This Privacy Notice applies to all candidates of Floreat Group (defined as Floreat Holding Limited and its subsidiaries).
We take your Data Protection seriously and in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), UK Data Protection Act 2018 and any successor legislation (the “Regulations”), we have reviewed our policies, processes and security procedures to ensure compliance with the new regulations.
This privacy notice is to inform you, our potential candidates, of the types of data we process about you, the reasons for processing your data, the lawful basis for processing, your rights and the retention periods of your data.
If you have any questions about your data or how we handle it, please contact us at email@example.com
Data protection principles
Under the Regulations in the UK and EU, all personal data obtained and held by us must be processed according to a set of core principles. Most of those principles are extended to other geographical locations and so apply to your personal data if you are a candidate outside of the UK and EU.
In accordance with these principles, we will ensure that:
- processing is fair, lawful and transparent
- data is collected for specific, explicit, and legitimate purposes
- data collected is adequate, relevant and limited to what is necessary for the purposes of processing
- data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- data is not kept for longer than is necessary for its given purpose
- data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- we comply with the relevant GDPR procedures for international transferring of personal data
Types of data held
Floreat Group is obliged to collect specific categories of candidate personal data in order to process your application.
Under the Regulations, we require to have a lawful basis for obtaining and processing this data during the application process. Where you are successful and become a valuable member of our team, we will provide an additional Privacy Notice which is available in our HR system.
We keep personal data relating to your application within our HR computer systems and in rare occasions in personnel files.
Specifically, we may process the following types of data you provide to us as part of the application process which includes in relation to interviews and any further information required following a conditional offer and request to undertake a background check:
- personal details such as name, address, phone numbers
- name and contact details of your next of kin
- your photograph
- your gender, marital status, information of any disability you have or other medical information
- right to work documentation
- a CV or other information supplied in CV covering letter
- references from former employers
- details on your education and employment history etc.
- National Insurance numbers
- bank account details
- tax codes
- driving license
- criminal convictions
- information relating to your employment with us, including:
- job title and job descriptions
- i) job title and job descriptions
- ii) your salary
- iii) your wider terms and conditions of employment
- CCTV footage if interviews are conducted onsite
- Building access records if interviews are conducted onsite
Collecting your data
You provide personal data to us directly during the recruitment and onboarding process with your consent.
In some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references or credit reference agencies and usually with your consent for us to do so.
Personal data is stored mainly in our HR systems – comprising both electronic and paper files.
Lawful basis for processing
The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to process and progress your application for employment with us or to comply with a legal requirement regarding employment.
The information below categorises the types of data processing we undertake and the lawful basis we rely on.
Activities relating to assessing your request for employment:
Activities relating to entering into an employment contract with you
Performance of Contract
Recruiting and onboarding employees
Special categories of data
Under Regulations Special categories of data require explicit consent for processing. Floreat Group only process special categories of data where required in order to meet a legal obligation as part of the application and recruitment process.
Special categories of data include data related to information such as your: health, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data.
We only carry out processing activities using special category data in circumstances where we are obliged to, such as:
- for the purposes of equal opportunities monitoring
- to determine reasonable adjustments
Most commonly, we will process special categories of data when the following applies:
- you have given explicit consent to the processing
- we must process the data in order to carry out our legal obligations
- we must process data for reasons of substantial public interest
- you have already made the data public.
Failure to provide data
Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment.
Who we share your data with
Employees within the HR function have access to your data based on their role and requirement to process your data in order to process your application and complete the recruitment process.
We have a data processing agreement in place with any third parties we use to process your data under our instructions, to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
Where our data is located with processors outside the EEA we have entered into Data Processing Contracts with them and apply Standard Contractual Clauses where appropriate.
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us.
Protecting your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to protect your data and will continue to monitor the effectiveness of these processes.
We only keep your data for as long as we need it for and in line with legal requirements, which will be at least for the duration of your employment. In instances where your application does not result in an accepted offer of employment, your data is retained for two years.
Automated decision making
Automated decision-making means making decision about you using no human involvement e.g. using computerised algorithms or programmes.
We do not undertake any automated decision making with your data.
You have the following rights in relation to the personal data we hold on you:
- the right to be informed about the data we hold on you and what we do with it
- the right of access to the data we hold on you
- the right for any inaccuracies in the data we hold on you to be corrected (rectified)
- the right to have data deleted in certain circumstances (erasure)
- the right to restrict the processing of the data
- the right to transfer the data we hold on you to another party (portability)
- the right to object to the inclusion of any information;
- the right to regulate any automated decision-making and profiling of personal data.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. In certain instances, this may not be permissible, and we will explain the reasons for this as part of our response.
Making a complaint
We will make every attempt to ensure you are satisfied with our handling of your data requests, however, you are entitled to raise a complaint with the Information Commissioner (ICO) if you are not satisfied. You can contact the ICO at https://ico.org.uk/concerns/ or by telephone on 0303 123 1113 (local rate) or 01625 545 745.
Last updated: June 2021