1.1. Astro Lighting is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during the recruitment process, in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. It applies to all job applicants.
2.1. Astro Lighting is a "Data Controller". This means we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
2.2. This notice applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency. This notice is not contractual. We may update this notice at any time but if we do so, we will ensure the up to date version is available on our website.
2.3. It is important you read and retain this notice, so you are aware of how and why we are using such information and what your rights are under the data protection legislation.
3. Data protection principles
3.1. We comply with data protection legislation in relation to personal information we hold about you, which must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes which have clearly been explained to you and not used in any way incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
4. The kind of information we hold about you
4.1. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
4.2. There are certain types of more sensitive personal data known as "special category data" which require a higher level of protection, such as information about a person's health or sexual orientation. Information about criminal convictions also warrants this higher level of protection.
4.3. We may collect, store, and use the following personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers and personal email addresses, date of birth and gender.
- Personal information included in a CV, any application form, cover letter or interview notes.
- Details of your skills, qualifications, experience and work history with previous employers.
- Information about your current salary level, including benefits and pension entitlements.
- Marital status, dependants, next of kin and emergency contact information.
- National Insurance number.
- Nationality and entitlement to work in the UK.
- Copy of driving licence (where relevant).
- Copies of right to work documentation.
- Other background check documentation.
- Copies of any relevant qualification certificates and professional memberships.
4.4. The "special category data" which we may collect, and store about you includes:
- Whether or not you have a disability for which the Company needs to make reasonable adjustments during the recruitment process.
- Race or ethnicity, religious beliefs, sexual orientation, and political opinions.
- Criminal conviction and offences.
5. How is your personal information collected?
5.1. The Company collects personal information about you during the recruitment process either directly from you, or sometimes from a third party such as an employment agency.
5.2. We may also collect personal information from other external third parties such as references from current and former employers, and information from background check providers.
5.3. You are under no statutory or contractual obligation to provide personal information to the Company during the recruitment process.
6. Why does the company process your personal data?
6.1. The Company processes your personal information where the law allows us to do so. Most commonly, we will use your personal information in the following circumstances:
- Where we need to do so to take steps at your request prior to entering into a contract with you, or to enter into a contract with you.
- To comply with a legal obligation.
- Where the Company has a legitimate interest. Legitimate interests are determined by assessing the Company's requirement to process your data, weighed up against the impact of the processing on you. The legitimate interests endeavour not to override your right to privacy and protection of your personal data. Our legitimate interests include pursuing our business by employing employees, workers and contractors, managing the recruitment process, conducting due diligence on prospective staff and performing effective internal administration.
Examples of the requirements outlined above are as follows:
- Manage the recruitment process and assess your suitability for employment or engagement.
- Decide who to offer the job to.
- Comply with the statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK.
- Comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations.
- Ensure compliance with your statutory rights.
- Ensure effective HR, personnel management and business administration.
- Monitor equal opportunities.
- Enable us to establish, exercise or defend possible legal claims.
6.2. Data will be stored in a range of different places but predominantly in electronic form on the HR Information and Document Management System.
7. If you fail to provide personal information
7.1. If you fail to provide certain information when requested, we may be unable to process your job application properly or at all, we may be unable to enter into a contract with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory rights.
8. Change of purpose
8.1. We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
8.2. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
9. Sensitive personal information
9.1. "Special category data" is particularly sensitive personal information, such as information about your health, racial or ethnic origin, sexual orientation or trade union membership, and this data require higher levels of protection.
10. Situations in which we will use your sensitive personal information
10.1. In general, we may process sensitive personal information in the following circumstances:
- In limited circumstances, with your explicit written consent.
- To assess your suitability for employment or engagement.
- Where we need to carry out our legal obligations or exercise rights and perform obligations e.g. carrying out background checks.
- Where we need to assess your fitness to work and provide appropriate workplace adjustments, we may use information about your physical or mental health or disability status.
- To ensure meaningful equal opportunities monitoring we may use information about race or national or ethnic origin, religious, philosophical or moral beliefs or sexual orientation. Where the Company processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring in recruitment and in line with our Data Protection Policy. Personal information that the Company uses for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is entirely your choice whether to provide such personal information.
- We may also occasionally use your special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.
11. Do we need your consent?
11.1. We do not need your consent if we use special category data to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information we would like and the reason we need it, so you can carefully consider whether you wish to consent.
11.2. If you are unsuccessful in obtaining employment, we will seek your consent to retaining your data in case other suitable job vacancies arise in the Company for which we think you may wish to apply. You are free to withhold your consent to this and there will be no consequences for withholding consent.
12. Information about criminal convictions
12.1. We may collect information about criminal convictions as part of the recruitment process only if it is appropriate given the nature of the role, where we are legally able to do so and where we have in place appropriate safeguards which we are required to have by law when processing such data.
13. Automated decision making
13.1. Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
- Where we have notified you of the decision and given you 21 days to request a reconsideration.
- Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
- In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
13.2. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
13.3. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
14. Who has access to my data?
14.1. Your information may be shared internally, including with members of the HR team, managers in the business area in which you have applied to work and IT staff if access to the data is necessary for the performance of their roles.
14.2. We will also share your personal information with other entities in our group as part of our regular reporting activities on Company performance, and for system support and maintenance of data.
14.3. We will share your personal information with third parties where required by law or where we have another legitimate interest in doing so.
14.4. "Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group. Activities associated with HR administration and IT services may be carried out by third-party providers.
14.5. All our third-party service providers and other entities in the group are required to respect the security of your data, taking appropriate security measures to protect your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes, in accordance with our instructions and where they have committed to treat the information confidentially and to keep it secure.
15. How does the company protect data?
15.1. The Company takes the security of your data seriously. Security measures are in place to prevent your personal information from being accidentally lost, destroyed, misused or disclosed, or accessed in an unauthorised way.
15.2. Procedures are also in place to deal with any suspected data security breach and to notify you and any applicable regulator of a suspected breach where we are legally required to do so.
16. How long does the company keep data?
16.1 We will only retain your personal information for as long as necessary to fulfil the purpose for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
16.2. To determine the appropriate retention period for personal data, we consider the amount, nature, sensitivity of the personal data, the potential risk of harm from authorised use or disclosure, the purpose for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.
16.3. In some circumstances your personal information may be anonymised so that it can no longer be associated with you, in which case such information may still be used without further notice to you.
16.4. If your application is not successful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable job vacancies, we will keep your data for 6 months once the recruitment exercise ends.
16.5. If we have sought your consent to keep your data on file for future job vacancies, and you have provided consent, we will keep your data for 7 years once the recruitment exercise ends. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.
16.6. If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you at that time.
17. Your duty to inform us of changes
17.1. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
18. Your rights in connection with personnel information
18.1. Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request the Company to change incomplete or incorrect data.
- Request deletion or removal of your personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) as the legal grounds for processing. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction or suspension of processing of your personal information, i.e. if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
18.2. If you want to review, verify, correct or request deletion of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please submit your request to our [email protected].
18.3. If you believe the Company has not complied with your data protection rights, you can complain to the Information Commissioner.
19. No fee usually required
19.1. There will be no fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
20. What we may need from you
20.1. We may request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
21. Right to withdraw consent
21.1. In the limited circumstances where you may provide your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
To withdraw your consent, please contact [email protected]. Once notification to withdraw your consent has been received, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
22. Data protection officer
22.1. Mark Osborne is the Company's data protection officer (DPO) who has responsibility to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information please contact Mark on 01279 216298 or [email protected].
23. Making a complaint
23.1. The supervisory authority in the UK for data protection matters is the Information Commissioner's Office (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.
Last updated 16/08/22