1. Objective

The objective of this document is to provide job applicants with information about how personal data will be used.

2. Scope

This notice applies to all external job applicants (“you”).

3. Principles

You are being provided with a copy of this Privacy Notice because you are applying for work with Memiah Limited (“Memiah Limited/we/us”) (whether you are applying as an employee, worker or contractor).

As part of the recruitment process, Memiah Limited collects and processes personal data relating to job applicants. The business is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

We aim to provide you with certain information that must be provided by us under the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and in accordance with this Privacy Notice.

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

3.1. What information does the business collect about you?

We collect and process a range of information during our recruitment processes including:

  • Your name, address and contact details, including email address and telephone number;
  • Details of your qualifications, skills, experience and employment history;
  • Information about your current level of remuneration, including benefit entitlements;
  • Whether or not you have a disability for which the business needs to make reasonable adjustments during the recruitment process;
  • Any information you provide to us in an interview;
  • Information about your entitlement to work in the UK; and
  • Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief, as appropriate.

3.2. How is information collected?

We collect information in a variety of ways. For example, data might be contained in application forms, CVs, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

We may also collect personal data about you from third parties, such as recruitment agencies, where references are supplied by former employers and information from employment background check providers. We will only seek information from referees or any third party used for background checks, once a job offer to you has been made and we will inform you that we are taking such steps.

3.3. Where is the information stored?

Data will be stored in a range of different places, including on a central recruitment record, in HR management systems and on other IT systems, including email.

3.4. Why does the business process personal data?

The business needs to process data for various reasons including taking necessary steps to contact you and, if applicable, prior to entering into a contract with you. We may also need to process your data to enter into a contract of employment with you.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, the business is required to check a successful applicants eligibility to work in the UK before employment starts.

The business has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. The business may also need to process data from job applicants to respond to and defend against complaints or claims.

In addition, we may process information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability in order to carry out its obligations and exercise specific rights in relation to employment practices.

Where the business processes other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief as part of its recruitment practices, this for equal opportunities monitoring purposes.

If your application is unsuccessful, we may keep your personal data on file in case there are future employment opportunities for which you may be suited for a maximum of 24 months. You are free to withdraw your consent at any time.

3.5. If you fail to provide personal information

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully.

3.6 Who has access to your data?

We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions

3.7. How does the business protect your data?

We take the security of your data seriously. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.

3.8. How long is data held for?

If your application for employment is unsuccessful, we will hold your data on file for 12 months after the end of the relevant recruitment process. At the end of that period, unless you otherwise withdraw your consent at an earlier stage, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment, in which case, retention periods will be covered by a separate privacy notice.

3.9. Your rights

As a data subject, you have a number of rights including:

  • Obtaining a copy of access to your data on request;
  • Requiring the business to change incorrect or incomplete data;
  • Requesting that data be deleted or processing of your data be ceased, for example where the data is no longer necessary for the purposes of processing;
  • Objecting to the processing of your data where the business is relying on its legitimate interests as the legal ground for processing;
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and
  • Request the transfer of your personal information to another party.

If you would like to exercise any of these rights or have any questions or concerns, please contact the HR Manager.

You also have the option to address any concerns relating to your data protection rights directly with the Information Commissioner.

4. How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The ​GDPR​ also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at ​https://ico.org.uk/concerns/​ or telephone: 0303 123 1113.

5. How to contact us about this Privacy Notice

Our Data Compliance Manager is in charge of answering questions about this privacy notice or your requests to exercise your rights which are set out above. The Data Compliance Manager may be contacted at Memiah Limited, Building 3, Riverside Way, Camberley, Surrey GU15 3YL, or via email at ​privacy@memiah.co.uk​.