Privacy Notice to candidates for recruitment to Project Management Limited trading as PM Group

This privacy notice sets out the privacy practices of Project Management Limited t/a PM Group regarding personal data that we may collect from or about you.

We are collecting personal data from you due to your having either expressed an interest in working for PM Group and/or your having provided PM Group with your CV and/or your having applied for a position with us as either an employee or an independent service provider (ISP).

1.1 General Statement

PM Group respects your rights to the privacy of your personal data. We will not collect your personal data without your knowledge. Where we do collect personal data, we will do so either with your express consent or to comply with legal requirements in relation to execution of a contract (employment or other work-related) we enter into with you or to pursue the legitimate interests of PM Group, such as deciding whether it would be beneficial for us to appoint you to work for us or one of our clients.

We will provide you with information as to what personal data is being collected and the purposes for which it is being collected. We will also inform you as to how you can access, update or correct such information, for how long we will retain such information, how it is stored and what to do if you wish to have it erased (subject to legal requirements).

If your personal data is shared with third parties, we will inform you of the identity of those third parties. Any personal information which you provide to PM Group will be treated strictly in accordance with applicable data protection legislation. Any changes to this Privacy Notice will be updated on PM Group website’s recruitment page and/or notified to you by email.

1.2 Purposes for which we may collect your personal data

We will only collect and use your personal data for the purposes explained below and not for other purposes.

We may collect, process and share personal data for some or all of the following purposes:

  • to assess your skills, qualifications, and suitability as a candidate for the role or work
  • to carry out background and/or reference checks, where applicable
  • to communicate with you about the recruitment process
  • to maintain HR records related to our hiring processes and procedures
  • to comply with legal or regulatory requirements
  • to decide whether to enter into a contract of employment or contract for services with you or a limited company in which you are the majority shareholder

1.3 Type of personal data we may collect

The type of personal data which we may collect from you includes the following

The information you have provided to us in your resume or curriculum vitae (CV), including:

  • your full name and/or previous names;
  • your current job title;
  • your mailing address
  • your normal place of residence;
  • your home telephone no, personal mobile phone and personal email contact details;
  • your date of birth;
  • your gender;
  • your employment record (including working history, training records and professional memberships);     
  • your photograph
  • your citizenship;
  • your working language and language skill levels;
  • information as to your eligibility or right to work.;
  • a copy of your passport or other identity document and/or your work permit/visa to verify your legal right to work;
  • your education details and copies of your qualifications;
  • other information which you may provide in a PM Group application form;
  • any other information you provide to us during an interview, (e.g. medical conditions, where you volunteer this information to us)
  • details of your current remuneration and benefits

1.4 How we will process your Personal Data

If you have applied for employment with PM Group or are seeking to provide services to us as through a limited company arrangement, we may need to collect, store and use your personal data obtained via the following:

  • through CVs provided to us as part the application and recruitment process, whether provided directly from you or from an employment agency, including personal data from your referees to verify previous work experience
  • in interview notes
  • through our applicant tracking system
  • via our Graduate website
  • via our PM Group website or external recruitment sites
  • via our recruitment email addresses and email accounts
  • from your named referees as provided to us by you
  • as provided to us by a recruitment agency or talent scout with whom you have registered and provided your personal data
  • from third party publicly accessible sources, including LinkedIn, Google, Facebook (where applicable)


1.5 Sharing of your Personal Data

We will not share your personal data other than as set out below.

Within the PM Group of companies:

We may process your personal data on electronic systems used by more than one PM Group company and owned by a PM Group company other than Project Management Limited.

We shall only transfer personal data outside the European Economic Area (EEA) to other companies within the PM Group of companies where such transfer is subject to an inter-group company data processing agreement which includes model clauses, as published by the European Commission from time to time.

With Third Parties:

We may share your personal data with:

  • Applicant tracking system (ATS) platform provider
  • third party CV database provider
  • with clients or potential clients of PM Group, where the role applied for or otherwise in consideration relates to work at a client site or being placed directly with a PM Group client or potential client
  • with clients of PM Group or potential clients where we are pitching for work or submitting bids or tenders to PM Group client or potential clients

We will not transfer your personal data outside of the European Economic Area (EEA) unless one of the following conditions applies:

  • you are being considered for a position in a PM Group company that is incorporated and/or resident in a non-EEA country;
  • the European Commission has issued a decision confirming that the country to which we transfer personal data ensures an adequate level of protection for the data subjects’ rights and freedoms;
  • appropriate safeguards are in place such as binding corporate rules (BCR) or standard contractual clauses approved by the European Commission;
  • a data subject has provided explicit consent to the proposed transfer after being informed of any potential risks; or
  • the transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and you, reasons of public interest, to establish, exercise or defend legal claims or to protect your vital interests where you are physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.


1.6 Your Rights

You are entitled to obtain a copy of any personal data we hold about you and to request that we correct inaccuracies in such data without undue delay. You also have the right to complete any incomplete personal data about you that we hold. You have the right to request that we delete any personal data about you without undue delay and/or request that we restrict the manner in which we process your personal data. If you wish to avail of any of the above rights, please contact us at: Your request will be dealt with as soon as possible but within 1 month from the date you make a request to us.

1.7 Retention of your Data

We will retain your personal data, including your CV, for a period of 3 years after we first communicate to you our decision about your suitability to work for us. We shall retain your personal data for that period in case any other opportunities arise to work with PM Group for which you may be considered suitable. We also shall retain your personal data for that period in order to demonstrate, in the event of a legal claim, that we have not discriminated against yourself or other candidates on prohibited grounds and that we have conducted all our recruitment procedures in a fair and transparent way.

After this period, if we wish to retain your personal information on file, on the basis that an opportunity may arise in the future for which you may be suitable, we will write to you separately seeking your explicit consent to retain your personal data for a further fixed period.

If you do not consent to our retaining your personal data after the initial 3 year period, we shall securely destroy your personal data.

1.8 Special Categories of Personal Data

If you provide us with or we hold special categories of personal data (such as health information) in relation to you, we will only process such data for the following purposes:

  • if it is to protect your vital interests (for example, in the event of an accident); and/or
  • if it is for establishing, exercising or defending legal claims, via a person bound by medical secrecy.

1.9 Data Processors

Any third-party processors we use to process your personal data will do so only on the basis of documented instructions from us.

Our third-party data processors are obliged to notify us in the event of a data security breach in relation to any personal data processed by them on our behalf.

Our third-party data processors are subject to obligations of confidentiality regarding your personal data. They are not permitted to engage sub-processors without our prior consent and imposing the same obligations of confidentiality regarding your personal data.

In addition, they are obliged to return or delete to us all personal data held by them on our behalf to the extent that any such personal data does not reside on electronic systems owned by a PM Group company.


1.10 Data Security

Our systems are regularly tested and assessed to validate that the technical and organisational measures we have put in place ensure the security of the processing and storage of your personal data. Your personal data will be stored on secure servers controlled by the PM Group of companies and which are located within the EU and which will use strict procedures and security features designed to prevent unauthorised access. As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your personal data being transmitted to our systems.

In the event of a data security breach, we will report this to the relevant data supervisory authority, the Irish Data Protection Commissioner, within 72 hours of becoming aware of it if it appears likely that there is a risk that your personal data may be accessed or compromised.

We shall also inform you without undue delay of any such data security breach if it is likely to result in a high risk to your rights and freedoms relating to your personal data.

1.11 Data Privacy Champion

PM Group has appointed a Data Privacy Champion to address any concerns or queries with regard to the handling of personal data by PM Group. Please email in the event that you wish to contact us in relation to any matter concerning the processing of your personal data.

1.12 Complaints

You have the right to raise queries and/or lodge a formal complaint with the supervisory authority regarding our handling of your personal data. The supervisory authority to which any such com plaint should be addressed is the Irish Data Protection Commissioner (email: and the way to raise queries and/or lodge a formal complaint can be found via