Staff Applicant Privacy Notice
1 General Information
We are committed to protecting the privacy and security of your personal information.
Under data protection law, we are a “data controller”. This means that we hold personal information about you, and are responsible for deciding how we store and use that personal information.
As a data controller, we are legally required to provide certain information to individuals whose personal information we collect, obtain, store and use. That information is contained in this document (our “privacy notice”).
It is important that you read this document (together with any other privacy notices we may provide to you on specific occasions), so that you are aware of how and why we are using your personal information and the rights you have in relation to your personal information.
We will comply with data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
2 What Personal Information do we hold about you?
As an applicant to a University position, the University we will ask you to provide us with certain personal information relating to you at the outset of your application and through the recruitment process.
Data protection law protects personal information which is essentially any information from which an individual can be identified. There is a type of personal information which receives additional protection because of its sensitive or private nature, this is sometimes referred to as ‘special category personal information’ and means personal information about an individual’s race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership (or non-membership), genetics information, biometric information (where used to identify an individual) and information concerning an individual’s health, sex life or sexual orientation.
This information is collected either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies, pension administrator, medical professionals, other employees, the Home Office, the Disclosure and Barring Service, intranet and internet facilities, relevant professional bodies.
The information we will collect during your employment/engagement with us may include:
- your name, address and contact details
- your date of birth
- your gender
- your education and qualifications
- your skills, experience and membership of professional bodies
- evidence of your ability to work in the UK, your nationality and immigration status
- your driving license
- information provided about you from your previous employer(s) and other referees
- your employment history
- information collected during the recruitment process that we retain during your employment
- details of any other offices or appointments or business interests you hold
- any training you have undertaken
- any other personal information you share with us, including lifestyle and social circumstances
- any reasonable adjustment(s) made to your role or your work under the Equality Act 2010
3 What will we use your personal information for and what are our legal bases for doing so?
We use the personal information we hold about you for a number of different purposes, which we list below. Under data protection law we need to have a valid legal basis for using your personal information, we also set out below the legal bases which we will be relying upon.
3.1 We use the personal information we hold about you for the following reasons:
- to comply with and demonstrate compliance with our legal obligations, such as checking you are legally entitled to work in the UK, deducting PAYE and National Insurance contributions, complying with equality legislation and other employment laws
- to prevent fraud
- to comply with health and safety obligations
- to comply with and demonstrate compliance with any regulatory requirements
In these cases, the legal basis that we will be relying upon to process your personal information will be because it is necessary for us to do so to comply with our legal obligations.
3.2 We will also use the personal information we hold about you for the following reasons:
- to make decisions about your engagement
- to assess qualifications for a particular job or task
- for general employment or contract administration purposes
- to monitor compliance with any of our policies and procedures
In each of these cases the legal basis that we will be relying upon to process your personal information will be because it is necessary for the taking of steps at the request of the data subject prior to entering into a contract with us.
3.3 We will also use the personal information we hold about you for the following reasons:
- to assess education, training and development requirements
- to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
- To respond to requests for anonymised information from outside organisations, such as HEFCW, HEFCE, HESA, ATHENA Swan
In these cases the legal basis that we will be relying upon to process your personal information will be because it is in our legitimate interests. Our specific legitimate interests are:
- to be a fair and reasonable employer in relation to your engagement and our engagement of others and be able to demonstrate good employment practice and/or
- to comply with and demonstrate compliance with our obligations as an employer and/or our policies and procedures relating to applicants to a University position and/or
- to enable us to manage the Company effectively and efficiently
4 What Special Category Personal Information do we hold about you?
We will need to keep certain special category personal information in relation to you which might be relevant to your employment, such as your:
- racial or ethnic origins
- religious or philosophical beliefs
- membership of a trade union
- physical or mental health (including details of any disability)
- sexual orientation
- details of any known disability
- commission or alleged commission of any offence, including the results of Disclosure and Barring Service (‘DBS’) checks
5 What will we use your special category personal information for and what are our legal bases for doing so?
We use the special category personal information we hold about you for a number of different purposes, which we list below. Data protection law prohibits us from processing any special category personal information unless we can satisfy at least one of the conditions laid down by data protection law. We also set out below the specific conditions we rely upon when processing special category data.
5.1 We use the special category personal information we hold about you for the following reasons:
- to monitor equality and diversity.
- to comply with and demonstrate compliance with employment law and best practice and any other applicable laws
- to comply and demonstrate compliance with any regulatory requirements
- to assess your fitness for work
- to make any reasonable adjustments to your role
- to provide relevant data to outside organisations (e.g. ATHENA Swan, Stonewall etc) to demonstrate University compliance with employment law and best practice
In this case the condition we rely upon for processing the information is to monitor equality and diversity which is necessary for reasons of substantial public interest, namely for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained.
5.2 We also use the special category personal information we hold about you for the following purposes:
In these cases, the conditions we rely upon for processing the information are because it is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment law.
5.3 In cases where a claim has been brought against the Company or there is a potential risk of a legal dispute or claim we may need to process your special category personal information where it is necessary for the establishment, exercise or defence of legal claims.
5.4 We envisage that we will hold information about criminal convictions.
We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.
We will only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary for reasons of substantial public interest, namely, preventing or detecting unlawful acts, protecting the public against dishonesty, preventing fraud or suspicion of terrorism or money laundering.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
6 Further general information about using your personal information
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Some of the personal data we request will be because we have a legal or contractual requirement to obtain and use the information or it is necessary for us to obtain the information to be able to enter into a contract with you. An example of this would be under the Immigration, Asylum and Nationality Act 2006 we are required to satisfy ourselves that you have the right to work in the UK. Failure to provide certain information will prevent us from employing or engaging you or from performing the contract we have entered into with you.
We do not carry out any automated decision-making or profiling in relation to you.
7 Who do we share your information with?
Your personal data will be held by the HR department. Your personal data will be shared internally with other individuals and/or departments where this is reasonably necessary for the processing purposes set out in section 2 above.
From time to time we will need to share your information with external people and organisations. We will only do so where we have a legitimate or legal basis for doing so and in compliance with our obligations under data protection laws.
Your information may be disclosed to:
- Employment and recruitment agencies and outplacement organisations, for example, Meara Mann [insert names where possible]
- Our professional advisors including our accountants when they need it to give us their professional advice [insert names where possible] Eversheds, Bevan Britain.
- Occupational Health and other medical professionals including social and welfare organisations to provide us with medical opinions in relation to any medical condition, illness or disability you may have or develop during the course of your engagement [insert names where possible]
- The Police, local authorities, the courts and any other government authority if they ask us to do so (but only if us doing so is lawful).
- Other people who make a subject access request, where we are allowed to do so by law.
- Complainants, where this is necessary to respond to any complaints received
- Where we are legally obliged to do so, e.g. to comply with a court order
- Funding Councils
- Research funding bodies
8 International Transfer of Your Information
We do not transfer any of your personal data outside the European Economic Area.
9 How Long Do We Keep Your Information For?
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it in the first place.
In most cases, this means we will keep your information for 12 months following the end of the recruitment process for unsuccessful applicants and, for successful applicants as long as you are employed or engaged by us and for a period of 7 years thereafter. The reason for keeping your personal data for this length of time is to comply with HMRC requirements and because of the fact that some claims can be brought up to 6 years after your employment/engagement ends.
For WEFO funded positions, we are required to retain personal data in line with the relevant WEFO retention schedule.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Please refer to our retention policy/schedule [http://www.swansea.ac.uk/the-university/world-class/vicechancellorsoffice/compliance/recordsmanagement/] for further details
10 Individual rights
Data protection legislation provides individuals with a number of different rights in relation to their data. These are listed below and apply in certain circumstances:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request data portability of your personal information. In certain circumstances, you may have the right to require that we provide you with an electronic copy of your personal information either for your own use or so that you can share it with another organisation. Where this right applies, you can ask us, where feasible, to transmit your personal data directly to the other party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact:
Mrs Bev Buckley
Directorate Support Manager and Data Protection Officer
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
11 Ability to withdraw consent
Where your personal data is processed on the basis of your consent or explicit consent, you have the right to withdraw your consent to the processing at any time. You can do this by emailing the Data Protection Officer at firstname.lastname@example.org. Any withdrawal of consent will not affect the lawfulness of any processing of your personal data based on consent before the withdrawal is notified.
12 Consequences of not providing the data when based on statutory or contractual requirement
The University will not be able to process your application if you refuse to provide the necessary information when based on contract or statutory requirement.
If any of your personal details change during your engagement you should contact a member of the HR Department to notify them and provide them with the updated accurate information.
We review the ways we use your information regularly. In doing so, we may change what kind of information we collect, how we store it, who we share it with and how we act on it.
We will keep this policy under regular review to ensure it is accurate and kept up to date. This policy was last updated on 25 May 2018.
15 About Us
Swansea University an institution established by Royal Charter of Singleton Park, Swansea, SA2 8PP
We are the data controller of the information you provide us with. The term “data controller” is a legal phrase used to describe the person or entity that controls the way information is used and processed.
16 Where to Go if You Want More Information About Your Rights or to make a Complaint
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here http://www.ico.gov.uk/for_the_public.aspx.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. We will always do our very best to solve any problems you may have.
17 Contact us
You’re welcome to get in touch with us to discuss your information at any time.
We have appointed a [data protection officer (DPO)to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO :-
Mrs Bev Buckley
Directorate Support Manager and Data Protection Officer