Recruitment Privacy Policy

Introduction

As part of any recruitment process, the Company collects and processes personal information, or personal data, relating to job applicants. This personal information may be held by the Company on paper or in electronic format.

The Company is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information during the recruitment process. We are required under the GDPR to notify you of the information contained in this privacy notice.

This privacy notice applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency. It is non-contractual.

Who we are

Elfab Limited is the data controller (contact details at the end of this notice). This means we decide how your personal data is processed and for what purposes.

What are the Data protection principles?

Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:

  • Processed lawfully, fairly and in a transparent manner;
  • Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary in relation to those purposes;
  • Accurate and, where necessary, kept up to date;
  • Kept in a form which permits your identification for no longer than is necessary for those purposes;
  • Processed in a way that ensures appropriate security of the data.

The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.

What types of personal information do we collect about you?

Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed.

The Company collects, uses and processes a range of personal information about you during the recruitment process. This includes (as applicable):

  • your contact details, including your name, address, telephone number and personal email address
  • personal information included in a CV, any application form, cover letter or interview notes
  • references
  • date of birth
  • confirmation of your right to work in the UK and any conditions on it OR your identity documents to comply with right to work checks required by law
  • details of your skills, qualifications, experience and work history with previous employers
  • information about your current salary level, including benefits and pension entitlements
  • your professional memberships
  • contact details of current and/or former employers
  • current work contact details including telephone numbers, and email addresses
  • education records, training records and records of qualifications and achievements
  • social networking profiles and/or internet profiles whether professional or personal
  • job title and job duties with current and/or former employers
  • details of salary and reward package and notice period with current and/or former employers
  • reason for leaving previous employment(s)
  • whether previously applied for a position or worked for us or any of our Group organisations before, or whether you are related to anyone who works for us
  • the contact details, occupation and position of referees
  • information gathered from reference requests – this could include information about absence; any disciplinary investigations and proceedings, whether or not any disciplinary action was taken; details of any grievance investigations or complaints raised by you, or by a third party about you, whether or not any action was taken; your performance, attitude and personality
  • payroll, tax and national insurance information
  • hobbies, interests outside work and achievements
  • information on any disability and/or reasonable adjustments that would be required to enable you to attend an interview
  • monitoring on diversity (including, for example, age, race/ethnicity, religion, whether you have a disability, sexual orientation, gender identity and marital status)
  • your photograph
  • details of your driving licence
  • psychometric testing
  • personality profiling
  • digital data on your activity on business-related social networking sites and information about you from media articles in the public domain.

 How do we collect your personal information?

The Company collects personal information about you during the recruitment process either directly from you or sometimes from a third party such as an employment agency or sometimes from internet searches (e.g. LinkedIn, Facebook, Twitter, etc.). We may also collect personal information from other external third parties, such as references from current and former employers and information from background check providers. Other than employment agencies, the Company will only seek personal information from third parties during the recruitment process once an offer of employment has been made to you and we will inform you that we are doing so.

You are under no statutory or contractual obligation to provide personal information to the Company during the recruitment process.

Your personal information may be stored in different places, including on your application record, in the Company’s HR management system and in other IT systems, such as the email system.

Why, and how do we use your personal information and what is the legal basis for processing your personal data?

We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:

  • Where we need to comply with a legal obligation.
  • Where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests. (Our legitimate interests include: pursuing our business by employing employees, workers and contractors; managing the recruitment process; conducting due diligence on prospective staff and performing effective internal administration.)

The purposes for which we are processing, or will process, your personal information are to:

  • Manage the recruitment process and assess your suitability for employment or engagement;
  • Decide to whom to offer a job;
  • Ensure compliance with your statutory rights;
  • Ensure effective HR management, personnel management and business administration;
  • Monitor equal opportunities;
  • Enable us to establish, exercise or defend possible legal claims.

What if you fail to provide personal information?

If you fail to provide certain personal information when requested, we may not be able to process your job application properly or at all, we may not be able to enter into a contract with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory rights.

Change of purpose

We will use your personal information for the purposes for which we collected it, i.e. for the recruitment exercise for which you have applied. However, if your application for employment or engagement is successful, the personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with the privacy notice for employees, workers and contractors.

Who has access to your personal information?

Your personal information may be shared internally within the Company for the purposes of the recruitment exercise, including with members of the HR department, members of the recruitment team and managers in the department which has the vacancy.

The Company will not share your personal information with third parties during the recruitment process unless your job application is successful, and we make you an offer of employment or engagement. At that stage, we may also share your personal information with third parties (and their designated agents), including:

  • external organisations for the purposes of conducting pre-employment reference and employment background checks
  • current or former employers, to obtain references
  • professional advisors, such as lawyers and pension providers
  • Occupational health for the purpose of employment health questionnaires.

We may also need to share your personal information with a regulator or to otherwise comply with the law.

How does the Company protect your personal information?

The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities.

Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.

The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office and you of a suspected breach where we are legally required to do so.

How long do we keep your personal data?

The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed.

If your application for employment or engagement is unsuccessful, the Company will normally hold your personal information until the end of the relevant recruitment exercise but no longer than 6 months after the end of the relevant recruitment exercise, unless you specify otherwise.

If your application for employment or engagement is successful, personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with the privacy notice for employees, workers and contractors.

Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.

In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.

Transferring your personal data outside the EEA

The Company will not transfer your personal information to countries outside the European Economic Area.

Your rights in connection with your personal information

As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

  • Request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected.
  • Request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected.
  • Restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy.
  • Object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground.
  • Data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.

If you wish to exercise any of these rights, please contact our GDPR owner (contact details below) or the HR Department. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

Changes to this privacy notice

The Company reserves the right to update or amend this privacy notice at any time. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.

Complaints

If you wish to raise a complaint on how we have handled your personal data, you can contact our GDPR owner who will investigate the matter (contact details below).

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO), www.ico.org.uk

Contact details

The company has a GDPR owner who is responsible for being our point of contact for all GDPR related enquiries or questions. If you have any questions regarding this privacy statement, please contact the HR Manager at gdpr@elfab.com or 0191 293 1234. Elfab Limited, Alder Road, North Shields, Tyne & Wear, NE29 8SD, UK.