Job Applicants Data Protection and Privacy Notice

1 Overview

The China Navigation Company Pte Ltd ("CNCo") and all its subsidiaries (hereinafter collectively referred to as the "CNCo Group" and each a "Company") value the privacy of the personal data of its job applicants and are committed to protecting the privacy and security of your personal data in accordance with applicable privacy laws.

This Policy provides job applicants with an overview on the types of personal data the Company collects (whether directly from you or third party sources) and shares with third parties and your rights in respect of such data processing under the applicable laws.

2 Application

2.1 Data Protection Principles

The Company is committed to ensuring that personal data is processed by the Company in accordance with applicable data protection laws. This requires the Company to process personal data in accordance with the following principles:

  • We will only use your personal data in a lawful, fair and transparent way;
  • We collect personal data only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • We only collect such personal data as is necessary for the purposes we have informed you and process the personal data only for those purposes;
  • Your personal data is kept accurate and up to date;
  • Your personal data is kept only as long as is necessary for the purposes we have informed you about; and
  • Your personal data is kept secure.

2.2 Personal data held by the Company

The Company collects your personal data through the following means: during our application, recruitment and on-boarding processes, either directly from you or sometimes from an employment agency or background-check providers. As part of our recruitment process, we may also collect additional information from former employers, credit reference agencies or other background check agencies.

The data that we collect, the legal bases and purposes of processing such data as well as the other third parties whom we disclose such data to are as follows:

DATA collected LEGAL BASIS AND PURPOSE of processing DISCLOSURE to whom

Personal information such as:

  • Your name, address and contact details


  • Your nationality, date of birth, marital status, place of residence
  • Social security number, passport number or other national identification number

In general, prior to employment, we will collect the Personal data in the 1st column on the following legal grounds:

  • For our legitimate business interests:
  • To assess your suitability for employment with us and communicating with you about the recruitment process and/or your application.
  • To verify your information and carrying out reference checks and/or conducting background checks (where applicable) if you are offered a job.
  • To determine the terms on which you work for the Company (where applicable).
  • To comply with the CNCo Group’s own internal policies such as equal opportunity, modern slavery and human trafficking policy.
  • To comply with applicable laws, regulations, legal processes or governmental requests – these may include but are not limited to minimum age labour laws, local content or employment requirements.
  • With your consent – where none of the above legal basis applies, we will process your personal data based on your explicit written consent. If so, we will provide you with full details of the information that we would require and the reason we need it, so that you can carefully consider whether you wish to consent.

Prior to employment, your personal data are shared with the following third parties:

  • Third party agencies for verification of work experience, qualifications and background;
  • Referees indicated in CV or during job application / interview for further references.
  • Where applicable, companies within the Swire Group* for other potential career opportunities.

*"Swire Group" refers to all companies owned or controlled in part or in whole and whether directly or indirectly, by John Swire & Sons Limited.

Prior work experience information such as:

  • CV, employment history, reference information and/or information received from background checks (where applicable). Such information may be provided to us by third parties e.g. recruiters.
  • Professional qualifications and certificates.
  • Education history and transcripts.
  • Information from interviews,

Do note that if you are offered and you accept employment with us, the information collected during your application and recruitment process will become part of your employment record.

2.3 Consequences of not providing us with your personal data

If you fail to provide certain information when requested, please note that we may not be able to adequately evaluate your application for a job with us or we may be prevented from complying with our legal obligations.

2.4 Your rights in connection with your personal data

Under certain circumstances, by law, you have the right to:

  • request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
  • request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. Please note that it is your obligation to inform us if your Personal data changes during your working relation with us;
  • request erasure of your personal data (where it is no longer required for the Company’s legitimate business purpose). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

A formal request from an individual for information that the Company holds about them must be made in writing. You will not ordinarily be required to pay a fee to access your personal data (or to exercise any of the other rights), but we may charge a reasonable fee for any additional copies of the materials we provide. Where your request is unfounded or excessive, we may also charge a reasonable fee or alternatively, we may refuse to comply with the request.

Please contact us at in relation to any such request(s).

2.5 Right to withdraw consent

In the circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in accordance with the law. If we have another legitimate basis for processing information in accordance with the law, we may still process the same data and we will not require your consent to do so.

2.6 How do we keep your personal data secure?

The Company values the privacy of your personal data and has put in place appropriate security measures and procedures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

All our third party service providers and other entities within the CNCo Group are required to take appropriate security measures to protect your personal data in line with our policies, as are any parties to corporate transactions. We only permit them to process your personal data for specified purposes and as appropriate, in accordance with our instructions.

The Company has put in place reasonable security arrangements to maintain the security of all personal data to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks to your personal data. We have also put in place procedures to deal with any suspected data security incidents and will notify you and any applicable regulatory authority of a suspected breach where we are legally required or it is appropriate to do so.

2.6 Transfer of personal data to countries outside where the Company is located

Where your personal data is transferred outside where the Company is located (including outside of the EU), the Company implements organizational, contractual and legal measures to ensure that your personal data is processed only for the above specified purposes in accordance with our instructions, and that there are adequate levels of protection to safeguard your personal data. These measures include European Commission-approved transfer mechanisms for transfers to recipient countries which are not deemed to provide an adequate level of protection for personal data due to an absence of an adequacy decision by the European Commission in respect of such recipient countries. You can request a copy of these measures by contacting the Company’s Data Protection Officer (DPO).

3 Contact details

The DPO can be reached as follows:

Upon receipt of any complaint from an individual, the DPO shall investigate the complaint thoroughly and respond to you within 3 days of the complaint or if more time is required, to inform you when your complaint will be duly addressed.

If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority or the local data protection authority where the Company is based to seek further assistance. If you require your local data protection authority’s contact details, you may likewise write to the Company to obtain the same.

4 Changes to Policy

The Company reserves the right to amend this policy at its sole discretion and will continue to review the effectiveness of this policy to ensure it is achieving its stated objectives, taking into account changes in the law and organisational and/or security changes.