FAIR PROCESSING NOTICE (JOB APPLICANT DATA)
|Debbie Murgett / Racheal Hoult
||HR Advisor / Data Compliance Officer
||HR fair processing notice (job applicant) created
- About this document
- During the course of recruitment we will process personal data (which may be held on paper, electronically, or otherwise) about our job applicants and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the General Data Protection Regulations (GDPR). The purpose of this notice is to make you aware of the types of data that we hold on job applicants. It also sets out how we collect data, why we process that data and how long we keep it for along with other relevant information.
- This notice applies to all job and volunteer applicants.
- Data controller
- PFH is deemed a data controller, meaning that we determine the purpose and processes to be used when using personal data.
- Data protection principles
- We will comply with the six data principles outlined in the GDPR, which say that personal data must be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Types of data we process
- We hold many types of data throughout the recruitment and selection process, including:-
- personal details including current and previous name, address, email address(s), phone number(s)
- adjustments required to the recruitment process (if disabled)
- information used solely for equal opportunities monitoring about sexual orientation, religion or belief and ethnic origin, gender, marital status and disability.
- information included on a cv or application of employment including referees, qualifications, education/employment history and interview selection notes, selection tests/activities
- for the preferred candidate only: pre-employment check documentation including references, DBS clearance, identification documentation relating to right to work in the UK and health information
- How we collect your data
- We collect data in a variety of ways including the information normally included in a CV or cover letter, or notes made during the selection process. Further information will be collected after an offer is made to the preferred candidate satisfying pre-employment checks and then on commencement of employment for the successful candidate only.
- We may collect data from third parties, such as employment agencies/former employers when gathering references and the Disclosure and Barring Service.
- Personal data is kept in vacancy files or within the Company’s HR and IT systems or third party recruitment platforms.
- Why we process your data
- We will only process personal data for certain reasons as defined by GDPR:
- in order to perform the employment contract
- in order to carry out legally required duties
- in order for us to carry out our legitimate interests
- to protect your interests and
- where something is done in the public interest.
- All of the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on the first three reasons set out above for example making reasonable adjustments for disabled candidates/employees is a legal requirement.
- “Special categories of personal data” about race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sex life; or sexual orientation will be processed in accordance with more stringent guidelines. Usually this will mean that you have given your explicit consent, or that the processing is required in order for us to carry out our legal obligations, is of substantial public interest, or you have already made the data public.
- We may process special categories of personal data relating to job applicants including, as appropriate:
- For the purpose of equal opportunities monitoring due to our position as a public service provider
- We do not need your consent if we use special categories of personal data in order to carry out our legal obligations, exercise specific rights under employment law or to perform a task in the public interest.
- We will collect criminal conviction data (where it is appropriate) given the nature of the vacancy and where the law permits us. This data will usually be collected only for the preferred candidate via the Disclosure and Barring Service. We process this data because of our legal obligation to safeguard residents classed as vulnerable adults.
- If you are unsuccessful in obtaining employment, your data will not be used for any reason other than in the ways explained in relation to the specific application you have made.
- Data provision
- One of the reasons for processing candidate data is to allow us to carry out an effective recruitment process. Whilst you are under no obligation to provide us with your data, we may not be able to process, or continue with your application/offer of employment if you fail to do so e.g. confirming right to work in the UK or, where appropriate, confirming legal status for carrying out work via a criminal records check (DBS).
- Data sharing
- Data will be shared with colleagues within PFH where it is necessary for them to undertake their duties with regards to recruitment. This includes, for example, the HR department, those included on the shortlisting and selection panels and the IT department if you require access to our systems to undertake any assessments requiring IT equipment.
- In some cases, we will collect data from third parties such as employment agencies and use recruitment platforms such as Indeed to obtain your personal data.
- We do not share your data with bodies outside of the European Economic Area.
- Protecting your data
- We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.
- Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
- Data retention
- In line with data protection principles, we only keep your data for as long as we need it for, which will be at least for the duration of the recruitment exercise in the case of equal opportunity data. All other information gathered during the recruitment and selection process will be retained for one year as outlined in Appendix 1.
Data will be destroyed or erased from our systems after this period.
- Automated decision making
- No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
- Your rights in relation to your data
- be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request via email to the HR Department.
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- the right to portability. You may transfer the data that we hold on you for your own purposes
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
- the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
- Where we are relying solely on your consent to use your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
- Breaches of data protection principles
- If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with our Data Protection Officer, Racheal Hoult. Any breach of the GDPR will be taken seriously.
- The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO) and complaints can be made direct to them.
APPENDIX 1 – HR RETENTION LIST (JOB APPLICANT DATA)
Part 1 Recruitment and Selection
|Applications and interview notes
(for unsuccessful candidates)
|Equal Opportunity Forms including Gender, Marital Status, Age, Ethnic Origin, Disability, Sexual Orientation, Religious Belief/Faith, Criminal Conviction
||Duration of recruitment campaign (1 month)