1. Overview
At Employment Hero, we are committed to safeguarding the privacy of our prospective employees, whether permanent or temporary, and our subcontractors or volunteers (“applicants”, “you”, or “your”). We are bound by the European Union and UK data protection laws, which set out a number of principles concerning the protection of your Personal Data.
2. Scope
This Applicant Privacy Policy (“Policy”) describes how Employment Hero UK Ltd and/or its affiliates (“Employment Hero“, “we“, “us” or “our“) uses your Personal Data in connection with your application for employment with us (regardless of the type of contract). It also describes your data protection rights, including a right to object to some of the processing which Employment Hero carries out. More information about your rights, and how to exercise them, is set out in the “Your choices and rights” section.
We also may provide you with additional information when we collect Personal Data, where we feel it would be helpful to provide relevant and timely information.
The data controller for your Personal Data will be Employment Hero.
This Applicant Privacy Policy applies to all Personal Data relating to applicants which is collected, stored, transferred or processed by us as a part or in relation to the recruitment process and up to the point that the applicant logs onto the Services for the first time after successfully receiving an offer of employment from us. Our internal Employee Privacy Policy will apply to any further processing of Personal Data that occurs after the applicant becomes an employee with us. You may also use the Employment Hero platform and services (“Services”) for purposes related to the recruitment process. Additional information about our treatment of Personal Data processed from your use of our Services is set out in our customer privacy policies linked in the Related Policies section.
3. What is Personal Data?
The EU and UK data protection laws define Personal Data as any information relating to an identified or identifiable natural person, i.e. one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).
Special categories of Personal Data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation (“Special Categories of Personal Data”).
4. What categories of Personal Data we collect
We collect Personal Data, including Special Categories of Personal Data for the purposes described in this Policy. The types of Personal Data and Special Categories of Personal Data we may collect includes, but are not limited to, the following:
- Personal identification and communication information: your name, home address, phone number, email address, date of birth, gender or sex, immigration status, and information about your entitlement to work;
- Application-related information: curriculum vitae (CV), cover letter, employment history, education history, qualifications and skills, reference contact information, position preferences, willingness to relocate, desired salary, interests and aspirations, background screening information (if relevant); and
- Special Categories of Personal Data: information about your health and disabilities where we need to make any reasonable adjustments, equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief, and criminal history checks.
We collect most of this information from you directly. For example, data is collected through our application portal and CVs, from correspondence with you, or through interviews, meetings or other assessments. We also collect some information about you from other people (e.g. recruiters, referrals), your referees or organisations (e.g. from LinkedIn if you choose to connect us with your LinkedIn profile, or apply for a role through LinkedIn or any other third-party recruitment platform), and where applicable, we also collect data from our third-party background screening provider during the pre-employment screening process).
5. Why we collect, use and store this Personal Data
We have to have a legal basis to process your data. We explain each of these legal bases below. We also set out the purposes for which we process your data. For each purpose, we explain the lawful basis for that processing, the processing operations that we carry out and the categories of data that we process.
Legal basis
Consent – sometimes we ask for your consent to use your data.
Legitimate interest – we can process your data when this is necessary for us to achieve a business purpose, or where this is necessary for someone else to achieve their purpose. We explain below what interests we, or others, are trying to achieve when we process your data. Where we process Personal Data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals and to determine whether individuals’ interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details at the end of the Policy.
Legal obligation – we have obligations to comply with legal and regulatory requirements under EU or Member State or UK laws. In certain cases, we have to use your data to meet these obligations.
Purposes
We have set out below why we process your data and what data we use:
Processing your application – (legitimate interests)
We collect and use your Personal Data so we can process your application. We store, and where needed, update, your personal information to make informed decisions on recruitment and assess your suitability for the role, to communicate with you about your application, to respond to your inquiries and schedule interviews.
To do this we use your personal identification and communication information. If we need to make adjustments for you during the recruitment process, we process special category data for this purpose.
This information will be shared with third parties which support our recruitment process or host recruitment services on our behalf.
Keeping in touch – (consent)
With your consent, we use your data to contact you about future career opportunities at Employment Hero. This includes storing your data and keeping it up to date and using it to contact you.
We use your personal identification and communication information and application-related information for this purpose.
This information will be shared with third parties which support our recruitment process or host recruitment services on our behalf.
Improving our recruitment process – (legitimate interests)
We have an interest in improving our recruitment processes. To achieve this, we analyse your data and compare it to past recruitment processes.
We use your personal identification and communication information and application-related information for this purpose.
Verifying information – (legitimate interests)
We have an interest in carrying out appropriate checks to verify the information provided by candidates. We verify the details you have supplied and, where applicable, conduct pre-employment background checks.
We use your personal identification information and communication related information, and application related information for this.
This information will be shared with companies who host our recruitment portal and systems and with background screening companies. Where we check references or previous employment and education, we disclose the fact that you have applied to us to educational institutions and to previous employers.
Business interests – (legitimate interests)
We have an interest in protecting our business interests and legal rights, including, use in connection with legal claims, compliance, regulatory, auditing, investigative and disciplinary purposes, and ethics and compliance reporting requirements.
We also have an interest in analysing and monitoring the diversity of the workforce in accordance with applicable laws including, for example, compliance with equal opportunity employment laws.
To do this, we store, use, and may transmit your personal identification and communication information, application-related information and Special Categories of Personal Data.
This information will be shared with third parties which support our recruitment process or host recruitment services on our behalf.
We share information with legal and other advisers if there are investigations or potential claims.
Compliance with law – (legal obligation)
We use your data to comply with legal, regulatory and other requirements under EU or Member State/UK laws by analysing and possibly transmitting your Personal Data.
These legal obligations, and the processing operations they require us to undertake, are:
- tax laws and similar obligations (these include the tax laws and obligations that apply to us in each jurisdiction in which we operate). These require us to undertake tax and national insurance reporting, filing and withholding;
- health and safety obligations (these include the health and safety obligations that apply to us in each jurisdiction in which we operate). These require us to process occupational health records, and to assess your fitness and propriety in connection with your engagement as part of a controlled function;
- employment and social security law obligations (these include the employment and social security law obligations that apply to us in each jurisdiction in which we operate). These require us to carry out right to work checks; and
- equality and anti-discrimination obligations (these include the equality and anti-discrimination obligations that apply to us in each jurisdiction in which we operate). These require us to process information to make necessary adjustments in the workplace. We conduct equality and anti-discrimination-related processing to the extent permitted by applicable law.
Sometimes it is also necessary for us to comply with requirements to respond to court orders, subpoenas or other legal processes.
6. More information about verification and background checks
For certain positions, it will be necessary for us to verify the details you have supplied (for example, in relation to your identity, employment history, academic qualification and professional credentials) and to conduct pre-employment background checks (for example, in relation to previous criminal convictions or financial standing). The level of checks will depend on your role, in particular whether you will occupy a regulated role, and will be conducted at a later stage as is practicable in the recruitment process and often only after you have been selected for the position. If your application is successful, we will provide further information about the checks involved and will obtain any necessary consent prior to completing such checks.
7. Disclosure of Personal Data
Personal data will primarily be processed by employees in our People & Culture, IT and Finance teams, and relevant employees from business function in which the role you applied for exists.
We may disclose your Personal Data to third-party service providers to carry out our recruitment process, including for the purpose of implementing assessments or to enhance your recruitment experience.
We may also disclose your Personal Data to our employees, affiliates, contractors or third-party service providers for the operation of the Services, and fulfilling requests by you.
We may disclose your Personal Data to specific third parties authorised by you to receive information held by us. We will share your Personal Data with third-party suppliers who store data on secure data centres. Further details on our third-party storage provider’s location and security can be found here (for AWS), or here (Google Drive via G-Suite).
Your Personal Data also will be shared with government authorities and/or law enforcement officials if mandated by law or if required for the protection of our legitimate interests in compliance with applicable laws.
In the event that Employment Hero business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
8. Overseas disclosure of Personal Data
We may disclose your Personal Data to recipients located outside the European Economic Area (“EEA”) or the UK, including our affiliates located in Australia, New Zealand, Singapore, Malaysia, the Philippines, and Vietnam, and third-party service providers around the world where it is deemed reasonably necessary for us to make such disclosure to achieve the purposes described in this Policy.
If your Personal Data is transferred outside the EEA or the UK, we ensure that such transfer is compliant with the relevant requirements.
- Where the European Commission or the UK government has determined that certain countries outside of the European Economic Area or the UK have an adequate level of Personal Data protection, Personal Data can be transferred to such a country without any further safeguards being necessary. A full list of such adequate countries is available here (for the EEA) and here (for the UK).
- Where information is transferred outside the EEA, or the UK, to a location that is not subject to an adequacy decision by the European Commission or the UK government, we ensure that the data is adequately protected. We may transfer the categories of data identified in this Policy outside the UK, or the EEA by relying on the EU Standard Contractual Clauses for the transfers from the EU, or the International Data Transfer Agreement or International Data Transfer Addendum to the EU Standard Contractual Clauses (or any replacement publication made on the website), or relying on such other data transfer mechanisms as available under applicable data protection laws.
Personal data that we may transfer outside the EEA, or the UK, for which the Standard Contractual Clauses may apply include personal identification and communication information, application-related information, and Special Categories of Personal Data.
A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.
9. Your choices and rights
You have the right to ask us for a copy of your Personal Data; to correct, delete or restrict processing of your Personal Data; and to obtain the Personal Data you provide in a structured, machine-readable format. In addition, you can object to the processing of your Personal Data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement).
Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to our processing your data, this will not affect any processing which has already taken place at that time.
These rights may be limited, for example, if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority.
Where we collect Personal Data to administer a contract with you or to comply with our legal obligations, this is mandatory, and we will not be able to manage the application (or further the employment relationship) without this information. In all other cases, provision of the requested Personal Data is optional, but this may affect your ability to participate in certain programs or systems, where the information is needed for those purposes.
10. Storage of Personal Data
If you are successful: we will retain your Personal Data only for as long as we need it for our legitimate interest in accordance with applicable law, for the purposes of the recruitment process and, once this process is finished, for an appropriate period so as to be able to deal with any legal claims linked to the application process. Recruitment records for successful applicants are generally kept for 6 years. After this period, we will take steps to delete your Personal Data or hold it in a form that no longer identifies you. If you become our employee, whether permanent or temporary, subcontractor or volunteer, relevant Personal Data you provide will become a part of your employee file and may be used later for the management of the employment relationship.
If you are not successful: we will retain your Personal Data with your permission for 6 years so we can keep you in mind for future recruitment processes; otherwise, it will be deleted after 6 months.
11. Updates to this Policy
We reserve the right to make changes to this Policy from time to time to reflect any changes to our data processing operations or any other change that may be relevant to you or may impact you. We encourage you to periodically review this page to see any changes we have made. In the event we make significant changes to this Policy, we will additionally notify you via email or via notifications through our Services.
12. Contact us
If you have questions about this Policy or wish to contact us for any reason in relation to our Personal Data processing, please contact us at privacy@employmenthero.com.
