Your personal data is important to us, and we want to make sure you know how we use and protect it. In this privacy notice, we’ll explain how we collect, share, and process your personal data. We’ll also tell you about your rights and how you can exercise them. We may also provide you where relevant, with additional privacy information in a separate notice for specific channels, products, services, businesses and activities.

In this privacy notice, “we”, “us” or “our”, refers to the Standard Chartered Groupbranch, subsidiary or legal entity operating under the Standard Chartered brand you interact with that processes your personal data and decides how it is collected and used.  Standard Chartered Group means each of, or collectively, Standard Chartered PLC, its subsidiaries and affiliates, including each branch or representative office.  Please refer to the ‘How to get in touch’ section of this privacy notice for details of the relevant Standard Chartered Group member(s) providing this privacy notice.

Some of our affiliates’ websites have their own brand identity and their own separate privacy notices to provide relevant information for specific products and services they provide.  You should refer to the relevant privacy notices as directed by those affiliates in relation to how they use your personal data.  This privacy notice does not apply to third-party websites where our online advertisements are displayed or to linked third-party websites we do not operate or control. These websites should have their own privacy notices, which you can read to understand how they collect and process your personal data and your rights.

We’ll update this privacy notice from time to time to let you know about any changes to how we use your personal data. You can find the current version date listed at the end of this privacy notice. If you have any questions or concerns about your personal data, please don’t hesitate to get in touch (you can find our details under ‘How to get in touch’ below).

Personal data is information that either identifies you or is about you, and we may collect it from a few different sources. This includes collecting personal data directly from you, third parties acting for you or who are related to you, from companies, businesses or organisations who are our clients that you represent or are related to you, from other members of the Standard Chartered Group and from other organisations, or publicly available sources.

If you give us someone else’s personal data, you must have their permission and explain to them how we’ll use it.

We may collect the following different types of personal data when you apply for a job with us, and if it’s relevant and allowed by law:

• Identification data – information that identifies (uniquely or semi uniquely) you. For example, your name, your gender, your date of birth, your nationality, your photographs, video, photographic images and other identifiers, including official/government identifierssuch asnational identification number, passport number and tax identification number
• Contact data – information that allows addressing, sending or communicating a message to you. For example, your email address, your phone or mobile number and your residential
• Professional data – information about your educational or professional background. For example, academic background (such as your university or school diplomas/certificates and other educational achievements), current and previous employment details (including salary/bonus and employee benefits scheme), curriculum vitae/resume, professional qualifications, references and work visa
• Financial and commercial data – information that identifies your financial position, status and history. For example, your credit reports, payslips and other financial information 
• Personal relationship data – information about associations or close connections between individuals or entities that can determine your identity. For example, politically exposed person, public official, client, close personal or close financial relationships
• Communications data – information relating to you contained in voice, messaging, email and other communications we have with you, for example, via online forms.

We may sometimes need to collect more sensitive personal data from you, but we only do this if it’s necessary and with your consent, where required/ allowed by law. This sensitive data (sometimes known as special category personal data) may include things like:

• Racial or ethnic origin data – information which reveals your racial or ethnic origin
• Health data – information relating to your health status
• Trade union membership – if relevant in certain jurisdictions
• Criminal convictions, proceedings or allegations data – information about criminal convictions or related information that we identify in relation to our financial crime prevention obligations, for example, details about any criminal convictions or related information. This includes details of offences or alleged offences or convictions.

We are committed to providing equal opportunities and fair treatment in employment and recruitment. As part of this, we ask optional demographic questions as part of our application process. These questions are asked purely for the purposes of furthering those aims and creating a diverse and inclusive working environment. The answers to these questions do not form part our selection process and they are not shared with the relevant decision makers. They are only reviewed as an aggregated and anonymised report for our Internal Global Diversity and Inclusion and Analytics teams to better assess and address our current level of diversity. You have the choice not to answer these questions.

We usually get your personal data directly from you, but we may also obtain your personal data from elsewhere as follows: 

• People you know – such as:
  • friends or relatives who have referred you to us
  • your previous employers
  • recruitment agencies
  • other people you appoint to act as your referees
  • other people you appoint to act on your behalf
• Businesses and other organisations– such as:
  • your employer and/or company, business or organisation you represent or is related to you
  • credit reference and fraud prevention agencies
  • criminal records bureau
  • Standard Chartered career webpage
  • social network sites, for example LinkedIn, Facebook and Google+
• Publicly available resources – such as online directories, career platforms, publications, social media posts and other information that is publicly available

Cookies – when you visit, browse, or use our websites, online banking or mobile applications, we may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content and to determine the security status of your account. For more information on how we use cookies and how you can control them when visiting our websites, please see our Cookies Policy.

Our recruitment activities are generally not aimed at minors (normally this means if you are under 16 years old, but this might be younger depending on where you live).  If you are a minor in the relevant jurisdiction, you must obtain the consent of your parents or guardian before contacting us in relation to recruitment.

We collect your personal data so that we can manage our recruitment process and operate our business.

What we use your personal data for is often referred to as our purposes of processing and these are detailed below.

We generally process your personal data with your consent where required by law or where otherwise permitted or required by applicable law including for the following lawful reasons:

• Contract – when we’re performing contractual obligations
• Legal Obligation – when we’re required to comply with laws and regulations
• Legitimate Interest – when it’s within our legitimate interests for the purpose of processing.

We process your personal data for the following purposes, as relevant:

Assessing and processing your job application (Legal basis: Contract, Legal Obligation, Legitimate Interest, Consent)

This includes:

• reviewing your application (which may include video interview)
• assessing your skills, qualifications and suitability for the job role or engagement you applied for
• processing your application
• conducting pre-employment or pre-engagement searches, background checks to verify your identity
• obtaining references
• communicating with you in relation to your application. If you sign up for our Talent Network we may also notify you of other potential career opportunities or job vacancies that we think might suit you.

Improving our applicant screening procedures (Legal basis: Legitimate Interest)

This includes:

• engaging in business operational management, such as performing administrative tasks, risk management activities, audits and ensuring operation and security of our communications and processing systems
• auditing business operations
• gathering insights by aggregating data from our recruitment process to improve the recruitment process, including the process of screening job applicants.

Keeping you and our people safe (Legal basis: Legal Obligation or Legitimate Interest)

This includes:

• conducting identity verification security checks for building access
• using CCTV surveillance recordings at our branches, for the purposes of preventing and detecting fraud and/or other crimes, such as theft
• investigating and reporting on incidents or emergencies on our properties and premises
• for the security of our systems and networks in order to keep your data safe and confidential.

Detecting, investigating and preventing financial crimes (Legal basis: Contract, Legal Obligation or Legitimate Interest)

This includes

• conducting pre-employment or engagement identity verification screening, including searches with a credit reference agency, sanctions screening checks and criminal record checks to the extent permitted by applicable law
• recording and monitoring your electronic communications with us, to the extent permitted by law, to ensure compliance with our legal and regulatory obligations and internal policies.

Complying with applicable laws, regulations and other requirements (Legal basis: Legal Obligation or Legitimate Interest)

This includes:

• identifying and investigating compliance with our own Standard Chartered Group/ SCB AG policies
• complying with relevant local and foreign law, regulations, rules, directives, judgments or court orders, requests, guidelines, government sanctions, embargo, reporting requirements, restrictions, demands or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency or exchange body in any relevant jurisdiction where the Standard Chartered Group operates
• following any voluntary guidelines or recommendations from industry bodies or associations.

Exercising our legal rights and conducting legal proceedings (Legal basis: Legal Obligation or Legitimate Interest)

This includes:

• tracing and exercising our rights and protecting ourselves against harm to our rights and interests
• retaining records as may be necessary as evidence for any potential litigation or investigation
• obtaining professional advice
• investigating or making an insurance claim
• responding to any insurance related matter, action or proceeding
• defending or responding to any current or prospective legal, regulatory, or industry bodies or association related matter, action or proceeding.

We may sometimes, and with your consent if required by applicable law, we may use your contact details to send relevant marketing communications (such as by post, email, telephone, SMS, secure messages, mobile app or social media). You may withdraw your consent at any time by contacting us using the details below.

We may send the following communications:

• job opportunities
• seminars and webinars
• other events or opportunities.

We may share your personal data within the Standard Chartered Group. Standard Chartered Group may share your personal data for the purposes of processing as set out in this privacy notice, including with our service providers, our business partners, other third parties and as required by law or requested by any authority.  Who these are depends on your interactions with us.

We limit how, and with whom, we share your personal data, and take steps to ensure your personal data is kept confidential and protected when we share it. We may share your personal data for our purposes of processing with the following, where relevant:

• Other members of the Standard Chartered Group
• Authorised third parties
  • any other person you have authorised us by your consent to share your personal data with. E.g.:
• Third parties that can verify your information
  • ex-employers
  • credit bureaus or credit reference agencies (including the operator of any centralised database used by credit reference agencies), credit protection providers, rating agencies, debt collection agencies, fraud prevention agencies and organisations.
• Our service partners
  • recruitment agencies
  • professional advisers such as auditors, legal counsel,
  • service providers (such as operational, administrative, data processing and technology service providers), including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in Standard Chartered Group’s operations
  • providers of professional services, such as screening and authentication providers, pre-employment health test providers, market researchers and management consultants
• Government and law enforcement agencies
  • as required by law or requested by any authority, which includes any government, quasi-government, administrative, regulator, regulatory or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, having jurisdiction over any Standard Chartered Group member whether within or outside your jurisdiction and whether or not that Standard Chartered Group member has a relationship with you.
• Other third parties
  • third parties in case of a merger, acquisition or divestment: if we transfer (or plan to) transfer any part of our business or assets. If the transaction goes ahead, the interested party may use or disclose your personal information in the same way as set out in this privacy notice, and subsequently notify you of any changes they may make in terms with how they process your personal data.

Your personal data may be stored, shared, and transferred by us within the Standard Chartered Group or with other third parties for the purposes described in this privacy notice. We do this in order to operate effectively, efficiently and securely in facilitating transactions and providing products and services to our clients, to improve and support our processes and business operations and to comply with our legal and regulatory obligations. This may involve storing, sharing and transferring your personal data cross border to other jurisdictions.

Where recipients of your personal data are in jurisdictions that are outside the EU, and local laws may not have similar data protection level as the jurisdiction where you are or where we have a relationship, we will take all reasonable steps necessary to ensure that your personal data has an appropriate adequate level of protection and safeguards to comply with applicable law. In most cases, this means using standard contractual clauses approved by the EU Commision.

For further information, you can contact us for a copy of the relevant standard contractual clauses.

We take the privacy and security of your personal data very seriously. To protect your data, we have put in place a range of technical, physical and organisational measures to protect and keep your personal data confidential. Standard Chartered Group has implemented information security policies, rules and technical measures to protect personal data and to comply with legal and regulatory requirements. We train and require staff who access your personal data to comply with our data privacy and security standards. We require our service providers, or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy and security standards and measures when they handle, access or process your personal data.

In principle

Your personal data will generally be stored for a period of 6 months after completion of the recruitment process. After the retention period has expired, your data will only be kept anonymously for statistical purposes.

Extension of the storage period

If your application is successful, your personal data will be transferred to the personnel file. The data protection regulations for employees then apply.

We respect your personal data, and you have the following rights about how we use your information:

• Right to access your data – you can ask us for a copy of the personal data we have about you and how we’ve used it.
• Right to correct your data – if your personal information is incorrect, you can ask us to update it.
• Right to delete your data – you can ask us to delete your personal data. However,
• Right to restrict or object to processing – you can ask us to stop using your data or change how we use it.
• Right to object to automated decision making – you can ask us to review a decision made solely by automated processing if it negatively impacts you.
• Right to data portability – you can ask us to provide your personal data to another organisation in a format that can be easily read by machines.
• Right to change or withdraw consent – if we ask for your consent to use your personal data, you can change your mind at any time and change or withdraw your consent for the future.
• Right to withdraw from direct marketing – you can tell us to stop sending you marketing emails or invitations to surveys at any time.

We will respond to requests to exercise your personal data rights in line with applicable law. If you have any questions about your rights, please contact us using the details below.

The following Standard Chartered Group company act as the controller of your personal data in the European Union:

• Standard Chartered Bank AG

Address:
Taunusanlage 16
60325 Frankfurt am Main
Germany

You can contact our Data Privacy Officer at dpo.germany@sc.com.

Or by post at:

Standard Chartered Bank AG, Taunusanlage 16

If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can contact your branch or your Relationship Manager or get in touch with our Data Privacy Officer.  You can also contact the Der Hessische Beauftragte für Datenschutz und Informationsfreiheit

vertreten durch

vertreten durch
Prof. Dr. Alexander Roßnagel

Gustav-Stresemann-Ring 1
65189 Wiesbaden

Telefon: 0611-1408 0
E-Mail:
poststelle@datenschutz.hessen.de

Please see our separate Cookie Policy

There may be specific terms and conditions in our recruitment process that govern the collection, use and disclosure of your personal data. Such other terms and conditions must be read in conjunction with this privacy notice.

This privacy notice was updated on 09 May 2023.