Privacy notice for job applicants and employees

28th Sep 2018

This privacy notice tells you what to expect regarding the personal information collected and processed by the Joseph Rowntree Foundation (JRF) when applying for a job or working for us.

Who are we?

We are the Joseph Rowntree Foundation (JRF) & Joseph Rowntree Housing Trust (JRHT).  We are a registered charity in England and Wales (number 210169) and the address of our head office is: The Homestead, 40 Water End, York, YO30 6WP.

What Information do we ask for, and why?

Recruitment

All of the information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements where necessary.

We will not share any of the information you provide during the recruitment process with any third parties. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format. It will be used by the recruitment team, the people team and the hiring manager only.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role that you have applied for in line with the job description and person specification.

We do not collect more information than we need in order to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.

Application stage

We will ask for your personal details including:

  • Name and contact details
  • Your previous experience and education
  • Your referees
  • Answers to questions relevant to the role you have applied for.

Our recruitment team will have access to all of this information, as well as the hiring manager.

You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide, will be used only to produce and monitor diversity statistics.

You will be asked to complete a criminal records declaration to declare any unspent convictions.

Unsuccessful candidates

If you are unsuccessful following either shortlisting or interview/assessment for the position you have applied for, we will only keep the personal data you provided for the application process for a period not longer than 12 calendar months from when we last processed your application.

We may on occasion ask if you would like your details to be retained in our talent pool for the purposes of contacting you in the future should other suitable vacancies arise. This would be for an initial period of 12 months after which we would contact you again to ask the same question. Should we receive no response to this request then your details will be removed subject to the paragraph above.

Conditional offer

If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

You will therefore be required to provide:

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
  • Proof of qualifications – you will be asked to attend our office with original documents, we will take copies.
  • We may (dependent upon role) contact you to complete a request for the Disclosure and Barring Service. You will be sent an electronic link to facilitate this in addition to providing original forms of ID that are destroyed once the check is complete. In addition to providing original forms of ID for this purpose that will be destroyed once a DBS number has been issued.
  • We will contact your referees, using the details you provide in your application, directly to obtain references and information on your trustworthiness, integrity and reliability.
  • We will ask you to complete a questionnaire about your health. This is to establish your fitness to work. The Occupational Health form may be shared with Occupational Health providers who may ask for access to your GP records.

Confirmed, unconditional offer of employment

If we make a final offer, we will ask you for the following:

  • Bank details – to process salary payments
  • HMRC starter checklist – to ensure you are placed on the right tax code and where applicable any student loan data is captured.
  • Emergency contact details – so we know who to contact in case you have an emergency at work.

This information will remain in the HR Department and will be retained as part of your personnel file.

Employee Data

As your employer, the company needs to keep and process information about you for employment purposes.

The information we hold and process will be used for our management and administrative use only. We will keep it and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to:

  • Enable us to comply with the employment contract.
  • Enable us to comply with any legal requirements.
  • Pursue the legitimate interests of the company and protect our legal position in the event of legal proceedings.
  • Complete Health and Safety associated documentation (please refer to the Health and Safety retention table within the “how long do we keep your information” section.

We may also need to use certain information in order for Finance to process invoices relating to, for example, a training course, for processing of individual payments, applications for bank, credit and purchasing cards (role dependent) and to access internally used financial systems.

Much of the information we hold includes:

  • Your application form
  • References
  • Your contract of employment and any amendments to it
  • Correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary
  • Information needed for payroll, benefits and expenses purposes
  • Contact and emergency contact details
  • Records of holiday, sickness and other absence
  • Information needed for equal opportunities monitoring policy
  • Records relating to your career history, such as training records, appraisals, other performance measures and, where appropriate, disciplinary and grievance records.

Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay. In addition, we may use this information to monitor and produce (for our own use) reports relating to absence levels across the organisation.

How we hold your personal information

Your data will be processed by our staff, who are all based in the UK. The data we process may be held internally on our own managed systems, externally on cloud based services or on the systems of partners who process information on our behalf.

We are committed to storing data securely wherever it is held, and ensuring it is only accessible to authorised personnel. Where data is stored on partner systems we expect them to adopt security practices aligned with our own and to be GDPR compliant.

Who we share it with

Our recruitment team will have access to all of the information during the recruitment process, as well as the HR team. The hiring manager will also have access to some of the data as outlined during the recruitment process.

We may disclose specific information when required to do so by government bodies, law enforcement bodies and regulatory authorities such as the HMRC. We will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to the pension provider, health insurance schemes.

Personal information may also be released to external parties in response to legal processes or to enforce or apply our terms of use, or to protect the rights, property or safety of JRF/JRHT, our employees, agents and others.

We may share the personal information of JRF and JRHT Directors and of the five highest paid non-executive employees with the US Tax authorities for the purpose of maintaining our status as an exempt foreign private foundation which minimises the tax withheld on income arising from our US investments.

Transferring your information outside the European Economic Area (EEA)

We will only transfer your personal data out of the EEA if at least one of the following applies:

  • The European Commission has made an ‘adequacy decision’ about the country or organisation, regarding the legal framework in place in that country or organisation for the protection of individuals’ personal data as adequate.
  • They are a US company covered by the EU-US Privacy Shield framework.
  • That the transfer of information is covered by appropriate safeguards, which are listed in the GDPR
  • We have your explicit consent to the transfer of your data.

What happens when you leave your employment with JRF/JRHT

Should you leave our employment, we are required to keep any data that relates to PAYE (pay as you earn), for a period of 7 years after the end of the tax year from the date of leaving. A full list of retention dates of documents that may have been held on your staff file can be found on the table overleaf.

Your documents will be held electronically and when required (in line with retention periods), destroyed securely and in line with GDPR compliance.

How long we keep your information

Items
Item Description How Long Do We Keep It?
Application Form 12 months* on Recruitment File Destroyed 7 years from date of leaving employment
CV 12 months* on Recruitment File
Equal Opportunities Monitoring Form Input on electronic system and destroyed immediately
References Held on electronic staff file. Destroyed 7 years from leave date
Pre-employment Health Declaration Held on electronic staff file. Destroyed 7 years from leave date
Professional Reg Details (NMC Pin etc) Held on electronic staff file. Destroyed 7 years from leave date
DBS details – (Disclosure No, date of issue, processing date & reference No’s) Held on electronic staff file. Destroyed 7 years from leave date
DBS ID Held on electronic staff file. Destroyed 7 years from leave date
Right to work documents Held on electronic staff file. Destroyed 7 years from leave date
Exam Certificates relevant to the role Held on electronic staff file. Destroyed 7 years from leave date
Training Records Held on electronic staff file. Destroyed 7 years from leave date
Offer Letter & signed employment contract Held on electronic staff file. Destroyed 7 years from leave date
New Starter Form Held on electronic staff file. Destroyed 7 years from leave date
Contractual Change Forms Held on electronic staff file. Destroyed 7 years from leave date
Change of Contract Letter Held on electronic staff file. Destroyed 7 years from leave date
Fit notes/Self Certs/Return to Work Forms Held on electronic staff file. Destroyed 7 years from leave date
Occupational Health Reports Held on electronic staff file. Destroyed 7 years from leave date
Absence Stage Management Meeting Information Held on electronic staff file. Destroyed 7 years from leave date
Maternity/Paternity/Adoption/Parental Leave 3 years after the end of the tax year in which the leave ends
Informal/Formal Management Action 6 years
Purchase Ledger Invoices 7 years
Bank, credit & purchasing applications Until application is complete
Names & Roles for access to financial systems 7 years
Delegated authority signatures Retained for as long as in post

Resignation / Leavers Form

7 years after employment has ended
Exit Interview

Destroy once answers anonymously logged

Pensions Information 99 years

(* 12 months from the last action on your application e.g. after shortlisting, after interview etc.)

Health and Safety Retention Dates
Item Description How Long Do We Keep It? Comments
H&S Strategy papers 6 yrs  
Reports relating to accidental exposure to substances hazardous to health or potential exposure  40 yrs Including medical reports subsequent to exposure – keep out all DLO records

Individual health surveillance records

40 yrs  
Accident reports and investigations relating to you 6 yrs Unless they include, or have the potential to include, exposure to hazardous substances 
Accident reports relating to under 18’s Up to age 21  
H&S training records  3 yrs  

Risk Assessments (all except DSE)

6 yrs  
Legionella Risk Assessments containing the name of the employee performing the assessment & the name of the person responsible 2 yrs From period covered by last assessment – therefore keep the assessment immediately prior to current
Legionella testing, monitoring, check records containing the name of the employee performing the assessment 5 yrs  
DSE Assessments 2 yrs  
Claims records 7 yrs From date of last recorded action unless relating to persons under 18
Claims records (under 18’s) Up to age 28  
Major projects H&S  5 yrs  
Workplace Inspections 6 yrs  
Asbestos records for properties inc name of the staff member that is responsible 5 yrs after disposal of the property  

What are your rights?

Under the General Data Protection Regulation (GDPR) & the Data Protection Act 1998 (DPA) you have a number of rights with regard to your personal data.

You have the right to ask for a copy of the information we hold about you.  You will need to make a formal request called a ‘subject access request’. To make a subject access request you must make your request in writing and provide proof of your identity.

If any of the information we hold is inaccurate or out of date, you have the right to have it corrected, updated or deleted by contacting our Data Protection Officer.

Questions and complaints

If you have any questions about the personal data we hold about you or how we use it you can contact our Data Protection Officer who will make every effort to help you.

Contact details:
Data Protection Officer
Joseph Rowntree Foundation
The Homestead
40 Water End
York YO30 6WP

Or by email at: [email protected]

If you are not satisfied with our response or believe we are not complying with the law when using your personal data, you can complain to the Information Commissioner’s Office.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Last updated 28 September 2018