What are you searching for?
 

Recruitment Privacy Policy

This privacy policy provides you with information about how we collect and use your personal data for recruitment purposes. It takes account of the General Data Protection Regulation (GDPR) and Data Protection Act 2018.

  1. DATA PROTECTION PRINCIPLES
  2. SCOPE
  3. DEFINITIONS
  4. DATA CONTROLLERS
  5. CONTACT DETAILS
  6. WHAT WE USE YOUR PERSONAL DATA FOR
  7. OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA
  8. CATEGORIES OF PERSONAL DATA 
  9. SOURCES OF DATA including our website and cookies
  10. WHO WE SHARE YOUR PERSONAL DATA WITH
  11. SHARING PERONSAL DATA WITH CREDIT REFERENCE AGENCIES
  12. DATA PROCESSORS
  13. TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
  14. KEEPING YOUR PERSONAL DATA SECURE
  15. HOW LONG WE KEEP YOUR PERSONAL DATA
  16. YOUR RIGHTS
  17. COMPLAINTS
  18. CHANGES TO THIS PRIVACY POLICY
     

1. DATA PROTECTION PRINCIPLES

Hazlewoods follows six principles when dealing with your personal data. We will ensure it is:

  • processed lawfully, fairly and in a transparent manner;
  • processed for specified, explicit and legitimate purposes; and not further processed in ways incompatible with those purposes;
  • adequate, relevant and limited to what is necessary for the purposes identified;
  • accurate and where necessary, kept up-to-date;
  • kept for no longer than is necessary; and
  • processed in a manner than ensures appropriate security.

We operate these principles alongside our duty of confidentiality to you.

Back to top

 

2. SCOPE

2.1 This policy applies to job applicants and/or those that subscribe to our job alerts.

2.2 Where we have referred to other websites in this policy or elsewhere on our webpage which are run by third parties, visiting those websites may allow third parties to collect or share data about you. We have no control over these external websites or responsibility for the privacy policies they operate, and recommend you review their policies before submitting any personal data to them.

Back to top

 

3. DEFINITIONS

3.1 Personal data is information that can be linked to a living individual.

3.2 A data controller can be an individual or an organisation. They decide what personal data to collect and how it will be used.

3.3 Processing data includes collecting, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, disseminating, aligning, combining, restricting, erasure or destruction of data.

Back to top

 

4. DATA CONTROLLERS

4.1 This policy is provided on behalf of the following firms which are registered as data controllers with the Information Commissioner’s Office (ICO):

  • Hazlewoods Financial Planning LLP
  • Hazlewoods Management Services Limited

4.2 The above firms and individuals are referred to collectively as ‘Hazlewoods’, ‘us’ or ‘we’, or ‘the firm’ in this policy.

Back to top 

 

5. CONTACT DETAILS

5.1 For data protection queries and to exercise your rights, you can contact us in these ways:

Post: Privacy queries, Staverton Court, Staverton, Cheltenham, Gloucestershire, GL51 0UX

Telephone: 01242 680000 EXT. 428

Email: There is a dedicated email address for data protection matters privacy@hazlewoods.co.uk

5.2 Hazlewoods does not have a Data Protection Officer. Our Technical Partner and our Finance and Administration Partner oversee data protection matters.

Back to top

 

6. WHAT WE USE YOUR PERSONAL DATA FOR

6.1 The firm needs to process data as part of the recruitment process and to meet its obligations under relevant legislation. The data used in the recruitment process may be subsequently used for employment purposes if your application is successful.

6.2 In some cases, the firm needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an individual’s entitlement to work in the UK and to comply with health and safety laws.

6.3 In other cases, the firm has a legitimate interest in processing personal data before any employment relationship may develop.

6.4 Processing job applicant data allows the firm to, for example:

  • run recruitment and promotion processes, including providing job alerts;
  • maintain accurate and up-to-date recruitment records and contact details;
  • operate and keep a record of grievance and disciplinary processes;
  • to plan for career development, and for succession planning and talent management purposes;
  • obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law;
  • ensure effective general HR and other business administration;
  • operate our website;
  • respond to and defend legal claims;
  • conduct monitoring of IT and communication systems and operate CCTV.

6.5 Some special category data, such as medical records and other information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities). We rely on these obligations as one of the processing conditions under data protection legislation to process this kind of data. See section 8.1.2.

6.6 Where the firm processes other special category data, such as information about ethnic origin, sexual orientation or religion or belief, this is done for the purposes of equal opportunities monitoring. This is to carry out its obligations and exercise specific rights in relation to employment.

6.7 Certain information, such as your right to work in the UK, have to be provided to enable the firm to know whether it will be able to enter into a contract of employment with you. If you do not provide other information, this will hinder the organisation's ability to administer the rights and obligations arising as a result of any subsequent employment relationship efficiently.

Back to top 

 

7. OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA

7.1 Hazlewoods must have a lawful basis to process your personal data.

7.2 These are the bases we most often rely on:

7.2.1 Contractual

7.2.1.1 The processing is necessary because you have asked us to take specific steps before entering into a contract of employment with us. This is regardless whether the contract negotiation successful, i.e. whether the recruitment process leads to you being employed by the firm. It also includes processing personal data where we ask you to take an assessment and the result leads to a solely automated decision about your application.

7.2.1.2 We would be unable to carry out contract negotiations with you if you did not provide or we were unable to process your personal data under this lawful basis.

7.2.2 Legal obligation

7.2.2.1 The processing is necessary for us to comply with the laws or regulations we are subject to (not including our contractual obligations).

7.2.2.2 We would be unable to process your application if you did not provide or we were unable to process your personal data under this lawful basis.

7.2.3 Legitimate interests

7.2.3.1 We also undertake processing in our legitimate interests or the legitimate interests of a third party. We check beforehand that this processing is not going to override your rights and interests.

7.2.3.1 We rely on legitimate interests to allow us for example, to:

  • communicate with you or other relevant parties;
  • undertake internal administration and management around recruitment matters;
  • administer our website, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • improve our website to ensure that content is presented in the most effective manner for you and for your computer;
  • keep our website safe and secure, including the monitoring and enforcement of any terms in policies concerning use of our website;
  • allow you to participate in interactive features of our website or services, when you choose to do so;
  • facilitate meetings, seminars or other events we arrange with you and other business partners;
  • carry out management planning, modelling and internal analysis;
  • enhance and develop our business and services;
  • undertake benchmarking activity; quality and risk management reviews;
  • establish, exercise or defend legal claims;
  • carry out CCTV monitoring and maintain records of who has entered our premises;
  • take photos or capture video footage of events and activities.

7.2.4 Consent

7.2.4.1 We may ask your consent in specific circumstances. We may be unable to process or continue with your application if you did not provide consent, as we could not process the personal data. We may seek consent from you to share your personal data with other parties, which are not identified under the other lawful bases we use.

We ask you to consent to the use of cookies when using our website. More information about cookies can be found in section 9 of this policy, along with how to withdraw your consent.

Back to top 

 

8. CATEGORIES OF PERSONAL DATA 

8.1 We deal with two kinds of personal data as defined under the legislation.

8.1.1 Personal data

This is information that can be linked to a living individual. The firm collects and processes a range of information about you. This includes, for example:

  • your name, address and contact details, including email address and telephone number, date of birth and gender;
  • details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the firm;
  • information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
  • information about your nationality and entitlement to work in the UK;
  • details of your proposed schedule (days of work and working hours) and attendance at work;
  • details of forthcoming periods of leave which will need to be taken by you, including holiday, sickness absence, family leave or other absences, and the reasons for the leave;
  • details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
  • psychometric testing outcomes for recruitment purposes.

8.1.2 Special category data (also referred to as sensitive personal data)

8.1.2.1 Although often described as information about your physical and mental health, this category of data also covers personal data referring to racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; sexual orientation and health, along with genetic data and biometric data.

8.1.2.2 Information about medical or health conditions, includes whether or not you have a disability for which the firm would need to make reasonable adjustments.

8.1.2.3 Equal opportunities monitoring information includes information about your ethnic origin, sexual orientation and religion or belief.

8.1.2.4 As well as needing a lawful basis, we must follow an additional rule (processing condition) to process special category data. Hazlewoods most often uses the following processing conditions:

  • Where the data is used for employment purposes (which includes the recruitment process);
  • Where you have given your explicit consent for us to use it. You can withdraw this consent at any time, by contacting us using any of the contact details in section 5 of this policy. Without this consent we may also be unable to meet your requirements when attending a meeting, seminar or other event;
  • Where we need to use this data for the establishment, exercise or defence of legal claims; and
  • Where such data has been manifestly made public by you.

8.1.3 If you are providing us with information about other individuals, you should make them aware that we will be processing their personal data

8.1.4 Photos and video recording

We may take photographs and/or make video recordings of the events, including fundraising activities, that we arrange, facilitate or are involved in, and which you attend or participate. This material may be used by us or business partners, and/or distributed in social media in order to publicise this event.

If you would prefer not to be included in these photos or videos, please inform us prior to the start of the event or otherwise make us aware at the time.

We operate CCTV monitoring at our premises for safety and security purposes.

Back to top  

 

9. SOURCES OF DATA including our website and cookies information

9.1 The firm may collect information about you in a variety of ways. For example, data might be collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; or through interviews, meetings or other assessments.

9.2 In some cases, the firm may collect personal data about you from third parties, such as references supplied by former employers, educational institutions, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.

9.3 We will also obtain personal data from you when you, for example:

  • enquire about any aspect of our business or vacancies, or wish to interact with us;
  • correspond with us via our website, by phone, e-mail or otherwise;
  • participate in, seminars or other events (including fundraising activities) we arrange;
  • fill in forms on our website and submit information to us;
  • participate in other social media functions on our website or enter a competition, promotion or survey, or otherwise connect to our website via online social media platforms;
  • report a problem with our website, provide other feedback or make a complaint to us;
  • visit our offices; or
  • use the wi-fi network in our offices.

Our website and cookies.

When you visit our website, it is set up to collect some information about you automatically, this may include:

  • technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, device, operating system and platform; and
  • information about your visit, including the full Uniform Resource Locators (URL), real time information, clicks made through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and where you visited our page from (such as search engines and social media).

Our website uses cookies to distinguish you from other users of our site. This helps us to provide you with a better experience when you browse our site and also allows us to improve our site. Cookies are usually a string of numbers and/or letters that a website transfers to your hard drive. The cookies enable the website to 'remember' you, either for the duration of your visit (session cookies) or for repeat visits (persistent cookies).

The most common kinds of cookies we use are :

Strictly necessary cookies

These cookies are essential to enable you to navigate around websites securely and to provide you with services you have specifically requested.

Functionality cookies

These cookies enhance the functionality of websites by storing your preferences. For instance, they can remember your name and location, if you provide this information.

Performance cookies

These cookies improve the performance of websites. For instance, they help pages load more quickly.

Online behavioural cookies

These cookies store information about your behaviour online, such as your browsing history. For instance, they help us tailor the advertising we show to you.

 

Most web browsers automatically accept cookies but, if you prefer, you can change your browser settings to prevent this. Cookies can be managed through the browser menu and are commonly referred to as ‘preferences’, ‘privacy’ or ‘security’.

You are not obliged to accept cookies, however, you may not be able to take full advantage of our site or use certain functions if you disable them.

9.4 We may obtain or receive information about you from third parties and publicly- available sources, such as

  • family and other associates
  • professional advisers
  • analytics providers
  • publicly-available databases, such as Companies House or details on a company website
  • social media sites.

9.5 Data will be stored in a range of different places, including in your personnel file, in the firm's HR management systems and in other IT systems (including the firm's email system).

Back to top 

 

10. WHO WE SHARE YOUR PERSONAL DATA WITH

10.1 Depending on the nature of the activity being undertaken, the lawful basis and purpose of processing, we may need to share your personal data between the Hazlewoods data controllers listed at the beginning of this policy, suppliers and others involved in the running of the firm or with whom we need to deal. These parties are subject to data protection legislation and principles. We will usually have notified you of the sharing of your data with these parties. However, certain legislation may prevent us from doing so. Many of these parties both receive personal data from us and provide it to us.

10.2 Your information may be shared internally, including with members of the HR and recruitment team, health and safety representatives, the relevant manager or managers in the recruitment activity, directors, partners and IT staff if access to the data is necessary for performance of their roles.

10.3 The firm shares your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third- party providers and obtain necessary criminal records checks from the Disclosure  and Barring Service.

10.4 Other parties may include:

  • analytics providers
  • social media sites, including those associated with fundraising activities
  • social event organisers, venues and websites
  • providers of technical, payment and delivery services
  • HM Revenue & Customs, other Government agencies and departments
  • law enforcement agencies and courts
  • solicitors, accountants, auditors and other professional advisers
  • banks and other financial institutions
  • agents and representatives
  • credit reference and fraud prevention agencies
  • providers of credit reference or fraud prevention services
  • quality assurance assessors and other business consultants
  • our insurers.
  • data processors

10.5 Furthermore, we will disclose your personal information:

10.5.1 in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets, or their advisers.

10.5.2 if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about job applicants will be one of the transferred assets.

10.5.3 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of Hazlewoods LLP or Hazlewoods Financial Planning LLP, Hazlewoods Management Services Limited, our clients, or any other third parties.

Back to top 

 

11. SHARING PERSONAL DATA WITH CREDIT REFERENCE AGENCIES

11.1 Hazlewoods has a legal obligation to follow prevailing anti-money laundering legislation and takes step to prevent fraud. It is also in our legitimate interests to do so.

11.2 Consequently, we are required to obtain satisfactory evidence to confirm your identity at such times as we consider necessary. In order to verify personal information provided by you we may undertake searches with a credit reference or fraud prevention agency, which will include checking the information against any database (public or otherwise) to which they have access. The agencies may record details of such a search and may disclose your information and the fact that a search was  made to their other customers, to assist companies for verification purposes or in assessing the risk of giving credit, to prevent fraud and money laundering, and to trace debtors. The searches do not impact your credit rating.

Back to top

 

12. DATA PROCESSORS

12.1 Where we are appointing any individual or organisation to process your personal data on our behalf (otherwise known as ‘data processors’), they may only do so for specified purposes and according to our written instructions. Hazlewoods seeks confirmation of the processor’s IT security arrangements and whether personal data is processed outside the European Union.

Back to top 

 

13. TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

13.1 Where possible, we or our appointed data processors will process your personal data within the European Union (EU). If your personal data does need to be transferred outside the EU, we ensure appropriate safeguards are in place to ensure that your data is properly looked after.

13.2 We ensure personal data is adequately protected and take into account:

13.2.1 Where the European Commission has decided that a country, a territory or one or more specific sectors in a country, or an international organisation, ensures an adequate level of protection. This currently includes the US privacy shield framework.

13.2.2 Other safeguards available to us under data protection legislation.

Back to top

 

14. KEEPING YOUR PERSONAL DATA SECURE

14.1 We operate a series of security measures concerning access to our offices and our systems. The level and extent of each individual measure may vary, but can include, for example:

14.2 Access controls to buildings, systems and, where appropriate, individual IT applications; anti-virus and malware prevention; breach logging; encryption; equipment/access logs; horizon scanning; arranging back-up copies of personal data; penetration testing, system monitoring and system updates (e.g. patching).

14.3 For applications running on our in-house systems, we operate a back-up facility as contingency. Our back-up data is held off-site within the UK.

14.4 We have a Business Continuity Plan (BCP) in place which is tested periodically. The BCP covers for example: Business continuity and disaster, recovery management strategy and policy; key contacts and crisis management team members; triggers for invoking and revoking plans; roles and responsibilities; communication plans– internal and external, including with service providers and IT suppliers; specific threat plans.

14.5 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our systems, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.

14.6 The transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us or vice-versa; any transmission is at your own risk.

14.7 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site or any other website we direct you to as part of our recruitment activity, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.

Back to top 

 

15. HOW LONG WE KEEP YOUR PERSONAL DATA

15.1 In line with data protection principles, we only keep your data for as long as we need it for.

15.2 If your application is unsuccessful and we have sought your consent to keep your data on file for future job opportunities and you have provided consent, we will keep your data for six months once the recruitment process ends. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon withdrawal of consent.

15.3 If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy policy for employees, which will provided to you if appropriate.

15.4 The timescales for the retention of your personal data and related documentation are subject to various legal, regulatory or contractual requirements, which will reflect the purpose and lawful basis for processing the data.

Back to top 

 

16. YOUR RIGHTS

16.1 Data protection legislation provides the following legal rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • The right to enquire about any automated decision making and profiling we undertake concerning your application.

We may use your personal data in automated decision making as part of our recruitment processes. For example, you may need to complete an online numerical test before being invited to attend a telephone or face-to-face interview. If you do not complete the test or do not reach the required pass mark, this will mean that we are unable to proceed with shortlisting you for an interview or continue processing your application.

The personal data you submit as part of any psychometric or other assessment may subsequently be used by the provider for research purposes, but the data will be anonymised or aggregated so that no individual can be identified.

16.2 You can exercise your rights at any time by contacting us using any of the contact details at the beginning of this policy. More information is available from the Information Commissioner’s Office website https://ico.org.uk/

16.3 Some rights can only be exercised under certain circumstances. If we are unable to comply with your request for any reason, we will contact you to explain our reasoning.

Back to top 

 

17. COMPLAINTS

17.1 Hazlewoods aims to deal efficiently with any query or to resolve any complaint you might have about how we handle your personal data.

17.2 Your right to complain

17.2.1 If you consider we have processed your data in a way that infringes the legislation, you have the right to complain to the Information Commissioner’s Office. Their contact details are: 

https://ico.org.uk/

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Back to top 

 

18. CHANGES TO THIS PRIVACY POLICY

18.1 The content of this privacy policy may change periodically.

18.2 Each version of the policy will be uniquely referenced.

 

Last updated 21 August 2019. Version 2019b 

Back to top