Privacy Policy
Welcome to CDL’s recruitment privacy policy
Cheshire Datasystems trading as CDL (‘CDL’, ‘us’, or ‘we’) are committed to respecting your privacy and protecting your personal data. We define personal data broadly as information that directly identifies an individual or that makes an individual identifiable when combined with other information.
This notice explains what personal data (information) we will hold about you, how we collect it, and how we will use and may share personal data about you during the application process. We are required to notify you of this information, under data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal data about you.
This notice only applies to the personal data of job applicants, potential candidates for employment and those who participate in our recruiting programs and events.
Data protection principles
We will comply with the data protection principles when gathering and using personal data, set out below:
Cheshire Datasystems trading as CDL (‘CDL’, ‘us’, or ‘we’) are committed to respecting your privacy and protecting your personal data. We define personal data broadly as information that directly identifies an individual or that makes an individual identifiable when combined with other information.
This notice explains what personal data (information) we will hold about you, how we collect it, and how we will use and may share personal data about you during the application process. We are required to notify you of this information, under data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal data about you.
This notice only applies to the personal data of job applicants, potential candidates for employment and those who participate in our recruiting programs and events.
Data protection principles
We will comply with the data protection principles when gathering and using personal data, set out below:
- Lawfulness, fairness, and transparency: any processing of personal data should be lawful and fair.
- Purpose Limitation: personal data should only be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data Minimisation: processing of personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy: personal data must be accurate and, where necessary, kept up to date.
- Storage Limitation: personal data should only be kept in a form which permits identification of data subjects for as long as is necessary for the purposes for which the personal data are processed.
- Integrity and Confidentiality: personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data.
- Accountability: accountability for the proper processing of personal data and compliance with the above data protection principles.
About the data we collect and hold
What data
In connection with your application for work with us, we may collect the following data up to and including the shortlisting stage of the recruitment process:
What data
In connection with your application for work with us, we may collect the following data up to and including the shortlisting stage of the recruitment process:
- the information you have provided to us in your curriculum vitae and covering letter/email;
- your name and contact details (i.e. address, home and personal mobile phone numbers, personal email address);
- information you provide to us during an interview;
- details of your referees; and
- details of your qualifications, experience, employment history (including job titles, salary, notice period and working hours) and interests.
We may also collect, store and use the following “special categories” of more sensitive personal data:
- information about your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs;
- information about your health, including any medical condition, health and sickness records; and
- information about your criminal record.
We may collect the following data after the shortlisting stage and/or following making you a formal offer:
- data about your previous academic and/or employment history, including details of any conduct, grievance or performance issues, appraisals, time and attendance, from references obtained about you from previous employers and/or education providers;
- data regarding your academic and professional qualifications;
- data regarding your criminal record, in a criminal records certificate (CRC) or enhanced criminal records certificate (ECRC) as appropriate;
- your nationality and immigration status and data from related documents, such as your passport or other identification and immigration information;
- a copy of your driving licence and passport; and
- data relating to your health;
How we collect the data
We may collect this data from you when you apply for a role. This includes information provided through an online application, via email and in person at interviews.
We may also collect this data from the following sources:
We may collect this data from you when you apply for a role. This includes information provided through an online application, via email and in person at interviews.
We may also collect this data from the following sources:
- recruitment agencies;
- search consultants;
- our employment background check provider;
- our credit reference agency;
- data from third party publicly sources;
- your named referees (details of whom you will have provided);
- your education provider, the relevant professional body;
- the Disclosure and Barring Service (DBS) and the Home Office;
- vacancies mailing list;
- the Bank of England Database of financial sanctions and terrorists; and
- social media and networking profiles.
We also collect data from a recruitment management system, to assist with our recruitment process. This provides us with the facility to link the data you provide to us with other publicly available information about you that you have published on the Internet – this may include sources such as LinkedIn and other social media profiles.
Why we collect the data and how we use it
We will typically collect and use this data for the following purposes:
Why we collect the data and how we use it
We will typically collect and use this data for the following purposes:
- to take steps at your request prior to entering into a contract with you;
- to take steps to enter into a contract;
- for compliance with a legal obligation. For example, we are required to check your eligibility to work in the UK before employment starts;
- for the performance of a task carried out in the public interest;
- for the purposes of our legitimate interests or those of a relevant third party (such as a benefits provider), but only if these are not overridden by your interests, rights or freedoms;
- because it is necessary for carrying out obligations or exercising rights in employment law;
- for reasons of substantial public interest (i.e. equality of opportunity or treatment, promoting or retaining racial and ethnic diversity at senior level, preventing or detecting unlawful acts); and
- to establish, exercise and/or defend any legal claims that may be brought by or against us in connection with your recruitment.
We process health information if we need to make reasonable adjustment to the recruitment process for you. This is to carry out our obligations and exercise specific rights in relation to employment.
Where we process other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes.
We are entitled to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. We use a third party to do this on our behalf.
We may use your data for analytics purposes, including in aggregated/pseudonymized form, to improve our recruitment and hiring process and augment our ability to attract successful candidates.
We will not use your data for any purpose other than the recruitment exercise for which you have applied.
We seek to ensure that our data collection and processing is always proportionate. We will notify you of any changes to data we collect or to the purposes for which we collect and process it.
How we may share the data
Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and other members of staff if access to data is necessary for the performance of their roles.
We use third-party service providers to provide a recruitment software system. We may also share your data with former employers to obtain references for you, and other third-party service providers that may assist us identifying and recruiting talent, administering and evaluating pre-employment screening and testing, and improving our recruitment practices, and our employment background check provider to obtain necessary background checks, including a criminal record check and our credit reference agency. All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies.
In addition, we may disclose or transfer your data in the event of a re-organization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.
Automated decision making/profiling
We may leverage our third party’s recruitment management system to help us select appropriate candidates for us to consider based on criteria we have identified. The process of finding suitable candidates is automatic, however, any decision as to who we will engage to fill the job opening will be made by our team.
Where data may be held
Some personal data controlled by us are held outside the UK. These data are predominantly held in data centres within the European Economic Area (EEA), for the purpose of hosting and maintenance. Regulations under section 17A of the DPA 2018 specify that all countries within the EEA are regarded as providing an adequate level of data protection.
We may need to disclose data or to third party suppliers or partners, located outside the United Kingdom, including (but not limited to) United States of America. These jurisdictions may not offer a level of protection of privacy equivalent to the level within the United Kingdom.
In respect of transfers of your personal data to third party suppliers outside the United Kingdom or the EEA, we will take steps to ensure that your personal data receives an adequate level of protection, including by, for example, entering into appropriate data transfer agreements.
How long we keep your data
We keep the personal data that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. How long we keep your data will depend on whether your application is successful and you become employed by us, the nature of the data concerned and the purposes for which it is processed.
We will keep recruitment data (including interview notes) for no longer than is reasonable, taking into account the limitation periods for potential claims such as race or sex discrimination (as extended to take account of early conciliation), after which they will be destroyed. If there is a clear business reason for keeping recruitment records for longer than the recruitment period, we may do so but will first consider whether the records can be pseudonymised, and the longer period for which they will be kept.
If your application is successful, we will keep only the recruitment data that is necessary in relation to your employment.
We may want to remain in contact with you and consider you for future employment opportunities. In such an event, we will seek your consent to include you in one of our recruiting programs that provides you ways to further learn about and stay in touch with us, either prior to or after you formally apply for a job opportunity. Participation in these recruiting programs is entirely optional.
Keeping your personal data secure
We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your data will do so only in an authorised manner and are subject to a duty of confidentiality. For further information regarding our security certifications please visit Certifications
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.
Your legal rights
If you have any questions about this privacy notice or our privacy practices, please contact our data protection officer in the following ways:
Full name of legal entity: Cheshire Datasystems Limited
Email address: dataprotection@cdl.co.uk
Postal address: Kings Reach Road, Stockport, SK4 2HD
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
Where we process other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes.
We are entitled to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. We use a third party to do this on our behalf.
We may use your data for analytics purposes, including in aggregated/pseudonymized form, to improve our recruitment and hiring process and augment our ability to attract successful candidates.
We will not use your data for any purpose other than the recruitment exercise for which you have applied.
We seek to ensure that our data collection and processing is always proportionate. We will notify you of any changes to data we collect or to the purposes for which we collect and process it.
How we may share the data
Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and other members of staff if access to data is necessary for the performance of their roles.
We use third-party service providers to provide a recruitment software system. We may also share your data with former employers to obtain references for you, and other third-party service providers that may assist us identifying and recruiting talent, administering and evaluating pre-employment screening and testing, and improving our recruitment practices, and our employment background check provider to obtain necessary background checks, including a criminal record check and our credit reference agency. All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies.
In addition, we may disclose or transfer your data in the event of a re-organization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.
Automated decision making/profiling
We may leverage our third party’s recruitment management system to help us select appropriate candidates for us to consider based on criteria we have identified. The process of finding suitable candidates is automatic, however, any decision as to who we will engage to fill the job opening will be made by our team.
Where data may be held
Some personal data controlled by us are held outside the UK. These data are predominantly held in data centres within the European Economic Area (EEA), for the purpose of hosting and maintenance. Regulations under section 17A of the DPA 2018 specify that all countries within the EEA are regarded as providing an adequate level of data protection.
We may need to disclose data or to third party suppliers or partners, located outside the United Kingdom, including (but not limited to) United States of America. These jurisdictions may not offer a level of protection of privacy equivalent to the level within the United Kingdom.
In respect of transfers of your personal data to third party suppliers outside the United Kingdom or the EEA, we will take steps to ensure that your personal data receives an adequate level of protection, including by, for example, entering into appropriate data transfer agreements.
How long we keep your data
We keep the personal data that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. How long we keep your data will depend on whether your application is successful and you become employed by us, the nature of the data concerned and the purposes for which it is processed.
We will keep recruitment data (including interview notes) for no longer than is reasonable, taking into account the limitation periods for potential claims such as race or sex discrimination (as extended to take account of early conciliation), after which they will be destroyed. If there is a clear business reason for keeping recruitment records for longer than the recruitment period, we may do so but will first consider whether the records can be pseudonymised, and the longer period for which they will be kept.
If your application is successful, we will keep only the recruitment data that is necessary in relation to your employment.
We may want to remain in contact with you and consider you for future employment opportunities. In such an event, we will seek your consent to include you in one of our recruiting programs that provides you ways to further learn about and stay in touch with us, either prior to or after you formally apply for a job opportunity. Participation in these recruiting programs is entirely optional.
Keeping your personal data secure
We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your data will do so only in an authorised manner and are subject to a duty of confidentiality. For further information regarding our security certifications please visit Certifications
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.
Your legal rights
If you have any questions about this privacy notice or our privacy practices, please contact our data protection officer in the following ways:
Full name of legal entity: Cheshire Datasystems Limited
Email address: dataprotection@cdl.co.uk
Postal address: Kings Reach Road, Stockport, SK4 2HD
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
-
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the personal data's accuracy.
- Where our use of the personal data is unlawful but you do not want us to erase it.
- Where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
-
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you would like to exercise any of those rights, please contact us using our contact details above. -
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. -
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. -
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.