GDPR Privacy Notice for job applicants

Introduction
As part of any recruitment process, E.A. Gibson Shipbrokers Ltd “the Company” collects and processes personal information, or personal data, relating to job applicants. This personal information may be held by the Company on paper or in electronic format.

E.A. Gibson Shipbrokers Ltd “The Company” is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information during the recruitment process. We are required under the GDPR to notify you of the information contained in this privacy notice.

This privacy notice applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency. It is non-contractual.

E.A. Gibson Shipbrokers Ltd “The Company” has appointed a Data Controller to oversee compliance with this privacy notice. If you have any questions about this privacy notice or about how we handle your personal information, please contact Allan Walker, Finance Director, Ext: 1253, email: allan.walker@eagibson.co.uk.

Data protection principles
Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:

  1. Processed lawfully, fairly and in a transparent manner.

  2. Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.

  3. Adequate, relevant and limited to what is necessary in relation to those purposes.

  4. Accurate and, where necessary, kept up to date.

  5. Kept in a form which permits your identification for no longer than is necessary for those purposes.

  6. Processed in a way that ensures appropriate security of the data.


The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.

What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed. There are also “special categories” of personal information, and personal information on criminal convictions and offences, which requires a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic
and biometric data. The Company collects, uses and processes a range of personal information about you during the recruitment process. This includes (as applicable):

  • your contact details, including your name, address, telephone number and personal e-mail address

  • personal information included in a CV, any application form, cover letter or interview notes

  • references

  • information about your right to work in the UK and copies of proof of right to work documentation

  • copy of driving licence/ passport/ visas/ birth certificate

  • copies of qualification certificates

  • other background check documentation

  • details of your skills, qualifications, experience and work history with previous employers

  • information about your current salary level, including benefits and pension entitlements

  • your professional memberships

The Company may also collect, use and process the following special categories of your personal information during the recruitment process (as applicable):

  • whether or not you have a disability for which the Company needs to make reasonable adjustments during the recruitment process

  • information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation

  • information about criminal convictions and offences.

How do we collect your personal information?
The Company collects personal information about you during the recruitment process either directly from you or sometimes from a third party such as an employment agency. We may also collect personal information from other external third parties, such as references from current and former employers, information from background check providers, information from credit reference agencies and criminal record checks from the Disclosure and Barring Service (DBS).

Other than employment agencies, the Company will only seek personal information from third parties during the recruitment process once an offer of employment or engagement has been made to you and we will inform you that we are doing so.

You are under no statutory or contractual obligation to provide personal information to the Company during the recruitment process. Your personal information may be stored in different places, including on your application
record, in the Company’s HR management system and in other IT systems, such as the e-mail system.

Why and how do we use your personal information?
We will only use your personal information when the law allows us to. These are known as the
legal bases for processing. We will use your personal information in one or more of the following
circumstances:

  • where we need to do so to take steps at your request prior to entering into a contract with you, or to enter into a contract with you

  • where we need to comply with a legal obligation

  • where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests.


We may also occasionally use your personal information where we need to protect your vital interests (or someone else’s vital interests) and where it is needed in the public interest, or for official purposes.

We need all the types of personal information listed under “What types of personal information do we collect about you?” primarily to enable us to take steps at your request to enter into a contract with you, or to enter into a contract with you, and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: pursuing our business by employing employees, workers and contractors; managing the recruitment process; conducting due diligence on prospective staff and performing effective internal administration.

The purposes for which we are processing, or will process, your personal information are to:

  • manage the recruitment process and assess your suitability for employment or engagement

  • decide to whom to offer a job

  • comply with statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK

  • comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations

  • ensure compliance with your statutory rights

  • ensure effective HR, personnel management and business administration

  • monitor equal opportunities

  • enable us to establish, exercise or defend possible legal claims


Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.

What if you fail to provide personal information?
If you fail to provide certain personal information when requested, we may not be able to process
your job application properly or at all, we may not be able to enter into a contract with you, or we
may be prevented from complying with our legal obligations. You may also be unable to exercise
your statutory rights.
Why and how do we use your sensitive personal information?
We will only collect and use your sensitive personal information, which includes special categories of personal information and information about criminal convictions and offences, when the law allows us to.

Some special categories of personal information, i.e. information about your health, and information about criminal convictions and offences, is processed so that we can perform or exercise our obligations or rights under employment law and in line with our data protection policy.

We may also process information about your health and information about any criminal convictions and offences where we have your explicit written consent. In this case, we will first provide you with full details of the personal information we would like and the reason we need it, so that you can properly consider whether you wish to consent or not. It is entirely your choice whether to consent. Your consent can be withdrawn at any time.

The purposes for which we are processing, or will process, health information and information about any criminal convictions and offences, are to:

  • assess your suitability for employment or engagement

  • comply with statutory and/or regulatory requirements and obligations, e.g. carrying out criminal record checks

  • comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations

  • ensure compliance with your statutory rights

  • ascertain your fitness to work

  • ensure effective HR, personnel management and business administration

  • monitor equal opportunities

Where the Company processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring in recruitment and in line with our data protection policy. Personal information that the Company uses for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is entirely your choice whether to provide such personal information.

We may also occasionally use your special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.

How we use particularly sensitive personal information
Special categories" of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:

 

  • In limited circumstances, with your explicit written consent.

  • Where we need to carry out our legal obligations or exercise rights in connection with employment law.

  • Where it is needed in the public interest, such as for equal opportunities monitoring.


Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public. We may also process such information about you in the course of legitimate business activities with the appropriate safeguards.

We will use your particularly sensitive personal information in the following way:

  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Do we need your consent?
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.

Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

We may also process such information about you in the course of legitimate business activities with the appropriate safeguards.

We do not envisage that we will hold information about criminal convictions.

We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.

We are allowed to use your personal information in this way to carry out our legal obligations. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data.

Change of purpose
We will only use your personal information for the purposes for which we collected it, i.e. for the recruitment exercise for which you have applied. However, if your job application is unsuccessful, the Company may wish to keep your personal information on file for in case there are future suitable employment opportunities with us. We will ask for your consent before we keep your personal information on file for this purpose. Your consent can be withdrawn at any time.

Who has access to your personal information?
Your personal information may be shared internally within the Company for the purposes of the recruitment exercise, including with members of the HR department, members of the recruitment team, managers and directors in the department which has the vacancy and IT staff if access to your personal information is necessary for the performance of their roles.

The Company will not share your personal information with third parties during the recruitment process unless your job application is successful and we make you an offer of employment or engagement. At that stage, we may also share your personal information with third parties (and their designated agents), including:

  • external organisations for the purposes of conducting pre-employment reference and employment background checks

  • the DBS, to obtain a criminal record check

  • former employers, to obtain references

  • professional advisors, such as lawyers


We may also need to share your personal information with a regulator or to otherwise comply with the law.
We may share your personal information with third parties where it is necessary to steps at your request to enter into a contract with you, or to enter into a contract with you, where we need to
comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).

How does the Company protect your personal information?
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal
information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees,
workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these
measures from our data controller Allan Walker, Finance Director, Ext: 1253, email: allan.walker@eagibson.co.uk..

Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information
and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance
with our written instructions and we do not allow them to use your personal information for their own purposes.

The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority
or regulator) and you of a suspected breach where we are legally required to do so.

For how long does the Company keep your personal information?
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed.

If your application for employment or engagement is unsuccessful, the Company will generally hold your personal information for six months after the end of the relevant recruitment exercise but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to six years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, County Court or High Court. If you have consented to the Company keeping your personal information on file for in case there are future suitable employment opportunities with us, the Company will hold your personal information for a further six months after the end of the relevant recruitment exercise, or until you withdraw your consent if earlier.

If your application for employment or engagement is successful, personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with the privacy notice for employees, workers and contractors. Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable. In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.

Your rights in connection with your personal information
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

  • request access to your personal information - this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it

  • request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected

  • request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected

  • restrict the processing of your personal information - this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to

  • verify its accuracy

  • object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground

  • data portability - this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.

If you wish to exercise any of these rights, please contact our data controller Allan Walker, Finance Director, Ext: 1253, email: allan.walker@eagibson.co.uk. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our data controller Allan Walker, Finance Director, Ext: 1253, email: allan.walker@eagibson.co.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have
another legal basis for processing. If you believe that the Company has not complied with your data protection rights, you have theright to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO
is the UK supervisory authority for data protection issues.

Transferring personal information outside the European Economic Area
The Company may transfer your personal information to countries outside the European Economic Area (EEA). These are currently USA, Singapore and Hong Kong. Please note this list may expand to other countries in the future. There are an adequacy decisions by the European Commission in respect of those countries. This means that the countries to which we transfer your personal information are not deemed to provide an adequate level of protection for your personal information. However, to ensure that your personal information does receive an adequate level of protection, it is transferred outside the EEA on the basis of the following safeguards such as binding corporate rules and standard data protection and compliance clauses. You can obtain further information about these measures from our data controller Allan Walker, Finance Director, Ext: 1253, email: allan.walker@eagibson.co.uk.

Automated decision making
Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention. We do not envisage that any recruitment decisions will be taken about you based solely on automated decision-making, including profiling.

Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.

Contact
If you have any questions about this privacy notice or how we handle your personal information, please contact our data controller Allan Walker, Finance Director, Ext: 1253, email: allan.walker@eagibson.co.uk.

SITEMAP