Applicant Privacy Notice
Welcome to AVC Wise’s, trading as My Money Matters, Applicant Privacy Notice for applicants, for employment or other engagements.
Notice Aim
My Money Matters is committed to protecting the privacy and security of your personal data and information. The purpose of this Privacy Notice is to provide our applicants with information about how and why we process their Personal Data, and to tell them about their privacy rights and how the law protects them.
This privacy notice is written in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
It is important that you read this Privacy Notice so that you are aware of how and why we are using your Personal Data, your rights and how the law protects you.
This Privacy Notice does not form an operative part of any future contract you may have with My Money Matters and is not intended to form any employment relationship.
With that in mind, this notice covers;
- Who we are and how you can contact us
- Your rights relating to your Personal Data
- What Personal Data we collect
- Personal Data from Third-Party Sources
- How we use your Personal Data and why
- Who we share your Personal Data with
- Data Transfers
- How we keen your Personal Data secure
- How long we store your Personal Data
- No automated decision
- An appendix of our Detailed Processing Information
We may update this Privacy Notice from time to time. If we do so, we will make available a revised Privacy Notice.
Who we are and how you can contact us
AVC Wise (“My Money Matters,” “we,” “us” or “our”) is the Controller, as defined in the UK GDPR, for the purposes of Processing your Personal Data described in this Privacy Notice.
Our registered address is: First Floor, 5 Fleet Place, London, United Kingdom, EC4M 7RD.
You can contact us by:
- Emailing us at DPO@my-money-matters.co.uk
- Writing to us at the above registered address
We have appointed a Data Protection Officer, who is responsible for overseeing and advising us in relation to our compliance with the UK GDPR. If you want to contact our Data Protection Officer directly, you can email DPO@my-money-matters.co.uk.
Your rights relating to your Personal Data
By law, under certain circumstances, you have the right to:
- Request access to your Personal Data – this enables you to receive a copy of the Personal Data we hold about you, and to check that we are lawfully processing it.
- Request a correction to the Personal Data we hold about you – this enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request an erasure of your Personal Data – this enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing.
- Object to processing of your Personal Data – this right exists where we are relying on a Legitimate Interest (defined below) as the legal basis for our processing and there is something about your specific circumstances, which make you want to object to our processing on this ground. If you enact this right, we will cease processing your Personal Data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
- Request a restriction on processing of your Personal Data – this enables you to ask us to suspend the processing of Personal Data about you, for example in relation to establishing its accuracy or the reason for processing it.
- Request a transfer of your Personal Data – where we provide you, or a chosen third party, with your Personal Data. This only applies to Personal Data we process by automated means to which initial consent was provided, or where we use the information to perform a contract with you.
- Withdraw consent – this right only exists where we are relying on consent to process your Personal Data.
How to exercise your rights
Please use the contact details as included in the “Who we are and how you can contact us” section above.
We may need to request specific information to confirm your identity and verify your right to access Personal Data. This ensures that Personal Data is not disclosed to any person who has no right to receive it. We also may contact you to ask for additional information to assist us in responding to your request.
We try to respond to all legitimate requests within one calendar month. In some instances, where a request is complex or multiple requests have been made, it may take longer than this and you will be notified of this.
Complaints
If you would like to make a complaint regarding this Privacy Notice, please use the contact details as included in the “Who we are and how you can contact us” section above.
If you feel that a complaint has not been adequately resolved, or you otherwise wish to make a complaint under GDPR you have the right to make a complaint directly to the UK Information Commissioner’s Office. You do not need to contact us before raising a complaint with the ICO, although we would welcome the opportunity to resolve any concerns directly first.
Address: Information Commissioner’s Office, Water Lane, Wycliffe House, Wilmslow, Chesire, SK9 5AF.
Phone: +44 303 123 1113
Website: http://ico.org.uk/make-a-complaint/
What Personal Data we collect
The Personal Data we collect, from you and third parties about you, is outlined in the below table.
|
Category of Personal Data |
What this means |
|
Identity Data |
First name, middle name(s), surname, title, national identification and/or passport number, national insurance number, driver’s licence, and photographs. |
|
Contact Data |
Your email address, telephone number(s), and home address. |
|
Biographical Data |
First name, middle name(s), surname, maiden name, marital/civil partnership status, title, date of birth, gender, ethnicity, education history, professional history, professional qualifications and memberships, references (including referee’s names and contact information), information contained within Cover Letters and CVs, language proficiencies, skill certifications (including expiry dates), and information necessary to undertake background checks. |
|
Immigration Data |
National identification and/or passport number, details of residency and/or work permits and any other information that allows us to verify your eligibility to work in the UK. |
|
Engagement Data |
Title and description of your prior roles, departments, work location, dates of prior employment or engagements, employment or engagement status and type (e.g. full time, part time), terms of employment or engagement, contracts, work history (current, past or prospective), training and learning program participation, termination date(s) and reason, length of service, willingness to relocate, current salary, desired salary, employment and engagement preferences, information necessary to complete background checks, drug and/or alcohol tests, and other screens permitted by law. |
|
Facilities Data |
Information about any access to any applicable office or facilities. |
|
Health Data |
Information about your physical or mental health, including any information collected as part of a health screen, occupational health assessment, workplace adjustments or medical emergencies. |
|
Diversity Data |
Information about your racial or ethnic origin, which may be collected for equal opportunity monitoring purposes on a voluntary basis. |
|
Online Recruitment |
If you apply for a role through our online careers portal, or a third-party job board, that platform may collect technical data about your device and browsing behaviour through cookies and similar technologies. Please refer to the relevant platform’s privacy and cookie notice for further information. |
|
Other Data |
This might include data not listed above, that you provide to us, such as your feedback and survey responses where you choose to identify yourself. |
Personal Data from Third-Party Sources
In addition to the Personal Data that we collect from your directly, in addition in certain circumstances, we may also collect Personal Data from third party sources. Please see below for a list of the types of third-party sources, from which we may collect your Personal Data:
- Agencies or recruiters that refer you to us.
- Job board website that you may apply to us through.
- Prior employers, companies, or persons, when they provide us with a reference.
- Professional references that you identify and authorise us to contact.
- Providers of background check, credit check, or other screening services (where legally permitted).
- Your publicly available social media profiles (such as LinkedIn), where we may collect Identity Data, Contact Data, Biographical Data and Engagement Data that is publicly available. We have a legitimate interest in researching candidates as part of our process and will only access publicly available information.
How we use your Personal Data and why
In respect of each of the purposes for which we use your Personal Data, and most commonly we will rely on one of the following legal bases:
- Contractual Necessity - where we need to take steps at your request prior to entering into a contract with you.
- Compliance with Law – where we need to comply with a legal or regulatory obligation.
- Legitimate Interests – where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
The table below shows, at a high level, how we may use your Personal Data and the relevant legal bases we rely upon for that. For more information see the Appendix to this Notice.
|
Purpose |
Legal Basis |
|
We may process your Personal Data (including sharing with third parties, where appropriate) where necessary to take pre-contractual steps relating to your potential employment or engagement, including managing the recruitment process and taking any associated steps you may request prior to entering any contract with you |
Contractual Necessity |
|
We may process your Personal Data (including sharing with third parties, where appropriate) for talent management purposes, including for the purposes of considering your job application and determining whether, and on what terms, to make an offer to employ or engage you. |
Legitimate Interests |
|
We may process your Personal Data (including sharing with third parties, where appropriate) to operate and improve our business. |
Legitimate Interests |
|
We may process your Personal Data (including sharing with third parties, where appropriate) to operate, manage and secure any premises or locations. |
Legitimate Interests |
|
We may process your Personal Data by requiring health screenings to help protect the health and safety of you, staff and representatives and others (such as visitors). |
Depending on the circumstance: Compliance with Law or Legitimate Interest |
|
We may process your Personal Data to protect your vital interests or those of a third party. |
Vital Interests |
|
We may process your Personal Data (including sharing with third parties, where appropriate) for compliance and protection purposes (including the establishment, exercise, or defence of legal claims). |
Depending on the circumstance: Compliance with Law or Legitimate Interest
|
|
We may Process and disclose Personal Data in the context of actual or prospective corporate events. |
Legitimate Interest |
|
We may create aggregated, de-identified and/or anonymised data from your Personal Data. |
Legitimate Interest |
|
In some cases, may use your Personal Data for further uses, in which case we will ask for your consent to use your Personal Data for those further purpose for which information was collected. |
Consent, or the original legal basis where the relevant further use is compatible with the initial purpose. |
Where we use any ‘special categories’ of Personal Data (e.g. Health Data), we must satisfy additional conditions to process such Personal Data, because it is considered more sensitive in nature. The condition that applies will depend on the circumstances and purposes of the relevant processing. As an example, we may rely on:
- Health Data – Schedule 1, Part 1, where processing is necessary for the purposes of performing or exercising obligations or rights under employment law.
- Diversity Data - Schedule 1, Part 2, where processing is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people.
- Health Data and other special categories – Schedule 1, Part 2, where processing is necessary for the purposes of establishing, exercising or defending legal claims.
We will inform you if we need to process your special category Personal Data for any purpose not described above.
Who we share your Personal Data with
As part of our business and in relation to your application, we may share your Personal Data with certain third parties.
- Service providers: travel, transportation, and accommodation; IT systems and support, information, and physical security; and background checks and other screenings.
- Professional advisers: accountant, auditors, lawyers, insurers, and other professional advisers.
- Compliance and protection related sharing: with entities that regulate or have jurisdiction over us, or in the context of protecting our, your or others’ rights, privacy, safety, or property (including by establishing, making, and defending legal claims).
How we keep your Personal Data secure
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised manner, altered, or disclosed.
We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual obligation of confidentiality.
We have put in place procedures to deal with any actual or suspected Personal Data breach. In certain circumstances, such as where we are legally required, we may notify you of breaches affecting your Personal Data.
How long we store your Personal Data
Our retention periods for Personal Data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which it was collected, as set out by this Privacy Notice.
The below table provides indicative retention periods to applicant Personal Data.
|
Data Type |
Retention Period |
|
Unsuccessful applicants |
12 months from application outcome |
|
Interview notes and assessments |
12 months from application outcome |
|
Right to work or immigration documents, or status information |
If hired in line with the Employee Privacy Notice, otherwise 12 months from application outcome.
|
|
Background Checks |
If hired in line with the Employee Privacy Notice, otherwise 12 months from application outcome. |
Where you give consent for us to retain your Personal Data for future opportunities, we will retain your Personal Data for up to 12 months. We will contact you before this period expires to ask whether you wish for us to continue to retain your Personal Data for future opportunities.
When Personal Data is no longer required, we either irreversibly anonymise the data, or securely destroy the Personal Data.
Automated decision making
We do not envisage that you will be subject to decisions or profiling that will have a significant impact on you based solely on automated decision making.
Your obligations
You should keep your Personal Data up to date and inform us of any significant changes to your Personal Data. If you provide us with Personal Data of a referee as part of your application, it is your responsibility to inform them of the use of the Personal Data for the purposes set out in this Privacy Notice.
Appendix – Detailed Processing Information
Below we have set out, in detail, the purposes for which we may use your Personal Data, the legal bases we rely on, and the categories of Personal Data typically used for the relevant purpose.
|
Processing activities |
Personal Data |
Legal basis |
|
Pre-contractual performance
We may process your Personal Data (including sharing with third parties, where appropriate) where necessary to take pre-contractual steps relating to your potential employment or engagement, including managing the recruitment process and taking any associated steps you may request prior to entering into a contract with you. |
|
Contractual Necessity |
|
Talent Management
We may process your Personal Data (including associated sharing it with third parties, where appropriate) for talent management purposes including;
|
|
Legitimate Interest.
We have a legitimate interest in assessing applications and managing the recruitment process. |
|
Business operation and improvement
We may process your Personal Data (including sharing it with third parties, where appropriate) to operate and improve our business, developing, improving, and innovating in respect of present and future business plans and strategies and associated operations (such as our recruitment processes). |
|
Legitimate Interest.
We have a legitimate interest in operating, developing, and improving our business and our products and services. |
|
Facilities management
We may process your Personal Data (including sharing it with third parties, where appropriate) to operate, manage and secure our premises and facilities, including:
|
|
Legitimate Interest.
We have a legitimate interest in managing and securing our premises and facilities, including conducting and monitoring and investigations for these purposes. |
|
Health Screening
We may process your Personal Data by requiring health screenings to access our premises to help protect the health and safety of you, staff and representatives of My Money Matters, and others (such as visitors). For example, this may include measures such as asking applicants to monitor themselves for symptoms and take their temperature before entry into the workplace, or otherwise performing self-screening measures deemed necessary to protect health and safety. |
|
Compliance with Law.
Legitimate Interest.
We have a legitimate interest in seeking to protect the health and safety of you, staff, and representatives of My Money Matters. |
|
Protection of health and vital interests
We may process your Personal Data (including sharing it with third parties, where appropriate) to protect your vital interests or those of a third party. This may include: |
Any and all data types relevant in the circumstances |
Vital Interests,
We may need to process and share your Personal Data to protect your, or someone else’s, vital interests – typically in matters of life and death. |
|
Compliance and protection
We may process your Personal Data (including sharing it with third parties, where appropriate) for compliance and protection purposes, including to: |
Any and all data types relevant in the circumstances. |
Compliance with Law.
Legitimate Interest.
We, and relevant third parties, have a legitimate interest in participating in, supporting, and following legal process and request, including through co-operation with authorities. We, and relevant third parties, also have a legitimate interest of ensuring the protection, maintenance, and enforcement of our and their rights, property, and/or safety. |
|
Right to Work Verification
We are legally required to verify your right to work in the UK before employment commences. For this purpose, we will process your Immigration Data including passport details, visa documents and biometric residence permits as applicable. |
Immigration Data |
Compliance With Law.
|
|
Privacy Protective Steps
We may create aggregated, de-identified and/or anonymised data from your Personal Data and other individuals whose Personal Data we collect. We make Personal Data into de-identified and/or anonymised data by removing any information that makes the data identifiable to you. |
Any and all data types relevant in the circumstances. |
Legitimate Interests.
We have a legitimate interest, and believe it is also in your interests, that we are able to take these privacy proactive steps. |
|
Further uses
In some cases, we may use your Personal Data for further uses, in which case we will ask for your consent to use your Personal Data for those further purposes if they are not compatible with the initial purpose for which information was collected.
|
Any and all data types relevant in the circumstances. |
Consent.
The original legal basis relied upon, if the further use is compatible with the initial purpose for which the Personal Data was collected. |