Processing of (personal) data by the entity in charge of the online application process
APPLICANT PRIVACY NOTICE
Data controller: RDT Ltd, 30 Tower View, Kings Hill, West Malling, Kent ME19 4UY.
As part of any recruitment process, RDT collects and processes personal data relating to job applicants. RDT is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
This notice applies to job applicants to RDT. It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time. If you are offered a position with RDT and become an employee, a different privacy notice will apply.
What kind of information RDT collects
Personal data, or personal information, means any information about an individual who can be identified. It does not include data where an individual cannot be identified (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection.
RDT collects a range of personal information about you in connection with your application for work with us. This includes:
• Your name and address
• Your contact details, including email address and telephone number.
• Details of your qualifications, skills, experience and employment history.
• Information about your current level of remuneration, including benefit entitlements.
• Information about your entitlement to work in the UK.
We may also collect, store and use the following types of more sensitive personal information:
• Whether or not you have a disability for which RDT needs to make reasonable adjustments during the recruitment process
How is your personal information collected.
RDT may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment including online tests.
RDT may also collect personal data about you from third parties, such as agencies working on the recruitment on behalf of RDT, references supplied by former employers, information from employment background check providers and information from criminal records checks. Other than from any recruitment agencies involved, RDT will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.
Data will be stored in a range of different places, including on your personal application record, in RDT’s HR and Recruitment management systems and on other IT systems (including email).
Why does RDT process personal data?
RDT needs to process personal data to manage and run the applicable recruitment process relevant to the role you have applied for and (if applicable) to take steps which are necessary to enter into an employment contract with you.
In some cases, RDT needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant's eligibility to work in the UK before employment starts.
RDT has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows RDT to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. RDT may also need to process data from job applicants to respond to and defend against legal claims.
For some roles, where an offer is made, RDT is obliged to seek information about criminal convictions and offences. We are entitled to carry out a criminal record check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. Where RDT seeks this information, it does so because it is necessary for it to prevent unlawful acts and fraud, particularly due to the nature of RDT’s client base. RDT is not able to rely on consent for this processing as the check is a condition of any offer being made.
Who has access to personal data?
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
RDT will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. RDT will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and if necessary, the Disclosure and Barring Service to obtain necessary criminal records checks.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
RDT will not transfer your data outside the UK and European Economic Area.
How does RDT protect personal data?
RDT takes the security of your data seriously. RDT has internal policies and controls in place to minimise the risk of your personal data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Policies related to Privacy include the Data Protection Policy, Information Security Policy and the Security of Documents and Data Policy.
Where RDT engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does RDT keep personal data?
If your application for work is unsuccessful, RDT will hold your data on file for 12 months (6 months in the case of information from a DBS certificate) after the end of the relevant recruitment process. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.
If we wish to retain your personal information on file for longer, on the basis that a further suitable opportunity may arise in future we will contact you separately to seek your consent to retain your personal data for a fixed period on that basis - you will of course have the right not to consent to this, and you can withdraw your consent at any time thereafter by contacting us.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in our internal privacy notice.
In the event that any court actions or other legal proceedings are pending, or impending, personal data will be deleted after termination of the court action or legal proceeding as appropriate.
Your rights as a Data Subject
As a data subject, you have a number of rights when it comes to personal information, we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner’s Office (ICO). Under certain circumstances, by law you have the right to:
• Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object to where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact DP@rdt.co.uk Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest in doing so.
• Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
If you would like to exercise any of these rights, please contact our Personal Data Management Officer on DPG@rdt.co.uk We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If you believe that RDT has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to RDT during the recruitment process. However, if you do not provide the information, RDT may not be able to process your application properly or at all.
Automated decision-making in RDT
We may make some decisions about you based on automated decision making (a decision made by an electronic system without human involvement). For example, to calculate scores on assessments and to determine your progression through a recruitment and selection process.
We have implemented measures to safeguard the rights and interests of individuals whose personal information is subject to automated decision-making, including ensuring that it is only explicit assessment data (e.g. your responses to explicit assessment questions) that is used in automated decision making and never demographic personal information (e.g. your name, email address, gender, age, ethnicity, social background or sexual orientation). When we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contacting our Data Protection Group on DPG@rdt.co.uk
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Version Control
This document is approved for content and purpose by: Fiona Mason, Chief Human Resources Officer.
Revision Date Version Number Summary of Changes
December 2018 1 Creation of policy.
April 2019 2 Review and minor formatting arrangements.
March 2023 3 Review and minor formatting arrangements.
April 2024 4 Review, changes to automated decision-making information.
Data controller: RDT Ltd, 30 Tower View, Kings Hill, West Malling, Kent ME19 4UY.
As part of any recruitment process, RDT collects and processes personal data relating to job applicants. RDT is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
This notice applies to job applicants to RDT. It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time. If you are offered a position with RDT and become an employee, a different privacy notice will apply.
What kind of information RDT collects
Personal data, or personal information, means any information about an individual who can be identified. It does not include data where an individual cannot be identified (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection.
RDT collects a range of personal information about you in connection with your application for work with us. This includes:
• Your name and address
• Your contact details, including email address and telephone number.
• Details of your qualifications, skills, experience and employment history.
• Information about your current level of remuneration, including benefit entitlements.
• Information about your entitlement to work in the UK.
We may also collect, store and use the following types of more sensitive personal information:
• Whether or not you have a disability for which RDT needs to make reasonable adjustments during the recruitment process
How is your personal information collected.
RDT may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment including online tests.
RDT may also collect personal data about you from third parties, such as agencies working on the recruitment on behalf of RDT, references supplied by former employers, information from employment background check providers and information from criminal records checks. Other than from any recruitment agencies involved, RDT will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.
Data will be stored in a range of different places, including on your personal application record, in RDT’s HR and Recruitment management systems and on other IT systems (including email).
Why does RDT process personal data?
RDT needs to process personal data to manage and run the applicable recruitment process relevant to the role you have applied for and (if applicable) to take steps which are necessary to enter into an employment contract with you.
In some cases, RDT needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant's eligibility to work in the UK before employment starts.
RDT has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows RDT to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. RDT may also need to process data from job applicants to respond to and defend against legal claims.
For some roles, where an offer is made, RDT is obliged to seek information about criminal convictions and offences. We are entitled to carry out a criminal record check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. Where RDT seeks this information, it does so because it is necessary for it to prevent unlawful acts and fraud, particularly due to the nature of RDT’s client base. RDT is not able to rely on consent for this processing as the check is a condition of any offer being made.
Who has access to personal data?
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
RDT will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. RDT will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and if necessary, the Disclosure and Barring Service to obtain necessary criminal records checks.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
RDT will not transfer your data outside the UK and European Economic Area.
How does RDT protect personal data?
RDT takes the security of your data seriously. RDT has internal policies and controls in place to minimise the risk of your personal data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Policies related to Privacy include the Data Protection Policy, Information Security Policy and the Security of Documents and Data Policy.
Where RDT engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does RDT keep personal data?
If your application for work is unsuccessful, RDT will hold your data on file for 12 months (6 months in the case of information from a DBS certificate) after the end of the relevant recruitment process. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.
If we wish to retain your personal information on file for longer, on the basis that a further suitable opportunity may arise in future we will contact you separately to seek your consent to retain your personal data for a fixed period on that basis - you will of course have the right not to consent to this, and you can withdraw your consent at any time thereafter by contacting us.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in our internal privacy notice.
In the event that any court actions or other legal proceedings are pending, or impending, personal data will be deleted after termination of the court action or legal proceeding as appropriate.
Your rights as a Data Subject
As a data subject, you have a number of rights when it comes to personal information, we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner’s Office (ICO). Under certain circumstances, by law you have the right to:
• Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object to where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact DP@rdt.co.uk Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest in doing so.
• Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
If you would like to exercise any of these rights, please contact our Personal Data Management Officer on DPG@rdt.co.uk We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If you believe that RDT has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to RDT during the recruitment process. However, if you do not provide the information, RDT may not be able to process your application properly or at all.
Automated decision-making in RDT
We may make some decisions about you based on automated decision making (a decision made by an electronic system without human involvement). For example, to calculate scores on assessments and to determine your progression through a recruitment and selection process.
We have implemented measures to safeguard the rights and interests of individuals whose personal information is subject to automated decision-making, including ensuring that it is only explicit assessment data (e.g. your responses to explicit assessment questions) that is used in automated decision making and never demographic personal information (e.g. your name, email address, gender, age, ethnicity, social background or sexual orientation). When we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contacting our Data Protection Group on DPG@rdt.co.uk
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Version Control
This document is approved for content and purpose by: Fiona Mason, Chief Human Resources Officer.
Revision Date Version Number Summary of Changes
December 2018 1 Creation of policy.
April 2019 2 Review and minor formatting arrangements.
March 2023 3 Review and minor formatting arrangements.
April 2024 4 Review, changes to automated decision-making information.