The Company is committed to protecting the privacy and security of your personal data.
The purpose of this privacy notice is to let you know clearly how the Company collects and uses personal data about you for the purposes of the recruitment exercise that you are taking part in (whether as an employee, worker or contractor).
The Corinthian Group is a ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
It is important that you read and understand this notice so that you are aware of how and why we are using your personal data.
How is your personal data collected and stored?
In connection with your application for work with us, we will collect, store, and use personal data about you that you have provided to us directly as part of the application process. This may include, for example, information in application forms, CVs or resumes and covering letters, or collected through interview or other forms of assessment including online tests.
We may also collect personal data about you from the following sources:
We may collect, store and use the following "special categories" of more sensitive personal data about you:
Your personal data will be stored in a range of different places, including on your application records, in HR management systems and on other IT systems (including email).
Why do we collect and use personal data about you?
The Company has a legitimate interest in processing your personal data during the recruitment process and for keeping records of the process.
Processing personal data about candidates allows the Company to manage the recruitment process, assess and confirm a candidate's suitability for employment or engagement and decide who to make an offer to. The Company may also need to process personal data about candidates to respond to and defend against legal claims.
The Company needs to process personal data about you to take steps at your request prior to entering into a contract with you. It may also need to process your personal data to enter into a contract with you.
In some cases, the Company needs to process personal data about you to ensure that it is complying with its legal obligations. For example, it is required to check a successful candidate's eligibility to work in the UK before employment starts.
For some roles, the Company is obliged to seek information about criminal convictions and offences. We will only collect this information where we are legally able to do so. Where the Company seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.
The Company may also need to process personal data about candidates to respond to and defend against legal claims, where it is necessary to protect your interests (or someone else’s interest) and you are not capable of giving consent or where you have already made the information public.
If you decide not to provide personal data
If you do not provide information when requested, which is necessary for us to consider your application, we will not be able to process your application successfully.
Our recruitment processes are not based solely on automated decision-making.
Who has access to recruitment data?
Your personal data may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
As part of the recruitment process the Company may share your personal data with third party test providers in order to assist in assessing your suitability for the role for which you are applying. Otherwise the Company will not share your personal data with third parties, unless your application for employment is successful and it makes you an offer of employment. The Company will then share your personal data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and (where necessary) the Disclosure and Barring Service to obtain necessary criminal records checks.
The Company will not transfer your personal data outside the European Economic Area.
How does the Company protect your personal data?
The Company takes the security of your personal data seriously. We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, destroyed, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need to access it in the proper performance of their roles for the Company. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. These measures are in accordance with applicable laws and regulations.
Where the Company engages third parties to process your personal data on its behalf, they are also obliged to implement appropriate technical and organisational measures to ensure the security of data.
How long will the Company retain your personal data for?
If your application is successful, personal data gathered during the recruitment process will be transferred to our HR files and retained during your employment or engagement. The periods for which we will continue to hold your personal data will be notified to you in a new privacy notice.
If your application is unsuccessful we will retain your personal data for a period of six months after we have communicated our decision to you. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal data in accordance with applicable laws and regulations.
If we wish to retain your personal data on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal data for a fixed period on that basis.
We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact the DPO by email: Compliance@corinthianbenefits.co.uk
Under certain circumstances, by law you have the right to:
If you would like to exercise any of these rights, please contact our DPO by email: Compliance@corinthianbenefits.co.uk
If you believe the Company has not complied with your data protection rights you can complain at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.