PolicyBee is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA '18).
It applies to all job candidates and prospective employees up until the point of employment.
PolicyBee Ltd is registered with company number 07421216. We are a 'data controller'. In this privacy notice, references to 'PolicyBee' 'we' and 'us' means PolicyBee. As data controller, we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
We will comply with data protection law. This says that the personal information we hold about you must be:
Dependent upon the job role or work you have applied for, we may also collect, store and use the following types of more sensitive personal information:
It is in our legitimate interests to decide whether to appoint you to the role since it would be beneficial to our business to appoint someone to that role.
We also need to process your personal information to decide whether to enter into a contract of employment with you.
Having received your CV and covering letter OR the information from the recruitment agency, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to information you provide to us at the interview to decide whether to offer you the role. We will only then take up references and carry out a criminal record check after confirming your appointment, should we offer you the role.
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.
We will use your particularly sensitive personal information in the following ways:
We do not envisage that we will process information about criminal convictions. However, you may disclose this information voluntarily at the recruitment stage. Please note that should we offer you the role and employ you, we will carry out a criminal conviction check at that point. This is in order to satisfy us that there is nothing in your criminal convictions history which makes you unsuitable for the role. The reason for this is because of the sensitivity of the role within the organisation and because you may be required to deal with vulnerable members of the public.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
We are committed to ensuring that your information is secure and we have procedures in place to prevent any unauthorised access or disclosures and to safeguard and keep secure the information that we collect online.
Records required to be kept in hard copy are maintained in secure premises with access controls employed at all times. Transfer of this information is always via locked transport cases.
All the personal data collected by us and stored electronically is held on secure servers in the UK unless we state otherwise in the 'Transfer of data outside of the EU' section. Where required, this information is encrypted for additional security. We use safeguards such as firewalls, data encryption and passwords. We enforce physical access controls to our buildings and files, and we authorise access to personal data only for those employees who require it to fulfil their job responsibilities.
However, you should be aware that providing information over the internet can never be guaranteed as being completely safe and if you choose to send such information to us via the internet (for example by email), you do so at your own risk.
As part of our service provision we may be required to share elements of your personal information with third parties as per the terms of our service. The sharing arrangement we operate under with third parties who act as joint controllers of your data, will always be made available to you on request.
Please be assured that we will not share your information for any other reason unless we are required by law or permitted to do so under this privacy notice. The main circumstances in which we will be permitted or required to disclose this by law will be by court order, to government bodies and law enforcement agencies. However, sometimes we may share your information with third parties in the following ways:
Typically, the recipients or categories of recipients to whom the personal data has or may have been disclosed include:
We will retain your personal information for a period of six months after we have communicated to you our decision about whether to appoint you to the role. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy.
If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.
If we appoint you to the role, we will retain this data within your personnel file for the duration of your employment, unless the purpose of holding it ceases.
You have rights in relation to any personal data that we hold about you. If you wish to access your personal data you may make a formal subject access request by contacting any of the named individuals at the top of this document. We will always process your request within one month. In some circumstances, this may be extended to a maximum of 3 months to deal with a complex request.
The information you request must relate to you or another person for whom you have authority to act on their behalf. The rights you have in relation to the personal data we hold regarding you are:
If you have provided us with consent to process your information, you always reserve the right to withdraw this consent via the method detailed in the paragraph below. We are committed to ensuring that your wishes are respected and upon notification that you wish to withdraw your consent, PolicyBee will immediately cease processing the information in question.
You also have the right to make a complaint to the data protection supervisory authority in the UK, namely the Information Commissioner. For further information, see the Information Commissioner's Office website - www.ico.org.uk
We may change this privacy notice at any time to ensure it always accurately reflects the way we collect, use and safeguard your personal information.
Please check this notice from time to time to ensure you are aware of any updates we may have made to our personal data handling practices.
We recommend that you print a copy of this page for your reference.