Data Protection Privacy Notice
1.1 Filshill Group takes the security and privacy of your data seriously. We need to gather and use information or ‘data’ about you as part of our recruitment process. We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security. We have a duty to notify you of the information contained in this policy.
1.2 This policy applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency. It is non-contractual.
1.3 We have separate policies and privacy notices in place in respect of employees, workers and contractors and customers.
1.4 We have measures in place to protect the security of your data in accordance with our Data Protection Policy. A copy of this can be attained by contacting us at firstname.lastname@example.org.
1.5 The Company is a ‘data controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data.
1.6 This policy explains how and why the Company will hold and process your information.
2 Data Protection Principles
2.1 Personal data must be processed in accordance with six ‘Data Protection Principles.’ It must:
We are accountable for these principles and must be able to show that we are compliant.
3 Data collected for the purposes of recruitment activities
3.1 ‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.
3.2 This policy applies to all personal data whether it is stored electronically, on paper or on other materials.
3.3 Personal data might be provided to us by you, or someone else (such as a former employer, a recruitment or credit reference agency and criminal record checks from the Disclosure and Barring Service), or it could be created by us. Other than employment agencies, we will only seek personal information from third parties during the recruitment process once an offer of employment or engagement has been made to you and we will inform you that we are doing so. You are under no statutory or contractual obligation to provide personal information to the Company during the recruitment process, however, it may hamper your application if you cannot provide reasonably requested information.
3.4 We will collect and use the following types of personal data about you as part of our recruitment process:
3.5 The Company may also collect, use and process the following special categories of your personal information during the recruitment process (as applicable):
4 How we define processing
4.1 ‘Processing’ means any operation which is performed on personal data such as:
This includes processing personal data which forms part of a filing system and any automated processing.
5 How will we process your personal data?
5.1 The Company will process your personal data (including special categories of personal data) in accordance with our obligations under the 2018 Act and the GDPR.
5.2 We will use your personal information in one or more of the following circumstances:
5.3 We need all the types of personal information listed under section 3.3 above, to enable us to take steps to enter into a contract with you, and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: pursuing our business by employing employees, workers and contractors; managing the recruitment process; conducting due diligence on prospective staff and performing effective internal administration.
We can process your personal data for these purposes without your knowledge or consent. We will not use your personal data for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.
If you choose not to provide certain personal information when requested, we may not be able to process your job application properly or at all, we may not be able to enter into a contract with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory rights.
6 Examples of when we might process your personal data
6.1 The purposes for which we are processing, or will process, your personal information are to:
6.2 We will only process special categories of your personal data in certain situations in accordance with the law. For example, we may use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview or should you be successfully employed.
6.3 We can process special categories of your personal data if we have your explicit consent. If we asked for your consent to process a special category of personal data then we would explain the reasons for our request prior to any processing of the special categories of your personal data taking place. You do not need to consent and can withdraw consent later if you choose by contacting by contacting us at email@example.com.
6.4 We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:
6.5 We may process information about your health and information about any criminal convictions and offences where we have your explicit written consent. In this case, we will first provide you with full details of the personal information we would like and the reason we need it, so that you can properly consider whether you wish to consent or not. It is your choice whether to consent and you may withdraw your consent at any time.
6.6 Where the Company processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring in recruitment and in line with our Data Protection Policy. Personal information that the Company uses for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is your choice whether to provide such personal information.
6.7 We may also occasionally use your special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.
6.8 We do not take automated decisions about you using your personal data or use profiling in relation to you.
6.9 We will retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed. If your application for employment or engagement is unsuccessful, the Company will generally hold your personal information for 6 to 18 months after the end of the relevant recruitment exercise or receipt of a speculative application. But this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to six years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, or civil court.
6.10 If your application for employment or engagement is successful, personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and thereafter in accordance with our Data Protection Policy for Employees, Workers and Contractors.
6.11 Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.
6.12 In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.
7 Sharing your personal data
7.1 Your personal data may be shared internally for the purposes of the recruitment exercise with the HR Department, members of the recruitment team, managers within the department that has the vacancy and IT staff, if access to your personal information is necessary for the performance of their roles.
7.2 Sometimes we might share your personal data with group companies or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests.
7.3 We require those companies to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
7.4 We may utilise / contact external parties to;
7.5 We do not send your personal data outside the European Economic Area. If this changes you will be notified of this and the protections which are in place to protect the security of your data will be explained.
8 Protecting your personal information
8.1 The Company has in place, measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities.
8.2 Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
8.3 The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
9 Your rights in connection with your personal information
9.1 As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
9.2 If you wish to exercise any of these rights, please contact us at firstname.lastname@example.org. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
9.3 In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please email email@example.com.
9.4 If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and obligations.