What is the purpose of this document?
Chivas Brothers Limited is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. You are receiving a copy of this privacy notice because you are applying for a position with us (whether as an employee, worker, contractor, director or office holder or in any other capacity including on a voluntary unpaid basis). It applies to individuals who are applying for a vacancy that we are actively recruiting for, and also those who speculatively contact us to apply for roles. It makes you aware of how and why your personal data may be used, namely for the purposes of any recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation (GDPR). If you are successful with your application we will hold your information in accordance with our Personnel Privacy Notice a copy of which will be provided or made available to you at the relevant time. The most up-to-date version of this document is available on our corporate website at www.chivasbrothers.com
Data protection principles
In accordance with data protection law the personal information we hold about you will be:
The kind of information we hold about you
In connection with your application for work with us, we may collect, store, and use the following categories of personal information about you:
We may also collect, store and use the following "special categories" of more sensitive personal information about:
How is your personal information collected?
We will collect personal information from you and in some cases also from the following sources:
How will we use personal information?
We will use the personal information we collect about you to:
It is in our legitimate interests to consider this information in the recruitment process to enable us to identify the best candidate for vacancies.
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully.
How will we use sensitive personal information?
We will use your sensitive personal information in the following ways:
Information about criminal convictions
We may collect information about your criminal convictions history if we would like to offer you a role (conditional on checks and any other conditions, such as references, being satisfactory). We are entitled to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. In particular:
We will process information about criminal convictions in accordance with the appropriate policies and safeguards as required by law.
As part of our recruitment process we may use automated decision making (when an electronic system makes a decision without human intervention). This does not involve using any sensitive personal data. For some roles, we use “Ace” questions which means that your response to a particular question could result in an automated decision being made not to progress your application further. If a decision is made not to progress your application as a result of automated decision making, you will be notified of this and you may, within a period of one month of receiving such notification, contact us to ask us to reconsider the result of that decision.
We will only share your personal information with other members of our group and third parties for the purposes of processing your application. For example, we may share information with the following third parties: recruitment agencies, legal services, background and criminal record check providers, document storage providers, IT/software providers, IT security (including Zscaler), external test providers, CCTV providers and outsourced security providers (including G4S). All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions (or instructions from a member of our group) and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
For internal and/or successful candidates we will retain your application information on your personnel file in accordance with our Personnel Privacy Notice and Document Retention Policy.
For unsuccessful candidates we will retain your personal information for a period of six months after we have communicated to you our decision that your application has not been successful. We retain your personal information for that period:
After this period, we will securely destroy your personal information in accordance with our Document Retention Policy, a copy of which is available upon request.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates that affect you.
Rights of access, correction, erasure, and restriction
Under certain circumstances, by law you have the right to:
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise any of your rights in relation to your data, please contact our Privacy Champion who has been appointed to oversee compliance with this privacy notice; firstname.lastname@example.org
We hope that we can resolve any query or concern you may raise. You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
If you have any questions about this privacy notice, or how we handle your personal data please email email@example.com