Updated December 2024

 

Introduction.

The purpose of this notice is to inform applicants for employment about how and why your personal data is used so that we are transparent and to ensure that you are aware of your rights under UK data protection legislation.

 

Data controller details.

The Company is the data controller, meaning that it determines the purposes your data is used for. Our contact details are as follows: St Andrew’s House, St Andrew’s Road

Cambridge CB4 1DL United Kingdom. Our telephone number is +44 1223 248888 and our contact email address is data.protection@innoviatech.com.

 

The purpose and legal basis for processing.

When undertaking a recruitment / selection exercise, we collect data about you in a variety of ways, such as when you submit your CV directly or when we receive it from a recruitment agency. Further information will be collected from you through third parties, such as employment agencies and former employers, when gathering confidential references. When processing your data, we must establish our legal basis for doing so and the legal basis can be different depending on circumstances in which we process it.

We will process your name and address and other contact details such as phone number and email address. We will also collect information about your employment history, experience, skills and qualifications. The legal basis for us to collect this data is Article 6.1.b UK GDPR which relates to taking steps requested by you, before entering into a contract.

If you provide information relating to reasonable adjustments under the Equality Act 2010, we will process this information under Article 6.1.c UK GDPR to compliance with a legal obligation.

Some of the data we collect may fit in the ‘special category’ data and may include health data. We must process this type of data in accordance with more stringent guidelines. Our legal basis for processing this data is Article 6.1.c UK GDPR – legal obligation and under Article 9.2.b UK GDPR – exercising our obligations in relation to employment, as well as Schedule 1 Part 1 of the Data Protection Act 2018.

Some of our positions require additional vetting and where this is the case, we require you to undertake a criminal conviction checks through the Disclosure and Barring Service. We do this on the legal basis of Article 6.1.b – performance of a contract and Schedule 1 Section 10 of the Data Protection Act 2018.

 

Sharing your data.

Your data will be shared with colleagues within the Company only where it is necessary for them to undertake their duties in relation to the recruitment / selection process, for example we may share your personal data with a prospective line manager. We share your data with third parties to obtain confidential references as part of the recruitment / selection process and check your credentials.

We also contract third parties to process your data on our behalf such as email cloud platforms and document filing systems. We may share your personal data for the purposes of arranging transportation or hospitality.

Your personal data is retained in the UK and the USA (for file storage purposes). Any data transferred to the USA is regulated by the UK addendum to the EU-US Data Privacy Framework.

 

How long we keep your data?

Personal data processed as part of a recruitment campaign will be held for up to 18 months if you are unsuccessful. We follow professional HR sector guidelines on the retention of personal data.

 

What if you do not provide personal data?

Your personal data is required for the purpose of assessing your suitability for employment and as such, if you fail to provide the information requested, we cannot offer you an employment contract.

 

Your rights in relation to your data.

The law on data protection gives you certain rights in relation to the data we hold on you. The most relevant rights to this process are:

• the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
• the right of access. You have the right to access the data that we hold on you and obtain copies of that data.
• the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you can require us to correct it.
• the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
• the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
• the right to obtain personal data maintained by us in a frequently used format, transfer it to another controller, or use it for personal purposes

If you wish to exercise any of the rights explained above, please contact us using the contact details provided.

 

Making a complaint.

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO here https://ico.org.uk/make-a-complaint/your-personal-information-concerns/