As part of our recruitment processes, Early Intervention Foundation (“we”, “us”, “our”) collects, stores, and processes personal data about job applicants and prospective candidates (“you”, “your”). We are committed to protecting your privacy and personal data, and are therefore transparent regarding the data we collect, how the data is collected, where the data is stored, and how the data is processed. The following notice details all of the above, setting out our obligations under both the General Data Protection Regulations 2016/679 (“GDPR”) and the Data Protection Act 2018 (“DPA”).
If you have any questions or complaints in relation to the use of your personal information or this recruitment privacy notice, you can contact our data protection lead, Charlotte Razzell.
Information we collect from you
We collect the following data from you during the recruitment process. If you fail to provide certain information when requested, we will not be able to progress your application.
- Basic personal details including but not limited to your name, email address, contact number(s), postal address and preferred method of contact.
- Availability and work eligibility details including but not limited to your notice period, preferred start date, current and/or future work eligibility status, visa type, and visa expiry date.
- Documents you provide throughout the application process including but not limited to application forms, CVs, covering letters, and assessment outputs. These documents may contain information on your employment history, academic qualifications/history, professional training/certifications, skills, and experiences.
- Application details including but not limited to the source of your application, the date/time, the role(s) you applied for, salary history/expectations, and equal opportunities statements.
- Records of electronic communications, including but not limited to the content and attachments of emails.
Information we collect/generate about you
- Publicly available data including but not limited to your professional social networks (primarily LinkedIn, Facebook and similar networks).
- Job application progress including but not limited to the stages you complete of the recruitment process, records of interviews, interview notes/feedback, assessment feedback, rejection stage, rejection reason, and job offer details.
Personal data may come from a combination of any of the following sources:
- Information you provide on application forms, in email and telephone conversations with our representatives, and in job interviews and assessments.
- Information we collect from publicly available sources online.
- Information we generate following your interactions with our staff, systems, and processes.
- Information provided by third parties, such as recruitment agencies, or via referrals or references (references are not sought without your express prior permission, and typically happen at the point of offer).
We take appropriate measures to ensure that all personal data is kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. Within EIF, we limit access to your personal data to those who have a genuine need to access it:
- the HR/people team
- the recruiting manager for the role in question
- interviewers/assessment reviewers for the role in question
- the director of the team where the role in question sits
- the director of finance and resources who has final authority for appointment (note that there may be overlap between the people in those positions).
Those processing your personal data will do so only in an authorised manner, and are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of electronically transmitted data. Any transmission therefore remains at your own risk.
Lawful basis for processing
Our lawful basis for the collection and processing of your personal data is for taking steps to enter into a contract of, or for, employment or services with you. We rely on legitimate business interest as the lawful basis on which we collect and use your personal data, specifically in the instances of collecting references and running background checks.
Purposes of processing
We use information held about you in a number of ways, including but not limited to:
- Considering your application in respect of the role for which you have applied.
- Considering your application in respect of other roles at EIF, both at present and in the future (see How long we keep your personal data below for more information on our data retention policy).
- Communicating with you in respect of the/any recruitment process/es.
- Enhancing any information that we receive from you with information collected, generated, or obtained throughout our recruitment processes.
- To help EIF improve the effectiveness and efficiency of our recruitment systems and processes.
Rights of access, correction and erasure
Under the GDPR, you have a number of important rights, including the right to access the personal data we hold about you, and to request corrections or partial/full erasure. We have taken steps to ensure speedy compliance with any such request.
All personal data held by EIF about you is stored in our SharePoint file server. Functionality exists within the system to export all data relating to specific individuals. This functionality is only employed in the event an individual explicitly requests access to, or a copy of, the personal data we hold about them. The file includes personal information (name, email address, postal address, title etc.), application details (the role you applied for, when, via what channel, information submitted on the application form, work eligibility status etc), recruitment progress (status, stage, interviewers/assessment reviewers, feedback from those dealing with your application, rejection reasons, offer details etc), and any documents submitted, or subsequently provided or obtained. In the event you make an explicit request to access this data, EIF will generate the abovementioned data file and share this with you within 30 days of the request.
In order to correct any inaccuracies in your personal data held by EIF, you must make an explicit request to us, clearly indicating which information is in need of amendment, along with the correct information to take its place. EIF will act on personal data correction requests within five working days of receipt, and send a confirmation email to you upon resolution of the issue/s.
In order to request partial or full erasure of your personal data, you must make an explicit request to us. In the event you desire a partial erasure, you must clearly indicate which data points you would like to be erased. If you do not clearly indicate which data points you would like to have erased in a partial erasure, we reserve the right to delete all personal data we hold about/on you. EIF reserves the right to escalate any partial erasure request into a full erasure at our discretion; you will be notified of this outcome via email immediately before the erasure if we opt for the escalation. In the event you desire a full erasure, you must clearly indicate this in your request. EIF will act on partial and full erasure requests within five working days of receipt, however, no confirmation email will be sent following the completion of the request.
Please note that your right to have your personal data erased is not an absolute right and we reserve the right to refuse such a request, where there is an appropriate legal justification for doing so. For example, we must retain candidate/application data for a period of six months following a rejection notice. You will be notified accordingly in the event we are unable to process your data erasure request.
If, at any point, you would like to make a request for access, correction, or erasure of your personal data held by EIF, you should email recruitment@EIF.org.uk, providing enough information for us to be able to identify you in our system and carry out your request.
How we process your data for roles outside of your formal application
From time to time following your initial engagement with our recruitment processes, we may unilaterally decide to consider your application for another role at EIF. This may occur:
- At the time of your original application when, following an initial review of your CV or application form, we conclude you would be better suited to a different opportunity currently vacant at EIF.
- At some point after your original application, when we chose to reactive your status as a candidate for a new opportunity in future.
In either scenario, our People team will inform you of this decision via email and you will have the opportunity to confirm your interest in the new role or to decline our consideration. Equally, the abovementioned rights of access, correction, and erasure will remain open to you for as long as we hold your personal data.
How long we keep your personal data
We will retain all personal data relating to your engagement/s with our people function for at least six months and one week from your last interaction with our staff, processes and/or systems (the date of the last email you sent to us, the date of your last interview etc, whichever occurs latest).
These retention period is tracked by the people team who are notified twice per week automatically via email of any individual who is at, or over, their individual deadline (six months and one week as standard). A member of the people team activates this deletion protocol at the beginning of every week. For the purposes of reporting on and improving the effectiveness and efficiency of our recruitment systems and processes, we may retain a handful of personal data points about you (the source of your application, the stage you reached in the process, and the overall reason you were rejected), however, none of these data points are personally traceable to you.
In order to have your personal data deleted ahead of the deadline, you must notify the people team of your desire according to the instructions outlined in the section on rights of access, correction and erasure above.
How to complain
We hope that we can resolve any query or concern you raise about our use of your personal data, however, if you are not satisfied with our processes or approach, the GDPR gives you the right to file a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, live, or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or on 0303 123 1113.
You may also be able to claim compensation for damages caused by a breach of the GDPR or DPA. For further information on your rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office.
If you have any questions, queries, or issues relating to our recruitment policies and processes, or how they relate to our adherence to both the GDPR and DPA, then please contact datasecurity@EIF.org.uk.