PRIVACY NOTICE FOR JOB APPLICANTS


What is the purpose of this document?

We are a “data controller” and we collect, store, hold, process, use, record, consult, disclose, erase, make decisions based upon, destroy and in some instances transmit personal data about you (together these activities are referred to as “Process”, “Processed” or “Processing”). 

 

This Privacy Notice sets out the information that must be provided by us to you (the “Data Subject”) at the time your personal data is obtained. It is drafted in compliance with UK data protection laws. The person responsible for overseeing data protection compliance issues within the Employer is Jean Gomes, CEO.

 

This Privacy Notice concerns your personal data and special categories of data, together referred to as “Data” in the Privacy Notice. This Privacy Notice describes how we collect and use Data about you both during and after your working relationship with us and gives examples of the types of Data we hold, Processing activities and the justifications for that Processing.

 

This Privacy Notice applies to job applicants. This Privacy Notice does not form part of any contract of employment or other contract to provide services.

 

It is important that you read this Privacy Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing Data about you, so that you are aware of how and why we are using such information.

 

The Data Protection Principles

We will comply with UK data protection laws which state that the Data we hold about you must be:

 

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Adequate and relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

 

The types of Data we hold about you

Data means any personal data or special categories of data about an individual from which that person can be identified. It does not include information where the identity has been removed (anonymous data). "Special categories" of more sensitive personal data require a higher level of protection. 

 

We may collect, store, use and Process the following personal data or categories of personal data about you:

 

a.     Recruitment information (including copies of right to work documentation, references, and other information included in a CV or cover letter or as part of the application process)

b.     Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses

c.     Date of birth

d.     Gender

e.     Marital status and dependants

f.      Location of employment or workplace

g.     Copy of driving licence and passport (or other proof of identity)

h.     Employment records (including job titles, work history, working hours, training records and professional memberships)


We may also Process or collect Data which is more sensitive and falls within the definition of special categories of data. The types of special categories of data we might collect or Process may include (but are not limited to):

 

a.     Information about your sex, race, ethnic or national origin, religious or philosophical beliefs, sexual orientation and political opinions

b.     Trade union membership

c.     Information about your health, including any physical or mental condition or disability, health and sickness records and GP Fit Notes including medical reports

d.     Personal social media profiles or use

e.     Information about criminal convictions and offences

f.      Psychometric profiles, 360 feedback and ability testing data

 

These lists of Data (personal data and special categories of data) and the examples of Processing are not exhaustive.


 

How your Data is Processed and in what situations

The situations in which we will Process your Data (personal data and special categories of data) are listed below:

 

  • Making decisions about your recruitment or appointment
  • Determining the terms on which you work for us
  • Checking you are legally entitled to work in the UK
  • Undertaking employment screening to assess your suitability for a role
  • Administering a contract of employment with you
  • Making decisions about salary reviews and compensation
  • Assessing qualifications for a particular job or task
  • Ascertaining your fitness to work (including liaising with occupational health, clinicians or other medical professionals) or providing appropriate workplace adjustments
  • Complying with health and safety obligations
  • To prevent fraud, breaches on intellectual property rights, unauthorised access to our IT systems or to detect a crime
  • To comply with employment and other laws relating to family-related or other statutory leave and pay entitlements
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
  • To conduct data analytics studies to review and better understand employee retention and attrition rates
  • Equal opportunities monitoring and reporting
  • Paying trade union premiums and registering the status of protected employees

 

We may Process Data about you in compliance with our Lawful Basis (see below) and/or where this is required or permitted by law. Some of the above grounds for Processing will overlap and there may be several grounds which justify our use of your Data.


 

How we will use Data about you – the “Lawful Basis”

We rely on legitimate interest as the lawful basis on which we collect and use your personal data. Our legitimate interests are the recruitment of staff for our business and assessing and confirming a candidate’s suitability for employment.

 

The collected data will be used solely for the selection and recruitment process. This process may include the following:

 

  • Verification of the provided data;
  • Reference checks;
  • Assessment of the qualifications and attributes needed to perform the job you are applying for;
  • Communication concerning the process (e-mails, phone calls, SMS messages, WhatsApp);
  • Fulfilling legal regulations

 


Third Party Recipients of Data

From time to time, we may collect and share your Data with third parties, including third party service providers or other entities within our group. 

 

We will share your Data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. For example, the following activities are carried out by third-party service providers: psychometric profiling and ability testing.

 

The recipients or categories of recipients of the Data may include:

 

  • Recruiters or reference checking agencies
  • Government or statutory bodies
  • Non-government bodies
  • Occupational health providers
  • Medical practitioners, clinicians, doctors, other health providers and consultants
  • Clients or customers (for the purposes of assessing suitability for a project or specific piece of work)
  • Disclosure and Barring Service
  • Consultants or Contractors working on our behalf

 

This list may include an Employer or third party recipient(s) outside of the UK. This list is non-exhaustive. All our third-party service providers and other entities are required to take appropriate security measures to protect your Data in line with our policies. We do not allow our third-party service providers to use your Data for their own purposes. We only permit them to process your Data for specified purposes and in accordance with our instructions.



Transferring information outside the EU

The data we collect may be transferred to the United States of America for the purposes of carrying out psychometric profiling. There is an adequacy decision by the European Commission in respect of these countries. This means that the countries to which we transfer your Data are deemed to provide an adequate level of protection for your Data.

 

However, to ensure that your Data does receive an adequate level of protection we have put in place the following appropriate measure[s] to ensure that your Data is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection: specifically moving our Microsoft Office 365 data to UK servers.


If you require further information about this protective measure, you can request it from the CEO.

 

Any questions about the transmission of Data or requests to receive a copy of the data being transferred should be addressed in writing to the Data Protection Officer, Jean Gomes, CEO.

 


Information about Criminal Convictions

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our Data Protection Policy. We may sometimes use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public. Also, we will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.

 


Data Security and Data Breaches

We have put in place appropriate security measures to prevent your Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Data to those employees, agents, contractors and other third parties who have a business need to know. They will only Process your Data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the CEO.

 

We have put in place procedures to deal with any suspected Data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 


Data Retention

If your application for employment is unsuccessful, the organisation will hold your data on file for 12 months after the end of the relevant recruitment process. If your application for employment is

successful, personal data gathered during the recruitment process will be transferred to your

personnel file and retained during your employment.

 


Your Rights in Relation to your Data

 Under certain circumstances, by law you have the right to:

 

  • Request access to your Data (commonly known as a "data subject access request"). This enables you to receive information about the Data we hold about you.
  • Request correction of the Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Data. This enables you to ask us to delete or remove Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove your Data where you have exercised your right to object to processing (in certain circumstances).
  • Object to processing of your Data where we are relying on a legitimate interest for processing (or a legitimate interest of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Data for direct marketing purposes.
  • Request the restriction of processing of your Data. This enables you to ask us to suspend the processing of Data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Data to another party.

 

If you want to review, verify, correct or request erasure of your Data, object to its Processing, or request that we transfer a copy of your Data to another party, please contact the CEO in writing.

 

You also have the right to lodge a complaint as to our Processing of your Data with the UK’s data supervisory authority (e.g. The Information Commissioner).

 


Automated Decision Making

Automated decision making is not used within the business.

 


Change of Purpose

 Where we intend to Process Data for a purpose other than that for which the Data was collected, we shall provide you, before the Processing, with information on that other purpose and with any relevant further information.

 


Changing this Privacy Notice

The Employer reserves the right to update this Privacy Notice at any time, and it will provide you with a new Privacy Notice when we make substantial changes. We may also notify you in other ways from time-to-time about the processing of your data. 

 

Any questions about this Privacy Notice should be directed to Jean Gomes, CEO.


Share by: