As part of any recruitment process, the organisation collects and processes personal data relating to job applicants. Aspens is committed to being transparent about how we collect and use that data and to meeting our data protection obligations.

What Personal Data do we hold?

Personal Data is any information relating to an identifiable person (you) who can be directly or indirectly identified by using this information. We currently collect the following Personal Data about you during the recruitment process when you apply for a job with Aspens;

1. Name
2. Address
3. Personal email address
4. Personal telephone number – mobile and landline if both provided
5. Information regarding any criminal convictions, including certification from the Disclosure and Barring Service (where applicable to the role)
6. Business email address
7. Details of your qualifications, skills, experience and employment history
8. Information about your current level of remuneration, including benefit entitlements
9. Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process
10. Information about your entitlement to work in the UK
11. Some roles also require psychometric testing, which may include more sensitive data about your personal traits

As part of Aspens dedication to equal employment opportunities, we may ask job applicants to complete an Equal Opportunities Form. The information within this form is categorised as Special Category Data This includes data such as: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric information (e.g. where used for ID purposes); health; sex life or sexual orientation.

Where did we get your Personal Data from?

Aspens may collect your personal data in a variety of ways including your application forms, CVs, your passport or other identity documents, or collected through interviews or other forms of assessment.

Aspens may also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records check.   Aspens will usually only seek information from third parties (including current employers) only once a job offer to you has been made and will inform you that it is doing so.

Data will be stored in a range of different places, including on your application record, in Aspens internal HR management systems and on other Aspens IT systems (including email and cloud-based servers).

What is the legal basis and purpose for Aspens to hold your Personal Data?

In all cases, applicants provide us with their own data on a voluntary and consensual basis in order to be assessed for suitability for a particular role. Aspens then has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

Special category data is collected and processed in order to make reasonable adjustments to support applicants during the recruitment process and to carry out its legal obligations and exercise specific rights in relation to employment. This information is not shared with staff who are responsible for recruitment and selection and is anonymised before being retained for statistical and equal opportunities monitoring purposes.

What do we do with your Personal Data?

We use your data to facilitate the following recruitment elements;

• assessing your suitability as a job candidate;
• to process data to ensure that it we are complying with our legal obligations. For example, it is a legal requirement that we obtain, check and copy a successful applicant's evidence of their eligibility to work in the UK before employment starts.
• to ensure we have your relevant information prior to entering into a contract with you. We may also need to process your data to enter into a contract with you
• For some roles, Aspens is obliged to seek information about criminal convictions and offences. We seek this information because it is necessary to carry out its obligations and exercise specific rights in relation to employment.

Who else do we share your personal data with?

Aspens will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with your referees (including current/former employers) to obtain references for you, we may share your personal data with specialist third-party agencies to obtain necessary background checks and with the Disclosure and Barring Service to obtain necessary criminal records checks.

What we don’t do with your Personal Data

Aspens will not use your data for any purpose other than the recruitment exercise for which you have applied.

Aspens do not use your information for profiling or automated decision making.

Aspens do not transfer your information outside of the European Union.

How do we protect your information?

Aspens has a robust Information Security Policy to ensure that your information is kept safe in both electronic files as well as hard copies.  We also have a clear and transparent Data Protection Policy to ensure we adhere to all legislative and regulatory requirements. A copy of these are available on request.

The review, understanding and implementation of these policies will also be part of the induction process for all new members of staff, regardless of their position within the organisation.

The Personal Data we hold about you has been assessed using a Data Protection Impact Analysis (DPIA) and is logged and maintained with our Information Assets Register (IAR).  The DPIA is used to measure the potential risk of the personal information we hold relating to your freedoms and rights as individuals and any potential impact if the information was breached or lost.  By completing the DPIA and subsequently categorising the data we hold within Aspens’ IAR, Aspens have implemented appropriate and proportionate measures to mitigate or lower those risks.

How long do we keep your personal data?

If your application for employment is unsuccessful, the organisation will hold your data on file for 6 months after the end of the relevant recruitment process. If you agree to allow the organisation to keep your personal data on file, the organisations will hold your data on file for a further 6 months (one year in total) for consideration for future employment opportunities. At the end of that period or once you withdraw your consent, your data is securely deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice that applies to employees.

What are your Personal Data rights?

If, at any point, you believe the Personal Data we hold on you is incorrect, you want us to correct or delete that information, or you no longer want us to hold that information or contact you, you can exercise your rights under the current Data Protection Laws.  These rights include: access and obtain a copy of your data on request; require the organisation to change incorrect or incomplete data; require the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing, and; object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing.

Please note, these rights are not absolute and we may not be able to delete information that is required to maintain our business purpose, to comply with relevant legislation or that is required to facilitate the recruitment process.

For more information regarding your Personal Data Rights, please visit the Information Commissioner’s Office website:  https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Who do you contact if you have a question about this policy or about the personal data that we may hold?

Our Data Protection Officer can be contacted via email at [email protected] or by ringing 01892 822168.

How do you make a complaint about how your Personal Data is being held or processed?

Please contact our Data Protection Officer in the first instance.  They will investigate ensuring that due process is followed as set out in our Complaints Policy and Procedures.

If you are not satisfied with the response or believe we are processing your data not in accordance with the law, you can complain directly to the Information Commissioner’s Office on 0303 1231113 or follow the instructions on their website; https://ico.org.uk/concerns/

Privacy Statement for Aspens’ Job Applicants

As part of any recruitment process, the organisation collects and processes personal data relating to job applicants. Aspens is committed to being transparent about how we collect and use that data and to meeting our data protection obligations.

What Personal Data do we hold?

Personal Data is any information relating to an identifiable person (you) who can be directly or indirectly identified by using this information. We currently collect the following Personal Data about you during the recruitment process when you apply for a job with Aspens;

1. Name
2. Address
3. Personal email address
4. Personal telephone number – mobile and landline if both provided
5. Information regarding any criminal convictions, including certification from the Disclosure and Barring Service (where applicable to the role)
6. Business email address
7. Details of your qualifications, skills, experience and employment history
8. Information about your current level of remuneration, including benefit entitlements
9. Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process
10. Information about your entitlement to work in the UK
11. Some roles also require psychometric testing, which may include more sensitive data about your personal traits

As part of Aspens dedication to equal employment opportunities, we may ask job applicants to complete an Equal Opportunities Form. The information within this form is categorised as Special Category Data This includes data such as: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric information (e.g. where used for ID purposes); health; sex life or sexual orientation.

Where did we get your Personal Data from?

Aspens may collect your personal data in a variety of ways including your application forms, CVs, your passport or other identity documents, or collected through interviews or other forms of assessment.

Aspens may also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records check.   Aspens will usually only seek information from third parties (including current employers) only once a job offer to you has been made and will inform you that it is doing so.

Data will be stored in a range of different places, including on your application record, in Aspens internal HR management systems and on other Aspens IT systems (including email and cloud-based servers).

What is the legal basis and purpose for Aspens to hold your Personal Data?

In all cases, applicants provide us with their own data on a voluntary and consensual basis in order to be assessed for suitability for a particular role. Aspens then has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

Special category data is collected and processed in order to make reasonable adjustments to support applicants during the recruitment process and to carry out its legal obligations and exercise specific rights in relation to employment. This information is not shared with staff who are responsible for recruitment and selection and is anonymised before being retained for statistical and equal opportunities monitoring purposes.

What do we do with your Personal Data?

We use your data to facilitate the following recruitment elements;

• assessing your suitability as a job candidate;
• to process data to ensure that it we are complying with our legal obligations. For example, it is a legal requirement that we obtain, check and copy a successful applicant's evidence of their eligibility to work in the UK before employment starts.
• to ensure we have your relevant information prior to entering into a contract with you. We may also need to process your data to enter into a contract with you
• For some roles, Aspens is obliged to seek information about criminal convictions and offences. We seek this information because it is necessary to carry out its obligations and exercise specific rights in relation to employment.

Who else do we share your personal data with?

Aspens will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with your referees (including current/former employers) to obtain references for you, we may share your personal data with specialist third-party agencies to obtain necessary background checks and with the Disclosure and Barring Service to obtain necessary criminal records checks.

What we don’t do with your Personal Data

Aspens will not use your data for any purpose other than the recruitment exercise for which you have applied.

Aspens does not use your information for profiling or automated decision making.

Aspens does not transfer your information outside of the European Union.

How do we protect your information?

Aspens has a robust Information Security Policy to ensure that your information is kept safe in both electronic files as well as hard copies.  We also have a clear and transparent Data Protection Policy to ensure we adhere to all legislative and regulatory requirements. A copy of these are available on request.

The review, understanding and implementation of these policies will also be part of the induction process for all new members of staff, regardless of their position within the organisation.

The Personal Data we hold about you has been assessed using a Data Protection Impact Analysis (DPIA) and is logged and maintained with our Information Assets Register (IAR).  The DPIA is used to measure the potential risk of the personal information we hold relating to your freedoms and rights as individuals and any potential impact if the information was breached or lost.  By completing the DPIA and subsequently categorising the data we hold within Aspens’ IAR, Aspens have implemented appropriate and proportionate measures to mitigate or lower those risks.

How long do we keep your personal data?

If your application for employment is unsuccessful, the organisation will hold your data on file for 6 months after the end of the relevant recruitment process. If you agree to allow the organisation to keep your personal data on file, the organisations will hold your data on file for a further 6 months (one year in total) for consideration for future employment opportunities. At the end of that period or once you withdraw your consent, your data is securely deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice that applies to employees.

What are your Personal Data rights?

If, at any point, you believe the Personal Data we hold on you is incorrect, you want us to correct or delete that information, or you no longer want us to hold that information or contact you, you can exercise your rights under the current Data Protection Laws.  These rights include: access and obtain a copy of your data on request; require the organisation to change incorrect or incomplete data; require the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing, and; object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing.

Please note, these rights are not absolute and we may not be able to delete information that is required to maintain our business purpose, to comply with relevant legislation or that is required to facilitate the recruitment process

For more information regarding your Personal Data Rights, please visit the Information Commissioner’s Office website:  https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/