Professional insurance
with a personal touch
We're here to help
0345 561 0320
Mon-Fri, 9am-5pm, local rate & mobile friendly

Recruitment candidate privacy notice

PolicyBee is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA '18).

It applies to all job candidates and prospective employees up until the point of employment.

PolicyBee Ltd is registered with company number 07421216. We are a 'data controller'. In this privacy notice, references to 'PolicyBee' 'we' and 'us' means PolicyBee. As data controller, we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

Data protection principles

We will comply with data protection law. This says that the personal information we hold about you must be:

  • used lawfully, fairly and in a transparent way;
  • collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • accurate and kept up to date;
  • kept only as long as necessary for the purposes we have told you about.
  • kept securely.

The categories of your personal data that we collect are:

  • The information you have provided to us in your curriculum vitae and covering letter.
  • The information that you provided to a recruitment agency, where applicable.
  • Any information you provide to us during an interview.
  • Any information provided within references made about you.

Dependent upon the job role or work you have applied for, we may also collect, store and use the following types of more sensitive personal information:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Information about your health, including any medical condition, health and sickness records.
  • Information about criminal convictions and offences.

What do we do with the information that we collect:

  • Assess your skills, qualifications, and suitability for the role.
  • Carry out background and reference checks, where applicable.
  • Communicate with you about the recruitment process.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements.

Lawful basis of processing

It is in our legitimate interests to decide whether to appoint you to the role since it would be beneficial to our business to appoint someone to that role.

We also need to process your personal information to decide whether to enter into a contract of employment with you.

Having received your CV and covering letter OR the information from the recruitment agency, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to information you provide to us at the interview to decide whether to offer you the role. We will only then take up references and carry out a criminal record check after confirming your appointment, should we offer you the role.

If you fail to provide personal information

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

Special categories of personal data

We will use your particularly sensitive personal information in the following ways:

  • We will not request information about any disability you may have, but you may disclose this to us voluntarily should we need to know in order to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during an interview.
  • If we ever ask for it, we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting in accordance with any governing legislation that may apply.

Information about criminal convictions

We do not envisage that we will process information about criminal convictions. However, you may disclose this information voluntarily at the recruitment stage. Please note that should we offer you the role and employ you, we will carry out a criminal conviction check at that point. This is in order to satisfy us that there is nothing in your criminal convictions history which makes you unsuitable for the role. The reason for this is because of the sensitivity of the role within the organisation and because you may be required to deal with vulnerable members of the public.

Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Protecting your information

We are committed to ensuring that your information is secure and we have procedures in place to prevent any unauthorised access or disclosures and to safeguard and keep secure the information that we collect online.

Records required to be kept in hard copy are maintained in secure premises with access controls employed at all times. Transfer of this information is always via locked transport cases.

All the personal data collected by us and stored electronically is held on secure servers in the UK unless we state otherwise in the 'Transfer of data outside of the EU' section. Where required, this information is encrypted for additional security. We use safeguards such as firewalls, data encryption and passwords. We enforce physical access controls to our buildings and files, and we authorise access to personal data only for those employees who require it to fulfil their job responsibilities.

However, you should be aware that providing information over the internet can never be guaranteed as being completely safe and if you choose to send such information to us via the internet (for example by email), you do so at your own risk.

Sharing your information with others

As part of our service provision we may be required to share elements of your personal information with third parties as per the terms of our service. The sharing arrangement we operate under with third parties who act as joint controllers of your data, will always be made available to you on request.

Please be assured that we will not share your information for any other reason unless we are required by law or permitted to do so under this privacy notice. The main circumstances in which we will be permitted or required to disclose this by law will be by court order, to government bodies and law enforcement agencies. However, sometimes we may share your information with third parties in the following ways:

  • we may use carefully selected sub-processors to help us collect, store or manage your information.
  • analytics and search engine providers that assist us in the improvement and optimisation of the Website; and
  • if PolicyBee is acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

Typically, the recipients or categories of recipients to whom the personal data has or may have been disclosed include:

  • Management
  • Human Resource support

Retention periods

We will retain your personal information for a period of six months after we have communicated to you our decision about whether to appoint you to the role. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy.

If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.

If we appoint you to the role, we will retain this data within your personnel file for the duration of your employment, unless the purpose of holding it ceases.

Your rights

You have rights in relation to any personal data that we hold about you. If you wish to access your personal data you may make a formal subject access request by contacting any of the named individuals at the top of this document. We will always process your request within one month. In some circumstances, this may be extended to a maximum of 3 months to deal with a complex request.

The information you request must relate to you or another person for whom you have authority to act on their behalf. The rights you have in relation to the personal data we hold regarding you are:

  • the right to rectify any inaccuracies in the information we hold;
  • the right to erasure of information in specific circumstances;
  • the right to request transfer of your information to another controller; and
  • the right to object to processing in specified circumstances.

If you have provided us with consent to process your information, you always reserve the right to withdraw this consent via the method detailed in the paragraph below. We are committed to ensuring that your wishes are respected and upon notification that you wish to withdraw your consent, PolicyBee will immediately cease processing the information in question.

You also have the right to make a complaint to the data protection supervisory authority in the UK, namely the Information Commissioner. For further information, see the Information Commissioner's Office website - www.ico.org.uk

Changes to this privacy notice

We may change this privacy notice at any time to ensure it always accurately reflects the way we collect, use and safeguard your personal information.

Please check this notice from time to time to ensure you are aware of any updates we may have made to our personal data handling practices.

We recommend that you print a copy of this page for your reference.