GDPR Policy

GDPR Policy

As part of our recruitment processes, Heron Foods Ltd (“we”, “us”, “our”) collects, stores, and processes personal data about job applicants and prospective candidates (“you”, “your”). We are committed to protecting your privacy and personal data, and are therefore transparent regarding the data we collect, how the data are collected, where the data are stored, and how the data are processed. The following notice details all of the above, setting out our obligations under both the General Data Protection Regulations 2016/679 (“GDPR”) and the Data Protection Act 2018 (“DPA”).

Information We Collect from You

• Basic personal details including but not limited to your name, email address, contact number(s), postal address, and preferred method of contact.
• Availability and work eligibility details including but not limited to your notice period, preferred start date, current and/or future work eligibility status, visa type, and visa expiry date.
• Documents you provide throughout the application process including but not limited to CVs, covering letters, correspondence between us and assessment outputs. These documents may contain information on your employment history, academic qualifications/history, professional training/certifications, skills, and experiences.
• Application details including but not limited to the source of your application, the date/time, the role(s) you applied for, salary history/expectations, and Equal Opportunities statements.
• Records of electronic communications, including but not limited to the content and attachments of emails.

Information We Collect/Generate About You

• Publicly available data including but not limited to your professional social networks (primarily LinkedIn, but also Facebook and similar networks.).
• Job application progress including but not limited to the stages you complete of the recruitment process, records of interviews, interview notes/feedback, assessment feedback, rejection stage, rejection reason, and job offer details.

How we collect your data

Personal data may come from a combination of any of the following sources:

• Information you provide on application forms, in email and telephone conversations with our representatives, and in job interviews and assessments.
• Information we collect from publicly available sources online (including online CV databases).
• Information we generate following your interactions with our staff, systems, and processes.
• Information provided by third parties, such as recruitment agencies, or via referrals or references (references are not sought without your express prior permission, and typically happen at the point of offer).

How we store and secure your data

All personal data provided, collected, generated, or obtained will be held on Hireful, a cloud services recruitment platform, engaged by us to help manage our recruitment and hiring processes. We take appropriate measures to ensure that all personal data is kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. Within Heron Foods we limit access to your personal data within Hireful to only those who have a genuine need to access it: the HR/Recruitment Team, the hiring manager for the role in question, interviewers/assessment reviewers for the role in question, and in some circumstances the director of the team where the role in question sits. Those processing your personal data will do so only in an authorised manner, and are subject to a duty of confidentiality.

We use national online CV databases to download CVs and contact potential candidates about job opportunities. These records are held securely on our intranet with secured, restricted access. These details are retained for up to six months, but no more than twelve months before being erased. These records can be removed upon written request, however may be re-contacted in the future should the individual’s details remain on the public CV databases.

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of electronically transmitted data. Any transmission therefore remains at your own risk.

Lawful basis for processing your data

Our lawful basis for the collection and processing of your personal data is for taking steps to enter into a contract of, or for, employment or services with you. We rely on legitimate business interest as the lawful basis on which we collect and use your personal data, specifically in the instances of collecting references, running background checks and retaining your data if your application is unsuccessful.

Purposes of Processing

We use information held about you in a number of ways, including but not limited to:

• Considering your application in respect of the role for which you have applied.
• Considering your application in respect of other roles at Heron Foods, both at present and in the future (see How Long We Keep Your Personal Data below for more information on our data retention policy).
• Communicating with you in respect of the/any recruitment process/es.
• Enhancing any information that we receive from you with information collected, generated, or obtained throughout our recruitment processes.
• To help both Hireful and Heron Foods improve the effectiveness and efficiency of their and our recruitment systems and processes.

Your rights in connection with your personal information

Under certain circumstances, by law you have the right to:

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
• If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Recruitment Manager in writing.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Please note that your right to have your personal data erased is not an absolute right, and we reserve the right to refuse such a request, where there is an appropriate legal justification for doing so. For example, we retain candidate/application data for a period of six months following a rejection notice. You will be notified accordingly in the event we are unable to process your data erasure request.

If, at any point, you would like to make a request for access, correction, or erasure of your personal data held by Heron Foods, you should email careers@heronfoods.com providing enough information for us to be able to identify you in our system and carry out your request.

How we process your data for roles outside of your formal application

From time to time following your initial engagement with our recruitment processes, we may decide to consider your application for another role at Heron Foods. This may occur:

• At the time of your original application when, following an initial review of your CV, we conclude you would be better suited to a different opportunity currently vacant at Heron Foods.
• At some point after your original application, when we chose to reactive your status as a candidate for a new opportunity in future.

In either scenario, our Recruitment Team will inform you of this decision via email, and you will have the opportunity to confirm your interest in the new role or to decline our consideration. Equally, the abovementioned rights of access, correction, and erasure will remain open to you for as long as we hold your personal data.

Sharing Social Media Competition Date

In line with our Data Protection Policy and Procedures including Personal Data and Sensitive Personal Data, your data will be shared within Heron Foods. If your data needs to be passed onto third parties, we will always state who and why your data needs to be sent before doing so. 

How Long We Keep Your Personal Data

We will retain all personal data relating to your engagement/s with our recruitment function for at least six months, but no more than twelve months, from your last interaction with our staff, processes, and/or systems (the date of the last email you sent to us, the date of your last interview etc. whichever occurs latest). When signing up for job alerts on Hireful you will also have the opportunity to give your consent to an extension of this retention period to a total of twelve months. If consent is given, your personal data will be retained for the aforementioned period of time, and we may, from time to time, contact you about other opportunities at Heron Foods throughout that period. If consent is not given, your personal data will be erased after six months. In all cases, the absolute maximum amount of time we will retain your personal data will be twelve months.

In order to have your personal data deleted ahead of the deadline, you must notify the Recruitment Team of your desire according to the instructions outlined in the Rights of Access, Correction, and Erasure section above.

How to complain

We hope that we can resolve any query or concern you raise about our use of your personal data, however, if you are not satisfied with our processes or approach, the GDPR gives you the right to file a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, live, or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or on 0303 123 1113.

Contacting Heron Foods

If you have any questions, queries, or issues relating to our recruitment policies and processes, or how they relate to our adherence to both the GDPR and DPA, then please contact careers@heronfoods.com.