Applicant Privacy Notice
|Data Controller:||summ.it assist LLP, trading as summ.it (The Company)
3 Hardman Square, Spinningfields, Manchester, M3 3EB
|GDPR Officer:||Neil Smith, Head of IT
As part of any recruitment process, the Company collects and processes personal data relating to job applicants and, as such, is committed to being transparent about how it collects and uses such data and to meeting its data protection obligations under GDPR.
What information do we collect?
We collect a range of information about you. This includes;
- your name, address and contact details, including email address and telephone numbers;
- details of your qualifications, skills, experience and employment history;
- information about your current level of remuneration, including benefit entitlements;
- whether or not you have a disability for which we may need to make reasonable adjustments during the recruitment process;
- information about your entitlement to work in the UK;
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief;
- Information about criminal records (depending upon your role); and job related or behavioural on-line assessments.
We may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including online tests.
We may also collect personal data about you from third parties, such as references supplied by former employers or from criminal records checks; however, we will only contact these third parties once a job offer to you has been made.
Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).
Why do we process personal data?
We need to process data to take steps at your request prior to, and when entering into a contract with you.
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.
We also have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process to allow us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
We may process information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability which allows us to carry out our obligations and exercise specific rights in relation to employment.
Where we processes other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes. For some roles, we are required to seek information about criminal convictions and offences. Where we seek this information, we do it because it is necessary for us in carrying out our obligations and exercise specific rights in relation to employment.
We give a firm commitment that we will not use your data for any purpose other than the recruitment exercise for which you have applied or; with your specific consent, we may keep your personal data on file in case there are future employment opportunities for which you may be suited. If you give consent, you are free to withdraw your consent at any time.
Who has access to data?
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the management team, HR and interviewers involved in the recruitment process and IT staff if access to the data is necessary for the performance of their roles.
We will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. The company will then share your data with former employers to obtain references for you and (if role appropriate) the Disclosure and Barring Service to obtain necessary criminal records checks.
Your data may be transferred outside the European Economic Area (EEA) as we have an office in Mauritius however the UK GDPR standards are in place.
How do we protect data?
We take the security of your data seriously and have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
Our in-house IT Team manage all of our IT requirements ensuring that any IT partners or software providers are GDPR compliant.
In addition, our Employees are trained on and adhere to GDPR standards.
For how long do we keep data?
If your application for employment is unsuccessful, the company will hold your data on file for 12 months after the end of the relevant recruitment process. If you agree to allow the company to keep your personal data on file, the company will hold your data on file for a further 2 years for consideration for future employment opportunities. At the end of that period or once you withdraw your consent, your data is deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personal file and retained during your employment. The periods for which your data will be held will be provided to you in a new Employee Privacy Notice.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to the organisation during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
Recruitment processes are not based solely on automated decision-making.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the company to change incorrect or incomplete data;
- require the company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- object to the processing of your data where the company is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact Neil Smith, Head of IT, on e-mail address: firstname.lastname@example.org
If you believe that the company has not complied with your data protection rights, you can complain to the Information Commissioners Office however we encourage you to raise any questions or concerns with us internally in the first instance.
You can download a PDF of this page.