Purpose of the Privacy Notice:
James Hall Group of Companies (referred to as “the Company”) is committed to protecting the privacy and security of your personal information. The Company’s management team are “data controllers”, which means that we are responsible for deciding how we hold and use personal information about you.
This document is provided to you, in line with current data protection legislation, because you are applying for work with us, either as an employee, contractor or worker. As an applicant for a contract of employment or a contract for services within the Company, we will need to obtain and process certain information about you, in accordance with current data protection legislation.
This document acts as our ‘fair processing notice’ and outlines:
• What personal data we will collect about you.
• What lawful basis we have for processing that personal data.
• What will happen to the personal data following the completion of the application process, whether successful or unsuccessful.
This privacy notice will not form part of any contract of employment, or contract for services, and may be amended at any time.
Data Protection Principles:
When collecting and processing your personal data, we will comply with the data protection principles, which say that personal data must be:
• Processed fairly, lawfully and in a transparent manner.
• Processed for the specific purposes for which it was collected.
• Adequate, relevant and not excessive for the purpose for which it was collected.
• Accurate and up to date.
• Not kept longer than necessary for the purpose for which it was collected.
• Processed in a secure manner.
“Personal Data” is any information related to you or any other Data Subject, which can be used to directly or indirectly identify the person.
“Sensitive personal data” relates to information concerning a data subject’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual orientation, or details of criminal offences.
“Data Processing” includes obtaining, recording or holding data, organising, amending, retrieving, using, disclosing, erasing or destroying data and transferring data to third parties.
Personal data we process about you:
In connection with your application for work with us, we will collect and store the following categories of personal data about you:
• The information you provide in your CV and application form.
• Any information you provide during interviews and other selection processes.
• Test results from literacy, numeracy and role specific selection tests.
As an applicant to the Company, we will collect personal data relating to you to enable us to evaluate whether or not to proceed with your application and then offer you a contract of employment or a contract for services.
Should you be successful in your application then the personal data collected through the application process will form part of your employment / contractor records. This data will be retained in accordance with your contract of employment / contract for services and our Data Protection Policy, which can be found on the Company website.
The lawful basis on which we will be relying upon to process your personal data is a “legitimate interest”. It is in our legitimate interests to obtain limited personal data about you to enable us to assess your application. Given the limited nature of the personal data we will collect and process we see there being no negative impact on your rights in obtaining and processing that data.
Sensitive data we may process about you:
Dependant on the role for which you are applying for, we may collect, store and use special categories of sensitive personal data about you, which includes but is not limited to information provided through background checks, including P250, P13 and Basic Disclosure Check through the Post Office. You can object to us undertaking these searches, however, if you do object then it is likely that we will be unable to proceed with your application.
The lawful basis for processing this sensitive data will be “legal obligation”. If we are undertaking these searches it is because the job you are applying for/service you intend to provide (as applicable) requires us to undertake them.
We will use information gathered through our equal opportunities form about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual orientation, to produce meaningful equal opportunity monitoring and reporting.
We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during an interview or test.
If you are applying for a role which will be based at Bowland View, you will be required to attend a medical examination with the Company Doctor at the start of your employment.
The Company Doctor will collect and process your medical information, which is classified as sensitive personal data. This data is stored independently to your personnel records and will not be shared with any representative from the Company without your explicit consent.
The lawful basis for processing this sensitive data will be “legitimate interest”.
How we will collect your data:
We collect personal information about employees, workers and contactors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.
Failure to provide data:
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your
application successfully.
Automated decision-making:
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Your rights in connection with personal data:
Under certain circumstances, by law you have the right to:
• Request access to your personal information. This process is called a “data subject access request” and enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request the transfer of your personal information to another party. This will only be actioned with your written, explicit consent.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You have the right to object where we are processing your personal information for direct marketing purposes.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no lawful reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please send an email to dpo@jameshall.co.uk.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Data Protection Officer (DPO):
We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at dpo@jameshall.co.uk or 01772 706666.
Data retention:
We will not keep your personal data for longer than is necessary for the purposes outlined above. All personal data is retained in accordance with our Data Protection Policy which is available on our Company website.
Security of data:
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if they agree to comply with those procedures and policies, or if they have in place their own adequate measures that are satisfactory to us.
Transferring data to a third party:
We will only provide your personal data to third parties where we are undertaking background searches against you. We will notify you of the identity of these third parties prior to undertaking the searches.
Transfer of data outside of the EEA:
We may have reason to transfer your personal data outside of the EEA where certain third party suppliers on which we rely are based outside of the EEA. We only transfer data outside of the EEA where we have in place suitable contractual provisions to ensure that the data is being stored and processed in accordance with our instructions, used only for the purpose for which it was obtained and retained in accordance with our Data Protection Policy. We will notify you of the identities of such third parties in the event we need to transfer your personal data outside of the EEA.
Breaches of Data Protection Principles:
If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with the DPO at dpo@jameshall.co.uk or 01772 706666. All such concerns will be investigated with the utmost seriousness and professionalism and in accordance with our obligations.
If you believe that we have not handled any complaints relating to your personal data appropriately, you can contact the Information Commissioner’s Office (see www.ico.gov.uk) who will be able to guide you as to the your options should you wish to pursue the matter further.