Data Protection Statement for Job applicants and candidates for election to College (non-student) membership
How we use your personal information
This statement explains how St Edmund’s College (“we” and “our”) handles and uses information we collect about applicants (“you” and “your”) for jobs, senior memberships and Fellowships. In broad terms, we use your data to manage your application to the College and our subsequent recruitment or election processes.
The controller for your personal information is St Edmund’s College, Mount Pleasant, Cambridge CB3 0BN. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; firstname.lastname@example.org). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar (email@example.com).
The legal basis for processing your personal data is that it is necessary either in order for you to enter into an employment contract with us, or for you to enter into membership of the College, where you will be subject to the College’s governing documents.
How your data is used by the College
Your data is used by us for in the first instance solely for the purposes of considering your suitability for employment or election and for us to manage our recruitment processes, including our monitoring of equality and diversity within the College.
If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at the address given below.
The College holds the following personal data relating to you, in line with the purposes above:
• *personal details, including name, contact details (phone, email, postal);
• *your application form and associated information submitted by you at that time;
• other data relating to your recruitment (including references we take up as part of the recruitment process, any pre-employment assessment of you, and any assessment of you at an informal or formal interview);
• any occupational health assessments and/or medical information you have provided, and related work requirements;
• *evidence of your right to work in the UK (e.g. copies of your passport);
• *information relating to your age, nationality, and gender, and, if you have provided us with it, information relating to your religion or beliefs, sexual orientation and ethnicity which we do not otherwise routinely collect;
• any correspondence relating to the outcome of the recruitment process (either successful or unsuccessful).
Those marked with an * relate to information provided by you. Other data and information is generated by us or, where self-evident, provided by a third party.
We will not access personal data about you from social media sites, unless there is a legitimate interest for us to do so (for example, the role you have applied for has a significant public-facing element to it, or is involved with publicity and presenting us to the general public). Consequently, we do not routinely screen applicants’ social media profiles but, if aspects of your social media profile are brought to our attention and give rise to concerns about your suitability for the role in question, we may need to consider them.
For certain posts, we may use the Disclosure and Barring Services (DBS) and Disclosure Scotland to help assess your suitability for certain positions of trust. If this is the case, we will make this clear to you in separate correspondence. Certificate and status check information is only used for this specific purpose, and we comply fully with the DBS code of Practice regarding the correct use, handling, storage, retention and destruction of certificates and certificate information. We recognise that it is a criminal offence to pass this information on to anyone who is not entitled to receive it.
Who we share your data with
If you have applied for a post using CASC (Colleges’ Administrative Software Consortium) Fellowship Application System please see their Data Protection Statement.
If recruitment to the post to which you are applying is being undertaken by an agent of the College (which may include CASC) we share relevant personal data with that agent.
Information is not shared with other third parties without your written consent. Generally, personal data is not shared outside of the European Economic Area.
If you are successful in your application, the data is subsequently held as part of your employment or membership record with us.
If you are unsuccessful in your application, we retain all data and information for no more than twelve months after the closing date of the application process.
In either case, where the post has required a “resident market test” (needed if the post is open to applicants from outside the European Union), the College will retain the application records of any shortlisted candidates for the duration of the sponsored post and twelve months thereafter.
You have the right: to ask us for access to, rectification or erasure of your data; to restrict processing (pending correction or deletion); and to ask for the transfer of your data electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.
Failure to provide the information reasonably requested of you may result in an automatic disqualification from the recruitment process.
You retain the right at all times to lodge a complaint about our management of your personal data with the Information Commissioner’s Office at https://ico.org.uk/concerns