Privacy Policy

Data Controller: 2 Carey walk, Manchester, M15 6 NL
Data Protection Officer: Ahmer Nadeem, Head of Recruitment

As part of our recruitment process, we collect and process personal data relating to applicants. We are
committed to being transparent about how we collect and use that data and to meeting our data protection
obligations.

1.What information do we collect?

1.1 We collect a range of personal information about you. This includes:

– Your name, address and contact details, including email address and telephone number
– Details of your qualifications, skills, experience and employment history
– Information about your current level of pay, including benefit entitlements
– Whether or not you have a disability for which the organization needs to make reasonable
– adjustments during the recruitment process
– Information about your entitlement to work in the UK
– Equal opportunities monitoring data, including information about your ethnic origin, sexual
orientation, health, and religion.

1.2 We collect information in a variety of ways. Data is primarily collected through our Applicant

Tracking System, For example, from your Talent Pool profile, application forms, CV’s or
resumes, obtained from your passport or other identity documents, or collected through
interviews or other forms of assessment.

1.3 We may also collect personal data about you from third parties, such as references supplied
by former employees, information from employment background check providers, credit

2. Why do we process personal data?

2.1 We need to process data to take steps, at your request, prior to entering into a contract with
you. We also need to process your data in order to enter into a contract with you.
2.2 In some cases, we need to process data to ensure that we are complying with our legal
obligations. For example, we are required to check a successful applicant’s eligibility to work
in the UK before employment starts.
2.3 We have a legitimate interest in processing personal data during the recruitment process and
for keeping records of the process. Processing data from job applicants allows us to manage
the recruitment process, assess and confirm a candidate’s suitability for employment and
decide to whom to offer a job. We may also need to process data from job applicants to
respond to and defend against legal claims.
2.4 We process health information if we need to make reasonable adjustments to
the recruitment process for candidates who have a disability. This is to carry out our
obligations and exercise specific rights in relation to employment.
2.5 Where we process other special categories of data, such as information about ethnic origin,
sexual orientation, health or religion or belief, this is for equal opportunities monitoring
purposes as permitted by the Data Protection Act 2018.
2.6 For some roles, we seek information about criminal convictions and offences. Where we seek
this information, we do so because it is necessary for us to carry out our obligations and
exercise specific rights in relation to employment.
2.7 We seek references/employment history and credit checks for all roles. All employees are
subject to BS7858 screening whether their role is front line, head office, SIA licensed or non
licensed. We do so because it is necessary for us to carry out our obligations as a Security
provider.
2.8 The organization will keep your personal data on file in case there are future employment
opportunities for which you may be suited. The organization will ask for your consent before
it keeps your data for this purpose, and you are free to withdraw your consent at any time
from the privacy settings on your talent pool profile.
checks and criminal checks. We will seek information from third parties prior to a job offer
has been made to you and will inform you that we are doing so.
1.4 Data will be stored on your Talent Pool profile, the organizations applicant tracking software,
HR management systems and on other relevant platforms such as email and screening
software.

3. Who has access to data?
3.1 Your information will be shared internally for the purposes of the recruitment exercise. This
includes members of the HR and recruitment team, interviewers and hiring managers
involved in the recruitment process, screening team, managers in the organization
department with a vacancy, IT staff if access to the data is necessary for the performance of
their roles and Shared Services team to access data to be used for finance and payroll.
3.2 We will not share your data with third parties unless your interview for employment is
successful and we progress you to the next stage of the recruitment process. The
organization will then share your data with former employers to obtain references for you,
employment background check providers to obtain necessary background checks and the
Disclosure and Barring Service to obtain necessary criminal records checks.
3.3 The organization will not transfer your data outside the UK

4. How do we protect data?
4.1 We take the security of your data seriously. We have internal policies and access permission
controls in place to ensure that your data is not lost, accidentally destroyed, misused or
disclosed, and is not accessed except by our employees in the proper performance of their
duties.
5. For how long do we keep data?
5.1 We will hold data on file for 13 months after your last recruitment interaction with the
organizations Applicant Tracking System. You will be contacted 30 days prior to the
expiration where you can reconsent for the same period or withdraw your consent. Should
you withdraw your consent your data will be anonymized.
5.2 If your application for employment is successful, personal data gathered during
the recruitment process will be transferred to your personnel file and retained during your
employment. The period for which your data will be held after your employment ceases is in
line with the recommended retention period of 6 years.

6 .Your rights
6.1 As the subject of the data collected, you have a number of rights. You can:
– access and obtain a copy of your data on request
– require the organization to change incorrect or incomplete data
– require the organization to delete or stop processing your data, for example where the data
is no longer necessary for the purposes of processing
– object to the processing of your data where the organization is relying on its legitimate
interests as the legal ground for processing
– ask the organization to stop processing data for a period if data is inaccurate or there is a
dispute about whether or not your interests override the organization’s legitimate grounds for
processing data
6.2 If you would like to exercise any of these rights please contact: Human Resources, IRON HAWK
Security, ADDRESS.
6.3 If you believe that the organization has not complied with your data protection rights, you can
contact the Information Commissioner

7. What if you do not provide personal data?
7.1 You are under no statutory or contractual obligation to provide data to the organization during
the recruitment process. However, if you do not provide the information, the organization may
not be able to process your application properly or at all. If your application is successful, it
will be a condition of any job offer that you provide data and evidence of all the requirements
set out in British Standard 7858.
7.2 You are under no obligation to provide information for equal opportunities monitoring
purposes and there are no consequences for your application if you choose not to provide
such information. A ‘Prefer Not to Say’ option is available across all categories.
8.Automated decision making
8.1 Some of the organization’s recruitment processes are based solely on automated decision-making.

Last Updated September 2024