Privacy Notice | Candidate (Recruitment)
Last updated: 7 September 2021
We take the collection, usage and security of your personal data seriously.
Purpose of this privacy notice
This privacy notice sets out how we use the personal data for any job candidate (hereafter “you”, or “your”). If you fall into this category then you are a ‘data subject’ for the purposes of this privacy notice.
You should read this privacy notice alongside any other notice we issue to you from time to time in relation to your personal data. This policy does not form part of any potential contract of employment (as applicable) and can be updated at any time.
We have separate policies and privacy notices in place in respect of other individuals (e.g. Elders (our personnel), carers, customers, and suppliers). For more information, please refer to www.elder.org or speak to us.
Who are we
As you’re aware, we are Elder Technologies Limited ("we", "our", "us" or “Elder”). Elder, is a limited company (with company number 09803204) registered at 230 City Road, London, EC1V 2TT. Elder is a “controller” (as explained further below) of your personal data in the context of your role with Elder.
Our data protection officer (or “DPO”) for the purpose of applicable data protection law is Paul McCormack of Kormoon Consulting Limited, who may be contacted at firstname.lastname@example.org.
Key concepts & jargon explained
“Personal data” is anything that can identify you or relates to you. It may be information which is directly linked to you but can also be information which indirectly identifies you. For example, your name is a basic example of information which can directly identify you. But consider information which in combination may identify you, for example - location data and date of birth.
“Special categories” of personal data are more sensitive and the law sets out what types of personal data are considered to be “special”. These include personal data relating to your:
racial or ethnic origin;
religious or philosophical beliefs;
trade union membership;
genetic or biometric data;
medical or health data;
sex life and sexual orientation.
“Controller” is the term used to identify the entity responsible for determining the reasons for using personal data and how it will be used. The controller (or data controller) is the entity then responsible at law for making sure the usage and any subsequent use or sharing of personal data is done so in line with the law. In your case, that “controller” is Elder.
“Processor” is the entity that acts on behalf of the controller. Typically (but not always), the processor is the entity that the controller has asked to provide a service to them which in turn supports the overall end service to the individual. For example, when we select a third party to provide our payroll services (i.e. making sure you are paid), they process your personal data on our behalf as a Processor.
“Processing” is anything you do with personal data. Almost anything you do with personal data counts as “processing”; collecting, recording, posting, storing, using, analysing, combining, disclosing or deleting it.
What personal data do we collect about you?
We may collect the following types of personal data about you:
Your contact details (e.g. name, email, home address, telephone number)
Information about your identity / profile (e.g. your data of birth)
Employment history (including your CV and references)
If necessary, criminal history / offence data (for background screening purposes)
Financial data (for payment of salary)
Technical Information (IP / Cookies)
User login data
Where do we get this personal data about you from?
Your personal data might be provided to us by you, or someone else (such as a former employer, your doctor, a recruitment agent, or a credit reference agency), or it could be created by us. It could be provided or created before, during or after the recruitment process. We may also collect information about you when you interact with Elder’s social media accounts (e.g. Twitter and LinkedIn) or when engaging with our careers page.
What do we use your personal data for?
We will only use your personal data if we have a good reason for doing so, we think it is ethically sound and the law allows us.
More specifically, will process personal data (including special categories of personal data) as required for the role you are applying for, to allow us to manage our recruitment processes (e.g. reviewing your application, scheduling interviews, providing contract of employment and pre-onboarding checks such as background screening).
After the recruitment process
Unless you don’t want us to, we shall continue to store and process your personal data following your initial application if you’re unsuccessful or don’t proceed with a particular role. We will do this to consider you and contact you for other open positions we think you might be interested in and to keep in touch so you don’t forget about us during this period.
What are the lawful justifications (known as a “lawful basis”) for using your personal data?
We typically use and process your personal data:
to comply with any legal obligations we are subject to; or
where it is necessary for our legitimate interests (or for the legitimate interests of someone else). However, we can only do this if your interests and rights do not override ours (or theirs). You have the right to challenge our legitimate interests and request that we stop this processing.
We will only process “special categories” of your personal data in certain situations and where we have your explicit consent (unless otherwise permitted by law to use without it - these would be rare exceptions). If we asked for your consent to process a special category of personal data then we will always explain the reasons for our request. You do not need to consent and can withdraw consent later if you choose by contacting the HR team.
What about any automated decisions about you?
We do not take automated decisions about you using your personal data or use profiling in relation to you.
Who do we share your personal data with?
Sometimes we might share your personal data with contractors, professional advisors, business partners and agents to carry out our obligations under our contract with you or for our legitimate interests. We require those companies to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
In addition to the above, we may also need to share your personal data with:
background employment screening organisations who will use it to verify whether or not you have a criminal history which would prevent you from being selected to provide care services to vulnerable persons;
analytics and search engine providers that assist us in the improvement and optimisation of the website;
as Elder expands, any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries for the purposes set out above;
in the event that we buy or sell any business or assets, including the sale of an individual website owned by us, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and
if Elder or substantially all of its assets are acquired by a third party, in which case personal data held by it about its personnel will be one of the transferred assets.
In some circumstances, such as when we receive a court order or are otherwise legally obligated to share your personal data, we may need to share any and all relevant personal data which may be required. We may also need to share personal data about you with other government agencies such as HMRC for the purpose of collecting tax and national insurance contributions, and the Home Office where required to verify eligibility to work in the United Kingdom.
International transfers of personal data
We typically store and host all of your personal data within the UK. We may however need to have your data processed outside of the UK either within the European Economic Area or further. When we do, we make sure we have all of the necessary precautions and safeguards in place to protect your personal data and comply with the law.
Security of your personal data
We have taken steps to protect the security of your data and will train our personnel about their data protection responsibilities as part of the induction process and as part of their ongoing duties at Elder.
How long do we keep your data for?
We will retain your personal information during the recruitment process you have engaged in. If you don’t proceed to employment with Elder, we will retain your personal information for 1 year thereafter. After each 1 year period, we will email you to see if you're happy to remain on our recruitment list for a further annual period.
We will always need to store a limited amount of your personal data for 7 years following any recruitment process you’ve been involved in. This is within our legitimate business interests to ensure we know who has applied for certain roles during a period of time, so we can learn from that process and we have a record in the event that any legal claim is raised in the future.
You can find out more information on the specific time periods within our data and records retention schedule. If at any point you wish to stop receiving such communications or to be taken off our recruitment contact list, you have the option to do this by easily clicking the “remove my data” button on this careers website or by contacting us.
What rights do you have regarding your personal data?
You have rights in relation to our processing of your personal data, including a right to lodge a complaint with the UK’s Information Commissioner’s Officer (the ICO). We’ve provided more information about your rights below.
You may have some of the following rights in relation to our processing of your personal data:
Information: Right to information about what personal data we process, how and on what basis as set out in this notice.
Access: Right to access your own personal data by way of a data subject access request. You can do this easily by clicking the “request my data” button.
Correct: Right to correct any inaccuracies in your personal data.
Erase: Right to request that we erase some or all of your personal data where we were not entitled under the law to process it, it is no longer necessary to process it for the purpose it was collected, or where you’ve provided your consent to process your personal data and you wish to withdraw it. To do so you can simply click the “remove my data” button.
Object: Right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
Automated Decision-Making: Right not to be subjected to automated decision-making.
Notice: Right (in some cases) to be notified of a data security breach concerning your personal data.
To consent or not to consent: Right not to consent or to withdraw your consent later. To withdraw your consent, you should contact HR or the DPO.
For more information about your rights, please refer to: ico.org.uk.
Contact / Further information
For questions, help, complaints or other information about your personal data or this privacy notice, please contact the DPO at: email@example.com.
Changes to this privacy notice
Any changes we make to this privacy notice in the future will be posted on this site. Please check this site regularly for any changes or updates.
Updated: 7 September 2021 - revising to bring privacy notice into line with Elder’s policy notice structure and house style.