Recruitment Privacy Notice
Effective date: 30/01/2019
We are committed to protecting your privacy and confidentiality.
This notice explains what personal data (information) Ieso Digital Health (“We”, “Us”) will hold about you, how We collect it, and how We will use and share information about you during the application process. We are required to notify you of this information, under data protection legislation. Please ensure that you read this notice and any other similar notice We provide to you from time to time when We collect or process personal information about you. These Privacy Notices reflect legal requirements, regulations, and best practice.
For the purposes of data protection legislation, Ieso Digital Health Ltd and Ieso Digital Health (UK) Ltd are Data Controllers registered with the Information Commissioner (Z5383093 and ZA239229 respectively).
By applying to work for Us, processing your personal data becomes necessary ‘in order to take steps … prior to entering into a contract’. This forms the lawful basis for the processing of your information, covered under Article 6(1)(b) – Contract – of the GDPR. Any special category data processed for this process is lawful under Article 9(2)(b) – Employment. (If you are successful, you will be issued with an Employment Contract, and once signed become an employee. At this time We need to process other personal data for other purposes, so you will be supplied with a different set of Privacy Notices.)
We use Workable, an online application provided by Workable Software Limited, to assist with Our recruitment process. We use Workable to process personal information as a data processor on Our behalf. Workable is only entitled to process your personal data in accordance with Our instructions. Where you apply for a job opening posted by Us, these Privacy Notice provisions will apply to Our processing of your personal information.
Where you apply for a job opening through the Indeed Apply functionality, we rely on your consent, which is freely given by you during the application process, to disclose your personal data to Indeed on the basis described below.
Purposes of processing We use information held about you in the following ways:
- To consider your application in respect of a role for which you have applied.
- To consider your application in respect of other roles.
- To communicate with you in respect of the recruitment process.
- To enhance any information that we receive from you with information obtained from third party data providers.
- To find appropriate candidates to fill Our job openings.
- To help our service providers (such as Workable and its processors and data providers) and Partners (such as the job sites through which you may have applied) improve their services.
We understand that the privacy and confidentiality of all the personal information you provide and that We handle, is important to you, and Our internal policies and procedures reflect this and the need to share the minimum information necessary.
We reserve the right to change these Privacy Notices from time to time and when We do so We will revise the effective data at the top of the statement, and notify you.
1. Information we collect before making a final decision to recruit
We collect the following personal information about you in of the following ways:
a) Information we collect from you
- Information that you provide when you apply for a role. This includes information provided through an online job site, via email, in person at interviews and/or by any other method.
- In particular, We process personal details such as name, email address, address, date of birth, qualifications, experience, employment history, interests and other information you choose to state in your application.
- Details of your referees.
- Your nationality and immigration status and information from related documents, such as your passport
- Any disabilities of which we need to be aware, where any adaptations are necessary for example.
- If you contact Us, We may keep a record of that correspondence.
- A record of your progress through any hiring process that we conduct.
- Details of your visits to Workable’s Website including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to Workable’s Website and the resources that you access.
b) Information we collect from other sources
In the circumstances below, We will add to the information We collect from you, with information We receive from other sources.
Workable provides Us with the facility to link the data you provide to Us, with other publicly available information about you that you have published on the Internet – this may include sources such as LinkedIn and other social media profiles.
Workable’s technology allows Us to search various databases – some publicly available and others not, which may include your personal data (include your CV or Resumé), to find possible candidates to fill Our job openings. Where We find you in this way we will obtain your personal data from these sources.
We may receive your personal data from a third party who recommends you as a candidate for a specific job opening or for our business more generally.
- Information about your previous academic and/or employment history, including details of any conduct, grievance or performance issues, appraisals, time and attendance, from references obtained about you from previous employers and/or education providers.
- Confirmations regarding your academic and professional qualifications.
- Information regarding your criminal record, in criminal records certificates and enhanced criminal records certificates (from the Disclosure and Baring Service).
2. How we use collected information
We use the personal information We collect to ensure that We provide you with the best possible support now and in the future. We have appointed a Data Protection Officer to ensure that Our procedures for handling data subject information and requests meet with Our obligations. We use the personal information that We that We collect from/ about you to:
- To take steps to enter into a contract;
- Tor compliance with a legal obligation (e.g. our obligation to check that you are eligible to work in the United Kingdom);
- Communicate with you.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.
3. Disclosure of your information
Ieso works hard to ensure that only the right people have access to your personal data, and information is only shared on a strictly ‘need to know’ basis. Anyone receiving information about you will be under an equal legal duty to keep it confidential.
As set out above, we pass your information to our third-party service providers, including Workable, who use it only in accordance with our instructions and as otherwise required by law.
Where you have applied for a job opening through the Indeed Apply functionality, and where you have consented to this disclosure, We will disclose to Indeed certain personal data that We hold, including but not limited to a unique identifier used by Indeed to identify you, and information about your progress through our hiring process for the applicable job opening, as well as tangible, intangible, visual, electronic, present, or future information that we hold about you, such as your name, contact details and other information involving analysis of data relating to you as an applicant for employment (collectively “Disposition Data”). Indeed’s Privacy Notice in respect of Indeed’s use of the Disposition Data is available on Indeed’s website.
Where you have applied to a job opening through another service provider, we may disclose data similar to the Disposition Data defined above to such service provider. The service provider shall be the data controller of this data and shall therefore be responsible for complying with all applicable law in respect of the use of that data following its transfer by Us.
We may also need to share some of the above categories of personal information with other parties, such as HR consultants and professional advisers. Usually, information will be anonymised, but this will not always be possible. The recipient of the information will be bound by confidentiality obligations.
We do not sell, use or share your personal information for direct marketing or other external promotional purposes.
We will always seek your permission ahead of disclosing any information that identifies you directly to any other person or organisation, or, for any other reason not set out in this policy unless We have an overriding legal duty to do so.
Transferring data outside the UK
The data that We collect from you and process using Workable’s Services may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for Us or for one of our suppliers. We have appropriate technical and organisational measures in place to seek to ensure that information is processed security and data subject rights are not diminished. By submitting your personal data, you agree to this transfer, storing or processing.
In particular, your data may be accessible to i) Workable’s staff in the USA or ii) may be stored by Workable’s hosting service provider on servers in the USA as well as in the EU. The USA does not have the same data protection laws as the United Kingdom and EEA. A Data Processor Agreement has been signed between Workable Software Limited and its overseas group companies, and between Workable Software Limited and each of its data processors. These data processor agreements are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data. Workable have self-certified for the Privacy Shield. If you would like further information, please contact Us (see ‘Your questions and how to contact us’ below).
4. How we secure your information
We place great importance on the security of personal identifiable information. We have put controls in place to safeguard your personal information, applying physical, technical and procedural measures against unauthorised access, loss, misuse and alteration of personal information under Our control.
We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
We have achieved the International Standard certification for information security (ISO 27001) and maintain the Cyber Essentials Plus certification.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect your personal data, We cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.
5. How long do we keep your information
If your application to become an Ieso employee is unsuccessful or you withdraw from the process, We retain your details for 6 months from the date of this decision.
(If you are successful in the recruitment process, you will be issued with an Employment Contract, and once signed become an employee. At this time We need to process other personal data for other purposes, so you will be supplied with a different set of Privacy Notices with different retention periods.)
Our data retention practices are reviewed at least annually in conjunction with industry standards and best practice.
6. Your data protection rights
Data protection law provides you with rights that Ieso Digital Health is committed to supporting you with:
- Access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address
- Require Us to correct any mistakes in your information which We hold
- Require the erasure of personal data concerning you in certain situations
- Receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- Object at any time to processing of personal data concerning you for direct marketing
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- Otherwise restrict our processing of your personal data in certain circumstances
For more detailed information on your rights visit https://ico.org.uk/for-the-public/ If you would like to exercise any of these rights, please:
- Contact us using our contact details below
- Let Us have enough information to identify you,
- Let Us have proof of your identity and address, and
- Let Us know the information to which your request relates.
If you need any assistance in these areas, please write to: The Data Protection Officer, Ieso Digital Health (UK) Limited, Jeffreys Building Cowley Road Cambridge CB4 0DS Or by email, For the Attention Of the Data Protection Officer, to email@example.com
You have the right to make complaints and request investigations into the way your information is used. Please contact Our Data Protection Officer in the first instance.
If you remain unhappy with a response you receive, you can also refer the matter to the Information Commissioner's Office
You can call the ICO on 0303 123 1113 or write to them at:
Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Additionally, you also have a right to seek to enforce your rights through the courts.
8. Your questions and how to contact us
If you have any questions or comments about these notices, please let us know:
By email: firstname.lastname@example.org By telephone: on 01223 608760 Or by post to: Jeffreys Building, Cowley Road, Cambridge, CB4 0DS
To reach Our Data Protection Officer please use the above details and flag your communication for the attention of: Helen Simpson