Last updated: 31 March 2021
We are Endomagnetics Limited (company number 06227698) trading as Endomag.
Our registered address is Tower 42, 33rd Floor, 25 Old Broad Street, London, EC2N 1HQ. We are registered with the Information Commissioner’s Office with number: Z3616775
If you have any questions about this Candidate Privacy Notice, including any requests to exercise your legal rights, please contact us by email to email@example.com.
Who does this policy apply to?
- This privacy notice applies to any individual who supplies personal data to Endomag in connection with an application for a role of any type (whether temporary or permanent, paid or unpaid).
- By submitting your application, you acknowledge that you have read and understood this privacy notice. If you do not wish your personal data to be used as set out, please do not submit your application or curriculum vitae.
- We reserve the right to update this privacy notice at any time. The most recent version is available on Endomag’s website. The revision date is set out at the top of this notice. Any changes in the privacy notice will apply with effect from the date of publication.
What is the purpose of this document?
- Endomag is a “data processor” and a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you whether it is gathered solely by us or passed on to us from a recruitment agency.
- This privacy notice is relevant if you are applying for work with us (whether as an employee, worker or contractor). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise and to decide whether to offer you a role or not, and for how long it will usually be retained. It provides you with certain information that must be provided under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
What data do we collect from you?
In connection with your application for work with us, we will collect, store and use the following categories of personal data about you. In each case, the source of that data has been specified:
- The personal data you have provided to us in your curriculum vitae and covering letter including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications, salary details and working hours.
- Any personal data you provide to us during an interview including copies of any documentation required for us to carry out “right to work” checks.
- Any information received from referees as a result of background/reference checks.
- Any personal data that you input into our applicant tracking system, which is sent to or accessed by Endomag in connection with a potential vacancy.
- Any information received from recruitment agencies who may provide information about you to us, including your name, title, gender, employment history, qualifications, overview of experience, suitability for the role, salary details and working hours.
- Any information received from third parties, including appointed background check providers) as a result of background checks (where applicable).
- Information about you that may be contained in publicly accessible sources (eg LinkedIn).
- Any personal data you provide to us by email.
We may also collect, store and use the following “special categories” of more sensitive personal data:
- Personal data about your health, including any medical condition, health and sickness records.
- Personal data about criminal convictions and offences (where applicable).
How do we use your data?
- We will use the personal data we collect about you to:
- Assess your skills, qualifications, and suitability for the role.
- Carry out background and reference checks, where applicable.
- Communicate with you about the recruitment process.
- Keep records related to our hiring processes.
- Comply with legal or regulatory requirements including defending litigation and responding to Subject Access Requests.
- The legal bases that we rely on to process your personal data; are (1) legitimate interests, namely that it is in our legitimate interests to make sound hiring decisions; and (2) to decide whether to enter into a contract of employment or other agreement with you.
- Having received your CV and covering letter, we will process that personal data to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the personal data you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then take up references and may carry out a criminal record check (dependent on the role applied for) before confirming your appointment.
- If you fail to provide information (including personal data) when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a background check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.
We will use Special Categories of Data as follows:
- We will use personal data about your medical and health conditions to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during an interview.
- We may, if required to do so, use information provided by you to defend legal claims or comply with our legal obligations.
- The processing of such Special Categories of Data will be for the purposes of carrying out obligations and exercising rights in the field of employment law and/or to defend legal claims.
Who do we share your data with?
Your personal data may be shared with the following third parties for the purposes of processing your application:
- Former employers to obtain references for you.
- Third parties who carry out background checks (i.e. an appointed background check provider. This will only apply as permitted by law and where we need to satisfy ourselves that there is nothing in your criminal convictions history that would impact on your suitability for the role. Where relevant, such providers/agencies will be provided with the necessary personal data to carry out a criminal records check.
Where is your data stored?
- We store your data in the cloud with a third party cloud storage provider.
- Physical copies of recruitment data (such as interview notes) will be stored securely.
- Whenever we transfer your personal information outside of the UK and the EU, we ensure it receives additional protection as required by law. To keep this candidate privacy notice as short and easy to understand as possible, we haven’t set out the specific circumstances when each of these protection measures are used. You can contact us at firstname.lastname@example.org for more detail on this.
For how long do we keep your data?
- Unless we have a legitimate reason for retaining it for longer, we will retain your personal data for a period of 6 months after we have communicated to you our decision about whether to appoint you to the role. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal data in accordance with applicable laws and regulations.
- If we wish to retain your personal data on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal data for a fixed period on that basis.
- If your application is successful, we will only keep those parts of your personal data that are necessary for your engagement in the role. The remaining personal data will be securely destroyed.
What security measures are in place to protect your data?
- We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data in accordance with our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from email@example.com.
- We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
What are your rights under data protection laws?
You have various other rights under applicable data protection laws, including the right to:
- access your personal data (also known as a “subject access request”);
- correct incomplete or inaccurate data we hold about you;
- ask us to erase the personal data we hold about you;
- ask us to restrict our handling of your personal data;
- ask us to transfer your personal data to a third party;
- object to how we are using your personal data; and
- withdraw your consent to us handling your personal data.
You also have the right to lodge a complaint with your relevant supervisory authority, you can find which one applies to you here.
Please keep in mind that privacy law is complicated, and these rights will not always be available to you all of the time.
Questions, comments and more detail
Your feedback and suggestions on this policy are welcome.
We’ve worked hard to create a policy that’s easy to read and clear. But if you feel that we have overlooked an important perspective or used language which you think we could improve, please let us know by email at firstname.lastname@example.org.