Three People Ltd – GDPR Candidate Privacy Statement
As part of any recruitment process, Three People Limited collects and processes personal data relating to job applications from candidates. We are committed to transparency about how we collect, process and retain all data and to meeting our Data Protection obligations at all times.
What information do we collect?
Three People Limited collects a range of information from candidates which may include:
We may collect this information in a variety of ways. For example from application forms, CVs, job board profiles or covering letters, or from your passport, driving licence or other identity documents, or through telephone and/or face to face discussions.
We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you prior to doing so.
Data may be stored in a range of different places including your application record, our CRM systems and/or on other IT systems e.g. email.
Why does Three People Limited process personal data?
As a business involved in recruitment activities, Three People Limited has an explicit and legitimate interest in processing personal data during our daily trading activities and for keeping records of this process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm candidates’ suitability for employment and to promote relevant candidates to our clients for further consideration.
We may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief to monitor recruitment statistics. We may also collect information about whether or not applicants are disabled in order to make reasonable adjustments for candidates with a disability.
We process this information and data in order to carry out our legal obligations and to exercise any specific rights in relation to your employment opportunities.
Who has access to data?
Your information may be shared internally for the purposes of the recruitment process. This includes the Three People recruitment team, IT staff where access to the data is necessary and the specific client on whose behalf we are advertising a vacancy.
We will not share your data with any other third party without your prior consent in writing.
We may need to share your data with former employers or ‘employment background check providers’ to obtain references on behalf of your new employer, but we will only do so with your prior consent in writing.
How does Three People Limited protect data?
In conjunction with our IT team and outsourced providers, we have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed – and is only accessed by our employees in the proper performance of their duties.
For how long does Three People Limited keep data?
If your application is unsuccessful, we may keep your personal data on file in case of future employment opportunities for which you may be suitable. We will ask for your consent to keep your data for this purpose if this period extends for longer than 6 months.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to our CRM system and may be retained during the period of your employment or longer. You are free at any stage to request that this data be deleted and we will do so immediately.
As a data subject, you have a number of rights regarding the data we hold about you including:
If you would like to exercise any of these rights, please contact James Walker at firstname.lastname@example.org
If you believe that we have not complied with your Data Protection rights, you can complain to the Information Commissioners Office. You may also wish to submit a Subject Access Request (SAR).
Subject Access Request (SAR) Forms, Policy and Procedures
If you wish to contact us to request this information, we may consider this as a Subject Access Request (SAR)
SARs from any individual should be made by email addressed to our Data Controller / Data Protection Officer – currently James Walker – at email@example.com (or letter if preferred to 139 High Street, Portishead, Bristol, BS20 6PY).
We will then provide a standard request form, although you do not have to use it, through which to formally submit your SAR.
We may, upon discretion, make an administrative charge of £20.00 to process your request.
We will provide the relevant data within 14 days of written submission.
We will always verify the identity of any individual making such a request (SAR) prior to releasing any information.
Our procedures in the event of a Data Breach
We recognise our responsibility to inform the Information Commissioner’s Office (ICO) of any data breach that risks people’s rights and freedoms within 72 hours of becoming aware of it. Our initial contact will confirm the nature of the data affected, how many people are impacted, what the consequences could mean for them, and what measures we have actioned or plan to action in response.
We will inform the people affected by the data breach as soon as practically possible and within the deadline of 72 hours.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to Three People Limited during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.