This Job Applicant Privacy Notice sets out what personal data we, Zupa, hold about you and how we collect and use it during and after the recruitment process. It applies to anyone who is applying to work for us, whether as an employee, worker, contractor, consultant, intern, volunteer, partner or director (together referred to as ‘Job Applicant’ or ‘you’).
Please note that we will not necessarily hold, use or share all of the types of personal data described in this Privacy Notice in relation to you. The specific types of data about you that we will hold, use and share will depend on the role for which you are applying, the nature of the recruitment process, how far you progress in the recruitment process and your individual circumstances.
We are required by data protection law to give you the information in this Privacy Notice. It is important that you read the Privacy Notice carefully, together with any other similar or additional information that we might give you from time to time about how we collect and use your personal data. Should your application be successful, when you start work for us, we will provide you with another privacy notice that explains how we deal with your personal data whilst you are working for us.
This Privacy Notice applies from 25 May 2018, when the General Data Protection Regulation comes into force. It does not give you any contractual rights. We may update this Privacy Notice at any time.
Who is the controller?
Zupa is the “controller” for the purposes of data protection law. This means that we are responsible for deciding how we hold and use personal data about you.
What is personal data?
Personal data means any information relating to a living individual who can be identified (directly or indirectly) in particular by reference to an identifier (e.g. name, NI number, employee number, email address, physical features). It can be factual (e.g. contact details or date of birth), an opinion about an individual’s actions or behaviour, or information that may otherwise impact that individual in a personal or business capacity.
Data protection law divides personal data into two categories: ordinary personal data and special category data. Any personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, or biometric or genetic data that is used to identify an individual is known as special category data. (The rest is ordinary personal data).
What type of ordinary personal data do we hold about you and why?
At the initial stages of recruitment, we collect, hold and use the following types of ordinary personal data about you:
- The information contained in your application form/CV/covering letter, including your name, title, contact details, employment history, experience, skills, qualifications/training (including educational, vocational, driving licences where appropriate), referees’ names and contact details, etc
- Publicly available information about you, such as your business social media presence
- Selection information, including correspondence, interview notes, internal notes, the results of any written or online selection tests
If you are shortlisted for a position, or you receive a conditional offer of employment, we may collect, hold and use the following additional types of ordinary personal data about you:
- Pre-employment check information, including references and verification of qualifications
- Right to work checks and related documents
We hold and use this personal data so that we can:
- process your application and correspond with you about it;
- assess whether you have the required skills, experience, qualifications and training for a role within the company;
- make informed recruitment decisions;
- verify the information provided by you;
- check and demonstrate that you have the legal right to work in the UK;
- keep appropriate records of our recruitment process and decisions;
What are our legal grounds for using your ordinary personal data?
Data protection law specifies the legal grounds on which we can hold and use personal data. We rely on one or more of the following legal grounds when we process your ordinary personal data:
- We need it to take steps at your request in order to enter into a contract with you (entry into a contract), because by applying for a job with us you are effectively asking us to enter into a contract with you [whether this is an employment contract, a contract for services or another type of contract].
- We need it to comply with a legal obligation (legal obligation), e.g. the obligation not to discriminate during our recruitment process, or the obligation not to employ someone who does not have the legal right to work in the UK.
- It is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (legitimate interest). For example, it is in our legitimate interests to review and consider your personal data (as listed above) so that we can select the most appropriate candidate for the job.
What type of special category personal data do we hold about you, why, and on what legal grounds?
We will only collect, hold and use limited types of special category data about you during the recruitment process, as described below.
Since special category data is usually more sensitive than ordinary personal data, we need to have an additional legal ground (as well as the legal grounds set out in the section on ordinary personal data, above) to collect, hold and use it. The additional legal grounds that we rely on to collect, hold and use your special category data are explained below for each type of special category data.
At the initial stages of recruitment, we collect, hold and use the following special category data about you:
Equal opportunities monitoring
Equal opportunities monitoring data which could include information about your race or ethnicity, religious beliefs, sexual orientation or health. We use this information to monitor equality of opportunity and diversity in our recruitment process. Our additional legal ground for using this information is that it is necessary in the public interest for the purposes of equal opportunities monitoring and is in line with our Data Protection Policy.
Adjustments for disability/medical conditions
Information relevant to any request by you for adjustments to the recruitment process as a result of an underlying medical condition or disability. We use this information to enable us to carry out a fair, non-discriminatory recruitment process by considering/making reasonable adjustments to our process as appropriate. Our additional legal ground for using this information is that we need it to comply with a legal obligation/exercise a legal right in relation to employment – namely, the obligations not to discriminate, and to make reasonable adjustments to accommodate a disability – and such use is in line with our Data Protection Policy.
If you are shortlisted for a position, or you receive a conditional offer of employment, we may collect, hold and use the following additional types of special category personal data about you:
Pre-employment health questionnaires/medicals
We collect information about your health in a pre-employment medical questionnaire and/or examination, as well as any information about underlying medical conditions and adjustments that you have brought to our attention. We use this information to assess whether you are fit to do the job with adjustments, to consider/arrange suitable adjustments and to comply with health and safety requirements. Our additional legal grounds for using this information are that: we need it to comply with a legal obligation/exercise a legal right in relation to employment – namely, the obligation to make reasonable adjustments to accommodate a disability – and such use is in line with our Data Protection Policy; and it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.]
Criminal records information/DBS checks
We may request criminal records checks from the DBS. We use this information to assess your suitability for the role and verify the information provided by you. Our additional legal ground for using this information is that you have given us your explicit consent to do so.
How do we collect your personal data?
You provide us with most of the personal data about you that we hold and use, for example in your written application, by completing any assessments and during any interviews.
Some of the personal data we hold and use about you is generated from internal sources during the recruitment process. For example, [the person interviewing you may score your suitability for the role and we record the reasons for decisions made about whether or not your application is successful.]
Some of the personal data about you that we hold and use may come from external sources. For example, a recruitment agency provides us with a shortlist of candidates. If we offer you a role, we will carry out pre-employment checks, such as taking up references from past employers or education providers and we may check your qualifications by contacting the awarding body. We may ask an occupational health professional to report to us on your fitness to do the job. We may seek a criminal record check from the DBS. In some circumstances, we may ask the Home Office for information about your immigration status to verify your right to work in the UK. For some roles, we may also obtain information about you from publicly available sources, such as your LinkedIn profile or other media sources.
Who do we share your personal data with?
We share any of your personal data that is relevant, where appropriate, with our group company, Zupa, to enable them to input into the recruitment process and approve final recruitment decisions. Our legal grounds for doing so are that: it is necessary for entry into a contract, and it is in our legitimate interest to obtain our group company’s approval of our recruitment decisions and comply with the procedures applicable within our corporate group.
We sometimes engage recruitment agencies to provide us with the details of suitable candidates for our available vacancies, to communicate with those candidates, to handle administration in connection with the recruitment process. If we have received your initial application details from a recruitment agency, we will share with them any of your personal data that is necessary to enable them to fulfil their functions for us. Our legal grounds for doing so are that: it is necessary for entry into a contract, and it is in our legitimate interest to engage service providers to assist us with the recruitment process.
Medical/occupational health professionals
We may share information relevant to any request by you for adjustments to the recruitment process as a result of an underlying medical condition or disability with medical/occupational health professionals to enable us to identify what, if any, adjustments are needed in the recruitment process and, if you are successful, once you start work. We may also share details of disclosed medical conditions and/or answers to pre-employment health questionnaires with medical/occupational health professionals to seek a medical report about you to enable us to assess your fitness for the job and whether any adjustments are needed once you start work. This information may also be used by the medical/occupational health professionals to carry out assessments required by health and safety legislation. Our legal grounds for sharing this personal data are that: it is necessary for entry into a contract; it is in our legitimate interests to consider adjustments to enable Job Applicants to participate fully in the recruitment process and to assess the fitness for work of Job Applicants to whom we have offered jobs; and it is necessary to comply with our legal obligations/exercise legal rights in the field of employment (obligations not to discriminate, to make reasonable adjustments, to comply with health and safety requirements).
We share any of your personal data that is relevant, where appropriate, with our legal and other professional advisers, in order to obtain legal or other professional advice about matters related to you or in the course of dealing with legal disputes with you or other Job Applicants. Our legal grounds for sharing this personal data are that: it is in our legitimate interests to seek advice to clarify our rights/obligations and appropriately defend ourselves from potential claims; it is necessary to comply with our legal obligations/exercise legal rights in the field of employment; and it is necessary to establish, exercise or defend legal claims.
We may share your right to work documentation with the Home Office, where necessary, to enable us to verify your right to work in the UK. Our legal ground for sharing this personal data is to comply with our legal obligation not to employ someone who does not have the right to work in the UK.
Consequences of not providing personal data
We only ask you to provide personal data that we need to enable us to make a decision about whether or not to offer you a role. If you do not provide particular information to us, then we will have to make a decision on whether or not to offer you a role without that information, which in some cases could result in us deciding not to recruit you. For example, if we ask you to provide an example of previously written work/ a certificate verifying a qualification and you do not, we will have to decide whether to recruit you without that information. If you do not provide us with names of referees or a reference when asked, we will not usually be able to offer you the role. In addition, some of the personal data you provide to us is required by law. For example, if you do not provide us with the documentation we need to check your right to work in the UK, then we cannot by law employ you.
If you choose not to provide us with personal data requested, we will tell you about the implications of any such decision at the relevant time.
How long will we keep your personal data?
We will keep your personal data throughout the recruitment process.
If your application is successful, when you start work for us you will be issued with an Employee Privacy Notice which will include information about what personal data we keep from the recruitment process and how long we keep your personal data whilst you are working for us and after you have left.
If your application is unsuccessful, we will keep your personal data for up to 12 months from the date we notify you of our decision. (Note, we may keep your personal data for longer than 12 months if you have asked us to consider you for future vacancies – see ‘Will we keep your application on file?’ below). There may, however, be circumstances in which it is appropriate for us to keep particular items of your personal data for longer. We will base these decisions on relevant circumstances, taking into account the following criteria:
- the amount, nature, and sensitivity of the personal data
- the risk of harm from unauthorised use or disclosure
- the purposes for which we process your personal data and how long we need particular data to achieve these purposes
- how long the personal data is likely to remain accurate and up to date
- for how long the personal data might be relevant to possible future legal claims
- any applicable legal, accounting, reporting or regulatory requirements that specify how long certain records must be kept
In all cases, we will not keep your personal data for longer than we need it for our legitimate purposes.
Will we keep your application on file?
If you are unsuccessful for the role for which you have applied, or you sent us a speculative application, then, if you have consented to us doing so, we will keep your personal data on file to identify if you might be suitable for any other vacancies that may arise in the next 12 months and will contact you if we believe this is the case. We will not keep your personal data for this purpose for longer than 12 months. If during the period that we have your personal data on file, you wish to apply for any particular vacancy that we have open, please do contact us to make us aware of this – particularly if it is not a close match with your previous experience or is in a different area of our business from a vacancy you applied for previously, as we may not otherwise realise that the vacancy would be of interest to you.
When applying for a particular role, there is no obligation for you to consent to us keeping your personal data on file for consideration for other roles if you do not want to. Your application for the particular role you are putting yourself forward for will not be affected.
If you change your mind about us keeping your personal data on file, you have the right to withdraw your consent at any time – see ‘Your Rights’, below.
If you give us details of referees, we require you to inform them what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data.
You have a number of legal rights relating to your personal data, which are outlined here:
- The right to make a subject access request. This enables you to receive certain information about how we use your data, as well as to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- The right to request that we correct incomplete or inaccurate personal data that we hold about you.
- The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing
- The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it.
- The right to withdraw your consent to us using your personal data. As described above, we do not normally rely on your consent as the legal ground for using your personal data. However, if we are relying on your consent as the legal ground for using any of your personal data and you withdraw your consent, you also have the right to request that we delete or remove that data if we do not have another good reason to continue using it.
- The right to request that we transfer your personal data to another party, in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
If you would like to exercise any of the above rights, please contact firstname.lastname@example.org in writing. Note that these rights are not absolute and in some circumstances, we may be entitled to refuse some or all of your request.
If you have any questions or concerns about how your personal data is being used by us, you can contact email@example.com.
Last Modified May 2018
What are cookies?
There are two main types of cookie:
- Session cookies—these are deleted when you finish browsing a website and are not stored on your computer longer than this
- Persistent cookies—these are stored on your computer after you have finished using a website so that the website provider can remember your preferences the next time you use it
Cookies can be set by the website you have browsed, i.e. the website displayed in the uniform resource locator (URL) window. These are called first party cookies. Third party cookies are set by a website other than the one you are browsing.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
- Make our website work as you’d expect
- Improve the speed/security of the site
- Allow you to share pages on social networks
- Make improvements to our website by seeing how users navigate around it
- Collect any personally identifiable information (without your express permission)
- Collect any sensitive information (without your express permission)
- Pass data to advertising networks
- Pass personally identifiable data to third parties
Most browsers automatically accept cookies unless you change your internet browser settings. If you wish to restrict, block or delete the cookies which are set by any websites, you can generally do this through your browser settings. These settings are usually found in the ‘options’ or ‘preferences’ menu of your internet browser.
If you set your internet browser preferences to block all cookies, you may not be able to access all or parts of our Site.
If you delete cookies relating to this Site we will not remember things about you, including your cookie preferences, and you will be treated as a first-time visitor the next time you visit the Site.
If you have any questions or comments regarding this cookies policy, please email firstname.lastname@example.org