Introduction
As part of our recruitment process, we collect and process personal data relating to job applicants. This personal data may be held by us on paper or in electronic format. We are committed to being transparent about how we handle your personal data, to protecting the privacy and security of your personal data and to meeting our data protection obligations under the General Data Protection Regulation (“GDPR”). The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal data during the recruitment process. We are required under the GDPR to notify you of the information contained in this privacy notice. This privacy notice applies to all job applicants, whether you apply for a role directly or indirectly through an employment agency. Unless we inform you otherwise during the recruitment process, we will be your data controller.The principles
We comply with the principles of data protection (the Principles) enumerated in the EU General Data Protection Regulation. We will make every effort possible in everything we do to comply with these principles. The Principles are:1. Lawful, fair and transparent
Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.2. Limited for its purpose
Data can only be collected for a specific purpose.3. Data minimisation
Any data collected must be necessary and not excessive for its purpose.4. Accurate
The data we hold must be accurate and kept up to date.5. Retention
We cannot store data longer than necessary.6. Integrity and confidentiality
The data we hold must be kept safe and secure.How do we collect your personal data?
We collect personal data about you during the recruitment process either directly from you or sometimes from a third party such as an employment agency. We may also collect personal information from other external third parties, such as references from current and former employers. You are under no statutory or contractual obligation to provide personal data during the recruitment process. Your personal data may be stored in different places, including on your application record, in our HR management system and in other IT systems, such as the email system.What types of personal information do we collect about you and process?
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly. We collect and process personal data about you when you apply for a job with us. We collect, use and process a range of personal data about you (where you provide this data to us) during the recruitment process. This includes (as applicable):- your contact details, including your name, address, telephone number and email address (1), (2), (3)
- personal information included in a CV, cover letter or interview notes (1), (2), (3)
- references and assessments relating to your work for previous employers (1)
- information about your right to work in the UK and copies of proof of right to work documentation (2)
- copies of qualification certificates (1)
- details of your skills, qualifications, experience and work history with previous employers (1), (2), (3)
- information about your current salary level, including benefits and pension entitlements (1), (2), (3)
- your professional memberships (1), (2), (3)
- whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process (1), (2), (3)
- information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation (1), (2)
Why and how do we use your personal information?
We will only use your personal information when the law allows us to. This is known as the legal basis for processing. We will use your personal information in one or more of the following circumstances:- where we need to do so to take steps at your request prior to entering into a contract with you, or to enter into a contract with you (1)
- where we need to comply with a legal obligation (2)
- where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests (3).
- manage the recruitment process and assess your suitability for employment or engagement;
- decide to whom to offer a job;
- comply with statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK;
- comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations;
- ensure compliance with your statutory rights;
- ensure effective HR, personnel management and business administration;
- monitor equal opportunities;
- enable us to establish, exercise or defend possible legal claims;
What if you fail to provide personal data?
If you fail to provide certain personal information when requested, we may not be able to process your job application properly or at all, we may not be able to enter into a contract with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory rights.Change of purpose
We will only use your personal information for the purposes for which we collected it, i.e. for the recruitment exercise for which you have applied. However, if your job application is unsuccessful, we may wish to keep your personal information on file for in case there are future suitable employment opportunities with us. We will ask for your consent before we keep your personal information on file for this purpose. Your consent can be withdrawn at any time.Who has access to your personal information?
Your personal information may be shared internally for the purposes of the recruitment exercise. We will not share your personal information with third parties during the recruitment process unless your job application is successful and we make you an offer of employment or engagement. At that stage, we may also share your personal information with third parties (and their designated agents), including:- external organisations for the purposes of conducting pre-employment reference and employment background checks;
- former employers, to obtain references;
- professional advisors, such as legal advisors;
- government officials and systems, such as the Points Based System.
How long will you keep my personal data?
We will not keep your personal information for longer than is necessary and will only retain the personal information that is necessary to fulfil the purpose. We are also required to retain certain information by law or if it is reasonably necessary to meet regulatory requirements, resolve disputes or enforce our terms and conditions. If a job applicant’s application for employment is unsuccessful, we will generally hold your personal data, which may include special categories of personal data, for 12 months after the end of the relevant recruitment exercise or until you withdraw your consent. If your application is successful and you become an employee we will provide you with a copy of the Privacy Notice for Employees. The retention periods referred to therein will apply to your personal data during your employment.How do we protect your personal information?
We have put in place measures to protect the security of your personal information. We have internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures from our Privacy Team using this email address privacyteam@mapway.com Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes. We also have in place a policy and process to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.Transferring personal information outside the European Economic Area
We will not transfer your personal information to countries outside the European Economic Area.What are my rights in relation to my personal data?
If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it. You also have the right, with some exceptions, to ask us to provide a copy of any personal data we hold about you. If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data:-- by withdrawing your consent for us to use it;
- if it is no longer necessary for us to use your personal data;
- you object to the use of your personal data and we don’t have a good reason to continue to use it; or
- we haven’t handled your personal data in accordance with our obligations.