Introduction
Xcede Group (“Xcede Group”, “us”, “we”, “our”) are committed to protecting your privacy and meeting our legal obligations when you apply for a job or you (or an agent acting on your behalf) share your employment details with us.
This privacy notice explains what personal data we collect and use relating to employment and associate candidates (“you”,“your”) during the recruitment process.
As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity, and availability of the data we hold, and in meeting our data protection obligations where we process personal data. We are committed to protecting the security of your personal data. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.
We update this privacy notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to products and services we offer. When changes are made, we will update the effective date at the top of this document.
What personal data do we process?
Personal data means any information about an individual from which that person can be identified, therefore does not include data where the identity of the person has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection. Xcede Group is the data controller of the personal data we hold about you, registered as such with the Information Commissioner’s Office (“ICO”).
When you apply for a position (whether as an employee or contractor) or submit your CV (or similar employment information) to us, whether directly or through an agency, or attend an interview in person or by remote means, we will collect your personal data. This includes (but is not limited to):
Name and contact details (address, mobile phone number and email address)
Company details (where applicable)
Date of birth and gender
Work history and employment positions held
Salary, other compensation, and benefits information
Nationality / visa / work permit information (where applicable)
Academic and professional qualifications, education, and skills
Demographic information
Records we create during interviews or correspondence with you
Results of pre-employment screening checks such as references or DBS checks (where applicable)
Any other information you choose to give us
We may also collect special category data in accordance with the Equality Act 2010. We will only do this, for example, to make reasonable adjustments to enable all candidates to apply for vacancies, attend interviews and to commence employment. This is also necessary to ensure we meet our legal obligations when recruiting.
Purposes and bases for using your personal data
We will process your personal information for the following purposes and under the following lawful bases:
Purpose | Lawful Basis for Processing |
To assess your suitability for the role | Processing is necessary for taking steps to enter into a contract with you or for the performance of our contract with you (Article 6(1)(a) of the UK GDPR) |
To make reasonable adjustments for you during the interview process and comply with our legal obligations under the Equality Act 2010 | Processing is necessary for us to comply with our legal obligations (Article 6(1) (c) of the UK GDPR) For special category data, the additional basis that we rely on relates to our obligations in the field of employment and the safeguarding of your fundamental rights (Article 9(2) (b) of the UK GDPR and Schedule 1 part 1(1) of the DPA 2018) |
To conduct pre-employment screening checks including checking your identity and your right to work in the UK | Processing is necessary for us to comply with our legal obligations (Article 6(1) (c) of the UK GDPR For special category data, the additional basis that we rely on relates to our obligations in the field of employment and the safeguarding of your fundamental rights (Article 9(2) (b) of the UK GDPR and Schedule 1 part 1(1) of the DPA 2018) |
To contact unsuccessful applicants about future suitable vacancies | Processing is necessary for our legitimate interest of searching for suitable candidates for future vacancies based on their skills set out in the records we hold on candidates (Article 6(1) (f) of the UK GDPR) |
Sensitive personal data
We will only process sensitive ‘special category’ personal data where we meet one of the conditions required by law for doing so. This includes complying with legal obligations or exercising specific rights in the field of employment law. We may also ask for your explicit consent to process some special categories of personal data.
We process special categories of personal data when we collect or process information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work and to provide appropriate workplace adjustments.
Sharing of your information
We may share your data with service providers and suppliers to our business who process data on our behalf. In such cases, our service providers and suppliers are data processors and may only use the data in line with our instructions and not for any other purpose. This and other obligations are agreed in the contract between Xcede Group and the service providers and suppliers.
Where we need to transfer or store your personal data outside the European Economic Area (the “EEA”) or the UK, we will only do so using Standard Contractual Clauses approved by the European Commission, which contractually oblige third party organisations in those countries to comply with the same data protection standards as legislated within the EEA and UK.
Within Xcede Group, your personal data will only be shared with those who need to have access to it, which will primarily be our HR personnel and hiring managers.
How long will we retain your information?
We will retain your personal data for only as long as is necessary for the recruitment process. If your candidacy is successful and you are employed or hired by us, your data will be processed and retained as set out in our employee privacy notice, provided to you with your employment paperwork.
If your candidacy is not successful, we will retain your CV, application details and interview notes for 3 years from the date we notified you we would not move forward with your application) in order to inform you about any future vacancies we have that may be of interest to you. Please let us know if you would like us to delete your records before our retention period lapses and we will do so.
We will also retain personal data where it is necessary to comply with our legal obligations or as necessary in relation to legal claims. This is rare but may mean we need to retain your data for longer than 3 years.
Your rights
Individuals whose personal data we process have the following rights:
You have the right of access to your personal data and can request copies of it and information about our processing of it
If the personal data we hold about you in incorrect or incomplete, you can ask us to rectify or add to it
Where we are using your personal data with your consent, you can withdraw your consent at any time
Where we are using your personal because it is in our legitimate interests to do so, you can object to us using it this way
In some circumstances, you can restrict our processing of your data, request a machine-readable copy of your personal data to transfer to another service provider and compel us to erase your personal data
If you wish to exercise any of your rights, please contact us at dataprivacy@techstreamgroup.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
In addition to the above, please note that you have the right to make a complaint at any time to the ICO if you are concerned about the way in which we are handling your personal data.
Contact
You can contact Xcede Group in relation to data protection and this privacy notice by emailing dataprivacy@techstreamgroup.com
