Candidate privacy notice
Data controller: BMT Defence & Security UK Ltd (BMT)
Data protection officer: Tracey Wardrope, email@example.com
BMT collects and processes personal data relating to candidates to manage the potential employment relationship. BMT is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
This privacy notice describes how we collect and use personal information about you during the recruitment and selection process, in accordance with the General Data Protection Regulation (GDPR).
This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.
It is important that you read this notice, so that you are aware of how and why we are using such information.
What information does BMT collect?
BMT collects and processes a range of information about you. This may include:
- your name, address and contact details;
- copies of your photographic identification either passport or driving licence;
- details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with BMT;
- information about your nationality, place of birth and entitlement to work in the UK;
We may also collect, store and use the following “special categories” of more sensitive personal information:
- information about your criminal record;
- information about medical or health conditions only for the purpose of making reasonable adjustments at interview;
BMT may collect this information in a variety of ways. For example, data might be collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from correspondence with you; or through interviews, meetings or other assessments.
In some cases, BMT may collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.
Data will be stored in a range of different places, including the recruitment system of BMT, in BMT's HR management systems and in other IT systems (including BMT's email system).
Why does BMT process personal data?
BMT needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee's entitlement to work in the UK.
Some 'special categories' of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (such as those in relation to employees with disabilities).
Who has access to data?
Your information may be shared internally, including with members of the HR and resourcing team and managers in the business area in which you may work.
If you receive an offer of employment, BMT will share your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service.
How does BMT protect data?
BMT takes the security of your data seriously. BMT has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
For how long does BMT keep data?
Your data will be held for 12 months from the day we receive it.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- request the transfer of your personal information to another party;
- require BMT to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- object to the processing of your data where BMT is relying on its legitimate interests as the legal ground for processing.
If you believe that BMT has not complied with your data protection rights, you can complain to the Information Commissioner.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing.