Dataquest (UK) Ltd is a ‘Controller’ of the personal data you provide to us. This means that we collect and process personal data relating to job applicants as part of our recruitment processes. Personal data is information about you that means we can identify you – this can be either directly from the data or by combining the data with other information that we hold.
We take the privacy of your personal data very seriously, and we will respect any data you share with us, make sure it stored securely and destroyed when no longer needed. We will only use your personal information fairly, as set out in this privacy statement, and we’ll be transparent with you about what information we collect and why, how we use it, with whom we share it, and your rights in relation to your personal data. By doing this, we are able to meet our data protection obligations under the General Data Protection Regulation (GDPR).
The information we collect about you for recruitment purposes is only obtained directly from you, such as from your CV, interviews and any assessments. This includes:
– Your name and address;
– Your contact details (such as your telephone number and your email address);
– Information from your CV or employment application or interviews (including your skills, previous experience, qualifications and employment history);
– Your current salary, benefits and notice period;
– The remuneration and rewards you expect from your next role;
– Information about whether you hold the right to work in the UK;
– Whether you require any reasonable adjustments to be made to the recruitment process if you have a disability.
Under GDPR, we can only process personal data there is a lawful basis for processing. This would be either express consent from you, your personal data being necessary for the performance of contract, your personal data being necessary for compliance with legal obligations, or it being in our legitimate interests. At Dataquest (UK) Ltd, there are a number of lawful reasons why we process your data during our recruitment process:
Necessary for compliance with legal obligations
This is where we are required to process personal data to comply with the law. This would include checking that you hold the right to work in the UK, or making reasonable adjustments to our recruitment process if you have a disability to comply with the Equality Act.
This means processing your personal data is in our legitimate interests, because it means we can:
– Run effective recruitment processes;
– Confirm your suitability for employment;
– Decide which candidate should be offered the role;
– Respond to or defend against legal claims brought against the Company.
If your application is successful, then we will need to request further personal data from you to enter into a contract with you. At this stage, you’ll be provided with our Privacy Notice for Employees.
Your data may be shared internally for the purposes of the recruitment process This would include sharing your data with the HR team, any individuals involved in the recruitment process, hiring managers within the business with a live vacancy and IT staff if access to the data is required for them to perform their roles effectively.
We won’t share your personal data with third parties during the recruitment process, and your personal data won’t be transferred outside the European Economic Area (EEA).
If your application is successful and you’re offered a role with us, then your data will be shared with some third parties; details of this can be found in our Privacy Notice for Employees which will be provided to you once you have been offered a position.
If your application is successful and you are offered a role with the Company, your data will be retained in line with the retention periods set our in our Privacy Notice for Employees.
If your application is unsuccessful, your personal data will be retained on file for a period of 6-months from the end of the recruitment process, this is to enable the Company to be able to respond to or defend against any claims brought.
If your application is unsuccessful but you might be a fit for future roles, then we may seek explicit consent from you to retain your data for a further 12 months to ensure we can consider you for future employment opportunities. At the end of the 12 month period (or if you withdraw your consent prior to this) we’ll destroy your personal data.
We understand that the security of your personal data is paramount, and we take data security extremely seriously. We have a number of internal policies and controls in place to make sure your data is protected from unauthorised access, misuse and accidental loss or disclosure including:
– Any hard copies of recruitment-related personal data are stored in a locked, secure filing cabinet with limited access;
– Soft copies of recruitment-related personal data are stored on a secure server with limited access;
– Emails are stored in secure mailboxes with limited access.
In addition to the above, we are accredited by ISO in relation to our information security procedures.
You have a number of rights in relation to your data, including:
– Being able to access a copy of your data;
– Require us to rectify any omissions, inaccuracies, or errors in your data;
– Require us to stop processing your data, or to delete the data we hold about you;
– Where you’ve provided us with consent to process your data, you can withdraw this at any time;
– You can object to us processing your data where we are relying on our legitimate interests as the legal ground for processing (unless we can demonstrate compelling legitimate grounds for processing your personal data, which override your rights, interests and freedoms).
If you would like to exercise any of these rights, please contact email@example.com
If you believe the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
If you choose not to provide your personal data to us then we cannot process your application, so we will not be in a position to consider you for the vacancy for which you applied.