In accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, nfpSynergy has implemented this privacy notice to inform you of the types of data we process about you as prospective employees of our company. We have also included the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your personal data.

Data Protection Principles

All personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we ensure that:

  1. Processing is fair, lawful and transparent
  2. Data is collected for specific, explicit, and legitimate purposes
  3. Data collected is adequate, relevant and limited to what is necessary for the purposes of processing
  4. Data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  5. Data is not kept for longer than is necessary for its given purpose
  6. Data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures

Types of data held by nfpSynergy

We keep several categories of personal data on our prospective employees in order to carry out effective and efficient processes. We keep this data in recruitment files relating to each vacancy within our business information systems.

We specifically hold the following types of data:

  1. Personal details such as name, address, phone numbers
  2. Your gender
  3. Right to work documentation
  4. Information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter
  5. References from former employers
  6. Details on your education and employment history etc
  7. Criminal convictions

 

Collecting your data

You provide several pieces of data to us directly during the recruitment exercise. In some cases, we will collect data about you from third parties, such as former employers when gathering references

Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins.

Lawful Basis for processing your data 

The law on data protection allows us to process your data for certain reasons only. We ensure that processing is only carried out where a lawful basis for processing exists, and in addition, where we have assigned a lawful basis against each processing activity.

Where no other lawful basis applies, we may seek to rely on the individual’s consent in order to process data. However, we understand that consent must be freely given, specific, informed and unambiguous.  Where consent is to be sought, we will do so on a specific and individual basis where appropriate.

The information below categorises the types of data processing we undertake and the lawful basis we rely on.

Activities requiring your data

  • Carrying out checks in relation to your right to work in the UK

Legal basis: legal obligation

  • Making reasonable adjustments for disabled employees

Legal basis: legal obligation

  • Making recruitment decisions in relation to both initial and subsequent employment

Legal basis: legitimate business interests

  • Making decisions about salary and other benefits

Legal basis: legitimate business interests

  • Making decisions about contractual benefits to provide to you

Legal basis: legitimate business interests

  • Assessing training needs

Legal basis: Legitimate business interests

  • Dealing with legal claims made against us

Legal basis: Legitimate business interests

  • Preventing fraud

Legal basis: Legitimate business interests

Special Categories of data 

Special categories of data refer to data relating to your:

  1. Health
  2. Sex life
  3. Sexual orientation
  4. Race
  5. Ethnic origin
  6. Political opinion
  7. Religion
  8. Trade union membership
  9. Genetic and biometric data

nfpSynergy does not process or hold any special category data.

Failure to provide data

Your failure to provide us with data may mean that we are unable to fulfill our requirements for entering into a contract of employment with you. This could include being unable to offer you employment or administer contractual benefits.

Criminal conviction data

nfpSynergy may from time to time undertake due diligence process that may involve viewing “Criminal offence data”: this is data which relates to an individual’s criminal convictions and offences. However, this information will only be held, if at all, for the duration in which lawful processing takes place, such as recruitment. We rely on the lawful basis of legal obligations to process this data.

Who we share your data with

Employees within nfpSynergy who have responsibility for recruitment will have access to your data, which is relevant to their function. All employees with such responsibility will be trained in ensuring data is processed in line with GDPR. nfpSynergy does not share your data with third parties. However, in the rare occasion that nfpSynergy is required to transfer your personal data, appropriate safeguards will be adopted and lawful basis established.

How we maintain data security

nfpSynergy operates with a high degree of awareness of risks associated with data privacy and security. Personal information and relevant data retained within our databases, and all processing activities are subject to our Data Protection Policy.

Retention periods

We only keep your data for as long as we need it for, which, in relation to unsuccessful candidates, is six months to a year.

If your application is not successful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable job vacancies, we will keep your data for six months once the recruitment exercise ends.

If we have sought your consent to keep your data on file for future job vacancies, and you have provided consent, we will keep your data for a year once the recruitment exercise ends. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.

Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data and there will be no consequences of withdrawing consent.

If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.

Automated decision making

Automated decision-making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making which has an impact on you.

Your rights

You have the following rights in relation to the personal data we hold on you:

  1. The right to be informed about the data we hold on you and what we do with it;
  2. The right of access to the data we hold on you. We operate a separate Subject Access Request policy and all such requests will be dealt with accordingly;
  3. The right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
  4. The right to have data deleted in certain circumstances. This is also known as ‘erasure’;
  5. The right to restrict the processing of the data;
  6. The right to transfer the data we hold on you to another party. This is also known as ‘portability’;
  7. The right to object to the inclusion of any information;
  8. The right to regulate any automated decision-making and profiling of personal data.

In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

Making a compliant

If you think your data rights have been breached, you are able to raise a complaint with us on the details provided below:

Timothy Harrison-Byrne

Deputy Managing Director

timothy.harrison@nfpsynergy.net