Staff (Applicants) Privacy Notice
- Why do we collect your information?
- When do we collect Data?
- What sort of data do we collect?
- How do we use your information?
- How long do we keep your data for?
- Who do we share your information with?
- How can you find out what information we hold on you?
- Reporting a Data Breach
Here at the University of Salford we work hard to ensure that you get the very best experience without having to worry if your information is safe.
Outlined below is how & why we collect, use, & share your personal information, & your rights in relation to that data.
There’s lots of information here but it’s important that you’re fully informed – we hope the following sections will answer any questions you have but if not, please do get in touch with us via HRAdvice@salford.ac.uk
A bit about us.
The University of Salford is the “Data Controller” of your personal data & is subject to the General Data Protection Regulation 2016 (“GDPR”). We are registered with the Information Commissioner’s Office (“ICO”) Z469563X and our Data Protection Officer is Andrew Hartley.
We are committed to ensuring that your personal data is handled in accordance with the regulation.
Why do we collect your Data?
Under the GDPR we have to have justification (“legal basis”) for obtaining your information and for job applicants we believe this is:
The legal basis for this is the contract of employment or to take steps to enter into a contract.
2: Legal Obligation
In addition we have a legal obligation to ensure that recruitment decisions are made fairly and accurately
When Do We Collect Data?
We collect data about you at various stages in your relationship with us. This may be:
- When you first apply to us for a job.
- When you complete your equal opportunities form as part of the application
- When you provide us information once you have been selected as a successful applicant
What Sort of Data Do We Collect?
Under the GDPR we will only collect the minimum amount of information needed to carry out a specific purpose. We may collect the following type of personal data about you:
1: Information that helps identify you, e.g. your name, date of birth, address, email
2: Information relating to your education & employment history, e.g. qualification and exam results, previous places of work etc.
3: Sensitive personal data, including, for example, information about medical conditions, criminal convictions, gender, race and personal identity
- Information about your racial or ethnic origin, religion, preferred gender, trade union membership, marital status, age, gender at birth & sexual orientation,
- Criminal convictions on staff who work with young and/or vulnerable people and require a criminal records check to be employed.
4: Work related data, e.g. right to work status, your job application, references, and emergency contact details
How Do We Use Your Information?
We will process your personal information and data for a range of purposes associated with your application here. The primary purposes are:
- To make decisions on who to employ for a job
- To ensure fair decisions were made in making that decision
- To ensure you have the right to work in the UK,
- To input successful candidate data onto the main HR payroll system
- To monitor fairness in recruitment decisions across protected characteristics
- To send with consent future job opportunities that you may be interested in
- Complying with statutory requirements, such as monitoring equal opportunities
How Long Do We Keep Your Data For?
Data is retained for as long as it is required to perform its purpose, or for as long as is required by law (see the link below). At the end of that retention period, your data will either be deleted completely or anonymised.
Who Do We Share Your Information With?
Sometimes we share your personal data between colleagues, managers and leaders to enable them to undertake their University role. We also share data with trusted third parties, who are contracted to work for us and to deliver certain services. Note that:
- We provide only the information they need to perform their specific services,
- They may only use your data for the purposes we specify in our contract with them,
- We work closely with them to ensure that your privacy is respected & protected at all times,
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
1: Suppliers and contractors where there is a valid reason for their receiving the information, for example 3rd party IT support
2: Referees, who you have given us permission to contact as part of your application
3: Government departments & agencies where we have a statutory obligation to provide information, for example the UK Visa and Immigration service, the Disclosure and Barring Service
International Data Transfers
Some of the personal information we process about you may be transferred to, and stored at, a destination outside the European Economic Areas (“EEA”), for example where it is processed by staff operating outside the EEA who work for us or for one of our suppliers, or where the personal data is processed by one of our suppliers who is based outside the EEA or uses a storage facilities outside of the EEA
Sharing Sensitive Personal Data
Sometimes we may need to share your sensitive personal date with colleagues. We will try to do so only with your explicit consent but there may be occasions when obtaining your consent is impossible or inappropriate, e.g.
- To protect your or another person’s vital interests,
- Where the provision of confidential counselling, support or similar would be prejudiced,
- To meet statutory obligations for equality and diversity monitoring,
- For the purpose of prevention or detection of crime, pursuant to a court order or for the University to obtain legal advice.
How Can You Find Out What Information We Hold On You?
You have certain rights in respect of the personal information the University holds about you. For more information about Individual Rights under GDPR and how you exercise them please return to our website www.salford.ac.uk/privacy
Reporting a data breach
If you suspect a data breach has occurred at the University the organisation has a duty to report this to the Information Commissioners Office (ICO) within 72 hours. Please report suspected data breaches as soon as you can
From time to time we may make changes to this statement because the way we are processing your personal information changes. All alterations will be posted on this page and will apply from the time we post them. Where we have a valid email address for you we will periodically email you to inform you what changes have been made and to send you a link to our current privacy statement.
This statement was last updated on 25 May 2018.