Privacy Policy
Introduction
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, as prospective employees of our Company, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
We use Pinpoint, an online software product provided by The Infuse Group Ltd (t/a Pinpoint Software), to assist with our recruitment process. We use Pinpoint to process personal information as a data processor on our behalf. Pinpoint is only entitled to process your personal data in accordance with our instructions.
Where you apply for an opportunity posted by us, these Privacy Notice provisions will apply to our processing of your personal information and that of Pinpoint on our behalf.
Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
processing is fair, lawful and transparent;
- data is collected for specific, explicit, and legitimate purposes;
- data collected is adequate, relevant and limited to what is necessary for the purposes of processing;
- data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay;
- data is not kept for longer than is necessary for its given purpose;
- data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures;
- we comply with the relevant GDPR procedures for international transferring of personal data.
Types of Data Held
We keep several categories of personal data on our prospective employees in order to carry out effective and efficient recruitment processes. We collect and process some or all of the following types of information about candidates:
- information that candidates provide when applying for a role. This includes information provided through an online application, via email, in person at interviews and/or by any other method;
- if a candidate contacts us, we may keep a record of that correspondence;
- personal details such as name, email address, address, date of birth, qualifications, experience and any information relating to a candidate's employment history, skills and experience that they provide to us;
- details of visits to our careers website including, but not limited to, traffic data, location data and other communication data, the site that referred users to our careers website and the resources that users access;
- references provided by former employers, supervisors or colleagues;
- whether or not a candidate has a disability for which the organisation may need to make reasonable adjustments during the recruitment process;
- information and documentation concerning a candidate's identity and entitlement to work in the UK including passports, birth certificate, driving licence, residence permits / cards and visas; and
- information about a candidate's criminal record.
Collecting your Data
You provide several pieces of data to us directly during the recruitment exercise.
In some cases we may also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers or information from criminal records checks.
Pinpoint provides us with the facility to link the data you provide to us with other publicly available information about you that you have published on the Internet, which may include sources such as LinkedIn and other social media profiles.
Pinpoint’s technology enables us to search various databases, which may include personal data that you have chosen to make available, to find possible candidates to fill our job openings. Where we find you in this way we will obtain your personal data from these sources.
Should you be successful in your job application, we will gather further information from you, such as your bank details and emergency contact details, once your employment begins.
Lawful Bases for Processing
The law on data protection allows us to process your data for certain reasons only. The information below categorises the types of data processing we undertake and the lawful basis we rely on.
We need to process data to take steps at your request prior to entering into a contract with you. We may also need to process your data to enter into a contract with you.
In some cases, we also need to process data to ensure that we comply with our legal obligations. For example, it is required to check a successful applicant's eligibility to work in the UK before employment starts. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability.
We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We also need to make decisions about salary and contractual and other benefits to provide. We may also need to process data from job applicants to respond to and defend against legal claims or to prevent fraud.
For some roles, we are obliged to seek information about criminal convictions and offences. Where the organisation seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.
Special Categories of Data
Special categories of data means data relating to your health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data.
We may carry out processing activities using special category data:
- for the purposes of equal opportunities monitoring;
- to determine reasonable adjustments.
Most commonly, we will process special categories of data when the following applies:
- you have given explicit consent to the processing;
- we must process the data in order to carry out our legal obligations;
- you have already made the data public.
Failure to Provide Data
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment, or administer contractual benefits.
Criminal Conviction Data
We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your employment. We use criminal conviction data to determine your suitability, or your continued suitability for the role.
Who we share your data with
Employees within our company who have responsibility for recruitment will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processed in line with GDPR.
In addition to using Pinpoint, data may be shared with other third parties in order to manage the recruitment process (e.g. liaising with recruitment agencies, academic institutions or referees, or in order to process applications posted by candidates on job portals). We may also liaise with employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us. We may also be required to transfer personal data to a country/countries outside of the EEA. Transfers may take place where third party providers (e.g. Google, Microsoft) store our cloud data outside of the EEA. Where we share your data with third parties, we will request such third parties have appropriate technical and organisational measures in place to ensure the security of such data as required under the GDPR.
Protecting your data
The security of your personal information is important to us. We seek to use reasonable physical, technical, and administrative safeguards to protect the information we process. We have internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.
We limit access to your personal data to those who have a genuine business need to view it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.
Retention Periods
We retain all candidate data for a period of 48 months from the time of application. Your personal information will be deleted on one of the following occurrences:
deletion of your personal information by you via Pinpoint’s Manage Your Data Tool; or
receipt of a written request by you to us.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.
Automated Decision Making
Automated decision making means making certain limited decisions about you using no human involvement e.g. using computerised filtering equipment. We may leverage Pinpoint’s technology to help us identify appropriate candidates for us to consider based on criteria we have identified. The process of sourcing suitable candidates in this manner is automatic, however, any decision as to who we will engage to fill the job opening will be made by our team.
Your Rights
As a data subject, you have a number of rights. These include:
- the right to be informed about the data we hold on you and what we do with it
- the right of access to the data we hold on you. We operate a separate Subject Access Request policy and all such requests will be dealt with accordingly
- the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected (‘rectification’)
- the right to have data deleted in certain circumstances (‘erasure’)
- the right to restrict the processing of the data
- the right to transfer the data we hold on you to another party (‘portability’)
- the right to object to the inclusion of any information
- the right to regulate any automated decision-making and profiling of personal data.
In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so. If you wish to exercise any of the rights explained above, please contact dataprotection@adaptiximaging.com.
Making a Complaint
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO).
You can contact the ICO at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.
Data Protection Compliance
For the purpose of the GDPR, the Data Controller is Adaptix.
Contact: dataprotection@adaptiximaging.com
Tel: 01865 309619