Medline Global Applicant Privacy Notice
Effective 14 July
We recognize the importance of your privacy and maintaining the confidentiality of your Personal Data. This Applicant Privacy Notice (“Privacy Notice”) describes how Medline Industries, LP, and affiliated companies (“we”, “us”, “our” or “Medline”) may collect, use, store, disclose, process and transfer any Personal Data that we collect from you or from third parties in connection with your application for employment.
This Privacy Notice applies in relation to all individuals applying to be employees (“Applicant”, “you”, “your”), whether full-time, part-time, or temporary, of Medline Industries, LP, Medline International B.V., and/or its affiliates (collectively “Medline”, “we”, “us” and “our”).
Please read this Privacy Notice carefully, together with any other privacy notice we may provide to you, so that you are aware of how and why we are using Personal Data. This Privacy Notice does not form part of any contract of employment or other contract to provide services. We may update this Privacy Notice at any time.
TABLE OF CONTENTS
- GENERAL
- PERSONAL DATA COLLECTED AND PURPOSES OF COLLECTION
- SOURCES OF COLLECTION
- TRANSFER AND SHARING OF PERSONAL DATA
- CONFIDENTIALITY AND SECURITY OF PERSONAL DATA
- PERSONAL DATA RETENTION
- YOUR RIGHTS
- COOKIES AND OTHER DATA-COLLECTION TECHNOLOGIES
- AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
- HOW TO CONTACT US
- UPDATES TO THIS PRIVACY STATEMENT
- GENERAL
Medline International B.V. and the Medline entity to which you are applying act as a data controller of your Personal Data under the GDPR and similar laws. As a data controller, we are responsible for deciding how we hold and use Personal Data about you. We are required under data protection legislation, including the GDPR, privacy laws in various U.S. states, and other international jurisdictions, to notify you of the information contained in this Privacy Notice. Any hiring or other employment-related decisions will be made by the hiring team in accordance with the laws of the country where the job will be located.
- PERSONAL DATA COLLECTED AND PURPOSES OF COLLECTION
Personal Data includes any information that could be used to identify you directly or indirectly, when combined with other information in Medline’s possession. This Privacy Notice sets out how we may collect, use, store, process, disclose and transfer Applicant Personal Data.
We collect and process your Personal Data in a lawful manner for the legitimate business purposes listed in the chart below, under the legal basis of completing our contractual obligations to you, with your consent in appropriate cases, and consistent with our legitimate business interests . We collect the following types of information for the purposes listed. Additional discussion of our purposes for processing your Personal Data can be found in “Sharing Your Personal Data.”
Name, Contact Information, and other Identifiers. Identifiers such as a name (including prefix or title), postal address, unique personal identifier, online identifier, internet protocol address, email address, phone number, social security number, date of birth, driver’s license number, passport, or other similar identifiers.
We use this information to for the following legitimate business purposes:
- managing your application for a role you applied for or were referred to;
- fulfilling our obligations related to a contract of employment;
- assessing your suitability for the position you have applied;
- verifying your identity, employment history, education history, qualifications and language proficiency;
- checking background or references;
- communicating with you.
Professional or Employment-Related Information. Application information, including resumes and cover letters, interview notes, pre-employment references, education (including transcripts, coursework), employment history, professional experience, certifications, and qualifications.
For certain positions, we may request you to complete some assessments regarding your personality and/or behavior.
We may also collect additional background information such as credit history, criminal records and occupational health information, as permitted by law.
We use this information to for the following legitimate business purposes:
- managing your application for a role you applied for or were referred to;
- fulfilling our obligations related to a contract of employment;
- assessing your suitability for the position you have applied;
- verifying your identity, employment history, education history, qualifications and language proficiency;
- checking background or references.
Financial Information. Bank account details (for purposes of reimbursement), salary, retirement account, company allowance, bonus, benefits, taxpayer identification numbers.
We use this information to for the following legitimate business purposes:
- managing your application for a role you applied for or were referred to;
- fulfilling our obligations related to a contract of employment;
- providing employment benefits;
- checking background or references.
Biometric Information. Physiological characteristics such as that can be used alone or in combination with each other to establish your individual identity.
We use this information to for the following legitimate business purposes:
- managing your application for a role you applied for or were referred to;
- fulfilling our obligations related to a contract of employment;
- verifying your identity, employment history, education history, qualifications and language proficiency;
- checking background or references.
Internet or other electronic network activity. This includes, but not limited to, your interaction with our internet website, application or advertisement.
We use this information to for the following legitimate business purposes:
- managing your application for a role you applied for or were referred to;
- fulfilling our obligations related to a contract of employment;
- checking background or references;
- creating user profiles to personalize your experience;
- improving our application process;
- sending communications.
Geolocation Information. Precise geographic location information about a particular individual or device.
We use this information to for the following legitimate business purposes:
- managing your application for a role you applied for or were referred to;
- fulfilling our obligations related to a contract of employment;
- checking background or references;
- creating user profiles to personalize your experience;
- improving our application process;
- sending communications.
Visual Information. Passport and driver’s license, copies of which may generally include a head and shoulders photograph from, photographic and video images of you from interviews or captured over video surveillance on our premises.
We use this information to for the following legitimate business purposes:
- managing your application for a role you applied for or were referred to;
- fulfilling our obligations related to a contract of employment;
- checking background or references.
“Sensitive Personal Data” including racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, and data concerning criminal convictions and offenses or related security measures and related sentences.
We will only use your Sensitive Personal Data in a lawful manner in the following instances:
- where necessary to carry out our obligations as data controller;
- where necessary to protect your vital interests or the vital interests of another individual;
- where processing relates to Sensitive Personal Data which you have made public;
- where necessary to establish, exercise or defend legal claims;
- where necessary for reasons of substantial public interest, which are proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard your fundamental rights and interests.
In limited circumstances, we may seek to obtain your written consent to allow us to process certain Sensitive Personal Data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your employment contract with us that you agree to any request for consent from us.
We will only use your Personal Data for the business purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the basis which allows us to do so.
In addition to the purposes listed above, we may process any of the categories of personal information listed above for the following legitimate business interests:
to prevent fraud;
to protect information security;
to protect the rights, safety and property, of Medline, you, and/or others; and
- to comply with legal obligations and/or protect our legal interests.
Some of the above purposes for processing will overlap and there may be several purposes that justify our use of your Personal Data.
Providing Personal Data to Medline is voluntary. However, if you do not provide sufficient information, Medline may be unable to consider your employment application or conduct our verification process, or if you are hired, your subsequent promotion, transfer or relocation. Any information you submit must be true, complete and not misleading. Submitting inaccurate, incomplete or misleading information may lead to a rejection of your application or disciplinary action including immediate termination of employment, if hired.
- SOURCES OF COLLECTION
We collect Personal Data through the application and/or recruitment process in the following ways, pursuant to applicable law:
- Directly from you: when you create your account profile in or use social media to share information to or receive information regarding job openings from our Careers Portal and take part in recruitment interviews and activities.
- Other sources: from employment or recruitment agencies, credit reference or background check providers and your references.
- Publicly available sources: we collect information from public sources, when permitted by law. We may use such sources to verify your credentials or complete any other reviews as required by law.
If you provide to us any Personal Data relating to third parties, such as your reference(s), it is your responsibility to ensure that information you submit does not violate any third party’s rights and that you have obtained approval from that individual to provide that information to us.
- TRANSFER AND SHARING OF PERSONAL DATA
Medline has not sold and will not sell your Personal Data.
Medline is an international organization with affiliates across the world. The data we collect through the job application process may be stored and processed in any country where we have facilities or in which we engage service providers, including in the U.S. and where our affiliates operate. For a complete list of companies associated with Medline, please contact us at the address, email, or phone number as stated in the “How to Contact Us” section below. Medline may need to disclose and transfer Personal Data outside of your home country where we collect it from you where necessary, proportionate, and consistent with the purpose for which it was collected. We may transfer data from all categories listed in the chart above to the following parties for the following purposes:
- for the purposes outlined above, to any entity that is or becomes part of Medline (including any affiliates of Medline);
- for the purposes outlined above, to any of Medline’s third-party service providers, including their legal advisers, credit and reference agencies, recruitment agents, information technology service providers or service providers engaged by Medline to assist with human resources or other departmental functions;
- for the prevention of fraud or other harm;
- pursuant to any applicable laws, regulations or orders issued by a court or regulatory authority, to any legal or regulatory authority or court of competent jurisdiction; or
- to any other third party that you have consented to the transfer or disclosure of your Personal Data to, and/or any other third party that you have been notified of on or before the time when the Personal Data is collected from you.
The data privacy laws in the countries we transfer your Personal Data to may not be the same as the laws in your home country. For Applicants located in the European Economic Area (EEA), the European Commission recognizes that some countries outside the EEA have similar data protection standards. The full list of these countries is available here. In instances where your Personal Data is transferred to countries not on this list, Medline implements appropriate measures to protect your Personal Data such as data transfer agreements that incorporate standard data protection clauses consistent with applicable legal requirements.
- CONFIDENTIALITY AND SECURITY OF PERSONAL DATA
Your Personal Data held by us will be kept confidential in accordance with applicable Medline policies and procedures. We have put in place reasonable technical and organizational security measures that are designed to help protect your Personal Data from loss or unauthorized disclosure. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. Medline limits access to your Personal Data to those employees, service providers, agents, contractors, and other third parties who have a legitimate business need, in accordance with our instructions and subject to a duty of confidentiality.
- PERSONAL DATA RETENTION
Medline will retain your Personal Data only for as long as it is necessary to fulfill the above-mentioned processing purposes, or as required to comply with applicable legal requirements. If your application is taken into consideration, we will store your resume for the duration of the recruitment process. If you receive a rejection notification, your resume will be deleted, or rendered anonymous within 30 days after the notification, unless it is necessary to satisfy Medline’s audit requirements, to meet Medline’s legal obligations, or to fulfill other legitimate interests. During the application process you may choose to have Medline retain a copy of your resume to be contacted for future employment. If you do so, your data will be stored for 12 months, at which point you may choose to continue to further remain in our recruitment database. We consider the following criteria to determine the appropriate retention period for your Personal Data: the nature and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and applicable legal requirements. If Personal Data is needed for a legal claim, Medline will retain this data for as long as the issue is active and up to the time when the statute of limitation has expired.
In some circumstances, you can ask us to delete your information (see the section on “Your Rights” below).
If Medline hires you and you accept our offer, your Personal Data will be incorporated into our applicable human resources systems as part of your employment file and will continue to be held and used for other employment-related purposes in accordance with the applicable Employee Privacy Notice, which will be provided to you on or around the time that you begin employment.
You agree to promptly inform the human resources department when any of your Personal Data is no longer accurate or up-to-date. It is your responsibility to report any changes in status that affect your records and benefits, e.g., a change of address, etc. Medline may delete Personal Data about you from our Applicant database at any time and without providing any reason. Therefore, please retain a copy of the Personal Data provided to us.
- YOUR RIGHTS
You may have certain rights with respect to how your data is handled. These rights vary depending on your local law and depending on Medline’s reason for processing your Personal Data. Please note that certain Personal Data or requests may be exempt pursuant to applicable laws and regulations. We will respond to your request consistent with applicable law. In your request, please make clear which rights you are exercising and what treatment or limitation you would like us to apply to your Personal Data.
For your protection, we limit the information we provide you to only to the information associated with your request, and we may need to verify your identity before processing your request. We will try to comply with your request as soon as reasonably practicable. Depending on the above, you may have the right to:
- Data Access. You can ask whether we are processing and using your Personal Data, and if we are, you may be entitled to a copy of your Personal Data.
- Correction. You can ask us to correct any Personal Data we have about you that is inaccurate. We want the Personal Data we hold about you to be correct and complete.
- Prevention of Processing Likely to Cause Damage or Distress. You can ask us to stop or not to begin processing your Personal Data for a specific purpose, or in a specific way, if it is likely to cause unwarranted damage or distress, either to you or a third party.
- Erasure. You can ask us to delete your Personal Data.
- Restriction. You can ask us to restrict the processing of your Personal Data in certain circumstances.
- Data Portability. You can ask us to transfer the Personal Data you have given us to another party or give it to you.
- Right to Object to Sales/Processing. You can object to our processing of your Personal Data in certain circumstances.
- Right to Object to Marketing. Medline will usually inform you if we intend to use your Personal Data for marketing purposes or if we intend to disclose your Personal Data to any third party for such purposes. You can prevent direct marketing from Medline by opting out to marketing on forms we use to collect your data.
If you would like to exercise any of these rights, please contact us at the address, email, or phone number in the “How to Contact Us” section below.
In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer collect, process, or transfer your Personal Data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
- COOKIES AND OTHER DATA-COLLECTION TECHNOLOGIES
We collect information about your online interactions with us through tracking and data-collection technologies such as cookies, web beacons and pixels, APIs, web services, scripts, browser analysis tools, and server logs. You can choose to opt-in, opt-out or decline cookies at any time; however, if you choose to opt-out of or decline cookies, not all elements of our websites, applications and services may function as intended, so your experience may be affected. To the extent that your local laws consider the information collected by cookies and other technologies as Personal Data, we will treat that information to the standards set out in this Privacy Statement. If the retention period of a cookie or pixel is not noted, then the default is twelve (12) months, unless a shorter retention period is required by law.
A “cookie” is a unique numeric code that is transferred to your computer to track your interests and preferences and to recognize you as a return visitor. A “pixel tag” (also known as a web beacon) is a transparent graphic image placed on a website, email, or advertisement that enables the monitoring of things such as user activity and site traffic, including the collection of data about the website or mobile application you were visiting before and after you came to our websites and applications. To learn more about cookies and other data-collection technologies, please visit “All About Cookies.”
We classify our cookies into the following categories:
- Strictly Necessary Cookies: These cookies are required for our websites and applications to function. You cannot switch these cookies off in our systems as they are set in response to user actions such as setting privacy preferences, logging in, or filling out forms. You may set your browser to block or alert you about these cookies, but some parts of our websites and applications will not work if these cookies are blocked.
- Functional Cookies: These cookies enable our websites and applications to provide enhanced functionality and personalization. They may be set by us or by our service providers whose services we have added to our pages, such as our video hosting provider, recently viewed product features, and browser update notifications. If you do not allow these cookies, then these services will not function, and your experience may be impacted.
-
Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our websites and applications. We collect information about your computer browser type and operating system, websites you visited before and after visiting our websites, standard server log information, Internet Protocol (IP) addresses, location data, mobile phone service provider, and mobile phone operating system. We use this information to understand how our visitors use our websites and mobile applications so that we can improve them, the services we offer, and our advertising. We may also share this information with other entities within Medline and our Service Providers.
- Some of our websites use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). More information on Google Analytics can be found here. If you would like to opt-out of having your data used by Google Analytics, you can opt out here.
- Some of our websites use Adobe Analytics, a web analytics service provided by Adobe, Inc. (“Adobe”). More information on Adobe Analytics can be found here. If you would like to opt-out of having your data used by Adobe Analytics, you can opt out here.
- Targeting Cookies: These cookies may be set on our websites and applications by our advertising service provider partners. Cookies may be used by those companies to build a profile of your interests and to provide remarketing services that show you relevant advertising on other sites and personalize advertisements for visitors to sites of their advertising networks (i.e., websites other than Medline’s). On these pages, you may be shown advertisements that refer to your previous interactions with Medline. To turn off personalization for advertisements served by Google click here. To turn off personalization for advertisements served by Facebook click here.
Audiences
We also use Facebook custom audience tools. This allows us to provide personalized advertising to you when you use Facebook’s platforms by matching the email address we hold for you with the email address Facebook holds for you to show you the most relevant Medline advertisements. We only do this where you have given us consent.
Sometimes we may also share your email address with our advertising service provider partners to build lookalike models. This allows us to generate similar audiences of prospective customers (who may have similar interests or demographics to you) through advertising platforms like Google, based on data that the advertising platform holds about other people. If you wish to opt out of similar audiences in Google, you can do so here.
- AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
We respect your legal rights not to be subject to decisions that are based solely on automated processing of your Personal Data, including profiling, especially where such processing has legal or other significant effects on you.
We inform our employees about any such automated decisions. Subject to certain exceptions, we usually obtain the relevant individual’s explicit consent before making any decisions based solely on automated processing activities and put in place appropriate safeguards to protect their rights, freedoms and legitimate interests in these circumstances. Among other things, we ensure that individuals, including Applicants, can always obtain a review by one of our staff members of any automated decisions and are able to express their point of view and contest any such decisions as indicated in the “How to Contact Us” Section.
We will not make any automated decisions based on Sensitive Personal Data unless we have obtained explicit consent from individuals to do so, or this is otherwise necessary for substantial public interest reasons based on applicable law.
- HOW TO CONTACT US
Questions, comments, requests, or complaints regarding this Privacy Notice and/or our use of your Personal Data should be addressed to the contact information below.
Medline Industries, LP
Attn: Privacy Office
Three Lakes Drive
Northfield, IL 60093
Email: MedlinePrivacyOffice@Medline.com
Call Toll-Free: (844) 249-1979
For Applicants located in the European Union, you may contact us at the following address:
Medline International B.V.
Nieuwe Stationsstraat 10
6811 KS Arnhem
The Netherlands
Phone: +31 (0) 26 – 312 7227
Fax: +31 (0) 26 – 312 7208
E-mail: DataProtectionEU@medline.com
Applicants in Germany may also contact our Data Protection Officer at the following address:
Philipp M. Moehrle
Datenschutzbeauftr./ Dipl. Wirtschaftsjurist/ MCSE
- BECHTLE Datenschutz Competence Center -
Bechtle GmbH IT-Systemhaus
Parkstraße 2-8, 47829 Krefeld
Tel.: 02151 - 455 - 836
Fax: 02151 - 455 - 77810
eMail: philipp.moehrle@bechtle.com
http://www.bechtle.com
Geschäftsführer: Karl-Heinz Empel
HRB: 9925, AG Krefeld
Sitz der Gesellschaft: Krefeld
If you have any complaints regarding this Privacy Notice, you may also contact your local data protection authority.
- UPDATES TO THIS APPLICANT PRIVACY NOTICE
We may update this Privacy Notice to reflect changes in the way we process Personal Data. We will notify you about such changes in the way we use your Personal Data in compliance with applicable law.
This Privacy Notice was last updated on 14 July 2022