Candidate privacy policy

Background

This Privacy Notice applies to all candidates of Floreat Group (defined as Floreat Holding Limited and its subsidiaries).

We take your Data Protection seriously and in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), UK Data Protection Act 2018 and any successor legislation (the “Regulations”), we have reviewed our policies, processes and security procedures to ensure compliance with the new regulations.

This privacy notice is to inform you, our potential candidates, of the types of data we process about you, the reasons for processing your data, the lawful basis for processing, your rights and the retention periods of your data.

If you have any questions about your data or how we handle it, please contact us at careers@floreat.com

Types of data held

Floreat Group is obliged to collect specific categories of candidate personal data in order to process your application.

Under the Regulations, we require to have a lawful basis for obtaining and processing this data during the application process. Where you are successful and become a valuable member of our team, we will provide an additional Privacy Notice which is available in our HR system.

We keep personal data relating to your application within our HR computer systems and in rare occasions in personnel files.

Specifically, we may process the following types of data you provide to us as part of the application process which includes in relation to interviews and any further information required following a conditional offer and request to undertake a background check:

  • personal details such as name, address, phone numbers
  • name and contact details of your next of kin
  • your photograph
  • your gender, marital status, information of any disability you have or other medical information
  • right to work documentation
  • a CV or other information supplied in CV covering letter
  • references from former employers
  • details on your education and employment history etc.
  • National Insurance numbers
  • bank account details
  • tax codes
  • driving license
  • criminal convictions
  • information relating to your employment with us, including:
  • job title and job descriptions
    • i) job title and job descriptions
    • ii) your salary
    • iii) your wider terms and conditions of employment
  • CCTV footage if interviews are conducted onsite
  • Building access records if interviews are conducted onsite

Collecting your data

You provide personal data to us directly during the recruitment and onboarding process with your consent.

In some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references or credit reference agencies and usually with your consent for us to do so.

Personal data is stored mainly in our HR systems – comprising both electronic and paper files.

Lawful basis for processing

The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to process and progress your application for employment with us or to comply with a legal requirement regarding employment.

The information below categorises the types of data processing we undertake and the lawful basis we rely on.

Processing activities

Lawful Basis

Activities relating to assessing your request for employment:

  • Reference and credit checks
  • Right to work activities

Consent

Activities relating to entering into an employment contract with you

Performance of Contract

Recruiting and onboarding employees

Legitimate interests

Fraud Prevention

Legal Obligation

Special categories of data

Under Regulations Special categories of data require explicit consent for processing. Floreat Group only process special categories of data where required in order to meet a legal obligation as part of the application and recruitment process.

Special categories of data include data related to information such as your: health, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data.

We only carry out processing activities using special category data in circumstances where we are obliged to, such as:

  • for the purposes of equal opportunities monitoring
  • to determine reasonable adjustments

Most commonly, we will process special categories of data when the following applies:

  • you have given explicit consent to the processing
  • we must process the data in order to carry out our legal obligations
  • we must process data for reasons of substantial public interest
  • you have already made the data public.

Failure to provide data

Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment.

Who we share your data with

Employees within the HR function have access to your data based on their role and requirement to process your data in order to process your application and complete the recruitment process.

Data processors

We have a data processing agreement in place with any third parties we use to process your data under our instructions, to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

Where our data is located with processors outside the EEA we have entered into Data Processing Contracts with them and apply Standard Contractual Clauses where appropriate.

We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us.

Protecting your data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to protect your data and will continue to monitor the effectiveness of these processes.

Retention periods

We only keep your data for as long as we need it for and in line with legal requirements, which will be at least for the duration of your employment. In instances where your application does not result in an accepted offer of employment, your data is retained for two years.

Automated decision making

Automated decision-making means making decision about you using no human involvement e.g. using computerised algorithms or programmes.

We do not undertake any automated decision making with your data.

Employee rights

You have the following rights in relation to the personal data we hold on you:

  • the right to be informed about the data we hold on you and what we do with it
  • the right of access to the data we hold on you
  • the right for any inaccuracies in the data we hold on you to be corrected (rectified)
  • the right to have data deleted in certain circumstances (erasure)
  • the right to restrict the processing of the data
  • the right to transfer the data we hold on you to another party (portability)
  • the right to object to the inclusion of any information;
  • the right to regulate any automated decision-making and profiling of personal data.

Consent

Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. In certain instances, this may not be permissible, and we will explain the reasons for this as part of our response.

Making a complaint 

We will make every attempt to ensure you are satisfied with our handling of your data requests, however, you are entitled to raise a complaint with the Information Commissioner (ICO) if you are not satisfied. You can contact the ICO at https://ico.org.uk/concerns/ or by telephone on 0303 123 1113 (local rate) or 01625 545 745.


Last updated: June 2021