Privacy Notice for Güralp recruitment candidates
Version 2.0 November 2022
1. Background
Güralp Systems Limited (“Güralp”, “we”, “the company”) need to keep and process information about you in order to assess your suitability for a position within the company (the “Purpose”). This privacy notice covers how we collect, use, store and protect the data that is supplied to us by our job applicants, agencies and referees.
2. Our commitment to applicants
We are committed to equal opportunities and will treat all applicants fairly with no discrimination.
We will never knowingly provide misleading information about the nature of a role for which an applicant has applied.
We are committed to managing your personal information securely and with respect in accordance with all applicable data protection legislation and regulations.
3. Why we hold and process your personal information
Güralp will at all times use your personal information effectively, lawfully and appropriately, exclusively for the Purpose during the recruitment process. In doing so we will use your personal information to pursue Güralp’s legitimate interests and to protect our legal position in the event of legal proceedings.
If you do not provide the required personal information, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision before taking any other relevant action.
4. The sources from which we obtain your personal information
Much of the information we hold will have been provided by you (most notably your application letter, application form and/or CV). However:
- some information may come from internal company sources, such as those who interview you and put notes on file; and
- some information may come from external sources, such as individuals that you consent to us contacting for a reference or agencies providing background screening
5. How we protect personal information
We protect personal information through application of the security measures that are defined our Data Protection Policy and IT Security Policy. These include such measures as strong firewall and anti-malware protection, very restrictive permissioning (enabling only authorised employees to access your personal information), processes for protection of physical documents and staff training in adherence to the relevant policies.
6. Our policy on holding sensitive personal information
We do not as a matter of course hold or process “sensitive personal information” as defined by the UK Data Protection Act (the “DPA”) or “special category data” as defined by the General Data Protection Regulation (“GDPR”) relating to your racial or ethnic origin, political opinions, alleged or proven criminal activity, religious and philosophical beliefs, trade union membership, medical history biometric and genetic data, sexual life or any other category of data defined by law as such action.
If you wish to include such personal information in your CV or application documentation then we require your consent for us to hold and process that sensitive personal information. Where we are processing your sensitive personal information based on that consent, you have the right to withdraw the consent at any time, and if you do so we will explain the implications that flow from such action.
7. Our policy on automated decision making
We do NOT use automated decision making (including profiling) when processing your personal information.
8. Our policy on retention of candidate personal information
If you are unsuccessful in your application your personal information will be stored for the period during which your application is being considered and then for a period of 6 months in line with CIPD recommended best practice. At the end of the 6 month period we will delete your personal information unless prevented from doing so by law.
However, if you provide consent then we will retain your personal information on file to establish whether you may be suitable for a new position or opportunity within the company that may arise in the future. If you chose to do this you will have the right to withdraw such consent and we will then delete your personal information unless prevented from doing so by law.
If your application is successful then we will retain your personal information for the period defined by the Company’s Employee Privacy Notice.
If in the future we intend to process your personal information for a purpose other than that for which it was originally collected then we will provide you with information on that additional purpose and we will only proceed on receiving your consent.
9. Disclosure of your personal information to third parties outside of Güralp
We will only disclose information about you to third parties if there is legitimate interest pursuant to your application or where we are legally obliged to do so.
Subject to you giving your consent:
- We may disclose your personal information for the purpose it was collected to referees.
- Where we require additional information for the Purpose, we may disclose your personal information to The Disclosure and Barring Service, your GP or an Occupational Health Professional but only after you have given your consent
In limited and necessary circumstances, your personal information may be transferred outside of the UK to an international organisation to comply with our legal or contractual requirements. We would only take such action if we have in place safeguards to ensure the security of your personal information. Such safeguards would be covered by the contractual terms executed with the party receiving the personal information in keeping with requirements of the UK Information Commissioner’s Office (the “ICO”).
10. Your rights
Under the DPA and GDPR you have a number of rights with regard to your personal information. You have the right to request from us access to, and rectification or erasure of, your personal information, the right to restrict processing, the right to object to processing, as well as, (in certain circumstances) the right to data portability.
If you have provided consent for the processing of your personal information you have the right, (in certain circumstances) to withdraw that consent at any time. This will not affect the lawfulness of the processing performed before your consent was withdrawn.
11. Complaints
If you believe that we have breached your privacy rights then we will take the matter very seriously. In the first instance you should write to our Operations Director. In doing so you should set out the detail of your complaint with sufficient information to enable us to conduct a thorough investigation. We will promptly acknowledge your complaint and aim to resolve the matter within 5 days. However, depending on the complexity of the complaint and the responsiveness of relevant external parties (if applicable), it may on occasions take longer.
If you are not satisfied by our response you also have the right to make a complaint to the ICO,which is the UK supervisory authority for data protection. Contact details can be found on its website (www.ico.org.uk).