Recruitment Privacy Notice

1. Introduction

As the ‘controller’ of the information (‘personal data’) that we collect and hold about you – our ‘data subjects’ – we are responsible for how that data is processed. The word ‘process’ covers the things that can be done with personal data, including collection, storage, use and destruction of data.

This privacy notice explains why and how we process your personal data, and explains the rights you have, including amongst others, the right to request access to your data, and to object to the way it is processed.

We process your data so we can manage and support our relationship with you, comply with legal obligations, improve our services, and achieve our legitimate business aims.

If you have any queries about this notice or anything related to data protection, you can contact our Financial Director on 01454 318000.

Although we are not required by law to appoint a data protection officer, our Financial Director takes the lead on data protection matters.

We are registered with the Information Commissioner’s Office ICO with registration no. Z1280569

2. Personal data

‘Personal data’ is any information that relates to a living, identifiable person. This will usually include your name, address, contact details, and other information we collect as part of our relationship with you, whether you are a client, supplier, colleague, or anyone else we come into contact with through our work.

We may collect some especially sensitive information which is known as ‘special categories’ of data relating to you – namely, race or ethnic origin, religious, or other beliefs, physical or mental health and trade union membership.

We do so on the basis that the data is necessary for:

The use of this type of data, and of information about criminal convictions and offences, is subject to strict legal controls.

We only process data if we need to for a specific purpose, as explained below. Most often, we collect your personal data directly from you, through our contact with you.

3. Your data, how and why we process it

qualifications, references, other work-related information, as well as information to confirm your ID and your right to work, if appropriate.

If you decline to provide data that we require for the above purposes, we may not be able to continue to assess your application.

The information will be securely deleted/destroyed six months after we no longer need it for an application.

3.2  Current and former colleagues

When you work with us, as an employee, worker or contractor, we process your:

Most of this data is processed on the basis that it is necessary:

If you decline to provide data that we require for the above purposes, we may not be able to continue to employ you.

Apart from photographs needed for business ID purposes and CCTV footage, we will take photographs and films of various work-related events and occasions, and photos and films for use in internal and external communications. We will be transparent when we take photographs or films, and seek consent when necessary. Where we are not relying on consent, photographs and films are taken on the basis of our legitimate interests.

In the case of an emergency, we will process your data in order to protect your vital interests.

If we are approached and asked to share data about you for the purposes of criminal, tax-related, or other legal matters, we will share data only as necessary.

If we ask you for feedback on working with us, we will process that data on the basis that it is necessary for our and your legitimate interests of improving our employee experiences.

Where we ask you for any of the following information, it is optional for you to provide this information. We may ask about your race/ethnicity, health information, sexuality and religion.  This is for the purposes of monitoring and improving our equality and fairness, on the basis of it being to protect yours and others health, safety and wellbeing. It is also in the substantial public interest for maintaining and improving opportunity and equality.

3.3  Clients

We process your name, contact details, and other information that we collect through our interactions with you, on the basis of our business’s legitimate interests of providing and improving our services.

If we send hard copy or electronic marketing messages to you, this is for the purposes of our legitimate interests to increase awareness of our business, and you can opt-out at any time.

You have the right to object to any of this processing and we will assess any objection.

3.4  Suppliers and any other business contacts

We process your name, contact details, and other information produced through our interactions, to enable us to manage our working relationship with you, on the basis of our business’s legitimate interests to be able to provide our services to those who need them, in the most effective way.

You have the right to object to any of this processing and we will assess any objection.

4.Why we share your data

We share the data we process with other organisations, only when we have a lawful basis to do so, or when we are engaging a supplier who will act as a ‘Data Processor’ on our behalf. ‘Processors’ are businesses who handle, or could potentially handle, personal data as part of providing a service to us, and include our IT system providers, our email providers, our website hosts, consultants, training providers, auditors, clients, accommodation and travel providers, external insurers, occupational healthcare professionals, and other benefit providers. This list is not exhaustive.

Other organisations we share data with include the HMRC and banks for processing tax and payments, and we will co-operate with police, HSE and other authorities if we are asked to, in order to investigate Health and Safety incidents, prevent crime, including fraud, and other unwanted behaviours such as incompetence in public roles.

5.How we store your data

Your personal data is held in both hard copy and electronic formats. Where we store or transfer your data outside of the UK we do so only where we have assessed the risk, and judged there to be appropriate measures in place to control the protection of your data, including the data being in a country that has been assessed as ‘adequate’ or we have entered into an appropriate IDTA (International Data Transfer Agreement), or lawful exceptions apply.

6.How long we keep your data

Your data is only kept for as long as there is a lawful reason to retain it. Some of our retention periods are based on legal requirements, and others are based on the practical reasons we need to keep the data for a certain period of time. Retention timescales are in our PSUK-GDPR-013 Record of Processing (Data Retention) Form, held by our GDPR team.

Once we reach the retention period, we will securely delete the relevant data, unless we are legally required to keep it longer, or there are legal reasons why we should keep it longer.

6.1 Your rights as a data subject

As a data subject, you have the following rights in relation to your personal data:

To make a Data Subject Access Request or exercise any of the other rights, please contact us. We will respond to you as soon as possible, and within one month for a request to access, rectify, erase, restrict or object to processing of, your data, or a request for data portability.

For more information about these rights, please see the ICO’s website https://ico.org.uk/ or contact us.

6.2 Withdrawing consent

If we are relying on your consent to process your data, you may withdraw your consent at any time by contacting us in your preferred way.

6.3 Complaints to the Information Commissioner

You have a right to complain to the ICO about the way in which we process your personal data, although please allow us the opportunity to sort out the issue first. You can make a complaint on the ICO’s website https://ico.org.uk/.

7.Website cookies and similar technology

Our website uses essential cookies which are necessary for the proper operation of the website, as well as non-essential cookies including from Google Analytics and Zoho, which can identify your IP address and some of your interaction with the website.

Our Cookies banner on the website allows you to choose whether to accept the non-essential cookies.

If you prefer to turn off essential cookies as well as non-essential cookies, you can turn them off in your browser, but please be aware that the website will not operate as intended.