GDPR: DATA PRIVACY NOTICE FOR JOB APPLICANTS
1. Why have you been given this privacy notice?
Wiper and True is a “data controller”. This means we are required under data protection legislation to notify you of how we will, collect process and store your personal data during the application and recruitment process. We will also explain what rights you have in relation to how we process your personal data.
2. What are our obligations to you in relation to how we process your personal data?
We are required by law to ensure that when processing any of your personal data that it is:
Used lawfully, fairly and in a transparent way.
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
Relevant to the purposes we have told you about and limited only to those purposes.
Accurate and kept up to date.
Kept in a form which permits you to be identified for only as long as necessary for the purposes we have told you about.
3. What personal data will we collect, use and store about you?
In order to process your job application we may collect the following information about you:
your name, address and contact details, including email address and telephone number;
details of your qualifications, skills, experience and employment history;
information about your current level of remuneration, including benefit entitlements;
information about your entitlement to work in the UK;
assessment interview, psychometric test, technical assessment;
only if relevant, a pre-employment screening, disclosure and barring service.
We may also collect, store and use the following “special categories” of more sensitive personal information:
Equal opportunities monitoring information.
Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process.
4. How do we collect your personal data?
We will collect this information from a range of sources, which will include your application form, CV, your passport or other identity documents, or information provided directly by you through interviews or other forms of assessment.
The organisation will also collect personal data about you from third parties, such as references supplied by former employers.
If we receive an unsolicited CV at a time when we are not recruiting, we will delete the CV and inform you of this. If we want to hold this unsolicited personal data on file for future recruitment rounds, we will inform you of this and the terms of this privacy notice will apply.
5. How will we use your personal data?
Throughout the recruitment process we will need to process your personal data for one or more of the following lawful bases:
a) Where we need to process your personal data to take specific steps at your request before entering into a contract with you or we need to process data to enter into a contract with you. This may include making reasonable adjustments to the recruitment process to accommodate disabilities as and when requested.
b) Where we need to process your personal data to comply with a legal obligation, for example if your application is successful we will check your right to work in the UK before a job offer is made.
c) Our legitimate reason for processing your personal data is to enable us to gather data so that we can assess which candidate’s skills and experience is the best match with our job role requirements and therefore suitable for employment. We also need to process job application information in order to respond to and defend against legal complaints. We will process your personal data for these legitimate reasons provided that your interests and fundamental rights do not override those interests.
d) Where we need to protect your interests (or someone else’s interests).
6. When will we use your personal data?
During the application and recruitment process and for a short period after the recruitment process, we will use your personal information for specific purposes.
Purpose: Right to work in the UK check
Personal data involved: Passport or legal identity documents
Lawful basis for processing: Legal obligation
Purpose: Assessing suitability to perform the role
Personal data involved: details of your qualifications, skills, experience and employment history; information about your current level of remuneration, including benefit entitlements; assessment interview, psychometric test, technical assessment; pre-employment screening, disclosure and barring service, for example checking your driving license record with your permission
Lawful basis for processing: Legitimate interests, legal
Purpose: Organising the interview
Personal data involved: Your name, address and contact details, including email address and telephone number
Lawful basis for processing: Legitimate interests
The organisation will not use your data for any purpose other than recruitment purposes.
Where your application or interview is unsuccessful, we may ask for your written consent to keep your personal data on file in case there are future employment opportunities for which you may be suited. You are not obliged to provide consent but if consent is provided you are free to withdraw your consent at any time.
7. What happens if you do not provide us with information?
We will only ask you to provide information which we believe is necessary for the application and recruitment process. You are under no statutory or contractual obligation to provide data during the recruitment process. However, if you do not provide sufficient information, we may not be able to process your application properly or at all. Also we may not be able to meet our legal obligations towards you with regard to reasonable adjustments.
8. What happens if we need to use your personal data for a new purpose?
We have indicated above a list of circumstances in which we will use your data. We will usually only use your personal data as indicated. However, if we consider that it is necessary and reasonable to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
9. How do we use your special categories information?
Any personal data which reveals your ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic, biometric or health data, sex life and sexual orientations will be regarded as special categories of personal data. We will only use this data in the following ways:
In order to comply with employment and other laws to ensure that the recruitment process is conducted in a fair and inclusive manner.
To ensure we meet our health and safety and equality obligations towards you we will use information about your physical or mental health or disability status to make appropriate reasonable adjustments to the recruitment process.
Where it is needed in the public interest, for example for equal opportunity monitoring and reporting.
There may be circumstances where we need to process this type of information for legal claims or to protect your interests (or someone else’s) and you are not able capable of giving your consent or where the relevant information has already been made public.
10. Do we need your consent to use special categories data?
If we are using your personal sensitive data in accordance with lawful purposes set out in this privacy notice, in these circumstances we do not need your written consent to use sensitive personal data.
However, in limited circumstances, we may request your written consent to allow us to process your sensitive personal data. If it becomes necessary to request your consent to process your sensitive personal data, we will provide you with details of the information that we require and why we need it, so that you can decide whether you wish to provide your consent. It is not a condition of applying for the role with us that you must agree to any request for consent. Giving consent will always be a decision made by your freewill/choice.
11. Criminal convictions
Given the nature of the role and duties you will perform, we will not request and hold information about criminal convictions. In addition, where applicable we will only request this information if you are successful in your application and where we are legally entitled to do so.
12. Automated decision making
During the application and recruitment process we will not rely on any automated decision making.
13. Will we share your personal data with third parties?
We will share your data with the third party: Linden Accountants Ltd who process data for bookkeeping services under our specific instructions. Otherwise, we will not share your data with other third parties, unless your application for employment is successful and you accept our offer of employment.
14. Which third party service providers will we share your personal data with?
If that occurs, we will then share your data with:
Former employers to obtain references for you
Employment background check providers to obtain necessary background checks and
The Disclosure and Barring Service to obtain necessary criminal records checks, only if applicable.
15. Third party service providers and data security
Third party service providers are only permitted to process your personal data in accordance with our specified instructions. They are also required to take appropriate measures to protect your privacy and personal information. We do not allow your information to be used by the third parties for its own purposes and business activities.
16. Will we share your personal data with other entities within our business group?
Your information will be shared internally for the purposes of the recruitment exercise. This includes:
Members of the HR and recruitment team
Interviewers involved in the recruitment process
Managers or senior staff in a relevant business area to the vacancy
Health and safety coordinators to ensure you are set up for any trial shifts you may participate in
17. Will we transfer your personal data outside of the European Economic Area?
If we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing safeguards. Any Third Party we work with must have an annually certified agreement that is GDPR compliant, such as the EU-U.S. Privacy Shield Framework. Please contact our Data Representative if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
18. How do we ensure your personal data is secure?
We take your privacy and protection of data very seriously. Consequently, we have put in place appropriate security measures to prevent unauthorised use of your personal data. Details of the measures which are in place can be obtained from our Data Representative. We will notify you and any applicable regulator of any suspected unauthorised use of your personal data.
19. How long will we keep your personal data?
We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected for.
If your application for employment is unsuccessful, we will hold your data on file for a maximum of nine months after the end of the relevant recruitment process.
If you agree we will keep your personal data on file, for a further time period for consideration for future employment opportunities.
At the end of that period or once you withdraw your consent your data will be deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment and according to our data retention policy.
20. How will we store your data?
Your data will be stored securely in a number of different places, including on your application record, in HR management systems and on other IT systems (including email).
21. Your duty to inform us of any changes
In order that we can ensure that the personal data we hold in relation to you is accurate, it is important that you keep us informed of any changes to that data.
22. What rights do you have in respect of how we use your personal data?
Subject to legal limitations you have the right to:
Request access to your data: You can ask us to provide a copy of the personal data we hold about you.
Request corrections to be made to your data: If you think that your personal data is incomplete, inaccurate you can ask us to correct it.
Request erasure of your data: If you consider there is no lawful basis for us to continue processing your data you can ask for that data to be deleted or removed.
Object to the processing of your data: If our lawful basis for processing your data relates to a legitimate business interest (or third party interest) you can raise an objection to that interest. You can also object to us using your information for direct marketing purposes.
Request that processing restrictions be put in place: If you believe that your information is being processed without a lawful reason or that the information is incorrect you can request that a freeze/restricting is placed on the processing of the information until your concerns are addressed.
Request a transfer of your personal data: You can ask us to transfer your personal data to a third party.
If you wish to exercise any of the above rights please contact our Data Representative at email@example.com.
23. Will I have to pay a fee?
You will not be expected to pay a fee to obtain your personal data unless we consider that your request for access to data is unfounded or excessive. In these circumstances we may charge you a reasonable fee or refuse to comply with your request. We may also charge a reasonable fee where we have supplied a copy of your personal data and you then request another copy of the same information.
24. Before we comply with your request
Whenever you make a request for access to personal data, to ensure that we are releasing personal data to the correct person we may ask questions to confirm your identity.
25. Right to withdraw your consent
If we have asked for your written consent to obtain information, you have the right to withdraw your consent at any time. To withdraw your consent please contact our Data Representative Michael Wiper. Once we receive your notice of withdrawal we will cease processing your data unless we have any other lawful basis on which to continue processing that data.
26. Who is responsible for ensuring that rights and obligations under this privacy notice are met?
We have appointed a Data Representative to ensure that your personal information is handled in accordance with this privacy notice, the data protection laws and any changes that might be made to those laws. If you have any concerns or complaint relating to how we process your personal data you are entitled to contact the Information Commissioner’s Office. This office oversees all UK data protection issues.
27. Important information about this privacy notice
This notice does not form part of any contract of employment or any other contract to provide services. We reserve the right to amend or update this privacy notice at any time. Updates will be posted on our website.
28. How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Representative Michael Wiper on firstname.lastname@example.org. If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.