Applicant Privacy Notice
Limitless Digital Group
Data Protection Officer:
Tom Jones – Commercial Director
This privacy notice explains how Limitless Digital collects and processes personal data from job applicants in respect of any recruitment process within the organisation. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
What information does Limitless Digital collect?
We collect a range of information about you. This includes:
- your name, address, email and contact details (telephone number);
- details of your qualifications, skills, experience and employment history;
- details of any professional membership (if applicable)
- information about your current level of remuneration;
- whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process;
- information about your entitlement to work in the UK;
- information about any unspent convictions. (spent convictions do not have to be declared)
- whether you have a driving license, use of a car and endorsements (this information is only requested from applicants applying for roles where driving is a requirement of the post.)
Limitless Digital collects this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents or collected through interviews or other forms of assessment, including online tests.
Limitless Digital will also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks. We will only seek information from third parties once a job offer to you has been made.
Why does Limitless Digital process personal data?
In some cases, Limitless Digital needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.
Limitless Digital has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
Limitless Digital has a legitimate interest in ensuring the suitability of the appointable candidate and has a legal obligation to ensure a safe working environment. As such, the appointable candidate will be asked to complete a pre-employment medical questionnaire so that we can ensure they are fit to undertake the duties of the post and any reasonable adjustments required can be understood and considered. The appointable candidate will also be asked to complete a criminal record declaration to declare any unspent criminal convictions or cautions. This is to ensure they remain suitable for appointment to the role. No candidate will be asked to disclose spent convictions or cautions.
Where we rely on legitimate interests as a reason for processing data, Limitless Digital has considered whether or not those interests are overridden by the rights and freedoms of applicants or workers and has concluded that they are not.
For those applicants who are successful, we also need to process your data to enable us to enter into a contract with you.
We will request the successful applicant’s consent, to send any offer of employment, contractual documents or new starter documents via email; for speed of delivery and receipt. A successful applicant will be asked to provide a personal email address to enable this information to be shared. Should an applicant not wish to provide consent to share a personal email address, then the post will be used for sharing correspondence.
Limitless Digital operates CCTV recording on all our premises, both internally and externally. To process this data, we rely upon our legal obligation and legitimate interest. CCTV recording is in place for the following reasons:
- To ensure the security of all equipment, goods and property owned by Limitless Digital.
- To ensure that all health and safety responsibilities, obligations and standards are achieved. To minimise any potential health and safety risks and to ensure the safety of employees, contractors and visitors when on site.
- To risk assess the immediate level of emergency following any out of hours contact to report an incident to us i.e. fire
- To review footage following a reported incident, accident, error or claim to determine the course of events, inform immediate and future action required and where relevant to provide a statutory defence.
CCTV monitoring of any individual which provides facial recognition would be considered special category data. Special category data is therefore captured for employees, contractors, visitors and members of the public who come on site.
CCTV records are stored internally at Limitless Digital for a period of 31 days at which point the content is overwritten by new recordings. The information would only be retained for a longer duration following an accident or incident. In this scenario the information would be retained until the matter is resolved, in the case of personal injury claims, internal disciplinary proceedings or criminal prosecutions, this information would be retained until the relevant legal process has been fully exhausted. The CCTV recordings are stored on 3 hard drives which are kept in fire-resistant locked cabinets.
Clear signage is in place near camera locations and on entrance gates to notify individuals of the CCTV recording. Cameras are limited to locations deemed as high risk for potential security or safety breaches. Access to CCTV recordings is restricted and limited to two employees and access to information is password protected.
Limitless Digital has engaged a third-party security firm to monitor CCTV out of hours. The security service company undertaking external monitoring is called Lodge Services. Lodge Services retain the CCTV data for a period of 3 months on a secure server before deleting this data. The security of the footage is contained in a BS5759 NSI approved alarm receiving centre in Redditch. No data is transferred outside of the UK.
Who has access to data?
Your information will be shared internally for the purposes of the recruitment exercise. This includes; members of the HR team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
Limitless Digital will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. We will then share your data with; former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.
How does Limitless Digital protect data?
Limitless Digital takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
All applicant information is only made available to those who have the right to see it. We employ various levels of security to protect all information including (but not limited to):
- Securing systems and networks – this ensures that only users who have the correct level of security can access any sensitive data.
- Staff training – all staff are aware of the importance of data security and how they must handle information correctly.
- Regular testing and updates – systems are constantly updated to ensure that they will not become vulnerable to evolving security threats.
Where does Limitless Digital store data?
All information relating to recruitment processes and applicant data is stored in the following locations:
- On People HR (our HR Management System) This information is stored securely and restricted access is in place to ensure that only authorised individuals who require access for the performance of their role can view information. People HR have confirmed that your data will never be moved outside of the EEA (European Economic Area). People HRhas been independently audited, and meets the requirements for BS EN ISO 27001:2013 registration. This means that the way they own, store, transfer, access, back up, monitor, test and review our security procedures, has been independently verified to an internationally recognised standard.
For how long does Limitless Digital keep data?
Application Forms & CVs
If your CV or application for employment is unsuccessful, we will hold your data for 12 months after the end of the relevant recruitment process.
If your CV or application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file. The periods for which your data will be held will be provided to you in a new privacy notice.
Limitless Digital do not accept speculative CV’s where no relevant vacancy is currently available. In this circumstance, we will check to determine whether any relevant vacancies are available and if they are, then the applicant will be asked whether they wish to be considered for the vacancy. The applicant will also be made aware of our Applicant Privacy Notice so that they understand what data is processed and how long it will be retained. If there is no relevant vacancy available at the point a speculative CV is received, then the individual will be notified and advised of the organisation’s decision not to accept and retain their CV. The CV will then be deleted from all records with immediate effect.
Pre-Employment Medical Questionnaire
All successful candidates will be asked to complete a pre-employment medical questionnaire. This is to ensure they are fit to undertake the duties of the post and to enable us to understand and consider any reasonable adjustments which may need to be put in place. This information will be securely retained for 6 years post-employment in line with all core personnel information, due to the maximum time limit for most employment claims.
Criminal Record Declaration Form
All successful candidates will be asked to complete a criminal record declaration once a job offer has been made. The successful applicant will be asked to declare any unspent criminal convictions or cautions to ensure they remain suitable for employment. No candidate will be asked to declare spent convictions or cautions. This information will be retained securely for 12 months post-employment, due to the maximum time limits for most employment claims.
Does Limitless Digital transfer any applicant data outside of the EEA?
Limitless Digital does not transfer any recruitment or applicant data to countries outside the EEA. Limitless Digital currently uses a third-party provider ‘SummitHR’ for administering Belbin assessments as part of our recruitment processes. Therefore, limited applicant data is transferred to SummitHR which is stored securely on a UK based server. To ensure data security, Summit HR includes physical access controls, restriction of access to and encryption of data stored on automatically updated systems, protected by hardware and software firewalls, antimalware solutions and multi-layered business continuity and disaster recovery strategies. Any Summit HR employee who processes your personal data as part of their role does so under a duty of confidentiality and has been trained on data protection standards which are in line with GDPR.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require that we change incorrect or incomplete data;
- require that we delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing; and
- ask that we stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override Limitless Digital’s legitimate grounds for processing data.
If you would like to exercise any of these rights, please send an email to firstname.lastname@example.org
If you believe that Limitless Digital has not complied with your data protection rights, you can complain to the Information Commissioner.
Limitless Digital do not make any recruitment decisions which are based solely on automated decisions or processes. Limitless Digital currently uses Belbin assessments as part of their recruitment processes. A Belbin assessment requires an applicant to answer a number of pre-set questions, following which a personalised report is produced. Belbin is a form of behavioural assessment that is used to identify a person’s strengths and weaknesses. It helps individuals to fulfil their potential by identifying their key strengths, it also enables the right people to be matched with roles based on the core attributes and competencies required for that vacancy. No recruitment decisions are based solely on a Belbin assessment, as this is only one part of several selection techniques which are used to determine the appointable candidate.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to Limitless Digital during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.