Introduction
This document demonstrates our commitment to protect the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in advance of any employment relationship in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.
Pursuant to that legislation, when processing data we will:
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for reasons that we find proper for the course of your employment in ways that have been explained to you
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate).
The Advocacy Project is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, or sexual orientation, genetic data, and biometric data which require a higher level of protection.
This statement is applicable to job applicants. It is not intended to, neither will it, form part of any contract of employment or contract of services. We reserve the right to make changes to this statement at any time, if you are affected by substantial changes we will make an alternative statement available to you.
Where you are successful in your application and are appointed to a position you will receive details of our data protection compliance statement (privacy notice).
Details of Information we will hold about you
The list below identifies the kind of data that we will process about you during the application process:
- personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
- date of birth
- gender
- information included on your CV including references, education history and employment history
- documentation relating to your right to work in the UK
- evidence of qualifications or professional memberships.
The following list identifies the kind of data that we will process and which falls within the scope of “special categories” of more sensitive personal information:
- information relating to your race or ethnicity, religious beliefs, sexual orientation, and political opinions
- information about your health, including any medical conditions and disabilities;
- information about criminal convictions and offenses
How we collect your personal information
Your personal information is obtained through the application and recruitment process, this may be directly from candidates, via an employment agency or a third party who undertakes background checks. We may occasionally request further information from third parties including, but not limited to, previous employers, credit reference agencies or other background check agencies And any further personal information that may be collected in the course of job-related activities throughout the period of you working for us in the event you become an employee.
Processing information about you
We will only administer personal information in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:
- consent: You have given clear consent for us to process your personal data for a specific purpose.
- contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
- legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
- vital interests: the processing is necessary to protect someone’s life.
- public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
The lawful basis for processing your personal information
We consider that the basis for which we will process the data contained in the list above (see section above – details of information we will hold about you) is to enable us to consider whether we may wish to/prepare for entering into a contract or agreement with you and to enable us to comply with our legal obligations. Occasionally, we may process personal information about you to pursue legitimate interests of our own or those of third parties, provided there is no good reason to protect your interests and your fundamental rights do not override those interests.
The circumstances in which we will process your personal information are listed below:
- making a decision about your recruitment or appointment
- making decisions about terms and conditions, salary and other benefits
- checking you are legally entitled to work in the UK
- assessing qualifications for a particular job or task
- education, training and development requirements
- complying with health and safety obligations
- preventing fraud
- in order to fulfill equal opportunity monitoring or reporting obligations
There may be more than one reason to validate the reason for processing your personal information.
The lawful basis for processing ‘special categories’ of sensitive data
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
- consent: You have given clear consent for us to process your personal data for a specific purpose.
- contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
- legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations) and meets the obligations under our data protection policy.
- vital interests: the processing is necessary to protect someone’s life.
- public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law. and meets the obligations under our data protection policy. (For example in the case of equal opportunities monitoring).
- legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests (For example to assess your capacity to work on the grounds of ill health).
Occasionally, special categories of data may be processed where you are not capable of giving your consent, where you have already made the information public or in the course of legitimate business activities or legal obligations and in line with the appropriate safeguards.
Examples of the circumstances in which we will process special categories of your particularly sensitive personal information are listed below (this list is non-exhaustive):
- in order to protect your health and safety in the workplace
- to assess your physical or emotional fitness to work
- to determine if reasonable adjustments are needed or are in place
- in order to fulfill equal opportunity monitoring or reporting obligations
Where appropriate, we may seek your written authorisation to process special categories of data. Upon such an occasion we will endeavor to provide full and clear reasons at that time in order for you to make an informed decision. In any situation where consent is sought, please be advised that you are under no contractual obligation to comply with a request. Should you decline to consent you will not suffer a detriment.
Information about criminal convictions
We will only collect criminal convictions data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your engagement should you be successful.
Automated decision-making
We do not anticipate that any of our decisions will occur without human involvement. Should we use any form of automated decision making we will advise you of any change in writing.
Sharing data
Your data will be shared with individuals within the Company where it is necessary for them to undertake their duties with regard to recruitment. This includes, for example, the HR department, those in the department where the vacancy is who are responsible for screening your application and interviewing you, the IT department.
It may be necessary for us to share your personal data with a third party or third party service provider (including, but not limited to, contractors, agents or other associated/group companies) within, or outside of, the European Union (EU). Data sharing may arise due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.
The list below identifies which activities are carried out by third parties on our behalf:
- payroll
- pension providers/administrators
- IT services
- legal advisors
- security
- insurance providers
- occupational health
Data may be shared with 3rd parties in the following circumstances:
- in relation to the maintenance support and/or hosting of data
- to adhere with a legal obligation
- in the process of obtaining advice and help in order to adhere to legal obligations.
If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.
We do not anticipate that we will transfer data to other countries.
Data security
As part of our commitment to protecting the security of any data we process, we have put the following measures in place Privacy Policy and Data protection If you would like further details please contact Ali Wright Deputy CEO or HR.
In addition, we have put further security measures in place to avoid data from being accessed, damaged, interfered with, lost, damaged, stolen or compromised. In cases of a breach, or suspected breach, of data security, you will be informed, as will any appropriate regulator, in accordance with our legal obligations.
Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidance and in accordance with the duty of confidentiality.
Data retention
We anticipate that we will retain your data as part of the recruitment process for no longer than is necessary for the purpose for which it was collected. We will keep your data for 6 months post the recruitment campaign
We have given consideration to the following in order to decide the appropriate retention period:
- quantity
- nature
- sensitivity
- risk of harm
- purpose for processing
- legal obligations
If your application is not successful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable job vacancies, we will keep your data for 6 months once the recruitment exercise ends.
Your rights in relation to your data
We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.
In some situations, you may have the:
- Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
- Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.
- Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
- Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
- Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- Right to portability. You may transfer the data that we hold on you for your own purposes.
- Right to request the transfer. You have the right to request the transfer of your personal information to another party.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact Ali Wright Deputy CEO.
Consequences of your failure to provide personal information
If you neglect to provide certain information when requested, it may affect our ability to enter into an employment contract with you, and it may prevent us from complying with our legal obligations.
Change of purpose for processing data
We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.
Important note: We may process your personal information without your knowledge or consent, in compliance with the above rules (see above section – lawful basis for processing your personal information).
In the event that you enter into an employment contract with us, any information already collected may be processed further in accordance with our data protection policy, a copy of which will be provided to you.
Questions or complaints
It is the responsibility of our Data Protection Officer (DPO) to oversee compliance with this statement. Should you have any questions regarding this statement, or how we process your personal information, please contact Ai Wright Deputy CEO
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.
Our Website
Use of cookies
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. This information is sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device and are widely used to make websites work more efficiently, and to provide information to the owners of the site.
We use Google Analytics, social media plug-in and session ID cookies to help us:
- Improve the speed and security of the website.
- Understand the way our visitors use our website and improve their experience.
- Allow visitors to share pages on social networks such as Twitter and Linkedin
We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting this website and will not associate any data gathered from this site with any personally identifying information from any source.
We will not pass the data on to advertising networks or other third parties. Any third party links to social networking services only deploy third party cookies if you have already signed up to and are signed into these services.
You can opt out of being tracked by Google Analytics across all websites. Most web browsers allow some control of most cookies through the browser settings. Find out more about cookies, including how to see what cookies have been set and how to manage and delete them.
Information we collect
We use cookies to collect information in an anonymous form about your use of the website. We will also collect information you knowingly provide to us (such as your name and email address) if you choose to register for our email newsletters or contact us through any other form on the website.
Personal data
Any personal information we collect from this website will be used in accordance with the Data Protection Act 1998 and the EU General Data Protection Regulation (GDPR). Personal data submitted on this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.
We may use your personal information to:
- Administer the website
- Send you newsletters that you have specifically requested
- Handle referrals, enquiries and complaints that you have made via our forms
Data disclosure
We may disclose information about you to any of our employees, officers, agents, suppliers or sub-contractors as is reasonable for the purposes set out in this privacy policy. In addition, we may disclose information about you:
- To the extent that we are required to do so by law
- In connection with any legal proceedings or prospective legal proceedings
- In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
Except as provided in this privacy policy, we will not provide your information to third parties.
Security
Keeping information about you secure is very important to us. However, no data transmission over the Internet can be guaranteed to be totally secure. As a result, while we strive to protect your personal information, we cannot ensure or warrant the security of any information which you deliberately send to us, and you do so at your own risk.
Changes to the policy
We may update our privacy policy from time to time. We suggest that you check this page occasionally to ensure you are happy with any updates.
Your rights
You have the right to ask for any personal information we hold about you. Please let us know if any information we hold about you needs to be corrected or updated.
Other websites
Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.
Questions
If you have any questions concerning anything on our website, please contact us.