Privacy and GDPR.
Clay McGuire – GDPR Candidate Privacy Statement
As part of any recruitment process, Clay McGuire Executive Limited (Clay McGuire/Clay McGuire Executive Ltd) collects and processes personal data relating to job applications from candidates. We are committed to transparency about how we collect, process and retain all data and to meeting our Data Protection obligations at all times.
What information do we collect?
Clay McGuire collects a range of information from candidates which may include:
- name, address and contact details including email address and telephone numbers
- details of your qualifications, skills, experience and employment history
- current level of annual remuneration package
- eligibility to work ( work permit / visa / citizenship ) in the country
- disability information / requirements as and where appropriate
We may collect this information in a variety of ways. For example from application forms, CVs, job board profiles or covering letters, or from your passport, driving licence or other identity documents, or through telephone and/or face to face discussions.
We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you prior to doing so.
Data may be stored in a range of different places including your application record, our CRM systems and/or on other IT systems.
Why does Clay McGuire process personal data?
As a business involved in recruitment activities, Clay McGuire has an explicit and legitimate interest in processing personal data during our trading activities and for keeping records of this process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm candidates’ suitability for employment and to promote relevant candidates to our clients for further consideration.
We may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief to monitor recruitment statistics. We may also collect information about whether or not applicants are disabled in order to make reasonable adjustments for candidates with a disability.
We process this information and data in order to carry out our legal obligations and to exercise any specific rights in relation to your employment opportunities.
Who has access to data?
Your information may be shared internally for the purposes of the recruitment process. This includes the Clay McGuire recruitment team, IT staff where access to the data is necessary and the specific client(s) on whose behalf we are handling a resourcing assignment(s).
We may need to share your data with former employers or ‘employment background check providers’ to obtain references on behalf of your new employer, but we will only do so with your prior consent in writing.
How does Clay McGuire protect data?
In conjunction with our IT team and outsourced providers, we have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed – and is only accessed by our employees in the proper performance of their duties.
For how long does Clay McGuire keep data?
If your application is unsuccessful, we may keep your personal data on file in case of future employment opportunities for which you may be suitable. We will ask for your consent to keep your data for this purpose if this period extends for longer than 2 years.
You are free at any stage to request that this data be deleted and we will do so immediately.
As a data subject, you have a number of rights regarding the data we hold about you including:
- Requesting what information we hold about you and why
- Asking us how you can gain access to it
- Be informed how we maintain our records and meet our Data Protection obligations
- Requesting us to delete and/or stop processing your data
If you would like to exercise any of these rights, please contact firstname.lastname@example.org
If you believe that we have not complied with your Data Protection rights, you can complain to the Information Commissioners Office. You may also wish to submit a Subject Access Request (SAR).
Subject Access Request (SAR) Forms, Policy and Procedures
If you wish to contact us to request this information, we may consider this as a Subject Access Request (SAR)
SARs from any individual should be made by email addressed to our Data Controller / Data Protection Officer – currently Tony Clay at email@example.com
We will then provide a standard request form, although you do not have to use it, through which to formally submit your SAR.
We may, upon discretion, make an administrative charge of £20.00 to process your request.
We will provide the relevant data within 28 days of written submission.
We will always verify the identity of any individual making such a request (SAR) prior to releasing any information.
Our procedures in the event of a Data Breach
We recognise our responsibility to inform the Information Commissioner’s Office (ICO) of any data breach that risks people’s rights and freedoms within 72 hours of becoming aware of it. Our initial contact will confirm the nature of the data affected, how many people are impacted, what the consequences could mean for them, and what measures we have actioned or plan to action in response.
We will inform the people affected by the data breach as soon as practically possible and within the deadline of 72 hours.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to Clay McGuire during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.