Recruitment data processing notice
Global Reach Group (GRG) is committed to protecting the privacy and security of personal data of all of its recruitment candidates.
This privacy notice describes how we collect and use the personal information we collect about you throughout the recruitment process, in accordance with the Data Protection Legislation.
This notice applies to all candidates and GRG reserves the right to update this notice at any time.
GRG is a ‘data controller’, meaning that it is responsible for deciding how we hold and use personal information about you.
GRG is registered with the Information Commissioner’s Office (“ICO”). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
This notice sets out the basis on which any personal data we may collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Should you have any questions about this notice, or how we process your data, please contact our Data Protection Officer at [email protected].
Data Protection Principles
Throughout the recruitment process, we will process your personal data in compliance with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
The information we hold about you
Personal data means any information about an individual from which that person can be identified. The legislation also creates ‘special categories’ of more sensitive personal data which require a higher level of protection.
GRG will collect, store and use the following categories of personal information about you in connection with your application.
The information you have provided to us in your curriculum vitae and covering letter including:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;;
- Date of birth;
- Employment history,
Any further information contained in the CV and Cover letter you provide us, as well as any information you provide to us during an interview.
How we collect your information
We collect personal information about candidates from the following sources:
- You, the candidate.
- Our Pre-Employment Screening (PES) provider, from which we collect the following categories of data:
- Employment history
- Education history
- Current address and address history
- Unspent convictions
Disclosure and Barring Service in respect of criminal convictions:
Third parties such as Linkedin, which contain information that you have made publicly available
How we use your information
We will use the personal information we collect about you to:
- Assess your skills, qualifications and suitability for the role;
- Carry out background and reference checks, where applicable;
- Communicate with you
- Comply with our legal or regulatory requirements
It is in our legitimate interest to decide whether to appoint you to the role. We also need to process your personal information to decide whether to enter into a contract of employment with you should your application be successful.
Having received your CV and covering letter, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. First and second round interviews will be contingent upon your success in an initial phone interview. We will use the information that you provide us during the interview process to decide whether you meet the requirements for the role. If we decide to offer you the position, we will then take up references and carry out a background check before coming to your appointment.
IF YOU FAIL TO PROVIDE PERSONAL INFORMATION
If you fail to provide the requested information, which is necessary for us to consider your application, we will not be able to process your application successfully and offer you the employment.
How we process sensitive information
The sensitive data we may collect about you would have been provided by you at the point of your application. This may include the following categories of data:
- race or ethnicity;
- political beliefs;
- religious beliefs;
- trade union membership; and
- criminal convictions and offences, where applicable.
Please note, this data will not be used during your recruitment process.
INFORMATION ABOUT CRIMINAL CONVICTIONS
It is our policy to carry out a basic criminal data base search (a “DBS”) on all new staff. A more enhanced check will be required depending on your position. We are entitled to ask you to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal history which makes you unsuitable for the role. However, we will not carry out a check without your permission.
We have in place an appropriate policy documents and safeguards which we are required by law to maintain when processing such data.
We will share your personal information only with the following parties for the purpose of processing your application:
- Tru Narrative – Pre-Employment Screenings (PES)
- Sage People – HRIS provider
All our 3rd party services providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow 3rd party services providers to use your data for their own purposes or for purposes that are incompatible with that for which the data was initially collected. All of our 3rd party services providers are under contractual obligations to process your data only for specific purpose as defined by us and only in accordance with our instructions.
We have put in place adequate measures to protect your data from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal information only to individuals who need to know that data for the recruitment process. Any 3rd parties that access your data will only process it in accordance with our instructions and subject to strict duty of confidentiality.
We have in place procedures to deal with any suspected security breaches and will notify you, and any applicable regulator, of a suspected breach, where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for and for a maximum of 18 months following communication of the outcome of the recruitment process to you. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against any candidates on prohibited grounds and that we have conducted the recruitment process in a fair and transparent manner. After this period, we will securely destroy your information in accordance with our Data Retention Policy.
Data Protection Legislation awards the data subject a number of rights. By law, you have a right to:
- Request access to your personal information,
- Request correction of incomplete or inaccurate data that we hold about you.
- Request erasure of your personal data when there is no further reason for us to store that information.
- Object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation, which makes you want to object to processing on this ground.
- Request a restriction of processing of your personal information when you want to establish its accuracy or the reason for processing.
- Request a transfer of your personal data to another party.
If you want to exercise any of the above specified rights, please contact our Data Protection Officer at [email protected]. You are usually not required to pay a fee for access to your information (or exercising any of the other rights). However, in cases where your request is clearly unfounded or excessive, we may charge a reasonable fee or refuse to comply with your request. If you consider that our refusal to comply with your request is unreasonable, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO by going online to www.ico.org.uk/concerns
Changes to this Privacy Notice
GRG reserves the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information