Skip to main content
Get in touch

Privacy policy for candidates

Fair Processing Notice – Candidates

When we process your personal data we are required to comply with the General Data Protection Regulation 2016 (“GDPR”) and the Data Protection Act 2018, which supplements GDPR in the UK (the “DPA”). The DPA and GDPR are together referred to in this notice as the “Data Protection Legislation”.

Your personal data includes all the information we hold that identifies you or is about you, for example, your name, email address, postal address, date of birth, location data and in some cases opinions that we document about you. It also includes any sensitive information that we may hold about you, such as medical and health records (known as “special categories of data” in GDPR).

Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We are therefore required to comply with the Data Protection Legislation to make sure that your information is properly protected and used appropriately.

This fair processing notice provides information about the personal data we process, why we process it and how we process it.

Our responsibilities
Ligentia UK Limited (“Ligentia”) is the data controller of the personal data you provide. We have nominated our Director of Group HR to have day to day responsibility for ensuring we comply with the Data Protection Legislation and dealing with any requests we receive from individuals exercising their rights under the Data Protection Legislation.

Why do we process your personal data?
We process the personal data you provide to us, including information within your application, CV and/or covering letter, to determine whether we are able to offer you employment and to progress or reject your application. We process this information on the grounds of our legitimate interests.

If you become an employee of Ligentia, we will retain your personal data in line with the provisions set out in our fair processing notice for employees, which will be provided to you. If you are unsuccessful, we will retain your application, CV and/or covering letter and any other personal data you provided to us for 1 year from the date we reach our decision in case any other suitable roles arise in which we think you may be interested, or in case you have any questions about our decision. After that date, your personal data will be permanently deleted or destroyed.

Who will receive your personal data?
We only transfer your personal data to the extent we need to as part of your employment with us. Recipients of your personal data include:

  • group companies of Ligentia; and
  • your previous employers for the purposes of obtaining a reference.

We only transfer your personal data outside of the EEA to group companies of Ligentia. If you would like to review an up to date list of Ligentia’s group companies please contact GDPR@ligentia.global. Those transfers are made on the basis of an intragroup agreement between the relevant group companies which incorporates the EU model clauses. Use of the EU model clauses means that appropriate safeguards will govern the transfer of the data. The transfers are only made for internal or corporate purposes, such as the processing of secondment information, the provision of monthly board reports, salary reviews and for other corporate reporting processes.

What are your rights?
You benefit from a number of rights in respect of the personal data we hold about you. We have summarised your rights below, and more information is available from the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data- protection-regulation-gdpr/individual-rights/). These rights apply for the period in which we process your data.

1. Access to your data
You have the right to ask us to confirm that we process your personal data, as well as access to / copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this fair processing notice.

2. Rectification of your data
If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it, unless we don’t feel it’s appropriate in which case we’ll let you know why. We’ll also let you know if we need more time to comply with your request.

3. Right to be forgotten
In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:

  • where we no longer need your personal data for the purpose for which we collected it;
  • where we have collected your personal data on the grounds of consent and you withdraw that consent;
  • where you object to the processing and we don’t have any overriding legitimate interests to continuing processing the data;
  • where we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR); and
  • where the personal data has to be deleted to comply with a legal obligation.

There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.

4. Right to restrict processing
In some circumstances you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we don’t have to delete it. This right is available to you:

  • if you believe the personal data we hold isn’t accurate – we’ll cease processing it until we can verify its accuracy;
  • if you have objected to us processing the data – we’ll cease processing it until we have determined whether our legitimate interests override your objection;
  • if the processing is unlawful; or
  • if we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.

5. Data portability
You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies to personal data you provide to us:

  • where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests); and
  • where we carry out the processing by automated means.

We’ll respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we’ll let you know.

6. Right to object
You are entitled to object to us processing your personal data:

  • if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
    for direct marketing purposes (including profiling); and/or
    for the purposes of scientific or historical research and statistics. We don’t intend to use your data for these purposes.
    In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.

Automated decision making
Automated decision making means making a decision solely by automated means without any human involvement. This would include, for example, an online credit reference check that makes a decision based on information you input without any human involvement. It would also include the use of an automated clocking-in system that automatically issues a warning if a person is late a certain number of times (without any input from HR, for example).

We don’t carry out any automated decision making using your personal data.

Your right to complain about our processing
If you think we have processed your personal data unlawfully or that we have not complied with GDPR, you can report your concerns to the supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner’s Office (“ICO”). You can call the ICO on 0303 123 1113 or get in touch via other means, as set out on the ICO website – https://ico.org.uk/concerns/.