For the purposes of data privacy legislation, we consider ourselves to be data controllers. We may also be data processors for certain types of processing activity where we are not already the data controller. By this we mean we hold specific data (“Personal Data”) about you and we decide how it will be processed etc. Personal Data is any data from which you can be identified. Such data can be sensitive where it concerns sensitive information (now called “Special Categories of Personal Data”). For the purposes of this form, Personal Data and Special Categories of Personal Data together constitute “Relevant Data”.
By way of illustration, Personal Data can include family details, contact details, educational history, employment details, financial details, views and opinions, and electronic identifying data (such as cookies, online identifiers, IP addresses and activity logs).
Special Categories of Personal Data can include information about race, ethnicity, political opinions, religious or philosophical beliefs, Trade Union membership, mental or physical health and sexual life.
From time to time, and where necessary, we will hold data about you regarding the areas identified below in view of the nature of your potential employment/engagement with us (“the Company”). This is a non-exhaustive list and may vary from time to time, depending on business requirements.
The primary reason we need your Relevant Data is to ensure that we can address any matter connected to the recruitment process. It also ensures that we are not in breach of any applicable legal obligation such as in relation to national minimum wage issues and we are able to respond to any queries made by relevant authorities including the Health and Safety Executive. There may be times whereby your data is used to protect third party interests such as those of the public.
We collect data in various ways. This can be through our application and recruitment process, by asking you questions from time to time, through electronic sources such as SMS and emails and from any publicly accessible sources such as social media and Linked In. Third parties are also utilised by the Company (such as employment agencies, background check providers, credit reference agencies, any medical sources and the Disclosure and Barring Service).
Information can be gathered from your named referees, former employers and personal references. Except where required to do so due to the nature of the recruitment process (for example, with a recruitment agent or group company) We will obtain data from third parties only once a job offer has been made to you and we will inform you that we are doing so.
We will use your Relevant Data where we consider it necessary to do so. This can include or relate to:
We have no intention to use any electronic system to make significant decisions about your application without human intervention, however, we may do so in the future. Should that arise we will inform you beforehand and provide the relevant details in writing.
Where we have shared any of your Relevant Data with a third party they are required to take appropriate security measures to protect such information. Such parties are only able to process that data in accordance with our instructions. The third parties that we instruct include our professional advisers, payroll, pension and benefit administrators, storage and IT providers and recruitment agents. We will instruct others from time to time where appropriate and where we have a legitimate business reason to do so, for example, due to outsourcing costs or we require advice and additional support that is lacking within the Company. There may also be the need for us to share your Relevant Data in respect of any business reorganisation, restructure, buy-out or otherwise that may need to take place.
In terms of our obligation to deal with regulatory matters, accreditation or professional membership or other matters (concerning, for instance, the Home Office, HMRC, FCA or Law Society) we will where necessary share any of your personal data that we hold.
Also, where there is any associated company (presently any company within the Nucleus Financial Group) any Relevant Data pertaining to you that we hold will be shared with any such business as and where appropriate.
We have put in place systems whereby your Relevant Data will be held in the UK. The data is stored on your application record, in HR management systems and other IT systems (including email). This may change from time to time due to business reasons. If for any reason another storage system is used and placed outside the areas mentioned we will use reasonable measures to ensure there is an adequate level of protection of your personal information.
Currently some Relevant Data is stored in various ways including hard copies and electronically on a secure server. In some cases, data is stored in a central place and may be locked and encrypted, if necessary. Access to Relevant Data is limited to key personnel and protected such as via a password. Where any data is stored on company property, such as on laptops, both the hardware and software are encrypted and have firewalls in place.
If there has been a breach of any Relevant Data that concerns you and may result in a high risk to your individual rights and freedoms, you will be informed accordingly. We also have an obligation to notify the regulatory body (including the Information Commissioner’s Office (“ICO”) referred to below) and any other appropriate party.
You have the right to gain access to the Relevant Data we have stored in relation to you at any time. You can also request that we amend our records where any information is inaccurate or out of date. You will need to inform us if any of your personal information changes. You are responsible for ensuring your data is sent securely.
If at any time you wish to withdraw your consent and/or object to us handling your data or its processing, whether partially or in full, you will need to inform us.
Where any such request is made you will be informed of the process and any payment or further details you may need to supply from the Data Privacy Manager.
Whilst you may make any request to amend, object or otherwise we may have lawful reasons to continue to collect and process your Relevant Data as well as justify a refusal. So that any amendment can be tracked to the request, key details will be retained for evidential purposes.
Notwithstanding the above you can report any data concern or complaint to ICO. They are responsible for ensuring data privacy rights are protected for certain individuals. Their details can be found via the following link: https://https://ico.org.uk/