Scope of privacy notice
This Recruitment Privacy Notice explains the type of information we process, why we are processing it and how that processing may affect you.
What do we mean by “personal data” and “processing”?
“Personal data” is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.
“Processing” means doing anything with the data. For example, it includes collecting it, holding it, disclosing it and deleting it.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by privacy law applicable to the Maven group to be “sensitive personal data”.
Your personal data
We process your data for the purposes of our recruitment practices. Some of the personal data that we process about you comes from you. For example, you tell us your contact details. Other personal data about you is generated from references and third party companies such as recruitment agencies. Your personal data will be seen internally by managers, administrators and HR.
How long do we keep your personal data?
If you are successful in your application your data will be kept on your personnel file. If you are unsuccessful, your data will normally be destroyed twenty-four months after you have been informed that you were unsuccessful. Irrelevant data such as CCTV images may be deleted after a short period in line with our building management’s policy (where applicable).
Transfers of personal data outside the European Economic Area (‘EEA’)
We may transfer your personal data within and outside the EEA to members of our group and other processors who provide us services in connection with the recruitment process. This may involve service providers and members of the Maven group situated in the UK, the Netherlands, the USA, Hong Kong, Singapore and Australia. Where necessary such transfers are covered by an intra-group transfer agreement.
In processing your personal data, we act as a data controller. Our contact details are as follows:
LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
What are the grounds for processing?
Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts more than one ground applies. We have summarised certain grounds such as Legal obligation, Legitimate Interests, Contract and Consent, and outline what those terms mean below.
Ground for processing – Processing necessary for performance of a contract with you or to take steps at your request to enter a contract
Explanation – This covers carrying out our contractual duties and exercising our contractual rights.
- Legal obligation
Ground for processing – Processing necessary to comply with our legal obligations Explanation – Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination and ensuring that work permits for non-EU candidates comply with local UK legislation.
- Legitimate Interests
Ground for processing – Processing necessary for our or a third party’s legitimate interests
Explanation – We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data. Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.
Ground for processing – You have consented to us and/or a third party processing your data.
Explanation – We may rely on consent where you have consented to us or a third party processing your data. For example, you may be asked whether you consent to us collecting personal information as part of your job application in order to help us ensure we are able to facilitate appropriate support and adjustments to individuals with a disability, or you may be asked whether you consent to the collection of anonymised demographic information for equality and diversity purposes. If you do give your consent to the processing of your personal data, you may subsequently withdraw your consent at any time, and are also able to access and seek correction to that data – please see the section entitled ‘Access to your data and other rights’ below for full details on how to do so. You can contact us with any such requests by emailing email@example.com.
Processing sensitive personal data
If we process sensitive personal data about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing sensitive personal data applies (see below), including that the processing is for equality and diversity purposes to the extent permitted by law.
In outline, these include:
- Processing being necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorised by law or collective agreement;
- Processing relating to data about you that you have made public (e.g. if you tell colleagues that you are ill);
- Processing being necessary for the purpose of establishing, making or defending legal claims;
- Processing being necessary for provision of health care or treatment and other related benefits, medical diagnosis, and assessment of your working capacity;
- Processing for equality and diversity purposes to the extent permitted by law.
- Processing where you have explicitly consented to us doing so
Further information on the data we process and our purposes
Examples of the data and the grounds on which we process data are in the table below. The examples in the table cannot, of course, be exhaustive.
Examples of personal data that may be processed – Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to work in the UK. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangement. We will also process, CVs, sound recordings (work phone lines are recorded), References, details of your work history, NI/social security numbers etc.
Grounds for processing – Contract, Legal obligation, Legitimate interests
- Contacting you or others on your behalf
Examples of personal data that may be processed – Your address and phone number, emergency contact information and information on your next of kin
Grounds for processing – Contract, Legitimate interests
Examples of personal data that may be processed – CCTV images, building access control data
Grounds for processing – Legitimate interests
- Monitoring of diversity and equal opportunities
Examples of personal data that may be processed – Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age.
Grounds for processing – Legal obligation, Legitimate interests, Consent.
Who gets to see your data?
Your personal data may be disclosed to managers, HR, third party screening and recruitment platforms and administrators for employment, administrative and management purposes as mentioned in this document. We may also disclose this to other members of our group.
Access to your personal data and other rights
We try to be as open as we reasonably can about personal data that we process. If you would like specific information, just ask us.
You also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information, including a description of the personal data, and an explanation of why we are processing it.
If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted.
We generally do not require consent, but in the case where we have specifically requested it as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.
If you have complaints relating to our processing of your personal data, you should raise these with HR in the first instance, as well as with Maven’s data privacy team by emailing firstname.lastname@example.org. You may also raise complaints with the relevant statutory regulator.
The statutory regulators that enforce and oversee data privacy regulations in the regions in which the Maven group operates are as follows:
UK: Information Commissioner’s Office – For contact and other details see: https://ico.org.uk/ICO
Netherlands: Dutch Data Protection Authority – For contact and other details see: https://autoriteitpersoonsgegevens.nl/en
Hong Kong: Office of the Privacy Commissioner for Personal Data – For contact and other details see: https://www.pcpd.org.hk/
Singapore: Personal Data Protection Commission – For contact and other details see: https://www.pdpc.gov.sg/
Australia: Office of the Australian Information Commissioner – For contact and other details see: https://www.oaic.gov.au/
This notice does not form part of any contractual relationship between the Company and a job applicant. This notice can be changed at any time.