This policy explains when, and why, we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.
This policy applies to all current, and former, applicants.
This policy does not form part of any contract of employment or other contracts to provide services. We may update this policy at any time but if we do so, we will update you on any changes as soon as reasonably practical.
Who we are?
Personal information (data) is collected, processed, and stored by Stephensons Solicitors LLP and we are known as the ‘data controller’ of the data you provide to us.
Our Data Protection Officer is Shelley Naughton who can be contacted by email firstname.lastname@example.org.
What we need and how we use it?
The exact information we will request from you may depend on the circumstances and context of our interaction and engagement. However, generally, we will collect and use information such as:
- Identity and contact details.
- Job performance
- Promotion and career development
- To perform the employment contract with staff
- To comply with legal requirements
- For legal references
- For Health & safety reasons
Special categories of personal information
We may also collect ‘special categories’ of personal information which is, by its nature, more sensitive and may include:
- Racial or ethnic origin
- Political opinions
- Philosophical views
- Trade union membership
- Health data
- Sexual orientation
We need to have further justification for processing special categories of data. The usual reasons we process this information are:
- Where you have consented for us to do so
- Where we need to carry out our legal obligations or exercise rights in connection with employment
- Where it is needed in the public interest e.g., for equal opportunities monitoring, health and safety etc.
- Less commonly, where it is needed concerning legal claims or where it is needed to protect your interests, our interests, or someone else’s’ interests
Information about criminal convictions, offences, and investigations
We may only use this information where the law allows us to do so. Where appropriate, we may collect this information as part of the recruitment process.
We only collect this information where it is appropriate given the nature of the role your are applying for, or circumstances.
How personal information is collected?
We collect personal information through the application and recruitment process, either directly or indirectly, and may use public information online e.g., LinkedIn etc. We may also collect additional information from third parties including former employers, suppliers, subcontractors, or external service providers.
Who has access to it?
We have a data protection regime in place to oversee the effective and secure processing of your personal information. Generally, we will only use your information within Stephensons Solicitors LLP. However, there may be circumstances where we do, in accordance with the law or regulation, or contractual obligations, share you information:
- Internally to colleague or managers as part of the recruitment process
- Externally to regulatory or statutory bodies such as the SRA, HMRC, auditors, employee engagement surveys, training providers, payroll etc.
- If the law or a legal procedure requires us to do so.
We may also share your personal information with authorised service providers, called data processors e.g., technical service providers, that we may use for the purpose of providing us with a service. We ensure that any disclosure of your personal information is underpinned by a data processing agreement, incorporating the commitments laid out herein. We only permit third party service providers to process your personal data for specified purposes and following our instructions.
How we protect your personal information?
We have exceptional standards of technology and operational security to protect all personal information from loss, misuse, alteration, or destruction. Similarly, we adopt a high threshold when it comes to confidentiality and both internal and external parties have agreed to protection confidentiality of all information.
How long will we keep it for?
Your personal information will be retained only for as long as necessary to fulfil the purposes for which the information was collected; or required by law. The maximum amount of time we will process your personal information is 12 months following the end of the recruitment process with you.
What are your rights?
Under data protection legislation, you are entitled to access your personal data (otherwise known as a 'right to access'). If you wish to make a request, please do so in writing addressed to our Data Protection Officer Shelley Naughton; or contact the person dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the data we hold – such as your name, address, contact details, date of birth, information regarding your health etc. But it does not mean you are entitled to the documents that contain this data.
Under certain circumstances, in addition to the entitlement to ‘access your data’, you have the following rights:
1. The right to be informed: fulfilled by way of this Privacy Notice.
2. The right to rectification: you are entitled to have personal data rectified if it is inaccurate or incomplete.
3. The right to erasure / ‘right to be forgotten’: you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following specific circumstances:
- Where the personal data is no longer necessary regarding the purpose for which it was originally collected or processed
- Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
- Where you object to the processing and there is no overriding legitimate interest for continuing the processing
- The personal data was unlawfully processed.
- Where you object to the processing for direct marketing purposes
4. The right to object: you have the right to object to processing based on legitimate interests and direct marketing. This right only applies in the following circumstances:
- An objection to stop processing personal data for direct marketing purposes is absolute – there are no exemptions or grounds to refuse – we must stop processing in this context.
- You must have an objection on grounds relating to your situation.
- We must stop processing your personal data unless:
- We can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms; or
- The processing is for the establishment, exercise, or defence of legal claims.
5. The right to restrict processing: you have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances:
- Where you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of that data.
- Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your right.
- Where processing is unlawful, and you request restriction.
- If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
Complaints about the use of personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate further. Our Data Protection Officer is Shelley Naughton and you can contact them at email@example.com.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).