JOB APPLICANT DATA POLICY
This document sets out the Company’s policy on the protection of information relating to job applicants. Protecting the confidentiality and integrity of personal data is a critical responsibility that the Company takes seriously at all times. The Company will ensure that data is always processed in accordance with the provisions of relevant data protection legislation, including the General Data Protection Regulation (GDPR).
KEY DEFINITIONS
Data processing
Data processing is any activity that involves the use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal data to third parties.
Personal data
Personal data is any information identifying a data subject (a living person to whom the data relates). It includes information relating to a data subject that can be identified (directly or indirectly) from that data alone or in combination with other identifiers the Company possesses or can reasonably access. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.
Sensitive personal data
Sensitive personal data is a special category of information which relates to a data subject’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data. It also includes personal data relating to criminal offences and convictions.
PRIVACY NOTICE
This policy, together with the information contained in the table of applicant data appended to the policy, constitutes a privacy notice setting out the information the Company holds about applicants, the purpose for which this data is held and the lawful basis on which it is held. The Company may process personal information without applicants’ knowledge or consent, in compliance with this policy, where this is required or permitted by law.
If the purpose for processing any piece of data about applicants should change, the company will update the table of applicant data with the new purpose and the lawful basis for processing the data and will notify applicants.
FAIR PROCESSING OF DATA
Fair processing principles
In processing applicants’ data the following principles will be adhered to. Personal data will be:
Lawful processing of personal data
Personal information will only be processed when there is a lawful basis for doing so. Most commonly, the Company will use personal information in the following circumstances:
The Company may also use personal information in the following situations, which are likely to be rare:
Lawful processing of special category data
The Company may process special categories of personal information in the following circumstances:
Less commonly, the Company may process this type of information where it is needed in relation to legal claims or where it is needed to protect an applicant’s interests (or someone else’s interests) and the applicant is not capable of giving consent, or where an applicant has already made the information public. The Company may use particularly sensitive personal information in the following ways:
Lawful processing of information about criminal convictions
The Company envisages that it will hold information about criminal convictions. The Company will only use this information where it has a legal basis for processing the information. This will usually be where such processing is necessary to carry out the Company’s obligations. Less commonly, the Company may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect an applicant’s interests (or someone else’s interests) and the applicant is not capable of giving consent, or where the applicant has already made the information public.
The Company will only collect information about criminal convictions if it is appropriate given the nature of the role and where it is legally able to do so.
Consent to data processing
The Company does not require consent from applicants to process most types of applicant data. In addition, the Company will not usually need consent to use special categories of personal information in order to carry out legal obligations or exercise specific rights in the field of employment law.
In limited circumstances, applicants may be asked for written consent to process sensitive data. In those circumstances, applicants will be provided with full details of the information that sought and the reason it is needed, so that applicants can carefully consider whether to consent.
Where applicants have provided consent to the collection, processing and transfer of personal information for a specific purpose, they have the right to withdraw consent for that specific processing at any time. Once the Company has received notification of withdrawal of consent it will no longer process information for the purpose or purposes originally agreed to, unless it has another legitimate basis for doing so in law.
Automated decision making
The Company does not envisage that any decisions will be taken about applicants using automated means, however applicants will be notified if this position changes.
COLLECTION AND RETENTION OF DATA
Collection of data
The Company will collect personal information about applicants through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. The Company may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.
From time to time, the Company may collect additional personal information from an applicant. If the Company requires to obtain additional personal information this policy will be updated, or applicants will receive a separate privacy notice setting out the purpose and lawful basis for processing the data.
Retention of data
The Company will only retain applicants’ personal information for as long as necessary to fulfil the purposes it was collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of personal information are set out in the table of applicant data appended to this policy.
When determining the appropriate retention period for personal data, the Company will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which the personal data is processed, whether the Company can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances the Company may anonymise personal information so that it can no longer be associated with individual applicants, in which case the Company may use such information without further notice to applicants. After the data retention period has expired, the Company will securely destroy applicants’ personal information.
DATA SECURITY AND SHARING
Data security
The Company has put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Details of these measures are available upon request.
Data sharing
The Company may share personal information with third parties. The Company requires third parties to respect the security of applicant data and to treat it in accordance with the law. The Company may also need to share personal information with a regulator or to otherwise comply with the law.
The Company may also share applicant data with third-party service providers where it is necessary to administer the working relationship with applicants or where the Company has a legitimate interest in doing so. The following activities are carried out by third-party service providers: payroll, pension administration, benefits provision and administration, IT services, regulatory approval (if it is appropriate given the nature of the role and where it is legally able to do so) and, where it is legally able/required to do so, sharing data in line with supporting the prevention on fraud and financial crime; informing relevant authorities where warranted.
Transfer of data outside the EU
The Company will not transfer personal information outside the EU.
If the Company requires to transfer personal information outside of the EU this policy will be updated, and/or applicants will receive a separate privacy notice setting out the purpose and lawful basis for processing the data; this will include how the Company will ensure that personal information does receive an adequate level of protection and what the Company has put in place to ensure that personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection
STAFF MEMBER RIGHTS AND OBLIGATIONS
Accuracy of data
The Company will conduct regular reviews of the information held by it to ensure the relevancy of the information it holds. Applicants are under a duty to inform the Company of any changes to their current circumstances. Where an Applicant has concerns regarding the accuracy of personal data held by the Company, the Applicant should contact the Data Protection Officer (DPO) to request an amendment to the data.
Applicant rights
Under certain circumstances, applicants have the right to:
If an applicant wishes to make a request on any of the above grounds, they should contact the DPO in writing. Please note that, depending on the nature of the request, the Company may have good grounds for refusing to comply. If that is the case, the applicant will be given an explanation by the Company.
Data subject access requests
Applicants will not normally have to pay a fee to access personal information (or to exercise any of the other rights). However, the Company may charge a reasonable fee if the request for access is clearly unfounded or excessive. Alternatively, the Company may refuse to comply with the request in such circumstances.
The Company may need to request specific information from the applicant to help confirm their identity and ensure the right to access the information (or to exercise any of the other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
COMPLIANCE WITH THIS POLICY
The Company’s responsibility for compliance
The Company has appointed a data protection officer (DPO) who is tasked with overseeing compliance with this policy. If applicants have any questions about this policy or how the Company handles personal information, they should contact the DPO. Applicants have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Data security breaches
The Company has put in place procedures to deal with any data security breach and will notify applicants and any applicable regulator of a suspected breach where legally required to do so. Details of these measures are available upon request.
APPLICANT DATA
|
||||||
Type of personal data |
Sensitive data? |
Purpose of processing |
Potential transfer to third parties |
Lawful basis for processing |
Grounds for processing sensitive personal data |
Retention period |
Contact details |
No |
Contacting applicants |
Professional advisors |
Legal obligation / Legitimate interests |
N/A |
6 months post-application |
Date of birth |
No |
Equal opportunities monitoring |
Professional advisors |
Legal obligation / Legitimate interests |
N/A |
6 months post-application |
Gender |
Yes |
Equal opportunities monitoring |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / statistics / conduct of legal claims |
6 months post-application |
Marital status |
Yes |
Equal opportunities monitoring |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / statistics / conduct of legal claims |
6 months post-application |
Information about race |
Yes |
Equal opportunities monitoring |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / statistics / conduct of legal claims |
6 months post-application |
Information about ethnicity |
Yes |
Equal opportunities monitoring |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / statistics / conduct of legal claims |
6 months post-application |
Information about religious beliefs |
Yes |
Equal opportunities monitoring |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / statistics / conduct of legal claims |
6 months post-application |
Information about sexual orientation |
Yes |
Equal opportunities monitoring |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / statistics / conduct of legal claims |
6 months post-application |
Information about political affiliations |
Yes |
Equal opportunities monitoring |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / statistics / conduct of legal claims |
6 months post-application |
Driving license |
No |
Making recruitment decisions / ascertaining ability to work |
N/A |
Legal obligation / Legitimate interests |
N/A |
6 months post-application |
CV |
No |
Making recruitment decisions / ascertaining ability to work |
N/A |
Legal obligation / Legitimate interests |
N/A |
6 months post-application |
Right to work documents |
Yes |
Checking right to work in the UK |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / conduct of legal claims |
6 months post-application |
Qualifications |
No |
Making recruitment decisions / ascertaining ability to work |
Professional advisors |
Legal obligation / Legitimate interests |
N/A |
6 months post-application |
Employment history |
No |
Making recruitment decisions / ascertaining ability to work |
N/A |
Legal obligation / Legitimate interests |
N/A |
6 months post-application |
Information about disability |
Yes |
Health and safety requirements / ascertaining fitness to work |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / statistics / conduct of legal claims |
6 months post-application |
Professional memberships |
No |
Education, training and development requirements |
N/A |
Legal obligation / Legitimate interests |
N/A |
6 months post-application |
Health records |
Yes |
Ascertaining fitness to work |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / conduct of legal claims |
6 months post-application |
Criminal convictions and offences |
Yes |
Making decisions about recruitment |
Professional advisors |
Legal obligation / Legitimate interests |
employment purposes / conduct of legal claims |
6 months post-application |
Cookie Notice
This website uses cookies to collect analytical data to improve user experience. Continuing to use this website gives consent to cookies being used. Please see more information in our Privacy Policy.