Privacy Notice for Job Applicants
During the recruitment process, ENGYS (the Company or We) collects and processes personal data relating to job applicants (you).
The Company is committed to being clear and transparent about how it collects and uses that data and to meeting its data protection obligations under the EU Regulation 2016/679 – the General Data Protection Regulation (GDPR).
ENGYS Privacy Notice for Job Applicants – 23 October 2018
What information does the Company collect and process?
The Company collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the person can be identified. This includes:
- Personal contact details, such as your name, title, address and contact details, including email address and telephone number;
- details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers;
- information about your remuneration, including entitlement to benefits such as pensions; and
- information about your entitlement to work in the UK.
The Company collects this information in a variety of ways during the application and recruitment process. For example, data may be contained in application forms and CVs, obtained from identity documents, such as your passport and collected through interviews and assessment tests.
In some cases, the Company might collect personal data about you from third parties, such as references supplied by former employers and social media sites like LinkedIn.
Data is stored in a range of different places, including on your application record, in the Company's HR management systems and in other IT systems (including the Company's email system).
Why does the Company process personal data?
The Company needs to process data prior to entering into a contract with you. We also need to process data to enter into an employment contract with you and to meet our obligations under that employment contract.
In addition, the Company needs to process data to ensure that we are complying with our legal obligations. For example, we are required to check an employee's entitlement to work in the UK before employment begins.
The Company has a legitimate interest in processing personal data during the recruitment process and in keeping records of that process. Processing such data from job applicants enables the Company to manage the recruitment process, assess the suitability of candidates and make informed decision as to whom we wish to recruit. The Company may also have to process data from job applicants in order to defend legal claims.
The Company might also process health information if we need to make reasonable adjustments to the recruitment process for candidates with a disability.
If you fail to provide personal information
You are under no obligation to provide the Company with data during the recruitment process. However, if you do not prove certain information when requested, the Company may not be able to process your application for employment properly or at all.
You are under no obligation to provide information for equal opportunities monitoring purposes, and there are no consequences for you if this information is not provided.
Our employment decisions are not based solely on automated decision-making.
For how long does the Company keep your data?
The Company will only hold your personal data for as long as is necessary to fulfil the purposes for which we collected it. If your application for employment is unsuccessful, the Company will hold your data on file for 12 months after the end of the recruitment process in case other similar positions open. At the end of that period, your data is deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and we shall issue a new privacy notice which sets down the periods for which your data will be held.
Who has access to your data?
Your information will be shared internally for the purposes of the recruitment process, including with interviewers and members of the Company's board.
The Company will not share your data with third parties unless we make you an offer of employment. In those circumstances, the Company shall share your data with third parties where required by law and where it is necessary in order to administer the working relationship with you or where we have another legitimate interest in doing so. Your data shall be shared with the Company’s accountants, bank, pension provider and insurance brokers.
Some of your data may be transferred to countries outside the European Economic Area (EEA) in order to store and back up your information in the cloud. The Company will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA, including at least one of the following safeguards:
- We will ascertain whether your data will be stored in countries that have been deemed to provide an adequate level of protection for personal data on the basis on the GDPR. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
- We will only use data processors based in the US if the providers are compliant with the EU-US Privacy Shield framework, which requires them to afford similar protection to personal data shared between the EU and the US. For further details, see European Commission: EU-US Privacy Shield; and/or
- We will use specific contracts with Internal Third Parties and External Third Parties where needed which include Model Clauses approved by the European Commission which give personal data the same protection it has in the EU. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
How does the Company protect your data?
The Company takes the security of your data seriously. The Company has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (known as a “data subject access request”);
- require the Company to change incorrect or incomplete data;
- request erasure of your personal information. This enables you to ask the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing; and
- ask the Company to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it.
If you would like to exercise any of these rights, or you have any questions about this privacy notice, please contact Our data privacy manager by email at firstname.lastname@example.org, by telephone on +44 (0)20 3239 3041, or by post at ENGYS Ltd., Studio 20, Royal Victoria Patriotic Building, John Archer Way, London, SW18 3SX, UK.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) in the UK or the equivalent body in other EEA states.