of substantial public interest or the processing relates to personal data which are manifestly made public by you. |
| c) | Improving business processes, including reviewing our recruitment processes and tools. | This processing is necessary for the purpose of the legitimate interests pursued by Ryanair. |
| d) | Collect and store relevant data that is provided by the candidate to enable Ryanair to consider you for any suitable positions that may become available in the future (Talent Pool). | The processing of this data is based on your consent, given prior to joining our Talent Pool. |
When we process your personal data to meet our legitimate interests, we balance our legitimate interests against your fundamental rights and freedoms and we implement appropriate safeguards to ensure that our legitimate interests do not override your interests, rights and freedoms.
6. Sharing Your Personal Data
Your personal data may be shared with other companies within the Ryanair Group in particular with recruiters and interviewers, HR managers and managers responsible for making decisions in connection to the recruitment process, including individuals performing administrative functions and IT personnel on a need-to-know basis, and only to the extent necessary to perform their jobs.
We may also share your personal data with the following third parties for the purposes described in this Privacy Policy:
- Third party recruitment agencies we contracted to assist us in identifying, recruiting and assessing job applicants;
- Third party employee background screening companies administering and evaluating pre-employment screening and testing including checking your credit history, employment history, driving records and criminal records, if relevant to the position;
- We use third party service providers to provide a recruiting software system ;
- Any regulatory body or other organisation which investigates and determines complaints about employment recruitment or which regulates employment or equality legislation, if a complaint is made about the recruitment process. We will also share personal data with our legal advisors in such cases.
We prohibit our third party providers from using your personal data for non-Ryanair purposes. We require all third parties processing personal data on our behalf to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU law on data protection standards.
We further require that they do not share your personal information with any third parties without our explicit consent and without guaranteeing adequate security standards and that they will hold it securely and retain it for the period we instruct.
Where required by applicable data protection laws, Ryanair has ensured that service providers sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant data exporter.
7. How long do we retain Your Personal Data
If you are successful, the personal data you provide during the application process will be securely retained by us as part of your employee file for the duration of your employment plus 7 years following the end of your employment. This includes your criminal records, fitness to work, records of any security checks and references.
If you are unsuccessful at any stage of the recruitment process, the information you have provided will be securely retained for 18 months from the closure of the recruitment campaign. We retain your information in case any queries or issues arise in relation to the recruitment process, and we need the information to respond to such issues or queries, and/or if a suitable position were to arise with the Company within that time period which we may invite you to apply for.
If you sign up for our talent pool, we will retain the information that you have provided for the duration of 18 months. Should your profile be suspended by you for such a period, we will prompt you to update your profile and refresh consent given for the processing. Failure to do so will result in your account being permanently deleted.
If you wish to suspend your candidate’s account, we will retain your personal data for 18 months after your last login. 1 month before this period, we will sent you a reminder via e-mail so that you can decide whether you want to keep your account or have it removed permanently.
8. Profiling and automated decision making
‘Automated Decision Making’ refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention.
‘Profiling’ means using automated processes without human intervention to analyse your personal data in order to evaluate your behaviour or to predict things about you.
We may use automated processes (such as psychometric testing) to profile recruitment candidates to provide insight into which candidates may be suitable for certain roles.
9. Security of data
Ryanair uses a variety of technical and organisational methods to secure Candidate Data in accordance with applicable laws and to ensure a level of security appropriate to the risk.
10. Cookies
When you view one of our sites, we may store some information on your computer. For example, this information may be in the form of a “Cookie” or similar file that will enable you to continue with a previously saved application. With most Internet Browsers, you can erase Cookies from your computer hard drive, block all Cookies, or receive a warning before a Cookie is stored. Please refer to your Browser instructions or help screen to learn more about these functions. Please note that removing or blocking Cookies may interfere with your full use of our site.
In some cases, we may collect information about you that is not personally identifiable. Examples of this type of information include the type of browser you are using, the type of computer operating system you are using, and the domain name of the site from which you linked to our site or advertisement. We use this information for the purposes of better understanding our customers’ interests and to help improve our business and sites.
11. Your Rights
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it, except opinions and references produced internally or obtained from your referees.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you want to exercise any of these rights, then please submit your request through Ryanair’s dedicated web-form which is available here or contact our DPO by e-mail: dpo@ryanair.com.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In addition, you always have the right to make a complaint at any time to the Irish Data Protection Commissioner, the Irish supervisory authority for data protection issues which is the lead data protection supervisory authority for Ryanair as an Irish data controller.
12. Changes to this Recruitment Privacy Policy
Our Recruitment Privacy Policy may change from time to time and any changes will be posted on this page.
This Recruitment Privacy Policy is effective as of 05.09.2024.