ENSEK's Job Applicant Privacy Notice

Job Applicants

Individuals who are applying for or are being considered as candidates for a job with us.

What is the applicable law?

This document is a privacy notice published to comply with Article 13 and Article 14 of the UK GDPR.

You can find out more information here: Information Commissioner's Office; UK GDPR; and Data Protection Act 2018.

What is our commitment as controllers?

The controller of your data is the person ultimately responsible for the processing of your data.

As the controller of your data, we are committed to complying with our legal obligations as controller of your personal data, and to transparency about what we use your data for.

Our legal obligations are set out in: the UK GDPR and DATA PROTECTION ACT 2018 (supplements the UK GDPR).

As controllers, we comply with the DATA PROTECTION PRINCIPLES when gathering and using personal information. We seek to ensure that our information collection and processing are always proportionate.

We will inform you of any material changes to the information we collect or to the purposes for which we collect and process it.

Recruitment Agents

If you apply for a role with us through a third-party recruiter, then they will also process your data in accordance with their own privacy notice, and they will be the data controller for their processing, and we will be the data controller for our processing. Please contact them to ask for a copy of their privacy notice.

Must you provide data?

We need you to provide the personal data, in order to operate the recruitment process, verify your identity and right to work, check your background, obtain references, and assess your suitability, and negotiate any employment contract.

If you do not provide the personal data we reasonably ask for, we may terminate the recruitment process.

No automated decision making

We do not use automated decision-making tools or processes to arrive at employment-related decisions.

Contracts

When we refer to a contract in this privacy notice, we mean the employment contract you are applying for.

Any questions?

If you have any questions, please contact our head of talent in the first instance, and then our data protection officer.

Our Company Name

ENSEK Ltd

Our Company Number

07167027

Our Country of Registration

England and Wales

Our Registered Office

Hounds Gate, 30-34 Hounds Gate, Nottingham, England, NG1 7AB.

This is also our postal address and head office.

Our Website

https://ensek.com/

Our Careers Email

careers@ensek.co.uk

Data Protection Email

dataprotection@ensek.co.uk

Our Head of Talent

John Brown

Our Data Protection Officer

Julian Turner

Our Head of Information Security

Trish Sewell

Assessments

Assessments, opinions, judgments, and decisions made in respect of your job application and suitability for the job.

Application

Your application details, including cover letter, and the location and role applied for.

Academic History

Information about your academic history, including schools and higher education, degrees and post-graduate education, and vocational training.

Biography

Biographical details, including hobbies, interests, and background, from your CV.

Claims

Information relating to any legal claims made by you in connection with your recruitment for use in dealing with and defending or settling those claims.

Contact Details

Your contact details.

Your personal and work email addresses.

Your personal and work telephone and mobile numbers.

CV

The information contained in your CV, includes employment and education history, leisure, interests, skills, and hobbies.

Employment History

Your employment history.

Your previous employers and your role with those previous employers.

Start and end dates of previous employments.

Salary, benefits, and notice period with current/previous employer.

Health

Information regarding your health, medical conditions, and disabilities, if included in your CV, or where needed in order to make appropriate adjustments and arrangements for interviews to account for these.

Identity Details

Your name, home location, address, date of birth, and age.

Your image, in photographic form, if you chose to provide it in your CV or in our online application system.

We use these at the interview stage simply to establish initially who is applying for the role. Full verification checks are carried out if you are offered the job.

Recruitment Agency

The recruitment agency you were introduced through.

Any other channel you were introduced to or applied through.

References

Details of your referees.

If you are offered the job, then we may also take up and store references.

Right to work

Information about your right to work in the country where the role is based.

At the interview stage, this is to give us an indicative view.

If you are offered the job, then we will also ask for proof (including your share code from HMRC).

Social Media

Details about you from your LinkedIn account as published by you, to help us prepare for interviews with you and assess you for the role applied for.

Skills and Qualifications

Your professional qualifications, skills, and experience.

Tests and Assessments

Tests and assessments we administer with you, to test your skills and capabilities, including scores.

From Forms You Complete

We obtain it from the forms you complete.

You may have provided it through a job application form online.

You may have provided it through an online job board or other third-party recruitment services (such as LinkedIn jobs).

You may have provided it in a computer file you have filled in.

You may have provided it through a paper form you have completed.

From Your Messages and Documents

We obtain it from any CV you provide, or from any other documents or documentary evidence you provide, such as passports and proofs of address, identity and right to work.

We obtain it also from emails and written messages you send to us (including inquiries you may send about jobs and placements).

We obtain it from your public LinkedIn account.

From Conversation With You

We obtain it from conversations with you, which may include phone calls, video calls, interviews, emails, and instant messaging.

From A Recruitment Professional

We obtain data from a recruitment professional that was involved in your recruitment with us, or who put you forward as a candidate.

From Our Own Staff

We may obtain information about you where our own staff provides us with your CV and/or other details, as part of any referral scheme we operate internally.

From Third Parties

We may obtain information about you from the following third parties:

• Recruitment professionals involved in your recruitment with us.
• Our own staff referring you as a potential job candidate.

Also, if you are offered the job, we may obtain information from third parties for verification purposes including:

• HMRC
• Home Office
• Referees.

Contract

We need to use your data to enter into or perform a contract with you. This includes entering into and performing an employment contract or service contract.

Legal Obligation

We need to do so to comply with a legal obligation or exercise a legal right. This could be a statute.

In Your Interest

We need to do so, to protect your vital interests. This could include care for your health and safety.

Our Legitimate Interest

We do so for our "legitimate interests". This is flexible ground which we must prove. It requires a judgment on our part but is typically doing something you would normally expect, or there is a compelling justification.

Your Consent

If the above does not apply, we would need to get your consent for the specific use. This could be an explicit documented consent, or it could be implicit because you have requested some action to be taken involving your data.

Employment Law

The processing is in the field of employment and social security and social protection law and is authorised by law.

Occupational Health

The processing is necessary for preventative or occupational medicine, assessing your fitness to work, and provision of health or social care.

Public Data

You placed the data into the public domain intentionally.

Claims

The processing is needed to make or defend a legal claim.

Consent

If none of the above apply, you have given a clear explicit, and informed consent to the specific use.

Area

Purpose

Examples

Legal Basis

Administration

To administer the recruitment process.

Keeping a record of your application.

Arranging and holding interviews, making decisions, informing you, and keeping records.

Auditing our recruitment and other processes and reviewing decisions made.

Contract: Preparing for a contract with you.

Legitimate Interest: Operating a fair and well-run recruitment process.

Assessment

To make an assessment of your suitability and a decision as to your appointment.

Considering your skills, experience, and qualifications.

Assessing your general aptitude and attitude and personal qualities.

Comparing you with other applications.

Contract: Preparing for a contract with you.

Legitimate Interest: Operating a fair and well-run recruitment process.

Contacting You

Contacting you and your next of kin.

We may contact you by letter, email, or phone where appropriate in relation to your application.

We may arrange interviews and inform you of the outcome at all stages.

Contract: To enter into an employment or services contract with you.

Legitimate Interest: To properly deal with your application.

Entitlement to Work

To record your entitlement to work, but without verifying it at the interview stage.

If you are offered employment, then we may also require proof of your entitlement to work.

-

Legitimate Interest: To ensure that we are lawfully employing our staff.

Health and Fitness To Work

At the interview stage, we would use health data to make reasonable adjustments for interviews.

If you are offered the job, then we would process health data to assess fitness to work and make reasonable adjustments in the workplace.

To assess your medical conditions and allergies.

To assess any disabilities and reasonable adjustments we may need to make.

Identity

To record your identity and address, but without verifying this at the interview stage.

If you are offered the job, then we may verify your identity and address and require proof of this.

If we verify your identity, we may check identity documents, such as a passport and driving license, and check your address, including through utility bills.

Contract: To enter into and perform an employment or services contract with you.

Legitimate Interest: To know who our candidate is and where they can be contacted in relation to the application. To inform our relevant managers of your application.

Recruitment Agents

To recruitment agents who introduced you, to let them know the outcome and pay them any commission due.

To verify the applicability of any restriction periods preventing us from engaging you directly.

-

Legitimate Interest: To be able to use recruitment agents to find staff.

References

To capture reference details assessing your suitability for the role you applied for.

Obtaining references from your referees.

Sharing those references with managers responsible for interviewing you and making decisions.

Reviewing those references to assess your suitability and prepare for interviews with you

Contract: To prepare for entering into a contract with you.

Legitimate Interest: To be able to fairly judge your suitability for the role, and against other candidates.

Auditors

We may share your personal data with any third party that is auditing our business and controls, including our security measures and operational controls, for the purposes of evidence, but only to the extent reasonably required for such evidence.

It will be shared securely, and under a non-disclosure agreement; and is shared normally to the auditors' secure evidence repository.

Other Staff

We may share your information where relevant with other staff who are to be involved in interviewing you or making decisions on your employment.

If you are successful we may share your information with our HR staff to commence your joining process with us.

Recruitment Agents

To recruitment agents who introduced you, to let them know the outcome and pay them any commission due.

Referees

To your referees as needed to provide us with a reference.

Recruitment System: Cezanne

Section We use the recruitment cloud service provided by Cezanne to store your CV and application details and track your application.

Your CV is shared securely by a link from Cezanne to staff who will be involved in your recruitment only.

Microsoft 365 and SharePoint

ENSEK uses Microsoft 365, Exchange, and SharePoint for its general email, messaging, document creation, document storage and document sharing.

Your personal data may appear there in an ad-hoc form where you are referenced in any emails or meetings in connection with your recruitment, including emails and contacts from you about placements and recruitment which may be stored in Microsoft systems.

ISO 27001

We are certified to and aim to keep certified to ISO 27001, which requires us to have a security management system and to maintain a wide range of security controls. See LINK: ISO 27001

ISO 27701

We are also certified to and aim to keep certified to ISO 277001, which is an extension to ISO 27701 for privacy information management. See LINK: ISO 27701

SOC

We have our security controls audited independently by an auditor under the ISAE 3402 audit standard. See LINK: ISAE 3402

Data Breach

We have procedures in place to deal with any suspected data security breach affecting your data.

We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Other Measures and Controls

The above standards and audits require and examine all our security and privacy measures and controls, which we have in place to protect against unauthorised use, access to, change to, or disclosure of your data, against viruses and other malicious software, and against unauthorised access to our equipment, offices, networks, cloud systems, and databases.

These measures and controls cover areas such as office access controls, equipment log-in, cloud system log-in, and associated roles and permissions, network and access monitoring, staff training, management, staff background checks, usage monitoring, anti-virus, and other protective software and devices, and data segregation and encryption.

System Providers

Individual system providers listed in this document have their own separate security and controls with respect to your data in their systems, and we consider these prior to using those systems.

Cloud First

We operate on a "cloud-first" basis, which means that your data is stored in secure and reputable cloud systems, rather than at any offices of ours.

Access Controls

We limit access to your personal information to those who have a genuine business need to know it.

Proportionate and Confidentially

Those processing your information will do so only in an authorised and proportionate manner and are subject to a duty of confidentiality.

Right to be informed

You have the right to be informed if your data is being used.

This document is how we are informing you.

See LINK: Article 13 and LINK: Article 14 of the UK GDPR.

Right to withdraw consent

If any processing is based on your consent, you have the right to withdraw it at anytime. Just email using our contact details in this document.

Right to stop direct marketing

You have the right to stop direct marketing at any time.

Right to a copy

You have a right to an update of the information in this document.

You also have a right to a copy of the personal data we hold about you.

See LINK: Article 15 - Paragraph 3 of the UK GDPR.

You have the right to ask for your data in a computer-readable form so that you can use it elsewhere.

See LINK: Article 20 of the UK GDPR.

Right to a correction

You have the right to request correction of your data (a right to rectification).

See LINK: Article 16 of the UK GDPR.

Right to erasure

You have the right to request the erasure of your data (also known as the right to be forgotten).

However, there are a range of exceptions to this, which mean that we do not have to erase your data if there are good reasons for retaining a copy of it.

See LINK: Article 17 of the UK GDPR.

Right to restriction

You have the right to request that we stop using your data for some purposes.

There are conditions that apply.

This means that we might still hold your data, but we would be stopped from using it for certain purposes.

See LINK: Article 18 of the UK GDPR.

Right to object to legitimate interests

If the legal basis for our using your personal data is a "legitimate interest", or we are using your data to market to you, then you can object to the processing.

See LINK: Article 21 of the UK GDPR.

We must stop the processing unless we can show that our interests should take precedence over yours.

Automated Decision Making

If we are making important decisions about using a computer, without any human involvement, then you can ask us to stop, subject to conditions.

See LINK: Article 22 of the UK GDPR.

Right to complain

We hope that our head of human resources and data protection officer can resolve any queries or concerns you have about our use of your personal data or your rights.

In any case, you have the right to complain to the Information Commissioner at any time.

Their details are:

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

ICO website: ICO Complaints Page (Link).