We process your personal information provided in the course of applying for a job with us in order to carry out our recruitment process and for no other purpose.
This notice explains what data we process, why, how it is legal and your rights.
ABOUT US AND THIS NOTICE
This Privacy Notice is provided by PassivSystems Limited (“Passiv” or “we” or “us”) who is a ‘controller’ for the purposes of the General Data Protection Regulation (EU) 2016/679.
You should read this Privacy Notice if you have applied for a job with us
We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.
How to contact us
If you need to contact us about this Privacy Notice, use the details below
- The Data Protection Manager
- Address: Benyon House, Newbury Business Park, Newbury, Berkshire, RG14 2PZ, United Kingdom
- Telephone number: +44 1635 525050
- Email: Dataprotectionmanager@passivsystems.com
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. We will alert you by posting a notice on our website when changes are made.
Current version: Job Applicant Privacy Notice 23 April 2018
USEFUL WORDS AND PHRASES
Please familiarise yourself with the following words and phrases (used in bold) as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:
|controller||This means any person who determines the purposes for which, and the manner in which, any personal data is processed.|
|criminal offence data||This means any information relating to criminal convictions and offences committed or allegedly committed.|
|Data Protection Laws||This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679 and any other national laws implementing that Regulation or related to data protection.|
|data subject||The person to whom the personal data relates.|
|ICO||This means the UK Information Commissioner’s Office which is responsible for implementing, overseeing and enforcing the Data Protection Laws.|
|personal data||This means any information from which a living individual can be identified.
This will include information such as names, and telephone numbers, addresses and e-mail addresses when associated with names. It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions).
It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
|processing||This covers virtually anything anyone can do with personal data, including:
|processor||This means any person who processes the personal data on behalf of the controller.|
|special categories of data||This means any information relating to:
WHAT PERSONAL DATA DO WE COLLECT?
The sections below set out the categories of personal data we may ask for at each stage of your application for a job with us. Some data may not be required depending on the type of role you are applying for. The reasons why we need each category of data are set out in the section ‘Why do we need your personal data‘.
If you choose not to provide us with any of these categories of information, your application may be rejected or it could affect our ability to process your application.
If you contact us with any questions prior to submitting an application for a job, we will keep a record of your name and contact details, as well as details of any question you have asked.
If you submit an application or send us a CV
If you submit an application for a job with us, we will ask you for your CV which should generally contain:
- Your contact details, including your name, address, e-mail address and telephone number.
- Details of your relevant education and employment history.
- Details of referees.
If your CV contains additional information, we will process whatever information you provide in your CV.
If you are successful in our initial shortlisting stage, we may invite you for an interview. Information will be generated by you and by us during this process. For example, you might complete written tests, take psychometric tests or we might take interview notes.
If we make you a conditional offer
If we make you a conditional offer of employment, we may gather further personal data before deciding whether to make you a final offer, to check:
- Proof of your identity.
- Proof of your qualifications.
- Pre-employment health questionnaire.
- Right to Work checks.
- Information for the purposes of Equal Opportunities Monitoring
If we make and you accept a final offer
We will require further information from you in order to meet our obligations as an employer, such as your bank details so that we can pay your salary. How we process your information as an employee is set out in our Staff Privacy Notice which you will have access to when you start your employment.
Personal information provided by third parties
Most of the personal data we process about you when you apply for a job is information that you give us directly, or is generated through the recruitment exercise. However, some information we gather from the third parties below.
Recruitment Agency: We fill some of our roles through recruitment agencies. If you apply for a role through a recruitment agency, they will pass us details of your name, contact details, CV and notes of interview with the agency.
Your former employer and other referees: If you apply for a role with us, we will contact your referees directly, using the details you provide in your application, to request a reference.
Psychometric test provider: If you are required to take psychometric tests, the test provider will send us your responses, score and any other analysis that they carry out based on your responses.
Home Office: We may in certain circumstances need to seek confirmation from the Home Office that you have the right to work in the UK.
WHY DO WE NEED YOUR PERSONAL DATA?
We need your personal data for the purposes listed in the table below. We are allowed to do so on certain legal grounds which are also set out in the table (and which are explained further in the section ‘Legal grounds for processing personal data‘).
|Type of Data||Why do we need it?||Legal grounds for processing|
|Contact details (name, email address, telephone number, home address)||So that we can contact you about your application for a job with us.||Legitimate interests|
|Education and employment history, and proof of qualifications||So that we can assess your relevant experience and suitability for a job with us, and assess what your training needs would be if you started working for us.||Legitimate interests|
|Information provided by professional and personal referees||So that we can assess your relevant experience and suitability for a job with us.||Legitimate interests|
|Information generated during the recruitment process itself (such as interview notes, psychometric test results and your answers to assessment questions)||So that we can assess your relevant experience and suitability for a job with us. Psychometric tests help us understand your characteristics and working-style preferences.||Legitimate interests|
|Information provided by credit reference agencies||So that we can assess suitability for senior roles or roles involving financial duties.||Legitimate interests|
|Information about your regulatory or other professional memberships||So that we can assess your relevant experience and suitability for a job with us (where this is relevant for certain senior roles where there is no legal requirement to be registered with a regulator).||Legitimate interests|
Special categories of personal data and criminal offences data
|Type of Data||Why do we need it?||Legal grounds for processing|
|Identity documents such as a copy of your passport (including information about your national origin) or other right to work documentation||So that we can comply with our obligation to check that our employees have the right to work in the UK.||Necessary for complying with our legal obligations as an employer.|
|Information about a disability which may affect the application process||To make reasonable adjustments to our application process for your disability.||Necessary for complying with our legal obligations as an employer.|
|Pre-employment health data||To determine whether you are medically able to carry out the work you have been offered, and to assess whether any adjustments are needed to the work environment to enable you to carry out that work.||
Necessary for complying with our legal obligations as an employer.
Necessary for assessing your working capacity as an employee.
LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
We have set out below a description about each of the legal grounds on which we process your personal data.
Reasons for processing your personal data:
Necessary for our legitimate interests: We process some personal data if doing so is in our legitimate interests as an employer. In order to do so, we have considered the impact on your interests and rights, and have put in place appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. You have the right to object to the processing of your personal data on this ground. See section headed ‘Your Rights‘ to find out how.
Necessary for the compliance of a legal obligation: We have to process some of your personal data in order to comply with certain of our legal obligations.
Additional conditions for processing special categories of data, or criminal offences data:
Necessary for compliance with our obligations under employment law: We have to process some of special categories of data in order to comply with certain of our legal obligations.
Necessary for the purposes of occupational medicine, including the assessment of your working capacity as an employee: We will process information about your health in order to assess your medical capacity to perform the job you have applied for.
WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?
If you would like to know the names of our service providers who provide typical services required by all companies to support our business (e.g. website hosting and IT support), please contact us using the details at the start of this Privacy Notice.
Transfers of your personal data outside the EEA
We will not transfer your personal data outside the European Economic Area.
How we keep your personal data secure
We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.
WHEN WILL WE DELETE YOUR DATA?
If your application for a job with us is unsuccessful or you do not accept our offer of employment, then we will delete all of the personal data gathered during the recruitment exercise within six months after the relevant recruitment exercise has ended. This is so that we can:
(a) Identify candidates who apply for multiple roles with us within that timeframe and
(b) Defend any legal claims arising from the recruitment process.
If you ask us to do so, we will keep the details of your application for a further six months beyond our normal retention period, so that we can proactively contact you should any further potentially suitable vacancies arise.
If your application for a job with us is successful and you start work as our employee, please see our Staff Privacy Notice for details of how long we will retain the data gathered during the recruitment exercise. If you apply for a new role with us when you are already our employee, this Privacy Notice applies in respect of any new information gathered during that application process, and the Staff Privacy Notice continues to apply in respect of any information we already hold by virtue of you being a current employee.
As a data subject, you have the following rights under the Data Protection Laws:
- the right to object to processing of your personal data;
- the right of access to personal data relating to you (known as data subject access request);
- the right to correct any mistakes in your information;
- the right to ask us to stop contacting you with direct marketing;
- the right to prevent your personal data being processed;
- the right to have your personal data ported to another controller;
- the right to withdraw your consent;
- the right to erasure; and
- rights in relation to automated decision making.
These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see “How to contact us”).
We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.
Right to object to processing of your personal data
You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.
If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed “How is processing your personal data lawful“.
Right to access personal data relating to you
You may ask to see what personal data we hold about you and be provided with:
- a copy of the personal data;
- details of the purpose for which the personal data is being or is to be processed;
- details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers;
- the period for which the personal data is held (or the criteria we use to determine how long it is held);
- any information available about the source of that data; and
- whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.
To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.
Right to restrict processing of personal data
You may request that we stop processing your personal data temporarily if:
- you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
- the processing is unlawful but you do not want us to erase your data;
- we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
- you have objected to processing because you believe that your interests should override our legitimate interests.
Right to data portability
You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
Right to withdraw consent
You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.
Right to erasure
You can ask us to erase your personal data where:
- you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
- if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
- you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
- your data has been processed unlawfully or has not been erased when it should have been.
Rights in relation to automated decision making
We do not make any decisions by automated means regarding your personal data.
What will happen if your rights are breached?
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Complaints to the regulator
It is important that you ensure you have read this Privacy and Cookie Notice – and if you do not think that we have processed your data in accordance with this notice – you should let us know as soon as possible. You may also complain to the ICO. Information about how to do this is available on their website at www.ico.org.uk.