Home > About Us > Data protection privacy notice (recruitment)
Data protection privacy notice (recruitment)
This non-contractual notice explains what personal data (personal information) we hold about you, how we collect it, and how we use and may share personal information during the recruitment process. Please ensure that you read this notice and any other similar notice we may provide to you from time to time.
Who collects the personal information
The Company is a ‘data controller’ and gathers and uses certain personal information about you.
Data protection principles
The data protection principles which we will apply when gathering and using personal information are that:
We will process personal information lawfully, fairly and in a transparent manner;
We will collect personal information for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes;
We will only process the personal information that is adequate, relevant and necessary for the relevant purposes;
We will keep accurate and up to date personal information, and take reasonable steps to ensure that inaccurate personal information is deleted or corrected without delay;
We will keep personal information for no longer than is necessary for the purposes for which the information is processed; and
We will take appropriate technical and organisational measures to ensure that personal information is kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
About the personal information we collect
A table summarising the personal information we collect and hold during the recruitment process, how and why we do so, how we use it and with whom it may be shared is below.
Where personal information may be held
Personal information may be held at our offices and third-party agencies, service providers, representatives and agents as described above and in cloud based IT services. In the event that we use cloud based IT services, personal information may be transferred internationally to other countries around the world, including countries that do not have data protection laws equivalent to those in the UK. We have security measures in place to seek to ensure that there is appropriate security for personal information we hold.
How long we keep your personal information
We keep the personal information that we obtain about you during the recruitment process for no longer than is necessary. How long we keep your personal information will depend on whether your application is successful, and you become employed by us, the nature of the personal information concerned and the purposes for which it is processed.
If your application is successful, we will keep only the recruitment personal information that is necessary in relation to your employment. For further information, see our data protection privacy notice (employment).
Your rights to correct and access your personal information and to ask for it to be erased
Please contact our Data Protection Contact (Graham Brown) if (in accordance with applicable law) you would like to correct or request access to personal information that we hold or if you have any questions about this notice. You also have the right to ask our Data Protection Contact for some, but not all, of the personal information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing personal information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Criminal records information
We may carry out Disclosure Scotland PVG checks (including requesting a criminal record certificate, enhanced criminal record certificate or a search of the children’s or adults’ barred list) where we feel that a PVG check is proportionate and relevant for your role. A record that the PVG check was completed and whether it was satisfactory will be kept; however, the check itself will usually be disposed of securely unless we feel it is relevant to the ongoing employment relationship, in which case it will be kept securely for six months (unless relevant for regulatory inspections in which case it will be retained until the next inspection).
How to complain
We hope that we can resolve any query or concern you raise about our use of your personal information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
Key to table below
FRP – to carry out a fair recruitment process
GEP – to maintain employment records and for good employment practice
Informed – to make an informed decision to shortlist for interview and (if relevant) to recruit
Insurance – to comply with the terms of our insurance
LO – to ensure compliance with legal and/or regulatory obligations
Medical Professional – your doctors and other medical/occupational health professionals
PTC – to enter into/perform the contract
Personnel – relevant managers, HR, professional advisors, payroll and consultants
Progress – to progress your application, arrange interviews and inform you of the outcome at all stages
SPI – for reasons of substantial public interest (e.g. equality opportunities and prevention and/or detection of unlawful acts)
You are required (by law or in order to enter into your contract of employment) to provide the categories of information marked ‘ * ’ above to us to enable us to verify your right to work and suitability for the position.