As part of our recruitment processes, Heron Foods Ltd (“we”, “us”, “our”) collects, stores, and processes personal data about job applicants and prospective candidates (“you”, “your”). We are committed to protecting your privacy and personal data, and are therefore transparent regarding the data we collect, how the data are collected, where the data are stored, and how the data are processed. The following notice details all of the above, setting out our obligations under both the General Data Protection Regulations 2016/679 (“GDPR”) and the Data Protection Act 2018 (“DPA”).
Personal data may come from a combination of any of the following sources:
All personal data provided, collected, generated, or obtained will be held on Hireful, a cloud services recruitment platform, engaged by us to help manage our recruitment and hiring processes. We take appropriate measures to ensure that all personal data is kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. Within Heron Foods we limit access to your personal data within Hireful to only those who have a genuine need to access it: the HR/Recruitment Team, the hiring manager for the role in question, interviewers/assessment reviewers for the role in question, and in some circumstances the director of the team where the role in question sits. Those processing your personal data will do so only in an authorised manner, and are subject to a duty of confidentiality.
We use national online CV databases to download CVs and contact potential candidates about job opportunities. These records are held securely on our intranet with secured, restricted access. These details are retained for up to six months, but no more than twelve months before being erased. These records can be removed upon written request, however may be re-contacted in the future should the individual’s details remain on the public CV databases.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of electronically transmitted data. Any transmission therefore remains at your own risk.
Our lawful basis for the collection and processing of your personal data is for taking steps to enter into a contract of, or for, employment or services with you. We rely on legitimate business interest as the lawful basis on which we collect and use your personal data, specifically in the instances of collecting references, running background checks and retaining your data if your application is unsuccessful.
We use information held about you in a number of ways, including but not limited to:
Under certain circumstances, by law you have the right to:
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Please note that your right to have your personal data erased is not an absolute right, and we reserve the right to refuse such a request, where there is an appropriate legal justification for doing so. For example, we retain candidate/application data for a period of six months following a rejection notice. You will be notified accordingly in the event we are unable to process your data erasure request.
If, at any point, you would like to make a request for access, correction, or erasure of your personal data held by Heron Foods, you should email firstname.lastname@example.org providing enough information for us to be able to identify you in our system and carry out your request.
From time to time following your initial engagement with our recruitment processes, we may decide to consider your application for another role at Heron Foods. This may occur:
In either scenario, our Recruitment Team will inform you of this decision via email, and you will have the opportunity to confirm your interest in the new role or to decline our consideration. Equally, the abovementioned rights of access, correction, and erasure will remain open to you for as long as we hold your personal data.
In line with our Data Protection Policy and Procedures including Personal Data and Sensitive Personal Data, your data will be shared within Heron Foods. If your data needs to be passed onto third parties, we will always state who and why your data needs to be sent before doing so.
We will retain all personal data relating to your engagement/s with our recruitment function for at least six months, but no more than twelve months, from your last interaction with our staff, processes, and/or systems (the date of the last email you sent to us, the date of your last interview etc. whichever occurs latest). When signing up for job alerts on Hireful you will also have the opportunity to give your consent to an extension of this retention period to a total of twelve months. If consent is given, your personal data will be retained for the aforementioned period of time, and we may, from time to time, contact you about other opportunities at Heron Foods throughout that period. If consent is not given, your personal data will be erased after six months. In all cases, the absolute maximum amount of time we will retain your personal data will be twelve months.
In order to have your personal data deleted ahead of the deadline, you must notify the Recruitment Team of your desire according to the instructions outlined in the Rights of Access, Correction, and Erasure section above.
We hope that we can resolve any query or concern you raise about our use of your personal data, however, if you are not satisfied with our processes or approach, the GDPR gives you the right to file a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, live, or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or on 0303 123 1113.
If you have any questions, queries, or issues relating to our recruitment policies and processes, or how they relate to our adherence to both the GDPR and DPA, then please contact email@example.com.
To receive regular offers, deals and news to your inbox!