Aspen Healthcare’s privacy notice for potential candidates
As part of our recruitment process, Aspen Healthcare collects and processes personal data relating to potential candidates. We are committed to being transparent about how we collect and use this data, and to meeting our data protection duties.
We process personal data collected in line with:
- the UK General Data Protection Regulation
- the Data Protection Act 2018
- other relevant legislation that applies to the processing of personal identifiable data
Question and queries about this privacy notice can be addressed to our Group Data Protection Officer at: DPO@aspen-healthcare.co.uk
What information does Aspen Healthcare collect?
We collect a range of information about potential candidates. This includes:
- name, address and contact details, including email address and telephone number
- qualifications (including membership or registration with relevant professional bodies), skills, experience and employment history
- current salary level, including benefit entitlements
- disability status (we need this information to make reasonable adjustments during the recruitment process)
- entitlement to work in the UK
- criminal convictions (spent or unspent) or details relating to ongoing police investigations
- information for equal opportunities monitoring, including ethnic origin, sexual orientation, health and religion or belief
We collect this information in various ways. For example, application forms, CVs or résumés may contain these types of data. We may also obtain data from passports or other official identity documents, or through interviews or other assessments.
In addition, we collect personal data relating to potential candidates from third parties. Examples include references from previous employers and information from employment background or criminal records checks. We only ask for information that would allow third parties to identify a potential candidate once we have made a job offer. We inform potential candidates when we process their personal data in this way.
Data is stored in several different places. These include on the potential candidate’s application record, human resources (HR) management systems and other IT systems (including email). We store hard copies of CVs that we receive securely and lock them in the Human Resources Office.
Why does Aspen Healthcare process personal data?
We need to process data about potential candidates before entering into an employment contract. This data is processed on the legal basis of legitimate interest and, where appropriate, implied consent. We use the collected data to enter a contractual relationship with potential candidates.
In some cases, we need to process data relating to potential candidates to ensure that we are complying with our legal duties. For example, we are required to check whether successful applicants are eligible to work in the UK before their employment starts.
Aspen Healthcare has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. This allows us to:
- manage the recruitment process
- assess and confirm whether a potential candidate is eligible and suitable for employment
- decide which candidate to offer a job.
We may also need to process data from potential candidates to respond to, and defend against, legal claims. We process health information if we need to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out our duties and exercise specific rights relating to employment.
If we process other special categories of data, such as information on ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring. Potential candidates can opt out by responding with ‘Prefer not to answer’.
For some roles, we are obliged to get information about criminal convictions and offences. If we ask for this information, it is necessary for us to carry out our duties and exercise specific rights relating to employment.
If potential candidates’ applications are unsuccessful, we keep their personal data on file. This is in case there are any future employment opportunities that may suit the individuals. The data is stored on the legal basis of consent. Potential candidates can withdraw their consent at any time.
Who has access to the data that Aspen Healthcare collects?
Data relating to potential candidates is shared internally for the purpose of the recruitment exercise. The following members of staff may access the data if this is necessary to perform their roles:
- The HR and recruitment team
- Interviewers involved in the recruitment process
- Managers in the business with a vacancy
- IT staff
We do not share data relating to potential candidates with third parties, unless the application is successful and the candidate has received and accepted a job offer. When we have made a job offer, we share data relating to the potential candidate with previous employers to get references. We also carry out necessary background checks and criminal records checks through the Disclosure and Barring Service.
How does Aspen Healthcare protect data?
At Aspen Healthcare, we are committed to keeping data secure. We have internal policies and controls in place to ensure that data is not lost, accidentally destroyed, misused or disclosed. We also take steps to prevent data from being accessed, except by our employees when performing their duties.
How long does Aspen Healthcare store data?
If potential candidates’ applications are unsuccessful, we store their data on file for six months after the recruitment process. At the end of this period, we delete or destroy the data.
If candidates’ applications are successful, we transfer personal data gathered during the recruitment process to their personnel file. This data is retained while the individuals work for Aspen Healthcare. We disclose the periods for holding data about employees in an employee privacy notice.
Potential candidates’ rights
Under the Data Protection Act 2018, potential candidates (or ‘data subjects’) have fundamental rights:
- The right of access (to get a copy of the personal data held about them)
- The right to rectification (to require the organisation to change incorrect or incomplete data)
- The right to be informed (if this privacy notice does not satisfy potential candidates about how their personal data is being processed or used)
- The right to erasure and the right to restrict data processing (to require the organisation to delete or stop processing related data, such as where the data is no longer necessary for the purpose of processing)
- The right to object to data processing (if the organisation is relying on legitimate interests as the legal ground for processing)
- Rights concerning automated decision-making and profiling (however, employment decisions are not currently based on automated decision-making).
If potential candidates want to exercise any of these rights, they can contact our Group Data Protection Officer at: DPO@aspen-healthcare.co.uk
What if no personal data is provided?
Potential candidates have no statutory or contractual duty to share their data with Aspen Healthcare during the recruitment process. However, if they do not provide requested information, we may not be able to process their job application properly or at all.
There is no duty for potential candidates to provide information for equal opportunities monitoring. If potential candidates decide not to give us this information, their job applications are unaffected.