GDPR: DATA PRIVACY NOTICE FOR JOB APPLICANTS
1. Why have you been given this privacy notice?
MS Roofing Supplies is a “data controller”. This means we are required under data protection legislation to notify you of how we will, collect process and store your personal data during the application and recruitment process. We will also explain what rights you have in relation to how we process your personal data.
2. What are our obligations to you in relation to how we process your personal data?
We are required by law to ensure that when processing any of your personal data that it is:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept in a form which permits you to be identified for only as long as necessary for the purposes we have told you about.
• Kept securely.
3. What personal data will we collect, use and store about you?
In order to process your job application we will collect the following information about you:
• your name, address and contact details, including email address and telephone number
• details of your qualifications, skills, experience and employment history
• information about your current level of remuneration, including benefit entitlements
• information about your entitlement to work in the UK
• assessment interview, psychometric test, technical assessment
We may also collect, store and use the following “special categories” of more sensitive personal information:
• Equal opportunities monitoring information.
• Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process.
4. How do we collect your personal data?
We will collect this information from a range of sources, which will include your application form, CV, your passport or other identity documents, or information provided directly by you through interviews.
The organisation will also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, employment agency. The organisation will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.
If we receive an unsolicited CV at a time when we are not recruiting, we will delete the CV and inform you of this. If we want to hold this unsolicited personal data on file for future recruitment rounds, we will inform you of this in a privacy notice, along with the other required information.
5. How will we use your personal data?
Throughout the recruitment process we will need to process your personal data for one or more of the following lawful bases:
a) Where we need to process your personal data to take specific steps at your request before entering into a contract with you or we need to process data to enter into a contract with you. This may include making reasonable adjustments to the recruitment process to accommodate disabilities as and when requested.
b) Where we need to process your personal data to comply with a legal obligation, for example if your application is successful we will check your right to work in the UK before a job offer is made.
c) Our legitimate reason for processing your personal data is to enable us to gather data so that we can assess which candidate’s skills and experience is the best match with our job role requirements and therefore suitable for employment. We also need to process job application information in order to respond to and defend against legal complaints. [You must identify and list any other legitimate interests that you or any third party may have] We will process your personal data for these legitimate reasons provided that your interests and fundamental rights do not override those interests.
d) Where we need to protect your interests (or someone else’s interests).
e) Where it is needed in the public interest [or for official purposes].
6. When will we use your personal data?
During the application and recruitment process and for a short period after the recruitment process, we will use your personal information for specific purposes. The list below describes the purpose of our processing, the personal data involved (from clause 3 above) and the lawful basis for our processing (from clause 5 above):
Purpose Personal data involved Lawful basis for processing
Assessing suitability to perform the role Employment history Legitimate Interests
Interview Name, Address, Cv, job application form. Legitimate Interests
The organisation will not use your data for any purpose other than recruitment purposes.
Where your application or interview is unsuccessful, we will delete your details in under 1 month unless we ask for your written consent to keep your personal data on file in case there are future employment opportunities for which you may be suited. You are not obliged to provide consent but if consent is provided you are free to withdraw your consent at any time.
7. What happens if you do not provide us with information?
We will only ask you to provide information which we believe is necessary for the application and recruitment process. You are under no statutory or contractual obligation to provide data during the recruitment process. However, if you do not provide sufficient information, we may not be able to process your application properly or at all. Also we may not be able to meet our legal obligations towards you with regard to reasonable adjustments.
8. What happens if we need to use your personal data for a new purpose?
We have indicated above a list of circumstances in which we will use your data. We will usually only use your personal data as indicated. However, if we consider that it is necessary and reasonable to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
9. How do we use your special categories information?
Any personal data which reveals your ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic, biometric or health data, sex life and sexual orientations will be regarded as special categories of personal data. We will only use this data in the following ways:
• In order to comply with employment and other laws to ensure that the recruitment process is conducted in a fair and inclusive manner.
• To ensure we meet our health and safety and equality obligations towards you we will use information about your physical or mental health or disability status to make appropriate reasonable adjustments to the recruitment process.
• Where it is needed in the public interest, for example for equal opportunity monitoring and reporting.
10. Do we need your consent to use special categories data?
If we are using your personal sensitive data in accordance with the lawful purposes set out in this privacy notice, in these circumstances we do not need your written consent to use sensitive personal data.
However, in limited circumstances, we may request your written consent to allow us to process your sensitive personal data. If it becomes necessary to request your consent to process your sensitive personal data, we will provide you with details of the information that we require and why we need it, so that you can decide whether you wish to provide your consent. It is not a condition of applying for the role with us that you must agree to any request for consent. Giving consent will always be a decision made by your freewill/choice.
11. Criminal convictions
Given the nature of the role and duties you will perform we, will request and hold information about criminal convictions. In addition, where applicable we will only request this information if you are successful in your application and where we are legally entitled to do so.
Where applicable, we will use information about criminal convictions and offences in the following ways:
When making a decision regarding the position you have applied for.
We have in place policy and safeguards which we are required by law to maintain when processing this data. A copy of the policy can be obtained from MS Roofing Supplies.
12. Automated decision making
We have notified you and sought your explicit consent where necessary, if you have been asked to complete a disc profile you confirm consent by completing the questionnaire.
13. Will we share your personal data with third parties?
We will not share your data with third parties, unless your application for employment is successful and you accept our offer of employment.
14. Which third party service providers will we share your personal data with?
If that occurs, we will then share your data with:
Former employers to obtain references for you
Employment background check providers to obtain necessary background checks
DVLA to check your driving licence.
15. Third party service providers and data security
Third party service providers are only permitted to process your personal data in accordance with our specified instructions. They are also required to take appropriate measures to protect your privacy and personal information. We do not allow your information to be used by the third parties for its own purposes and business activities.
16. Will we share your personal data with other entities within our business group?
Your information will be shared internally for the purposes of the recruitment exercise. This includes:
• Members of the HR and recruitment team
• Interviewers involved in the recruitment process
• Managers in the business area with a vacancy
• IT staff
17. Will we transfer your personal data outside of the European Economic Area?
The organisation will not transfer your data outside the European Economic Area.
18. How do we ensure your personal data is secure?
We take your privacy and protection of data very seriously. Consequently, we have put in place appropriate security measures to prevent unauthorised use of your personal data. Details of the measures which are in place can be obtained from Louise French We will notify you and any applicable regulator of any suspected unauthorised use of your personal data.
19. How long will we keep your personal data?
We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected for.
If your application for employment is unsuccessful, your details will be deleted within 1 month.
If requested and you agree we will keep your personal data on file, for a further year for consideration for future employment opportunities.
At the end of that period or once you withdraw your consent your data will be deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be available in our data retention policy.
20. How will we store your data?
Your data will be stored in a number of different places, including on your application record, in HR management systems and on other IT systems (including email).
21. Your duty to inform us of any changes
In order that we can ensure that the personal data we hold in relation to you is accurate, it is important that you keep us informed of any changes to that data.
22. What rights do you have in respect of how we use your personal data?
Subject to legal limitations you have the right to:
• Request access to your data: You can ask us to provide a copy of the personal data we hold about you.
• Request corrections to be made to your data: If you think that your personal data is incomplete, inaccurate you can ask us to correct it.
• Request erasure of your data: If you consider there is no lawful basis for us to continue processing your data you can ask for that data to be deleted or removed.
• Object to the processing of your data: If our lawful basis for processing your data relates to a legitimate business interest (or third party interest) you can raise an objection to that interest. You can also object to us using your information for direct marketing purposes.
• Request that processing restrictions be put in place: If you believe that your information is being processed without a lawful reason or that the information is incorrect you can request that a freeze/restricting is placed on the processing of the information until your concerns are addressed.
• Request a transfer of your personal data: You can ask us to transfer your personal data to a third party.
If you wish to exercise any of the above rights please contact Louise French firstname.lastname@example.org.
23. Will I have to pay a fee?
You will not be expected to pay a fee to obtain your personal data unless we consider that your request for access to data is unfounded or excessive. In these circumstances we may charge you a reasonable fee or refuse to comply with your request. We may also charge a reasonable fee where we have supplied a copy of your personal data and you then request another copy of the same information.
24. Before we comply with your request
Whenever you make a request for access to personal data, to ensure that we are releasing personal data to the correct person we may ask questions to confirm your identity.
25. Right to withdraw your consent
If we have asked for your written consent to obtain information, you have the right to withdraw your consent at any time. To withdraw your consent please contact Louise French email@example.com. Once we receive your notice of withdrawal we will cease processing your data unless we have any other lawful basis on which to continue processing that data.
26. Who is responsible for ensuring that rights and obligations under this privacy notice are met?
We have appointed a data privacy manager to ensure that your personal information is handled in accordance with this privacy notice, the data protection laws and any changes that might be made to those laws. If you have any concerns or complaint relating to how we process your personal data you are entitled to contact the Information Commissioner’s Office. This office oversees all UK data protection issues.
27. Important information about this privacy notice
This notice does not form part of any contract of employment or any other contract to provide services. We reserve the right to amend or update this privacy notice at any time. We will provide you with a new notice when we make any updates.
28. How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact our DATA Representative on 01903 243999 If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.