CANDIDATE PRIVACY NOTICE
Here at notonthehighstreet.com (NOTHS), we collect and process personal data relating to our candidates to consider your application as a candidate and decide who to employ. We’re committed to being transparent about how we collect and use personal data and also to meeting our data protection obligations.
WHAT PERSONAL DATA DO WE COLLECT?
We collect and process a range of information about candidates, including:
● name, address and contact details, including email address, telephone number, date of birth and gender;
● details of your qualifications, skills, experience and employment history;
● information about your nationality and entitlement to work in the UK;
● information about your criminal records;
● national insurance number; and
● information about medical and health conditions, including whether or not you have a disability for which we need to make reasonable adjustments.
HOW DO WE COLLECT PERSONAL DATA?
We collect your personal data in a variety of ways. We collect data through application forms, CVs, your passport and other documents. We also collect data from correspondence with you or through interviews, meetings or other assessments.
In some cases, we collect personal data about you from third parties, such as references supplied by you, former employers, information from employment background check providers and information from criminal records checks permitted by law.
Data is stored in a range of different places, including in your personnel file, in our HR system and in other
IT systems (including our email system).
All personnel files are confidential and are stored on a secure drive. Only authorised employees have access to these files using their password protected accounts. Our People team can provide a list of these authorised employees upon request. We also have network backup procedures in place to ensure that data stored on computers cannot be accidentally lost or destroyed.
WHY DO WE COLLECT PERSONAL DATA?
We need to collect your personal data for numerous reasons. We process your personal data to consider your application as a candidate and decide who to employ, to pursue our legitimate interests or to meet our legal obligations. Please see the table below for our processing activities, our reasons for processing your personal data and the legal basis for doing so.
Reason for processing
Retaining all personal and employment related details/documents
To ensure we have accurate records for you when considering your application
Legitimate interests and/or legal obligation to retain documentation, depending on the nature of the documentation
Retaining all personal details/documents
To have access to up to date contact and emergency contact details during the application process
To undertake background checks before/at the beginning of your employment
Retaining the right to work
To ensure we have up to date copies of your RTW documentation
To keep you updated on the progress of your application.
WHEN IS PERSONAL DATA SHARED?
Your personal data will be shared internally, including with members of the People and Experience team and Exec team, your hiring manager, other managers in the business area in which you may work and IT staff, to the extent that access to data is necessary for the performance of their roles and to consider your application.
We also share your personal data with external suppliers who process data on our behalf, for example, to undertake background checks or to arrange assessments. Please see the table below for a list of our third party partners, our reasons for sharing your personal data with them as well as information on international data transfers and the reassurance that safeguards are in place to protect your personal data where it is transferred outside of the European Economic Area (EEA).
Name of third party
Reason for sharing personal data
Is data transferred outside EEA?
Are safeguards in place to protect international data transfer?
To provide an efficient way of sharing and arranging signature of documents
To process your application we share data and collaborate on the recruitment process using Google Workspace
To provide NOTHS with an applicant tracking system for recruitment purposes
To process your application we share data and collaborate on the recruitment process using Slack
To coordinate technical assessments
To complete background checks
Willis Tower Watson
To support us in organising any occupational health assessments
WHAT RIGHTS DO YOU HAVE?
As a data subject and a candidate of NOTHS, you have a number of rights in relation to your personal data. These include the right to rectify inaccurate data and the right to request access to your data (a subject access request). Please see the Information Security Policy for more details on these rights.
If you would like to request any of your rights, please contact a member of the legal team.
HOW LONG IS PERSONAL DATA RETAINED FOR?
Your personal data will be retained for different periods of time, depending on the nature of the data. Our overriding principle is to retain your personal data only for as long as is necessary for the purposes for which your personal data was originally collected. Please see the table below, which states our retention periods for certain types of personal data:
Category of your personal data
Identifiable information on your personnel file
We do not base any decisions during your employment on automated decision-making.
When considering changes that we consider may substantially impact your privacy (e.g. engaging a new benefit supplier), we will carry out a data protection impact assessment to determine the necessity and proportionality of processing. This will include considering the purposes for which the activity is carried out, the risks for you and any measures that can be put in place to mitigate those risks.
UK GDPR requires us to notify any personal data breaches to the applicable regulator and, in certain instances, you. We have put in place procedures to deal with any suspected personal data breaches and will notify you or any applicable regulator where we are legally required to do so.
If you have any questions or concerns please reach out to the People team or your hiring manager.
You are responsible for helping us keep your personal data up to date. You should let us know if any data you have provided to us changes, for example, if you move house.
Last updated: 1 September 2021