Applicant Privacy Notice

Last updated: 25th November 2020

The purpose of this Applicant Privacy Notice (“Notice”) is to give you information about: what personal information we collect; how we collect, use and disclose that information and the legal grounds for us doing this; and your rights in respect of your personal information.

NumberEight Technologies Ltd (the “Company”) is the data controller of your personal information and is responsible for how your personal information is processed.

It is important you read this Notice, so that you are aware of how and why we are using your personal information.

Information we collect

In short: We collect personal information including your name and address, records of your employment, and other details provided to us on your resume. 

When applying for a role with the Company, we may collect and process the following personal information about you:

  • Personal Details: name, personnel identification number, work and home contact details (email, phone numbers, physical address), languages spoken, gender, date of birth, national insurance number, disability status, emergency contact information and photograph;
  • Documentation Required under Immigration Laws: citizenship and passport data, details of residency or work permit;
  • Application Information: details contained in letters of application and resume/CV (including previous employment background, education history, professional qualifications, etc.), and information necessary to complete a background check;
  • Sensitive Information: information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs.

All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.

Sources of personal information

In short: we collect data directly from you as well as previous employers and third-party recruiters.

  • You: in person, online (including message, files, data, documents, facsimile, social media post or instant message communications), by telephone, or in written correspondence and forms, including any types of information transmitted to or from, received or printed from, or created, stored or recorded on our IT and communications systems;
  • Third-party websites: where you can apply for jobs at the Company, take advantage of services made available to employees, or manage shares and share options;
  • Previous employers: in the form of employment references;
  • Background and credit check vendors: as part of the recruitment process;
  • Employment agencies and recruiters; and
  • Providers of sanctions and “politically exposed persons” screening lists.

How we use collected information

Purposes for Processing

In short: We process your information to manage our recruitment activities, to communicate with you, and to comply with the law.

We process your personal information for the following purposes:

 

  • Recruitment activity management: managing the process and progress of our recruitment, and facilitating communication with you;
  • Compliance: complying with legal and other requirements, such as record-keeping and reporting obligations, compliance with anti-discrimination policies, compliance with government inspections and other requests from government or other public authorities, and responding to legal process such as subpoenas.

There may be more than one purpose that justifies our use of your personal information in any particular circumstance.

 

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

 

If you fail to provide certain personal information when requested, we may not be able to continue with the application process.

Legal Bases for Processing

In short: We process your information for purposes related to your application for employment based on legitimate business interests and compliance with our legal obligations.

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Legitimate Interests: where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Legal Obligations: where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

In particular, we may use your Sensitive Information, such as health/medical information, in order to accommodate a disability or illness.

We may use your diversity-related personal information (such as race or ethnicity) in order to comply with legal obligations relating to diversity and anti-discrimination, and your criminal conviction data only where it is appropriate (given your role) and we are legally able to do so.

How your information is shared

In short: we process your information for purposes related to your application for employment based on legitimate business interests and compliance with our legal obligations.

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Professional Advisors: accountants, auditors, lawyers, and other outside professional advisors in all of the countries in which the Company operates;
  • Service Providers: companies that provide products and services to the Company such as payroll, pension scheme, benefits providers, human resources services, occupational health services, and support and background check providers;
  • Public and Governmental Authorities: entities that regulate or have jurisdiction over the Company such as regulatory authorities, public bodies, and judicial bodies, including to meet national security or law enforcement requirements;
  • Third Parties in Corporate Transactions: in connection with any proposed or actual reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the Company’s business, assets or shares (including in connection with any bankruptcy or similar proceedings); and
  • Future Employers and their Vendors.

International Transfers

In short: we make sure that any international data processors follow adequate protection procedures.

The Company may be required to disclose your personal information throughout the world to fulfill the purposes described above. This may include transferring your personal information to countries outside the European Economic Area (“EEA”) and UK that have different data protection regimes and which are not deemed to provide an adequate level of protection for your personal information. To ensure that your personal information is sufficiently protected when transferred outside the EEA and UK the Company keeps an up-to-date list of all data processors and the measures they have put in place to ensure sufficient protection. Where processors do not have adequate levels of protection, personal data is no longer shared.

Data security

In short: we take appropriate technological and organisational measures to protect all personal information.

The Company will take appropriate measures to protect personal information that is consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of personal information.

Access to personal information within the Company will be limited to those who have a need to know the information for the purposes described above which may include your future managers and their designees, and necessary personnel with appropriate responsibilities, such as HR, IT, compliance, legal, financial and accounting roles.

The Company has put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach of your personal information where we are legally required to do so.

Data retention

In short: we retain data for as long as is necessary for the purpose it was collected, and delete or anonymise it when it is no longer needed.

The Company’s retention periods for your personal information are based on business needs and legal requirements. We retain personal information for as long as is necessary for the processing purposes for which the information was collected, as set out in this Notice, and any other permissible, related purposes. For example, we may retain certain information to comply with regulatory requirements, or in the event a litigation hold is imposed.  When personal information is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.

Data accuracy

The Company will take reasonable steps to ensure that the processing of your personal information is reliable for its intended use and is accurate and complete for carrying out the purposes described in this Notice.

To assist us in making sure that your personal information is up to date, you should make your point of contact aware of any changes to your information as soon as practicable.

Automated decisions

The Company does not envisage that you will be subject to decisions that will have a significant impact on you based solely on automated decision-making. The Company will notify you in writing if this position changes.

Your privacy rights

In short: you have rights that allow you to control certain personal information we hold about you, including access to the information and erasure.

You have the right, in certain circumstances, to object to the processing of your personal information. Please refer to the contact details below if you wish to exercise this right.

You also have the right to access your personal information, to correct inaccurate information, to have your personal information erased, to restrict the processing of your personal information, to receive the personal information you have provided to the Company in a structured, commonly used and machine-readable format for onward transmission, and to object to automated decision-making. If you wish to exercise any of these rights, please refer to the contact details below.

Please note that certain personal information may be exempt from such access, correction, erasure, restriction and portability requests in accordance with applicable data protection laws or other laws and regulations.

You also can file a complaint with the local data protection supervisory authority, which in the UK is the ICO.

Questions or complaints

Please contact Chris Watts (chris@numbereight.ai) with any questions or complaints regarding this Notice or the Company’s privacy practices.