Candidate Privacy Notice
What this privacy notice covers
Personal data that we collect
How and why we use personal data
Providing your personal data to others
Protecting your data
Retaining and deleting personal data
The data controller is Hillarys Blinds Limited (‘us’, ‘we’) and to our website www.hillarys.co.uk (our site). Our data protection officer (referred to in this document as the ‘DPO’) can be contacted at DPO@hillarys.co.uk or at the address below:
Data Protection Officer, Hillarys, Private Road No2, Colwick Business Park, Colwick, Nottingham, NG4 2JR
As part of our candidate application and recruitment process we collect, process and store personal information about you. We process this information for a range of purposes relating to the recruitment process and this may include your application, assessment, pre-employment screening, and your worker permissions.
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data; in this notice we explain how we handle your personal data.
Where we process personal information which is defined as ‘special category’s under GDPR, we will always obtain your explicit consent to those activities unless this is not required by law. Where we are processing data based on your consent, you have the right to withdraw that consent at any time. See ‘your rights section’ for the details of how to withdraw consent.
Special category data is defined as personal information relating to the following:
- ethnic origin;
- information about medical or health conditions, including whether or not you have a disability for which the Company needs to make reasonable adjustments
- gender identity
- sexual orientation.
In order to manage your application, we need to process certain personal information about you. The purposes for this are set out below. We only process your information as necessary for the purposes of progressing your application or as otherwise required by law, so not all of the purposes set out below will apply to you all of the time.
Much of the information we hold will have been provided by you, but some may come from other sources, such as referees with your consent only.
The Company may collect this information in a variety of ways such as through applications forms, your use of our careers site, CV’s, from correspondence directly with you, or through interviews, meetings or other assessments.
When you apply for employment at Hillarys (either directly or through an agency) we will collect:
- your name,
- date of birth;
- contact details, including your telephone number, e-mail address and postal address,
- right to work information (e.g. passport)
- application form, CV
- current and previous employment details;
- details of your education, qualifications.
As part of the ongoing recruitment process we may collect:
- special category information relating to race, ethnic origin, religion, disability, gender identity and sexual orientation, this is not mandatory information and will not affect your application if you do not provide it;
- notes from face to face or telephone interviews;
- results from any tests which you are asked to take;
- results from behavioural assessments;
- results from technical assessments.
- CCTV footage of you
When you link your Social Network Site to our site, or sign-in to the site via those Social Network Sites through the integrated functionality available on our site.
If you link your LinkedIn account we may collect:
- Personal Data contained in the following fields: name, headline and summary, job title, current employer, employment history, recommendations and contact details made publicly available (such as phone number and email address).
If you connect your Facebook account we may collect:
- Personal Data contained in the following fields: name, email address, employer and job title.
If you connect your Twitter account we may collect:
- Personal Data contained in the following fields: first name and public website.
We need to process data in order to provide our recruitment services to you and to facilitate the recruitment process. In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, it is required to check a candidate’s entitlement to work in the UK, or in order to make reasonable adjustments for candidates to attend interviews/assessment centres.
To manage your application
In order pursue our legitimate interests in managing your application with us we need to process a range of information about you such as details of your qualifications, skills, experience and employment history, including start and end dates with previous employers.
Your information may be shared internally, including with members of the HR team who have responsibility for certain HR processes (e.g. recruitment, assessments, pre-employment screening), and those employees who would have managerial responsibility for you or are acting on their behalf, in the business area in which you may work and IT staff if access to the data is necessary for performance of their roles.
As part of your application we may collect information about you from linked social media accounts sites by taking a snapshot and merging this with other data captured through the online application form to create a single profile. We do not review your accounts, and will not collect information which is not required for your application with us such as connections or friends lists, likes or wall posts.
We may obtain your contact details from publicly available sources, including content that you have made public on Social Network Sites or similar sites for professional purposes to make an initial contact with you for recruitment purposes. We will only do this where you have made your contact details available to us to contact you for recruitment purposes.
We will use the information we have collected from you to help us decided if you are a suitable applicant for the position for which you have applied.
You may also be invited to complete online tests and attend interviews.
To determine your competencies
It is in our legitimate interests to understand how potential candidates would fit into an existing team, and how they may develop in the future within a role. To do this we may ask you to take one or more tests to measure a range of skills, to determine your competencies in a range of areas. These tests may include:
- Psychometric tests
- Behavioural assessments
- Technical assessments
To comply with legislation
We are legally obliged to operate a safe environment. This may include gathering special categories of information about you to ensure that we have made reasonable adjustments you to attend interviews/assessment centres. We will always obtain your explicit consent, where this information is collected.
To comply with equal opportunities legislation we periodically gather information on the makeup of our workforce and candidates, including special category information such as your ethnic origin or religion. We will not gather this information without your consent, and providing the information to us is optional
In order to comply with legislation we are required to carry out checks to ensure that potential employees have a right to work in the UK, which we will do by, asking you to provide a copy of your proof of right to work, at interview, or on your first day of employment.
To ensure the safety of our staff and visitors
Due to our legitimate interests as a company to provide an increased level of security in the workplace for the benefit of those who work in or visit Hillary’s sites, we have installed CCTV in all of our premises. These cameras may capture images of you if you visit our sites.
We may share your data with your former employer in line with our legitimate interests in order to obtain pre-employment references.
We may also share your data with a 3rd party, where you are invited to complete online tests, such as psychometric tests, behavioural assessments and technical assessments to pursue our legitimate interests in determining your competencies and suitability for the role.
In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure in order to pursue our legitimate interests.
We will not transfer your data to countries outside the European Economic Area, in future if we do need to, we will only do so if adequate protection measures are in place in compliance with data protection legislation.
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where we engage with third parties to process personal data on our behalf, we do so, on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We will only keep your personal data for as long as is necessary for the purpose or purposes that it was initially obtained for.
If you are unsuccessful at any stage of the recruitment process, the information you have provided until that point will be retained for 6 months from the closure of the recruitment campaign.
Information generated throughout the assessment process, for example interview notes, will be retained by us for 6 months following the closure of the recruitment campaign.
Equal opportunities information is retained for 6 months following the closure of the recruitment campaign whether you are successful or not.
We will retain your personal data in accordance with the time periods specified above, unless obligations to our regulators require otherwise or we are required to remove such data from our records.
Under the General Data Protection Regulation you have a number of rights. Some of these are complex and not all details have been included in our summaries below. Please read the relevant guidance from the Information Commissioner’s Office on their website at https://ico.org.uk/for-the-public/ for a full explanation of these rights.
. You have the right:
- To ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
- To request from us access to personal information held about you;
- To ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
- To ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services; and
- To ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
Where use of your personal data is based on consent, you can withdraw that consent at any time You can exercise these rights at any time by contacting us at our postal address or e-mail at the end of this privacy notice.
Changes to this privacy notice
This includes, for example, in future if we intend to process your personal data for a purpose other than what it was initially collected for.
How to contact us
Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us at HRAdmin@hillarys.co.uk or DPO@hillarys.co.uk or writing to us at the address below. In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/.
HR Department, Hillarys, Private Road No 2, Colwick Business Park, Colwick, Nottingham, NG4 2JR
Data Protection Officer, Hillarys, Private Road No 2, Colwick Business Park, Colwick, Nottingham, NG4 2JR
Third party information
Numerical & Verbal Reasoning
Psychometric and Aptitude Testing