Recruitment Privacy Statement
This Privacy Notice only applies to the personal data of job applicants, potential candidates for employment, and our optional recruiting programs and any events we hold. It does not apply to our employees, contractors or clients, or other personal data that we collect for other purposes.
The information on this page explains how Inspire Scotland Ltd, will use your personal information when you apply for work with us, during the recruitment process and subsequently if you become an employee. This includes how we collect, process and share it. It also describes how long information is kept and the circumstances in which we might disclose it to a third party.
By submitting your personal data to us, you acknowledge that:
• You have read and understood this Privacy Notice and agree to the use of your personal data as set out herein.
• Your personal data may be transferred and processed worldwide, including countries that may not be deemed to provide the same level of data protection as your home country, for the purposes and in the manner specified in this Privacy Notice.
• You are not required to provide any requested information to us but failing to do so may result in not being able to continue your candidacy for the job for which you have applied.
• All of your representations are true and correct to the best of your knowledge and belief, and you have not knowingly omitted any related information of an adverse nature. Providing any inaccurate information may make you ineligible for employment.
Information We Collect about You
As part of every recruitment process, we collect and processes personal data relating to job applicants. This will include:
• Your name, address and contact details, including email address and telephone number, date of birth
• Details of your qualifications, skills, experience, employment history, other relevant experience and achievements
• Information about your current level of remuneration, including benefit entitlements
• Whether or not you have a disability for which Inspire Scotland Ltd needs to make reasonable adjustments during the recruitment process
• Proof of your entitlement to work in the country where you will be based
• Equality monitoring information, including information about your gender, ethnic origin, sexual orientation, age, health and religion or belief.
• Employment references and the results of any pre-employment screening
• The outcome and results of any interviews or tests which formed part of the recruitment process
• Photographs if used during a recruitment exercise and for building access passes.
How We Collect Your Information
We collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including tests and/or online tests.
We will also collect personal data about you from third parties, such as references supplied by your former employers, information from employment background check providers and information from criminal records checks.
Use of Your Data
We collect and use your personal data for legitimate human resources and business management reasons including:
• identifying and evaluating candidates for potential employment, as well as for future roles that may become available;
• recordkeeping in relation to recruiting and hiring;
• ensuring compliance with legal requirements, including diversity and inclusion requirements and practices;
• conducting criminal history checks as permitted by applicable law;
• checking a successful applicant's eligibility to work in a particular country before employment starts.
• protecting our legal rights to the extent authorised or permitted by law including responding to and defending legal claims; or
• emergency situations where the health or safety of one or more individuals may be endangered.
We may also analyse your personal data or aggregated/pseudonymised data to improve our recruitment and hiring process and augment our ability to attract successful candidates.
We process your personal data for the purposes described above: when we have your consent to do so; when necessary to enter into an employment contract with you; when necessary for us to comply with a legal obligation; or when necessary for the purposes of our legitimate interests as an employer operating globally. Where we rely on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
We may also collect sensitive data from you. Sensitive data is personal information which includes your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data, or information concerning your health or mental wellbeing or sexual orientation. Where we collect sensitive data because it requires a higher standard of protection than non-sensitive data we will only process this in limited circumstances where we either: -
• have your explicit written consent to do so; or
• it is needed to carry out legal obligations or exercise rights in relation to your contract of employment; or
• where it is needed in the public interest such as for equal opportunities monitoring.
Occasionally we may process sensitive data where it is needed in relation to legal claims or where it is needed to protect your interests, or someone else’s interests and you are not capable of giving your consent or where you have already made the information public.
Sharing Your Information
We will not sell the personal information that we collect from you and will only use it for the purposes set out in this privacy statement. We may share your personal information with the following parties: -
• Service providers who provide us with IT and administration services such as our IT Support and back up provider;
• HMRC and other regulatory or governmental or quasi- governmental authorities who require reporting of our activities by law;
• Professional advisers such as our lawyers, accountants, bankers and insurers;
• Recruitment Agencies if they provided details about you in the first place.
All third parties with whom we share your data are required to protect your personal data, treat it confidentially and to process it in accordance with the law. Where we use third parties we will take all reasonable steps to ensure that:-
• they have adequate technical and other measures in place to ensure the security of your personal information;
• that they only use it for specified purposes;
• that any employees or contractors who have access to the information are adequately trained and deal with it confidentially and on a need to know basis only;
• and that they act only in accordance with our instructions.
Security of Personal Data
We take information security very seriously. Your information and records will be stored securely to ensure privacy of your personal data. We take all reasonable steps to ensure that there are technical and organisational measures of security in place to protect your personal data from unauthorised access to or disclosure of it, and against loss or accidental damage or unauthorised alteration of it. Staff handling your personal data are also adequately trained in relation to the legal requirements for handling personal data. These include robust procedures for dealing with breaches including incident reporting and notifying the Information Commissioner, and where appropriate you, of any breaches, the consequences of the same and the remedial action taken.
Where possible the information you provide us with will be held within the European Economic Area (“EEA”). Data will be stored in a range of different places, including on your application record, in electronic HR Management Systems and on other IT systems (including email).
Countries outside of the EEA do not always have similar levels of protection for personal data as those inside the EEA. The law provides that transfers of personal data outside of the EEA is only permitted where that country has adequate safeguards in place for the protection of personal data. Some types of processing may use cloud solutions which can mean information may sometimes be held on servers which are located outside of the EEA or may use processors who are based overseas.
Where we use cloud-based services or third-party providers of such services and in either or both circumstances the data is processed outside of the EEA that will be regarded as an overseas transfer. Before instigating an overseas transfer, we will ensure that the recipient country and/or processor has security standards at least equivalent to our own and in particular one of the following permitted safeguards applies: -
• The country in question is deemed to have adequate safeguards in place as determined by the European Commission; or
• There is a contract or code of conduct in place which has been approved by the European Commission which gives your personal information the same protection it would have had if it was retained within the EEA; or
• If the overseas transfer is to the United States, then the transferee is a signatory to the EU-US privacy Shield as all Privacy Shield signatories are obliged to give your personal information the same degree of protection it would have had if it was retained within the EEA.
If none of these safeguards exist, then we may seek your explicit consent for an overseas transfer. In line with your rights as an individual you are free to withdraw this consent at any time.
You have rights as an individual which you can exercise in relation to the information we hold about you. These rights are:
• be informed about what information we collect about you;
• request access to any data held about you;
• have data corrected where it is inaccurate, incomplete or not up to date;
• object to processing your data unless there are overriding legitimate grounds for us to continue doing so;
• object to decisions being taken by automated means or profiling (which largely pertains to data used for the purposes of advertising, marketing and behavioural analysis);
• have data deleted or erased where you believe it is no longer required for the purpose for which it was obtained, or you have validly objected to our use of that information (sometimes referred to as the right to be forgotten);
• restrict our use of your personal data, for example, where there is no longer a basis for using the information, but you don’t want us to delete it; and
• request the transfer of your data to a third party (sometimes referred to as the right of portability)
Additional information about these rights can be found on the Information Commissioner’s website at www.ico.org.uk/for-organisation/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you have provided consent and we are relying on that as the legal ground of processing your personal information and wish to exercise your right to withdraw that consent you can do so at any time by contacting us at
Suite 2, Kirkintilloch Business Centre, 74 Townhead, Kirkintilloch, G66 1NZ
Your Access to your Personal Data
We try to be as open as we can in giving people access to their personal information. You can make a subject access request at any time about the personal information we process about you. Any request requires to be in writing and is not subject to any charges or fees. If we do hold any personal information about you, we will:
• give you a description of it;
• tell you why we are holding it;
• tell you who it has or will be disclosed to;
• the source of the information (if not you);
• where possible, the period for which it will be stored; and
• let you have a copy of the information in an intelligible form
We will respond to a subject access request within 30 days.
If you believe that any information we hold about you is incorrect or incomplete you should email us at firstname.lastname@example.org Any information which is found to be incorrect will be corrected as soon as possible.
We will only retain your personal information for as long as is necessary in line with the purposes for which it was originally requested or collected or where we are required to do so for some legal or reporting purpose. In working out how long we retain personal data we look the type of personal data involved, the purpose of processing, how sensitive or confidential the data is and at legal and commercial considerations including any legal obligations we have.
Where you are not successful with your application we will retain your information for a period of six months only unless you give us your explicit consent to hold it longer but then only in relation to considering you for any similar roles or jobs which may become available in the future.
If you have any questions relating to either retention periods or more require more detail on the purposes of processing or the specific reason or legal grounds, we are relying on for that processing then please contact us for additional information.
We would prefer to resolve any issues or concerns you may have direct with you. If you feel you are unable to resolve matters by contacting us direct or are you are unhappy or dissatisfied with how we collect or process your personal information you have the right to complain about it to the Information Commissioner who is the national regulatory body which overseas data protection law.
Their address is: -
Information Commissioner’s Office
Telephone -0303 123 1113 or 01625 545745
They can be contacted through www.ico.org.uk/concerns.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to
Head of Service,
Suite 2, Kirkintilloch Business Centre, 74 Townhead, Kirkintilloch, G66 1NZ
Changes to this Privacy Notice
We keep our privacy notice under regular review. This privacy notice was last updated on 15th August 2018.