PRIVACY NOTICE (FOR JOB CANDIDATES)
This Privacy Notice is issued on behalf of (and applies to) Blue Sky Design Services Limited.
When we mention “the Company”, “we”, “us” or “our”, we are referring to the relevant company, as referred to above, responsible for processing the relevant personal data as a Data Controller.
Our role as a Data Controller means that we determine the purposes for which, and the way in which, any personal data relating to employees, workers and contractors is to be processed.
What is the purpose of this document?
You have been provided with this privacy notice because you are applying for work with us (whether as an employee, worker or contractor). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation (GDPR).
Data protection principles
We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
The kind of information we hold about you
In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:
- The information you have provided to us in your curriculum vitae and covering letter.
- The information you have provided on our application form, including name, title, address, telephone number, personal email address, date of birth, gender, employment history and qualifications.
- Any information you provide to us during an interview.
- Information about your salary and benefits.
- Information about your education and work history.
We may also collect, store and use the following types of more sensitive personal information:
- Information about criminal convictions and offences.
How is your personal information collected?
We collect personal information about candidates from the following sources:
- You, the candidate.
- Recruitment agencies.
- Disclosure and Barring Service in respect of criminal convictions.
- You may also be asked to submit information via the National Security Vetting process, where your role requires a higher level of security clearance. In those circumstances, the authority which conducts the vetting process will be the Data Controller for the information you supply. The authority will notify us of the outcome and we may retain some information, usually in the form of a copy of any security clearance card, as confirmation of the outcome.
- Your referees.
- From other sources where you have made your personal information publicly available and where this is necessary and relevant to the role e.g. on LinkedIn or other publicly available social media networks and databases.
How we will use information about you
We will use the personal information we collect about you to:
- Assess your skills, qualifications, and suitability for the role.
- Carry out background and reference checks, where applicable.
- Communicate with you about the recruitment process.
- Keep records related to our hiring processes.
- Comply with legal or regulatory requirements.
It is in our legitimate interests to decide whether to appoint you since it will be beneficial to our business to appoint candidates for vacant roles.
We also need to process your personal information to decide whether to enter into a contract with you.
Having received your CV and any covering letter or application form and the results from any tests which you take, we will process that information to decide whether you meet the basic requirements to be shortlisted for the role. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then take up references, carry out a criminal record check (where applicable) and carry out any other checks before confirming your appointment.
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require references and you fail to provide us with relevant details, we will not be able to take your application further.
How we use particularly sensitive personal information
We will use your particularly sensitive personal information in the following ways:
- We may use information about disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made.
Information about criminal convictions
We will hold information about criminal convictions.
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided, we do so in line with our Data Protection Policy.
We will only collect and use information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. We will use this information in connection with decisions about your employment, to comply with our duties of care and for legal and regulatory purposes (e.g. child protection and obligations under the Safeguarding Vulnerable Groups Act 2006.
You will not be subject to decisions based on automated decision-making.
Why might you share my personal information with third parties?
We may have to share your data with third parties, including third-party service providers and associated/group companies.
We require third parties to respect the security of your data and to treat it in accordance with the law.
If we do, you can expect a similar degree of protection in respect of your personal information.
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for?
We will retain your personal information for a period of six months after we have communicated to you our decision about whether to appoint you to the role for which you applied. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.
If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.
Individuals have the following rights:
- The right to be informed. Individuals have the right to be informed about the collection and use of their personal data.
- The right of access. Individuals have the right to access their personal data. This is commonly referred to as “subject access”. Individuals can make a subject access request verbally or in writing.
- The right to rectification. Individuals are entitled to have inaccurate personal data rectified or completed if it is incomplete. An individual can make a request for rectification verbally or in writing.
- The right to erasure. Individuals are entitled to have personal data erased. The right to erasure is also known as the “right to be forgotten”. The right is not absolute and only applies in certain circumstances. Individuals can make a request for erasure verbally or in writing.
- The right to restrict processing. Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data but not use it. An individual can make a request for restriction verbally or in writing.
- The right to data portability. The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
- The right to object. This gives individuals the right to object to the processing of their personal data in certain circumstances. In some cases, we are entitled to continue processing if we can show that we have a compelling reason for doing so. However, individuals have an absolute right to stop their data being used for direct marketing.
- Rights in relation to automated decision making and profiling. This means:
- automated individual decision-making (making a decision solely by automated means without any human involvement); and
- profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
We can only carry out this type of decision-making where the decision is necessary for the entry into or performance of a contract; or authorised by law; or based on the individual’s explicit consent.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you have any concerns about the way we are collecting or using personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss any matters arising from this privacy notice or if you would like to make a request pursuant to any of your rights as summarised above, please contact firstname.lastname@example.org.