1. About this notice
1.1 As an applicant for a contract of employment or a contract for services with Teneo Ltd, we will need to obtain and process certain information about you. In accordance with our obligations under the UK Data Protection Act 2018 (the “Act”), this notice acts as Teneo’s ‘Fair Processing Notice for Applicants’ and outlines what personal data we will collect about you, what lawful basis / bases we have for processing that personal data as well as what will happen to the personal data following the completion of the application process, whether successful or unsuccessful.
1.2 This notice will not form part of any employee’s contract of employment, or any contractor’s contract for services, and we may amend it at any time.
2. Data protection principles
2.1 When collecting and processing your personal data, we will comply with the data protection principles as outlined in the Act, which say that personal data must be:
(a) Processed fairly, lawfully and in a transparent manner.
(b) Processed for the specific purposes for which it was collected.
(c) Adequate, relevant and not excessive for the purpose for which it was collected.
(d) Accurate and up to date.
(e) Not kept longer than necessary for the purpose for which it was collected.
(f) Processed in a secure manner.
2.2 “Personal data” means any information relating to an identified or identifiable natural person. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. “Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
3. Fair and lawful processing
3.1 To process your personal data we must have a “lawful basis” for doing so. As an applicant to Teneo we will collect personal data relating to you to enable us to evaluate whether or not to proceed with your application and offer you a contract of employment or a contract for services (as applicable) with Teneo. The lawful basis on which we will be relying to process your personal data is “legitimate interest”. It is in Teneo’s legitimate interests to obtain limited personal data about you to enable us to assess your application. Given the limited nature of the personal data we will collect and process we see there being no negative impact on your rights in obtaining and processing that data.
3.2 As part of the application process, depending on the role for which you have applied / service you intend to provide (as applicable) we may need to undertake certain searches relating to you, including but not limited to checks of your criminal records via the DBS. These searches may provide us with what is known as ‘sensitive personal data’, being personal data that relates to your ethnic origin, political opinions, religious or similar beliefs, trade union membership, health, sex life, criminal proceedings or convictions. Where we need to undertake these searches we will let you know in advance what searches will be undertaken and the reason for them. The lawful basis for this processing will be ‘legal obligation’. If we are undertaking these searches it is because the job you are applying for / service you intend to provide (as applicable) requires us to undertake them. You can object to us undertaking these searches, however, if you do object then it is likely that we will be unable to proceed with your application.
4. How we are likely to use your personal data
4.1 As outlined above, we will use your personal data to allow us to assess your suitability for the role for which you have applied / service you intend to provide (as applicable).
4.2 Should you be successful in your application then the personal data collected will form part of your employment / contractor (as applicable) records and will be retained in accordance with your contract of employment / contract for services (as applicable) and in accordance with Teneo’s Data Protection Policy, a copy of which is available upon request.
5. Data retention
We will not keep your personal data for longer than is necessary for the purposes outlined above. All personal data will be retained for a maximum of one year in accordance with our Data Retention Policy.
6. Processing in line with your rights
You have the right to:
(a) Request access to any personal data we hold about you.
(b) Ask to have inaccurate data held about you amended.
(c) Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.
(d) Object to any decision that significantly affects you being taken solely by a computer or other automated process.
7. Providing information to third parties
We will only provide your personal data to third parties where we are undertaking background searches against you. We will notify you of the identity of these third parties prior to undertaking the searches.
8. Data security
8.1 We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
8.2 We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if they agree to comply with those procedures and policies, or if they have in place their own adequate measures that are satisfactory to us.
9. Transfers outside of the EEA
We may have reason to transfer your personal data outside of the EEA where certain third party suppliers on which we rely are based outside of the EEA or members of our group are outside of the EEA and we are required to provide them with information relating to job applicants and employees. We only transfer data outside of the EEA where we have in place suitable contractual provisions to ensure that the data is being stored and processed in accordance with our instructions, used only for the purpose for which it was obtained and retained in accordance with our Data Retention Policy. We will notify you of the identities of such third parties in the event we need to transfer your personal data outside of the EEA.
10. Subject access requests
Irrespective of whether your application is successful you have the right to know what personal data we hold about you. If you wish to access your personal data please contact James Hall at firstname.lastname@example.org who will arrange for your personal data to be provided to you in accordance with our legal obligations under the Act.
11. Breaches of data protection principles
If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with James Hall at email@example.com. All such concerns will be investigated with the utmost seriousness and professionalism and in accordance with our obligations under the Act.
If you believe that we have not handled any complaints relating to your personal data appropriately, you can contact the Information Commissioner’s Office (see www.ico.gov.uk) who will be able to guide you as to your options should you wish to pursue the matter further.