Privacy Notice for Job Applicants
Thank you for your interest in working with us.
In applying for a job with us you are providing us with personal information (personal data). Under data protection law, we are obliged to tell you certain things as set out below.
Who is the data controller?
The data controller is Youth Community Support Agency (YCSA). If you have any questions or concerns about your rights or how we use your data you should contact Fariha Thomas, YCSA Manager, firstname.lastname@example.org
What data are we collecting?
The organisation collects a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number;
- details of your qualifications, skills, experience and employment history;
- information about your current level of remuneration, including in some circumstances benefit entitlements;
- whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process;
- information about your entitlement to work in the UK; and
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief.
The organisation collects this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.
The organisation will also collect personal data about you from third parties, such as references supplied by former employers and information from criminal records checks. The organisation will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.
Why are you collecting my data?
The legal grounds for collecting and processing your personal data are that it is ‘in the legitimate interests of the employer’, in order to select and appoint people to fill vacant roles. It is also necessary for ‘the performance of a contract’ in the event that you are successful in your application. The organisation may also need to process data from job applicants to respond to and defend against legal claims.
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.
For some roles, the organisation is obliged to seek information about criminal convictions and offences. If so, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.
The organisation processes health information if it needs to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out its obligations and exercise specific rights in relation to employment.
Where the organisation processes other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes.
How will you use my data?
We will use your personal data to
- Assess your application for employment in the role you have applied for
- Contact you in relation to your application for employment
Who will have access to my data?
Persons directly involved in the recruitment process. These are likely to be panel members, administrative or clerical workers, and any person called upon to advise the panel during or in consequence of that recruitment process.(for example lawyers or HR advisors).
How will my data be stored?
Paper documents will be stored securely in a lockable cabinet, and accessed only by those persons noted above, for the reasons noted above.
Electronic files will be password protected, and accessed only by those persons noted above, for the reasons noted above. Any personal data provided to third parties (eg lawyers or HR advisors) will be anonymised and/or subject to confidentiality agreements.
We will not transfer your data outside the European Economic Area.
How long will my data be kept for?
Original documents will be retained for up to six months. Note that the documents may be used in evidence in the event that the employer is subject to any legal claims and if there is an indication that this is likely or such a claim has started the documents will be retained until the claim has been finally resolved .
Photocopies of original documents made for the recruitment panel will be destroyed immediately after the appointment is made.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
How will my data be destroyed?
Paper documents will be destroyed by confidential shredding. Electronic files will be securely deleted.
What rights do I have regarding my personal data?
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data by making a Subject |Access request;
- require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and
- ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing data.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), which is the regulator for data protection.
What if I don’t provide personal data?
You are under no statutory or contractual obligation to provide data to the organisation during the recruitment process. However, if you do not provide the information, the organisation may not be able to process your application properly or at all. You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.
Privacy Notice: Volunteers
Data controller: Youth Community Support Agency (YCSA) 48 Darnley St, G41 2SE
Person with responsibility for data protection: Fariha Thomas, Manager email@example.com
YCSA collect and process personal data relating to our volunteers in order to manage the volunteering relationship. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
The term ‘volunteer’ throughout this document covers any persons who are voluntarily helps us run our services on an unpaid basis, other than remuneration of out of pocket expenses.
What information do we collect?
We collect and process a range of information about you. This includes
- your name, address and contact details, including email address and telephone number,
- the terms and conditions of your volunteering agreement with us;
- details of your qualifications, skills, experience and employment history, including start and end dates;
- information about your emergency contacts;
- information about your criminal record;
- details of your schedule (pattern of volunteering) and attendance;
- assessments of your performance, including, performance reviews, supervision notes, performance improvement plans and related correspondence;
- information about medical or health conditions, including whether or not you have a disability for which we need to make reasonable adjustments; and
- equal opportunities monitoring information including information about your date of birth and gender, ethnic origin, sexual orientation and religion or belief.
We may collect this information in a variety of ways. For example, data might be collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during volunteering; from correspondence with you; or through interviews, meetings or other assessments.
In some cases, we may collect personal data about you from third parties, such as references and information from criminal records checks permitted by law.
Data will be stored in a range of different places, including in your volunteer file, and in other IT systems (including our email system).
Why do we process personal data?
We need to process data to enter into a volunteering agreement with you and to meet our obligations to you under that agreement. For example, to provide you with a reference or access to training. In some cases, we need to process data to ensure that we are complying with our legal obligations, for example, to comply with health and safety laws. For certain volunteer positions it is necessary to carry out criminal records checks to ensure that individuals are permitted to be engaged in such a role.
In other cases, we have a legitimate interest in processing personal data before, during and after the end of the volunteer relationship.
Processing volunteer data allows us to:
- run volunteer recruitment processes;
- maintain accurate and up-to-date volunteer records and contact details (including details of who to contact in the event of an emergency),
- operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- operate and keep a record of volunteer performance and related processes, to plan for career development, and best placing of volunteers;
- provide references on request for current or former volunteers;
- maintain and promote equality in the workplace and
- respond to and defend against legal claims.
Where we process other special categories of personal data, such as information about ethnic origin, sexual orientation or religion or belief, this is done for the purposes of equal opportunities monitoring. This is to carry out our obligations to e.g. funders
Who has access to data?
Your information may be shared internally, including with members of the volunteer support team (including administration), managers in the area in which you work, IT staff, and relevant members of the governing body, if access to the data is necessary for performance of their roles.
We share your data with third parties in order to obtain pre-volunteering references, and obtain necessary criminal records checks from Disclosure Scotland.
We will not transfer your data to countries outside the European Economic Area.
How do we protect data?
We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long do we keep data?
We will hold your personal data for the duration of your volunteering with us. We will retain your information if you request that we do this after your leaving us for the purposes of providing you with a reference. The period for which your data will be held after the end of your volunteering will be as agreed with yourself
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require us to change incorrect or incomplete data;
- require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- object to the processing of your data where we are relying on legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact Katya Allcott firstname.lastname@example.org
If you believe that we has not complied with your data protection rights, you can complain to the Information Commissioner.