Search UK jobs Search EU jobs

Privacy policy

1. INTRODUCTION

Nisbets Limited, (including all Nisbets UK subsidiary companies) (Nisbets”, “we”, “us”, “our”) are committed to meeting our legal obligations when you apply for a job or you (or an agent acting on your behalf) share your employment details with us.

This data protection notice explains what personal data we collect and use relating to employment and associate candidates (“you”, “your”) during the recruitment process.

As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity, and availability of the data we hold, and in meeting our data protection obligations where we process personal data. Nisbets is committed to meeting its data protection legal obligations as set out in the General Data Protection Regulation (“GDPR”) and the UK General Data Protection Regulation (“UK GDPR”) (whichever is applicable) and the Data Protection Act 2018 (“DPA18”) (“Data Protection Laws”). We will comply with the letter of the law and the spirit of the law. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.

We update this data protection notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to products and services we offer. When changes are made, we will update the effective date at the top of this document.


2. WHAT PERSONAL DATA DO WE PROCESS?

Personal data means any information about an individual from which that person can be identified, therefore does not include data where the identity of the person has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection. Nisbets is the data controller of the personal data we hold about you, registered as such with the Information Commissioner’s Office (ICO).

When you apply for a position (whether as an employee or consultant) or submit your CV (or similar employment information) to us, whether directly or through an agency, or attend an interview in person or by remote means, we will collect your personal data. This includes (but is not limited to):

  • name and contact details (address, mobile phone number and email address);
  • company details (where applicable);
  • date of birth and gender;
  • work history and employment positions held;
  • salary, other compensation, and benefits information;
  • nationality / visa / work permit information (where applicable);
  • academic and professional qualifications, education, and skills;
  • photographs you may submit with your application;
  • demographic information;
  • records we create during interviews or correspondence with you;
  • results of pre-employment screening checks such as references or DBS checks (where applicable);
  • any other information you choose to give us.

We may also collect special category data in accordance with the Equality Act 2010. We will only do this, for example, to make reasonable adjustments to enable all candidates to apply for vacancies, attend interviews and to commence employment. This is also necessary to ensure we meet our legal obligations when recruiting.


3. PURPOSES AND BASES FOR USING YOUR PERSONAL DATA

By applying for a job (by sharing your CV or applying to an advert) you are assumed to have given us permission to store and process your data in accordance with the data protection laws.

We will process your personal information for the following purposes and under the following lawful bases:
 

Purpose

Lawful Bases for Processing

Responding to correspondence from you.

It is in our legitimate interest to respond to you when you make an employment or general enquiry.

Processing your application to assess suitability for employment.

When processing your personal data for the purposes of administering your job application or assessing your candidacy for a role, we do so with your consent.

When processing your special category data, we do so with your explicit consent.

Assessing suitability for employment.

It is our legal obligation under the Equality Act 2010 to protect all applicants from discrimination in the workplace at all stages of pre-employment and employment.

When processing your special category data, we do so with your explicit consent.

Arranging and conducting recruitment interviews, either in person, via telephone or other means.

We rely on your consent to process your personal data in order to facilitate our recruitment process.

Obtaining necessary references from third parties and conducting pre-employment screening checks, where required.

We rely on your consent to process your personal data in order to facilitate our recruitment process.

When processing your special category data, we do so with your explicit consent.

Contacting unsuccessful applicants about future suitable vacancies.

It is our legitimate interest to archive applications, maintain the details of, and stay in contact with, suitable candidates for future roles.

Sharing personal data with third parties including government agencies, law enforcement agencies and others.

It is our legal obligation to cooperate fully as and when required by law.

We rely on your consent to share your personal data with our third-party recruitment agency in order to facilitate our recruitment process.

When processing your special category data, we do so with your explicit consent.


4. SENSITIVE PERSONAL DATA

We will only process sensitive ‘special category’ personal data where we meet one of the conditions required by law for doing so. This includes complying with legal obligations or exercising specific rights in the field of employment law. We may also ask for your explicit consent to process some special categories of personal data.

We process special categories of personal data when we collect or process information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work and to provide appropriate workplace adjustments.


5. SHARING OF YOUR INFORMATION

We are a UK-based company but do have establishments outside the UK. Where we need to transfer or store your personal data outside the European Economic Area (the “EEA”) or the UK, we will only do so using Standard Contractual Clauses or the International Data Transfer Agreement (whichever is applicable) approved by the European Commission and ICO, respectively, which contractually oblige our group entities in those countries to comply with the same data protection standards as legislated within the EEA and UK.

We may share your data with other group organisations, service providers and suppliers to our business who process data on our behalf. In such cases, our service providers and suppliers are data processors and may only use the data in line with our instructions and not for any other purpose. This and other obligations are agreed in the contract between Nisbets and the service providers and suppliers.

Within Nisbets, your personal data will only be shared with those who need to have access to it, which will primarily be our HR personnel and hiring managers.


6. HOW LONG WILL WE RETAIN YOUR INFORMATION?

We will retain your personal data for only as long as is necessary for the recruitment process. If your candidacy is successful and you are employed or hired by us, your data will be processed and retained as set out in our employee data protection notice, provided to you with your employment paperwork.

If your candidacy is not successful, we will retain your CV, application details and interview notes for 12 months (from the date of first receipt of your details). During this time, we may add your information to our talent pool unless you ask us not to or subsequently object to us doing so.

We will also retain personal data where it is necessary to comply with our legal obligations or as necessary in relation to legal claims. This may mean we need to retain your data for longer than 12 months.


7. YOUR RIGHTS

Individuals whose personal data we process have the following rights:

  • you have the right of access to your personal data and can request copies of it and information about our processing of it;
  • if the personal data we hold about you in incorrect or incomplete, you can ask us to rectify or add to it;
  • where we are using your personal data with your consent, you can withdraw your consent at any time;
  • where we are using your personal data because it is in our legitimate interests to do so, you can object to us using it this way; and
  • in some circumstances, you can restrict our processing of your data, request a machine-readable copy of your personal data to transfer to another service provider and compel us to erase your personal data.

If you wish to exercise any of your rights, please contact us at dpo@nisbets.co.uk or write to us at the address provided below:

Data Protection Officer
Nisbets Limited
Fourth Way
Avonmouth
Bristol
BS11 8TB

You will ordinarily not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

In addition to the above, please note that you have the right to make a complaint at any time to the Information Commissioner’s Office if you are concerned about the way in which we are handling your personal data.