Scope of privacy notice
1 – Like most businesses, we hold and process a wide range of information, some of which relates to individuals who are applying to work for us. This notice explains the type of information we process, why we are processing it and how that processing may affect you.
The notice focuses on individuals who are applying to work for us and the data we process as part of that process. We have a separate Workplace Privacy Notice that applies to our current and former employees.
2 – In brief, this notice explains:
- what personal data we hold and why we process it;
- the legal grounds which allow us to process your personal data;
- where the data comes from, who gets to see it and how long we keep it;
- how to access your personal data and other rights;
- how to contact us.
Personal data – what we hold and why we process it
3 – We process data for the purposes of our business including recruitment, management, administrative, employment and legal purposes.
Where the data comes from and who gets to see it
4 – Some of the personal data that we process about you comes from you. For example, you tell us your contact details and work history. If you are joining us, you may provide your banking details.
Other personal data may come from third parties such as recruiters acting on your behalf or from your references.
Your personal data will be seen internally by managers, HR and, in some circumstances (if you join us) colleagues. We will where necessary and as set out in this privacy notice also pass your data outside the organisation, for example to people you are dealing with and background checking agencies.
How long do we keep your personal data?
5 – We do not keep your personal data for any specific period but will not keep it for longer than is necessary for our purposes. In general, if you become employed by us we will keep your personal data for the duration of your employment and for a period afterwards. If you are unsuccessful in gaining employment with us, we will likely keep your personal data for a short period after informing you that you were unsuccessful.
Transfers of personal data outside the EEA
All information you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. You must not share your password with anyone.
Your data rights
7– You have a right to make a subject access request to receive information about the data that we process about you.
You have the right to ask us to rectify any inaccurate or incomplete personal data we hold about you, by providing a supplementary statement to us.
You have the right to require we erase your personal data which we are processing where there is insufficient grounds for processing or consent hasn’t been given to do so.
Please note that generally the data controller of your personal data will be your employing/engaging entity (or the employing/engaging entity that you apply to work for) but also entities within DMGT plc and its group companies with which we share data for business administration purposes.
What do we mean by “personal data” and “processing”?
9 – “Personal data” is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.
Data “processed automatically” includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device. It covers data derived from equipment such as access passes within a building, data on use of vehicles and sound and image data such as CCTV or photographs.
“Processing” means doing anything with the data. For example, it includes collecting it, holding it, disclosing it and deleting it.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by EU privacy law to be “sensitive personal data”.
References in this notice to employment, work (and similar expressions) include any arrangement we may have under which an individual provides us with work or services, or applies for such work or services. By way of example, when we mention an “employment contract”, that includes a contract under which you provide us with services; when we refer to ending your potential employment, that includes terminating a contract for services. We use the word “you” to refer to anyone within the scope of the notice.
Legal grounds for processing personal data
10 – What are the grounds for processing?
Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts more than one ground applies. We have summarised these grounds as Contract, Legal obligation, Legitimate Interests and Consent and outline what those terms mean in the following table.
Processing sensitive personal data
11 – If we process sensitive personal data about you (for example (but without limitation), processing your health records to assist us in ensuring that we provide you with any reasonably adjustments necessary during the recruitment process), as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing sensitive personal data applies. In outline, these include:
- Processing being necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorised by law or collective agreement;
- Processing relating to data about you that you have made public (e.g. if you tell us that you are ill);
- Processing being necessary for the purpose of establishing, making or defending legal claims;
- Processing being necessary for provision of health care or treatment, medical diagnosis, and assessment of your working capacity;
- Processing for equality and diversity purposes to the extent permitted by law.
Further information on the data we process and our purposes
12 – The Core Notice outlines the purposes for which we process your personal data. More specific information on these, examples of the data and the grounds on which we process data are in the table below.
Please note that if you accept an offer from us the business will process further information as part of the employment relationship. We will provide you with our full Employee Data Processing & Privacy Statement as part of our on-boarding process.
Where the data comes from
13 – When you apply to work for us the initial data about you that we process is likely to come from you: for example, contact details, bank details and information on your immigration status and whether you can lawfully work. Where necessary and in accordance with this privacy notice, we will require references and information to carry out background checks. If you have concerns about this in a particular context, you should speak to your recruiter or our HR department.
Please note we may also receive data from third party recruiters, agents and similar organisations as a part of the recruitment process.
Who gets to see your data?
14 – Where necessary and as set out this privacy notice, your personal data will be disclosed to relevant managers, HR and administrators for the purposes of your application as mentioned in this document. We will also disclose this to other members of our group where necessary for decision making regarding your application – this will depend on the type of role you are applying for.
15 – We will only disclose your personal data outside the group if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you.
We will disclose your data if it is necessary for our legitimate interests as an organisation or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy). Where necessary, we will also disclose your personal data if you consent, where we are required to do so by law or in connection with criminal or regulatory investigations.
16 – Specific circumstances in which your personal data may be disclosed include:
- Disclosure to organisations that process data on our behalf such as our payroll service, insurers and other benefit providers, our bank and organisations that host our IT systems and data. This would normally occur if you accept an offer from us and would be carried out as part of the on-boarding process;
- To third party recruitment consultants and similar businesses (including online recruitment portals) as a part of the recruitment process;
- Disclosure of aggregated and anonymised diversity data to relevant regulators as part of a formal request (see above).
Retaining your personal data – more information
17 – Although there is no specific period for which we will keep your personal data, we will not keep it for longer than is necessary for our purposes. In general if you are successful in becoming employed by us, we will keep your personal data for the duration of your employment and for a period afterwards. If you are unsuccessful in gaining employment with us, we will likely keep your personal data for a short period after informing you that you were unsuccessful. In considering how long to keep your data, we will take into account its relevance to our business and your potential employment either as a record or in the event of a legal claim.
If your data is only useful for a short period (for example, CCTV footage data) we will delete it.
Personal data relating to job applicants (other than the person who is successful) will normally be deleted after 12 months.
Access to your personal data and other rights
18 – We try to be as open as we reasonably can about personal data that we process. If you would like specific information, just ask us.
You also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information on it, including:
- Giving you a description and copy of the personal data
- Telling you why we are processing it
If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted. If you have provided us with data about yourself (for example your address or bank details), you have the right to be given the data in machine readable format for transmitting to another data controller. This only applies if the ground for processing is Consent or Contract.
If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.
19 – If you have complaints relating to our processing of your personal data, you should raise these with HR in the first instance. You may also raise complaints with your statutory regulator. For contact and other details please contact Jobs@landmark.co.uk.
Status of this notice
20 – This notice does not form part of any contract of employment that you may enter into with us and does not create contractual rights or obligations. It may be amended by us at any time. Nothing in this notice is intended to create an employment relationship between Landmark Information Group and any non-employee.