Applicant Privacy Notice
Lisa Angel Ltd (the Company, we, us, our) is committed to protecting the privacy and security of personal data belonging to all prospective employees, consultants, interns, work experience placements, volunteers, and contractors.
We are a data ‘controller’ for this information. This means that we are responsible for deciding how we hold and use personal data about you.
The purpose of this privacy notice is to explain to you the personal data we hold about you, and how we collect, use, and share it during the recruitment process and afterwards (whether or not that recruitment process results in you joining us). The provisions of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 require that we notify you of this information. This privacy notice explains:
- who we are;
- what personal information we collect about you;
- how, when and why we collect, store, use and share your personal data;
- how we keep your personal data secure;
- how long we keep your personal data;
- your rights in relation to your personal data; and
- how to contact us, or the relevant supervisory authority, should you have a complaint.
Please make sure that you read this notice together with any other related information or policies/notices that we may provide to you from time to time so that you know how and why we are using such information. If you have any questions about this privacy notice, or how we handle your personal information, please contact the Data Protection Officer whose details are at the end of this document.
References in this notice to “employment” are for expediency but where appropriate cover all types of relevant recruitment including voluntary work, agency staff and contractors and shall not be confined solely to the relationship of employer/employee.
Data protection principles
We will at all times comply with the data protection principles set out in the UK GDPR and Data Protection Act 2018 (which includes not only electronic data, but also personal data held in paper format in filing systems). We will ensure that your personal data are:
- processed lawfully, fairly and in a transparent manner;
- collected for specified and legitimate purposes that have been clearly explained to you and not
- further processed in a way that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they
- are processed;
- accurate and kept up to date;
- kept in a form which permits your identification for no longer than is necessary for those purposes; and
- processed in a way which ensures appropriate security of data.
In addition, the principle of accountability means that we, as data controller, are responsible for and must be able to demonstrate compliance with these principles.
For these purposes, personal data means any information about an individual from which that individual is capable of being identified. It does not include data where the identity has been removed (anonymised data). There are ‘special categories’ of sensitive personal data which require a higher level of protection.
What types of personal data do we collect about you?
We may collect, store and process the following types of personal data relating to you:
- information provided by you such as your name, address and contact details, including email address and telephone number;
- details of your educational background, qualifications, skills, training, experience and study, voluntary, work and/or employment history, including start and end dates with previous employers or organisations;
- hobbies and interests (if you have provided this); and
- details of your referees.
We may also, in certain circumstances, collect:
- information about your current salary level, including benefits;
- copies of qualification certificates;
- details of your professional memberships;
- information about any medical or health conditions, including whether or not you have a
disability in connection with which we need to make reasonable adjustments;
- information about your nationality and entitlement to work in the UK;
- details of your driving licence and vehicles you are entitled to drive (depending on the role);
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief;
- and whether they went to university; and
- other relevant information as applicable and as required by us to ensure that we fulfil our obligations as a prospective employer.
Note that some of this information is of the sort referred to as ‘special category’ data. Special category data is ‘personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation’. The processing of special category data is subject to restrictions and enhanced duties of care. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
How do we collect your personal data?
We may collect personal data about you in various ways. These include from:
- application forms that you have submitted to us, and from CVs;
- letters, emails and other forms of communication sent by you or on your behalf;
- your passport or other identity documents, such as your driving licence;
- conversations (in person and by telephone) with you;
- interviews, meetings or other assessments;
- government departments;
- your doctors and medical and occupational health professionals used by us;
- previous employers and referees;
- third parties involved in the recruitment process such as an employment agency.
How do we store your data?
We will keep your personal data secure at all times. Data will be stored in a range of different places including on your application file/record, in the Company’s HR management systems and in other IT systems (including the Company’s email system).
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by employees in the performance of their duties. We have procedures in place to deal with any suspected data security breach.
How long do we keep your personal information?
Personal data processed by us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing. How long we retain your personal data will depend on whether your application is successful, the nature of the information concerned, and the purposes for which it was acquired.
If your application is unsuccessful, recruitment information, including any notes made during your interview, will be kept for no longer than is reasonable, taking into account the limitation periods for potential claims, such as race or sex discrimination, after which they will be destroyed. Should there be a proper business reason for retaining recruitment records beyond the recruitment process, we may do so, but will always try and ensure that such data is retained in an anonymised form.
In the event that your application is successful, we will retain recruitment information which is relevant to, and necessary for, your employment. Our privacy notice in relation to employment will be supplied to you at the appropriate time.
Where your personal data is retained after the recruitment process has ended, this will generally be for one of the following reasons:
- so that we can respond to any questions, complaints or claims made by you or on your behalf;
- so that we are able to demonstrate that your joining and departure from this organisation was fair, and that you were treated fairly at all times;
- to establish, exercise or defend a legal claim;
- in order to comply with legal and regulatory requirements.
Please note, however, that different periods for keeping your personal data may apply depending upon the type of data being retained and the purpose of its retention.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
The legal basis for processing your personal information
The UK GDPR requires all organisations that process personal data to have a lawful basis for doing so.
The lawful bases identified in the UK GDPR are:
- Consent of the data subject;
- Performance of a contract with the data subject or to take steps to enter into a contract;
- Compliance with a legal obligation;
- To protect the vital interests of a data subject or another person;
- Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
How do we use your personal information and on what basis?
We need to process your personal data in connection with the recruitment process, to meet our obligations to you in that regard, and to ensure that we have the necessary information to enable us to assess your suitability for the role, maintain contact with you throughout the application process, and decide who to recruit. This includes, for example, issues relating to qualifications, experience, ability to do the work in question, willingness to accept the terms being offered, and freedom to take up the offer, should it be made, within a reasonable timescale.
In some cases, we will also need to process your personal data to make sure that we are complying with our legal obligations. This includes, for example, checking to make sure that you are entitled to work in the UK, to comply with health and safety laws, and to deal with issues such as reasonable adjustments and ensuring that you can attend an interview.
We also need to process your personal data to ensure that we are able to protect your interests (or those of someone else) and where it is needed in the public interest.
In other cases, we have a legitimate interest in processing your personal data, not only during the recruitment period but before and after. This might include:
- carrying out promotion of the job and ensuring that you receive details (where for example we
- hold your information in the event that a position becomes available);
- maintaining accurate and up-to-date records and contact details;
- taking up references;
- establishing, exercising and defending legal claims; and
- maintaining and promoting equality in the workplace.
There may be instances where we need to obtain and process data to satisfy legal and regulatory requirements placed upon us.
Where the data processed by us is special category data (for example your health data), we will rely on the following additional bases for processing that data; namely that it is:
- in limited circumstances, with your explicit consent;
- for the purpose of carrying out our obligations and exercising our rights in relation to your employment, and for the safeguarding of your fundamental rights;
- to protect your vital interests or those of another person, where you are incapable of giving your consent;
- in order to process personal data which is manifestly made public by you; or
- for establishing, exercising or defending a legal claim.
Situations in which we will use your sensitive personal information
In general, we will not process sensitive personal information about you unless it is necessary for performing or exercising obligations or rights in connection with employment. On rare occasions, there may be other reasons for processing, such as it is in the public interest to do so.
During the recruitment process we envisage that we will use information about your physical or mental health, or disability status, to ensure that we can meet our health and safety obligations in the workplace, to assess your fitness to work and to provide appropriate workplace adjustments.
We may process this information if we reasonably believe that you or another person are at risk of harm and the processing is necessary to protect you or them from physical, mental or emotional harm or to protect physical, mental or emotional well-being.
We will process information about your ethnic origin, sexual orientation, health or religion or belief, for the purposes of equal opportunities monitoring. If we do process special category data in this way the data will be anonymised. However, you are free to decide whether you wish to provide such data, and there will be no consequences for you should you choose not to do so.
Information about criminal convictions
We envisage that we will hold information about criminal convictions in certain circumstances. We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data.
We confirm that your personal data will only be used for the purposes for which it was collected, except in those circumstances where we reasonably consider that it needs to be used for another reason, and that reason is compatible with the original purpose. Should we need to use your personal data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.
Note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
What if you fail to provide personal information?
Please be aware that, in the event that you do not provide us with certain information when requested, we may not be able to process your application properly or at all, we may not be able to enter into a contract with you or we may be prevented from complying with our legal obligations. In some cases, you will be under a duty to supply us with certain personal data to satisfy your and our legal obligations.
Sharing your data with others
It may be necessary for us to share your personal data with others so that we can carry out the recruitment process, or to comply with legal or regulatory obligations to you or that we are subject to.
These may include:
- professional advisers such as HR consultants, recruitment consultants, solicitors in relation to legal issues, advisors, experts and management consultants;
- others within our business;
- your/our regulator(s);
- suppliers of services required in relation to your potential employment or recruitment.
If we share your personal data, we will always try and share it anonymously, and where we cannot do so we will ensure at all times that those with whom it is shared process it in an appropriate manner and take all necessary measures in order to protect it. We will only ever allow others to handle your personal data if we are satisfied that the measures which they take to protect your personal information are satisfactory.
Internally, your personal data may be shared with other staff members, including the HR Team, managers in the business area in which you may work, interview panel members.
We may also share your personal data with third parties to obtain pre-employment references (which may be other employers, clients you have acted for, or other professionals whose details you have given us for that purpose) and to obtain employment background checks from third-party providers.
From time to time, we will be required to disclose personal data and exchange information about you, or relating to you, with government, law enforcement and regulatory bodies and agencies to comply with our own legal and regulatory obligations.
From time to time it may be necessary for us to share data for statistical purposes (for example with our regulatory body). We will always take steps to try to ensure that information shared is anonymised; where this is not possible, we will require that the recipient of the information keeps it confidential at all times.
Your rights in relation to your data
Data protection legislation gives you various rights in relation to your personal data that we hold and process. These rights are subject to specific time limits in terms of how quickly we must respond to you. The rights which data subjects have are, in the main, set out in Articles 12–23 of the UK GDPR. They are as follows:
Right of access - this is usually known as making a data subject access request. It enables you to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to that personal data and various other information, including the purpose for the processing, with whom the data is shared, how long the data will be retained, and the existence of various other rights (see below).
Right to rectification - this enables you to have any inaccurate or incomplete personal information we hold about you corrected.
Right to erasure - sometimes referred to as the right to be forgotten, this is the right for you to request that, in certain circumstances, we delete data relating to you.
Right to restrict processing - the right to request that, in certain circumstances, we restrict the processing of your data.
Right to data portability - the right, in certain circumstances, to receive that personal data which you have provided to us, in a structured, commonly used, and machine-readable format, and a right to have that personal data transmitted to another controller.
Right to object - the right, in certain circumstances, to object to personal data being processed by us where it is in relation to direct marketing, or in relation to processing where we are relying on the legitimate interests of the business as our legal basis for doing so.
Right not to be subject to automated decision making - the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you. We do not envisage that any recruitment decisions will be taken about you based solely on automated decision making, including profiling.
Full details of these rights can be found in the UK GDPR or by reference to guidance produced by the Information Commissioner’s Office.
If you wish to exercise any of these rights, please contact the Data Protection Officer. We may need to request specific information from you to verify your identity and check your right to access the personal data or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it. Some of these rights are not automatic; the Data Protection Officer will discuss with you why the Firm might not be able to comply with a request from you to exercise them.
In the limited circumstances where you have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent please contact the Data Protection Officer. Once we have received notification that you have withdrawn your consent we will no longer process your personal information for the purpose you originally agreed to.
Making a complaint
If you have any concerns about our use of your personal information, please contact our Data Protection Officer, Will Francis, in the first instance (will@lisaangel.co.uk).
Despite our best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to the Information Commissioner’s Office; www.ico.org.uk.
Changes to this privacy notice
This privacy notice will be reviewed as and when appropriate and in line with an legislative changes. The terms and provisions of this notice may be changed, updated, and amended from time to time. If we do so during the period of your recruitment, we will inform you of those changes.