Job Applicant Privacy Notice

1. Who is this Privacy Policy for?

This privacy policy is for job applicants, employees, former employees, contractors, agency staff, placement students, and anyone else in engaged in working for or on behalf of Ideagen.

2. What is this Privacy Policy about?

This privacy policy explains what personal data we collect from you, how and why we collect it, how we use it and who we share it with.  It explains your rights and entitlements and also our position as data controller of your data.  This all depends on how you interact with us and therefore what data we collect from you and hold about you.  This is explained below.

3. Who is the controller or processor of your data?

Ideagen will primarily act as the data controller where job applicant and employee data is concerned.  This means we make decisions on how your personal data is used in in fulfilling all obligations as an employer. We may act as the data processor in certain circumstances but such circumstances would be exceptional.  This will be communicated clearly should it apply.

Where we are acting as the data controller, we are responsible for the obligations of a data controller under Data Protection Law in connection with the processing of your personal data and we use this privacy policy to provide you with information about our use of your personal data.

Where we are acting as a data processor, the relevant third party will be acting as data controller and will be responsible for the obligations of a data controller under Data Protection Law in connection with the processing of your personal data.  In such a situation please refer the Privacy Policy of the relevant third-party.

4. How can you contact us?

Ideagen is a limited company incorporated in England and Wales (company number 02805019) and having its registered address at One Mere Way, Ruddington, Nottingham, England, NG11 6JS.

Any comments, complaints or questions regarding our Privacy Policy may be addressed to dataprotection@ideagen.com.

5. How do we collect your personal data?

Your personal data is collected in a variety of ways.  These are set out below;

• directly from you, provided during the recruitment process or subsequently during your employment
• application forms, CV’s, resumes or collected through interviews and assessment centres
• staff surveys seeking feedback or from diversity and inclusion questionnaires
• from an employment agency or other recruitment entity
• your University or college if you are a student
• from references whether internal or external
• from security clearance providers where relevant checks are carried out
• CCTV images when in attendance at any Ideagen site
• from HMRC and other government agencies
• from healthcare providers
• from providers of staff benefits
  
  

6. What personal data do we collect from you?

The following personal data may be collected from you.  This has been set out under sub-headings to ensure as much transparency as possible.

6.1 - Relating to Job applicants

When an individual applies for a job with Ideagen there is certain information that is required to be provided.  This includes the following;

• your name, address and contact details, including email address and telephone number
• details of your qualifications, skills, experience and employment history
• information about your current level of remuneration, including benefit entitlements
• whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process
• information about your entitlement to work in the UK

Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief may be requested from you however, you do not have to provide this information.

6.2 - Relating to your employment

The following information is used to fulfil the contract we have with you, provide you access to business services required for your role and manage our human resources processes. We will also use it for any legislative or regulatory purposes and to promote openness with public bodies and data privacy for individuals.

Contact information, such as first and last names, job title, personal email address and telephone numbers (mobile and landline)

• Date of birth, gender and National Insurance number, Social Security Number (or equivalent subject to your country of residence)
• Identification documents such as passport, driving licence and copies utility bills or similar proof of address and right to work documents
• Marital status and next of kin details with emergency contact information
• CV and employment history
• Education history including schools and colleges attended and qualification (and grades) achieved
• Device and browser information, such as network and connection information (including Internet Service Provider and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings and other technical information), advertising identifiers, cookie identifiers and information and similar data
• Account information, such as security-related information (including usernames, passwords and authentication methods)
• Usage information and browsing history, such as usage metrics, log files, content interactions and user journey history (including age navigations, a list of URLs starting with a referring site, timestamps, content viewed or searched for and other data relating to your activity on the website and the site you exit to)
• Organisational information, such as organisations of which you are a member including Trade Unions, location, your status within an organisation, and similar data
• Any additional applicable information you, your previous employers or other organisation wishes to disclose

6.3 - Relating to your salary, pension and loans

The following information is used for the payment of your salary, pension and other employment related benefits. We also process it for the administration of statutory and contractual leave entitlements such as holiday or maternity leave.

• Information about your job role and your employment contract including; your start and leave dates, salary (including grade and salary band), any changes to your employment contract, working pattern (including any requests for flexible working)
• Details of your time spent working and any overtime, expenses or other payments claimed, including details of any loans such as for travel season tickets
• Details of any leave including sick leave, holidays, special leave, etc.
• Pension details including membership of both state and occupational pension schemes (current and previous)
• Your bank account details, payroll records and tax status information
• Trade Union membership for the purpose of the deduction of subscriptions directly from salary
• Details relating to Maternity, Paternity, Shared Parental and Adoption leave and pay. This includes forms applying for the relevant leave, copies of MATB1 forms/matching certificates and any other relevant documentation relating to the nature of the leave you will be taking, including the Ideagen Voluntary Leave Scheme

We may collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as it will not directly or indirectly reveal your identity. For example, we may aggregate your usage information to calculate the percentage of users accessing a specific website or application feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We may collect personal data either through direct or automated interactions.  We may also collect information about you from other sources which we may combine with personal data provided by you to help us update, expand and analyse our records and identify new customers. The personal data we collect from other sources includes identifiers, professional or employment-related information and may be obtained from third parties or public sources including (but not limited to) analytics providers, search information providers, social media profiles such as LinkedIn or from other individuals at third-party organisations for one or more of the purposes as set out within this privacy policy.

6.4 - Relating to your performance and training

We use this information to assess your performance, to conduct pay and grading reviews and to deal with any employer/employee related disputes. We also use it to meet the training and development needs required for your role.

• Information relating to your performance at work eg probation reviews, GPS objectives, internal job moves and promotions
• Grievance and dignity at work matters and investigations to which you may be a party or witness
• Disciplinary records and documentation related to any investigations, hearings and warnings/penalties issued
• Whistleblowing concerns raised by you, or to which you may be a party or witness
• Information related to your training history and development needs

6.5 - Relating to monitoring

We use this information to assess your compliance with corporate policies and procedures and to ensure the security of our premises, IT systems and employees.

• Information about your access to data held by us for the purposes of criminal enforcement if you are involved with this work
• Information derived from monitoring IT acceptable use standards
• Photos and CCTV images

6.6 - Relating to your health and wellbeing and other special category data

We use the following information to comply with our legal obligations and for equal opportunities monitoring. We also use it to ensure the health, safety and wellbeing of our employees.

• Health and wellbeing information either declared by you or obtained from health checks, eye examinations, occupational health referrals and reports, sick leave forms, health management questionnaires or fit notes i.e. Statement of Fitness for Work from your GP or hospital
• Accident records if you have an accident at work
• Details of any desk audits, access needs or reasonable adjustments
• Information you have provided regarding Protected Characteristics as defined by the Equality Act and s.75 of the Northern Ireland Act for the purpose of equal opportunities monitoring. This includes racial or ethnic origin, religious beliefs, disability status, and gender identification and may be extended to include other protected characteristics
• Any information you provide to any of our equality and diversity networks; Women and Allies, Pride, REACH, Healthy Minds and Access Inclusion
  
  

7. How do we use your personal data?

Any and all of the above personal data may be required by us from time to time in order to perform your employment contract with Ideagen.  We will always process your personal data for one or more of the following lawful bases:

• Performance of a Contract – where processing your personal data is necessary for the performance of a contract entered into by you
• Legitimate Interests – where processing your personal data is necessary for the legitimate interests of Ideagen or a third party, except where these interests are overridden by your fundamental rights and freedoms
• Compliance with Law – where processing your personal data is necessary for us to comply with a legal obligation
• Your Consent – where you have applied for a job or given us your informed consent to process your personal data for a designated purpose. Such consent can be withdrawn at any time by providing us with your written request to withdraw

Specifically, your personal data may be used by us for the following reasons:

Unless we are obliged or permitted by law to do so, and subject to Clause 11 (see below), your personal data will not be disclosed to any third parties.

We take reasonable measures to ensure all information provided is managed securely. Access to the information you provide will be restricted to only those who have the relevant authority and is stored securely in accordance with the requirements under Data Protection Law.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use if for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with Data Protection Law, where this is required or permitted by law.

8. Where do we keep your data?

Your data may be kept in a number of locations depending on the role you are employed in and the responsibilites and tasks you perfom, including but not limited to the following;

• Amazon AWS
• Microsoft Azure
• Salesforce
• Netsuite
• Hubspot
• Pardot
• Zendesk
• Fresh Success
• Gainsight
• ON24
• HR Software
• Learning and development products
  
  

9. How do we control and secure your personal data?

We employ technical and organisational measures to protect your data.  We are certified to the ISO 27001 standard which is an international standard for Information Security.  Certification requires an extensive suite of policies to be maintained covering information security standards and practices.  In addition to these policies Ideagen has a comprehensive approach with measures and controls in place to ensure personal data are secure.  These include (but are not limited to) staff training, internal working groups, continuous monitoring and improvement, relevant background checks (where required), physical measures at our office locations, data segregation within our environments and network access controls.

10.Your rights in relation to your personal data

Under data protection law you have the following rights (these are not all absolute rights such as the right to be forgotten);

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure (also known as the right to be forgotten)
• Right to restriction of processing
• Right to object to processing
• Right to data portability
• Right not to be subject to automated decision making, (please note Ideagen recruitment processes are not solely based on automated decision making)

In order to review any request in line with your rights it may be necessary to verify the identity of the person exercising their rights.  There is no charge for exercising your rights.  If you make a request you will receive a response within one month of making the request.  Should you wish to exercise any of these rights, please contact dataprotection@Ideagen.com.

In addition to the above rights you have the right to make a complaint.  If you have any concerns about our use of your personal information you can make a complaint to us at dataprotection@ideagen.com.

You also have the right to complain to the ICO for any matters involving how your data may have been processed by us.  The contact details are set out below ;

ICO address:

                Information Commissioner’s Office

                Wycliffe House

                Water Lane

                Wilmslow

                Cheshire

                SK9 5AF

Helpline Number 0303 123 1113

ICO website: www.ico.org.uk

11. Do we share your personal data with any third parties?

We may employ the services of other parties for dealing with matters that may include payroll processing, delivery of items, search engine facilities, provision of employee benfits, data hosting and data analytics. We may provide these service providers with access to certain personal data provided by employees.

Such personal data will, however, only be provided to such parties in accordance with this privacy policy and only to the extent required by them to perform the services that we request. 

12. What would happen if there are changes to the business ownership and control?

Our business is a growing one which means we are expanding.  As part of this growth it may also involve changes. As we expand and change our business this may involve the sale, merger, acquisition and/or the transfer of control of all or part of Ideagen or our business (including as the result of corporate re-structuring). Personal data provided by employees will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the personal data for the purposes for which it was originally supplied to us.

13. Do you make any International Transfers of my personal data?

We may transfer personal data that we collect from you to other companies within the Ideagen group which are outside of the European Economic Area (including but not limited to the United States, Australia, Malaysia and India). In these cases, we ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data.

We may also transfer personal data that we collect from you to third party data processors located in countries that are outside of the European Economic Area. In these circumstances, we will always take measures to ensure we have adequate legal safeguards in place. For example, we have entered into written agreements with all relevant third party processors that ensure your data receives the same protection as if it were being processed inside the European Economic Area.

A list of the third parties with whom we may share your personal data for the purposes set out in clause 7 above, can be provided upon request.

14. How long do we keep Personal Data?

Any personal data you submit will be retained by us for no longer than is necessary to fulfil the stated/contractual purposes, or as reasonably necessary for us to retain such information in order for Ideagen to comply with laws and regulations (including satisfying any legal, regulatory, tax, accounting or reporting requirements). After the retention period is over, Ideagen securely disposes or anonymises your personal information in order to prevent loss, theft, misuse, or unauthorized access. If you withdraw your consent (where applicable) or request removal of your personal data, such data will be destroyed.

14.1 - Job Applicant

If your application for employemnt is unseuccesful we will hold your data on file for upto 12 months after the end of the recruitment process.  After that period or if you withdraw your consent your data will be deleted or destroyed.

14.2 - Employee

If your application for employment is succesful the personnel data held about you will be transferred to your personnel file and retained during your employment.  The periods for retention of your data as employee is in line with the Ideagen Data Retention Policy.

15. Changes to this Privacy Policy

We reserve the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be posted promptly on the website and the application and you are deemed to have accepted the terms of this privacy policy on your first use of the website or application following any alterations.