Get in touch
Get in touch

Candidate privacy policy

INTRODUCTION

PPRO (“we”, “us”) are committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us in connection with our recruitment processes.

For the purpose of the General Data Protection Regulation (“GDPR”) the Data Controller is PPRO.

We use Lever, an online software product, to assist with our recruitment process. We use Lever to process personal information as a data processor on our behalf. Lever will not separately use our data for its own purposes.

For more information on Lever’s own Privacy Policy see here: https://www.lever.co/privacy-notice/ 

WHAT PERSONAL DATA WE COLLECT?

At PPRO we collect and use the following information about you, to the extent provided by you and permitted under applicable law:

  • Contact information (such as name, address, email address, and phone number);
  • Experience information (such as education, skills, CVs, photographs, references, employee records);
  • Demographic information (such as age, date of birth, gender). We use this data to ensure we’re giving job applicants equal opportunity and treatment regardless of their demographic. Providing this data won’t affect your application in any way, and you are free to omit any information that you don’t want to share.  In addition, we may use this data in an aggregated and anonymised format in order to track our Diversity and Inclusion progress.
  • Interview records;
  • Data from public profiles;

HOW IS YOUR INFORMATION COLLECTED?

We collect personal information from the following sources:

  • Yourself the candidate, when you apply for a role with us directly. This includes all the information in your CV,  provided through an online application, via email, in person at interviews and/or by any other method;
  • Zinc, our background check provider only after the candidate accepts the job offer. We collect the following categories of data: name, your addresses from the last three years, references, criminal record, work permit data, national identification numbers, and proof of address document. For more information on Zinc’s privacy policy see here: https://zinc.work/privacy.pdf;
  • Public sources, including social media platforms i.e. LinkedIn;
  • Third party recruitment platforms i.e. Cord and agencies;

WHY ARE WE COLLECTING YOUR DATA?

We process your personal data only for the following purposes related to recruitment:

  • Assess your skills, qualifications, and suitability for the role;
  • Carry out background and reference checks, where applicable;
  • Communicate with you about the recruitment process;
  • Keep records related to our hiring processes;

WHAT IS OUR LAWFUL BASIS FOR PROCESSING YOUR DATA?

Contract– to take steps to assess your suitability for the vacancy prior to entering into an employment contract (necessity for hiring decisions)

Legal obligation– Ensure we are complying with our legal and regulatory obligations i.e. background checks to prevent illegal working.

Legitimate interest– to actively reach out to potential candidates and to use your data to improve our application or recruitment process, we do so on the basis that it is in our legitimate interests to ensure we recruit the best possible candidates.

HOW LONG WILL WE USE YOUR INFORMATION FOR?

Successful applicants

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to our HR management system and retained during your employment.

Unsuccessful applicants

If your application for employment is unsuccessful, we will hold your data on file for up to 3 years after the end of the relevant recruitment process. This will ensure that we are able to contact you about relevant future opportunities. At the end of that period we will securely destroy your personal data in accordance with applicable laws and regulations.

For the establishment, exercise or defence of legal claims, personal data will be deleted after termination of the court action or legal proceeding as appropriate.

HOW DO WE PROTECT YOUR DATA?

We take appropriate measures to ensure that all personal data is kept securely, including security measures to prevent personal data from being accidentally lost, or used or accessed in any unauthorised way. We limit access to your personal data to those employees who have a business need-to-know.  They will only process your personal data on our instructions and they are subject to a duty of confidentiality.  

WHAT ARE YOUR RIGHTS?

  • The right to request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • The right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • The right to request erasure
    of your personal information. This enables you to ask us to delete or remove personal information.
  • The right to object
    to further processing of your personal information where we are relying on a legitimate interest. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • The right to request the restriction of processing
    of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy, the reason for processing it or for the exercise or defence of your legal claims.

To do any of the things above, please contact our Data Protection Officer (DPO) at data@ppro.com. UK & EU data protection laws give us one month to take action.

WHO SHOULD I CONTACT WITH QUESTIONS?

For any further information regarding your rights or have questions about the use of your Personal Data, please contact data@ppro.com we will endeavour to help you as quickly as possible.

If you are still not happy, you may lodge a complaint with your relevant supervisory authority or other public body with responsibility for enforcing data protection or privacy laws.