RECRUITMENT PRIVACY POLICY
In this privacy policy we will set out how we collect and process personal data.
We will also set out our data breach procedures. Shop Circle Ltd and its
Subsidiaries are committed to protecting the privacy and security of your
personal information. We only collect and use personal data in line with the
General Data Protection Regulation, the Data Protection Act and any other
applicable laws and regulations.
This Privacy Notice informs you (the ‘data subject’) about our processing
activities: the data we hold, why we use it, how long we will retain it for, and
other relevant information.
Any questions and requests regarding personal data may be sent to our Data
Protection Officer by sending an email to: privacy@shopcircle.co
Candidate Data
In the collection of this data we will ask our candidates for their explicit consent
for personal data to be collected and used. This consent will form the lawful basis
for the processing and will be asked for at the time of submitting your interest in
employment.
Information we collect
-How we store this data
-What rights candidates have to access their data
-The right for candidate data to be deleted on request
-The reasons why we are storing candidate data
-How long we keep this data
-Who we share this data with
Information we collect
We collect information for the purposes of recruitment. The information we need
for this are:
Name and address, current CV, all qualifications for the role applied for, contact
information to include telephone numbers and email address.
References from former employers, bank account details, National Insurance
number, photographic ID, work permit (if applicable) and Photo ID.
How we store this data
All data collected will be stored digitally on secure computers and paper files will
be stored in locked cabinets.
What rights candidates have to access their data
Candidate information is held in a transparent and lawful manner and can be
accessed on request at any time in writing.
The right for candidate data to be deleted on request
A candidate has the right of erasure of all personal data held when they cease to
be interested in a role, with the exception of information we are lawfully obliged
to keep for Government agencies.
The reasons why we are storing candidate data
The reason we hold personal data on our candidates is so we can lawfully contact
data subjects should a role become available or to progress their applications for
work.
How long we keep this data
We will keep this data for 5 (five) years from the day the candidate applies. We
have to keep all payroll data for a period of 5 years from the last date the
candidate worked.
Who we share this data with
By consenting to using your personal data for the purposes of recruitment we will
share your information with third parties for the purposes of recruitment only.
Data Breach Procedures
INFORMING THE INFORMATION COMMISSIONER’S OFFICE
1. In the case of a personal data breach, the controller shall without undue
delay and, where feasible, not later than 72 hours after having become
aware of it, notify the personal data breach to the Information
Commissioner’s Office in accordance with Article 55, unless the personal
data breach is unlikely to result in a risk to the rights and freedoms of
natural persons. Where the notification is not made to the ICO within 72
hours, it shall be accompanied by reasons for the delay.
2. The processor shall notify the controller without undue delay after
becoming aware of a personal data breach.
3. The notification referred to in paragraph 1 shall at least:
4.
-Describe the nature of the personal data breach including where possible,
the categories and approximate number of data subjects concerned and
the categories and approximate number of personal data records
concerned;
-Communicate the name and contact details of the data protection officer
or other contact point where more information can be obtained;
-Describe the likely consequences of the personal data breach;
-Describe the measures taken or proposed to be taken by the controller to
address the personal data breach, including where appropriate, measures
to mitigate its possible adverse effect.