This Privacy Notice (“Notice”) is intended to provide information regarding how any personal information we collect from you or from third parties about you during the employment application process will be processed by Haven Power Limited. It relates to personal data or special category personal data (defined under data protection law) about you that we refer to as personal information in this document.
Who collects the information
Haven Power Limited (“Company”, “we”, “us”, or “our”) is the data controller of personal information provided by you or collected about you during the application process. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this Notice. It is important that you read this Notice so that you are aware of how and why we are using your personal information and how we will treat it.
We respect your privacy and are committed to protecting your personal information. Our Data Protection Manager is responsible for overseeing questions in relation to this Notice and is contactable at firstname.lastname@example.org. If you have any questions about this Notice, you can also contact us using the contact details set out at the end of this Notice in the “Contacting Us” section.
Your personal information may also be shared within our group of companies such as Drax Power Limited or Opus Energy Limited (our “group companies”) and so, in this Notice, references to ‘we’ or ‘us’ mean the Company and our group companies.
Legal basis and purpose for processing
We will collect various types of personal information from you during the application process. Further details of how we use your personal information are set out below.
In the section below, we have indicated with asterisks whether we need to process your personal information:
- * to enter into and/or to perform an employment contract with you;
- ** to pursue our legitimate interests of processing your application, provided that your interests and fundamental rights do not override those interests;
- *** to enable us to comply with our legal obligations (e.g. our obligation to check that you are eligible to work in the United Kingdom); and/or
- **** with your consent.
We will use your personal information for the purposes of processing your employment application. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.
What information do we collect?
To decide whether to shortlist you as an applicant and to contact you in relation to your application**, we may need to collect the following information about you up to and including the shortlisting stage of the recruitment process:
- Your name and contact details (e.g. address, home and mobile phone numbers, email address);
- Your curriculum vitae/resume;
- Details of your qualifications, experience, employment history (including job titles and salary); and
- Your eligibility to work in the United Kingdom.
We will not be able to process your application without this information.
If we decide to invite you to attend an interview and/or after we have made a conditional job offer, we may need to collect the following personal information about you to allow us to make the necessary interview arrangements and/or make our final decision as to whether to recruit you**:
- Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information to enable us to verify your right to work in the United Kingdom***;
- Copies of documents containing your name, address and date of birth to enable us to verify your identity**;
- A copy of your driving licence, if relevant for your role, to enable us to check you may legally drive*;
- Information about your previous academic and/or employment history from references obtained about you from previous employers and/or education providers**;
- Information regarding your academic and (where relevant) professional qualifications**;
- Information regarding your unspent criminal convictions obtained through a relevant Disclosure andBarring Service (DBS) check**.
We are under a statutory obligation to collect information from you regarding your nationality and immigration status and information from related documents, and a copy of your driving licence for the purposes explained above.
We will not carry out any solely automated decision making using your personal information during the application process.
Special categories of personal data - Sensitive personal information - And information about criminal convictions
We may use your particularly sensitive personal information (known as special categories of personal data) in the following ways:
- We may use information about your race or national or ethnic origin, religious beliefs, or sexual orientation to ensure meaningful equal opportunity monitoring and reporting; and
- We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process or if you are subsequently offered employment with us.
Where we use such special categories of personal data, we are processing on the basis of it being necessary for the purposes of carrying out our obligations and exercising specific rights as an employer.
We will use information about your unspent your criminal convictions to assess whether your employment could pose an unacceptable risk to the company, its customers or its employees/workers. We will only use information relating to criminal convictions where the law allows us to do so.
Disclosure of your information
We may have to share your personal information collected during the application process with our group companies relevant to the recruitment process such as Drax Power Limited or Opus Energy Limited (based in the United Kingdom) and who provide HR, Security, IT or administration services or undertake management reporting. Furthermore, we may share your personal information with selected third-party service providers involved in the recruitment process such as online psychometric or verbal and numerical testing.
We will also disclose your personal information to third parties:
- if we or substantially all of our assets are acquired by a third party, in which case personal information held by us about our applicants and employees will be one of the transferred assets; and/or
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements; or to protect the rights, property, or safety of us, our applicants, employees, customers and providers.
We require all service providers, including group companies, to respect the privacy and security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Where information may be held
Most of the personal information we collect about you is based in the United Kingdom or in some cases, a service provider or their sub-processor may be based elsewhere in the European Union (EU) and so, they are required to comply with European data protection law. On occasion, we may appoint a third-party service provider whose operation or a server or sub-processor may be based outside of the EU. As part of our Vendor Management Policy, we carry out due diligence on our third-party providers and assess whether your personal information will be transferred to them or accessed by them from outside the EU. If that is the case, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission1; or
- where we use providers based in the US, we may transfer personal data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EU and the US. You can view certifications at www.privacyshield.gov2; or
- where we use certain service providers who are not in a ‘adequate’ country or part of the Privacy Shield, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EU, called an EU Model Clause Agreement3.
If you would like to know the specific mechanism used by us when transferring your personal information out of the EU, please contact us using the details in the “Contacting Us” section at the end of this Notice.
1 Article 45 of the GDPR
2 Article 46 of the GDPR
3 Article 46 of the GDPR
Storage of your personal information
We will only retain the personal information that we obtain from you or about you for as long as necessary to fulfil the purposes we collected it for, namely our recruitment process but also, for the purposes of satisfying any legal or reporting purposes.
Personal information relating to unsuccessful applicants will be deleted 12 months following completion of our recruitment process, unless you log into your candidate profile within this period (which will effectively re-start the 12 months). You will receive an email after 11 months of inactivity notifying you that your personal information will be deleted within 1 month. If you wish for your details to remain on our system, you can log into your candidate profile. This will re-start the 12-month active period. You may update your personal information at any time by logging into your candidate profile and updating it. Alternatively, by contacting our HR team using the details set out in the “Contacting us” section at the end of this Notice, you may update your personal information or ask for it to be deleted from our recruitment system. If your personal information remains on our system, we may inform you of any suitable vacancies that arise within our group of companies.
We take the security and confidentiality of your personal information very seriously. We will use strict procedures and security features aimed at preventing your personal information from being accidentally lost, used or accessed in an unauthorised way, such as corporate firewalls protecting multi-layer server configuration and penetration testing. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data protection laws provide you with the following rights, to:
- request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
- request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- request erasure of your personal information in certain circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
- request the restriction of processing of your personal information, for example if you want to establish its accuracy or the reason for processing it; and
- request the transfer of your personal information to another party.
You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We do our best to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Where we rely on your consent to process your personal information, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out below in the “Contacting Us” section. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. The ICO can be contacted by telephone on 0303 123 1113 or by post as follows: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or via email at email@example.com. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance using any of the details set out below in the “Contacting Us” section.
If you have any queries, comments or requests regarding this Notice or you would like to exercise any of your rights set out above, you can contact us as follows:
- by email at HR@havenpower.com; or
- by telephone at 01473 277556 and asked to be directed to Recruitment; or
- by post at Haven Power Limited, 32 The Havens, Ransomes Europark, Ipswich, IP3 9SJ addressed either to our Resourcing Manager or Data Protection Manager; or
- via our Data Protection Manager at firstname.lastname@example.org