Beeston Shenton Solicitors Ltd (“we”, “us”, “our”, or “Beeston Shenton”) are committed to ensuring that the General Data Protection Regulations (‘GDPR’) are observed and compliance maintained at all times. This Notice ensures that where necessary any person can view Beeston Shenton’s fulfilment of the intentions of the GDPR, and the key principles to which it refers. We are committed to ensuring via the use of our Data Protection Policy, and other privacy notices we may give you in specific circumstances (including for recruitment purposes), that we explain clearly at all times how we will collect, store and use your personal data.
1. INTRODUCTION
This Privacy Statement sets out how Beeston Shenton handle the personal data in respect of job applicants. This Privacy Statement applies to all personal data we process in respect of job applicants regardless of the media on which that data is stored or whether it relates to past or present applicants.
We may update this Privacy Statement from time to time depending on the development of the legislation or any related legislation, and we will ensure that this becomes available to be viewed on our website. For the purposes of this Privacy Statement, we refer to the European Data Protection Directive 95/46/EC and all laws that give effect to it, and from 25 May 2018, the GDPR acknowledging its direct effect, or any supplementing legislation.
Please take the time to read this Privacy Statement to ensure that you understand how we may process your personal data.
2. SCOPE
We recognise that the correct and lawful treatment of personal data will maintain confidence in Beeston Shenton Solicitors Ltd and will provide for successful business operations. Protecting the confidentiality and integrity of personal data is a critical responsibility that we take seriously at all times.
Beeston Shenton is exposed to potential fines of up to EUR20 million (approximately £18 million) or 4% of total worldwide annual turnover, whichever is higher and depending on the breach, for failure to comply with the provisions of the GDPR.
All responsible parties, including employees, senior management and directors of Beeston Shenton Solicitors Ltd, are responsible for ensuring all Beeston Shenton Personnel comply with this Privacy Statement and need to implement appropriate practices, processes, controls and training to ensure such compliance.
The Data Protection Officer (‘DPO’) is responsible for overseeing this Privacy Statement and, as applicable, developing related policies and privacy guidelines. Our nominated DPO is our Managing Director, Russell Dutton who can be contacted at russell.dutton@beestonshenton.co.uk or by phone to 01782 662424 or in writing to 64 King St, Newcastle under Lyme, Staffordshire, ST5 1JB.
3. INFORMATION WE MAY COLLECT
As part of the application process for jobs at Beeston Shenton Solicitors Ltd, we may collect and process information about you through various means, including:
- Any job applications and/or CV’s submitted electronically or by post;
- By email;
- By telephone or fax;
- By other non-electronic means such as business card exchange or networking events;
- Otherwise via any other means.
We may collect, store, and use the following personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Date of birth.
- Gender.
- Marital status and dependants.
- Next of kin and emergency contact information.
- National Insurance number.
- Bank account details, payroll records and tax status information.
- Location of employment or workplace.
- Copy of driving licence and/or passport.
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
- Recruitment records (including job titles, work history, working hours, holidays, training records and professional memberships).
- Information about your use of our information and communications systems.
- Photographs.
- Results of HMRC employment and DBS Security vetting status checks.
- Each time you visit our website, we may automatically collect web usage information (including IP addresses), browser types, or time zones.
Where we hold any discussion with you via any medium, including telephone or email, we may keep a record of that correspondence.
4. HOW WE WILL USE THE INFORMATION YOU PROVIDE
We may use your information for the following purposes:
- For any reason allowed by law.
- To manage our relationship with you, including the completion of contractual obligations or other obligations pursuant to any terms of business that we have with you in respect of recruitment, recruitment applications and recruitment to roles within the firm.
- To ensure that we are fully compliant with any related legislation including but not limited to Beeston Shenton Solicitors Ltd.
- To process any job application submitted by you or by any person on your behalf
- Where it is pursuant to any other legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- To prevent any illegality as we feel is necessary.
5. GDPR PRINCIPLES
We ensure that we adhere, and are accountable, to the principles relating to the processing of personal data set out in the GDPR which requires your personal data to be:
- Processesed lawfully, fairly and in a transparent manner.
- Collected only for specific, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and where necessary kept up to date.
- Not kept in a form which permits identification of any subject of any data for longer than is necessary for the purposes for which the data is processed.
- Processed in a secure manner.
- Not transferred to another country without appropriate safeguards in place.
- Made available to you upon request subject to any Data Subject Request.
6. LEGAL BASIS FOR COLLECTING DATA
We rely on the following principles outlined in the GDPR to allow for data processing in specific purposes:
- Performance of, or entry into, a contract (for example an employment contract with you).
- Compliance with any legal obligation to which we are subject.
- Where it is pursuant to any other legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- In certain circumstances, where we need to process ‘special category data’, where we have obtained your express consent to do so. We will ensure that you are informed of your rights to withdraw at any time when we collect your consent.
7. CONSENT AND WITHDRAWAL RIGHTS
Where we process your personal data we will do so based on the consent that you have provided to us, and only for the purposes set out in this Statement. You may withdraw your consent to this processing at any time by informing our DPO via the contact details in paragraph 2 above. Where you have withdrawn your consent, we may still be able to process your personal data on other grounds which you will be informed of at the time (for example for compliance with any legal obligation).
8. YOUR RIGHTS
The GDPR, and other data protection legislation, gives you the right to access any information we hold about you. You are entitled, where applicable by law, to:
- Request access to your personal information (commonly known as a ‘data subject access request’) – this enables you to receive a copy of the information we hold about you, and to check that we are processing it lawfully.
- Request correction of the personal information that we hold about you – this enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information – this enables you to ask us to delete or remove personal information where there is no good reason for us to continue processing it.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party).
- Request the restriction of processing of your personal information – this enables you to ask us to suspend the processing of personal information about you.
- Request the transfer of your personal information to another party.
You will not have to pay a fee to access your personal information (or to exercise any of your other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.
9. SENDING INFORMATION OUTSIDE OF THE EEA
We do not share your personal data with any recipient outside of the European Economic Area (“EEA”).
10. COMPLAINTS AND INFORMATION
If you wish to contact us for any reason regarding the use of your personal data, please contact our DPO at the contact details in section 2. You also have the right to make a complaint to the Information Commissioner’s Office should you wish. For more information, please visit the ICO website at: https://ico.org.uk/concerns/handling/