In registering to use our recruitment system you undertake to provide accurate and current information about yourself, including your correct name, address and any other requested information and to update that as necessary in any subsequent applications.
If you knowingly make any false statements or withhold any relevant information this may result in disciplinary action up to and including dismissal or the withdrawal of any offer of appointment.
The University cannot be held liable for delays to applications resulting from failures of the system outside its direct control.
How the College uses applicant personal data (fair processing notice)
The processing of job applicant data is necessary in order for the College to comply with its legal obligations and for the organisation to function effectively. In the controlling and processing of this data the College will act in accordance to the rules laid out by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA2018).
This notice explains how the College collects, uses and shares personal data relating to prospective, employees and workers and your rights in relation to the processing of your personal data.
In this notice:
personal data means any data which can identify you directly or indirectly (whether by itself or when combined with other data), regardless of the format or media on which the data is stored. This includes data that can identify you when combined with other data that is held separately but does not include data that has been manipulated so that you can no longer be identified (anonymous data).
processing means any activity relating to your personal data including collection, use, alteration, storage, disclosure and destruction.
The official purposes for which the Royal Holloway and Bedford New College (the College) processes personal data are notified to the Information Commissioner, and can be viewed on the Office of the Information Commissioner's Register. The College's Registration Number is Z7056965.
How we collect your personal data
Most of the personal data we hold about you will have been provided or observed about you in the course of the application and recruitment process. We have collected some of your personal data because it is mandatory, but some of it will have been provided on a voluntary basis. If you become an employee of the University your personal data would be covered by the Staff Data Collection Notice.
Personal data from third parties
We may sometimes collect additional information from third parties including:
your CV sent from any recruitment agencies regarding a position
references from former employers, colleagues or other relevant parties
information collected as a result of formal background checks, e.g. DBS checks
Types of personal data processed
Depending on your role, this notice sets out the types of personal data that the College may collect and process about you, including “special categories of personal data” which are particularly sensitive and require us to take additional steps to ensure their security and confidentiality.
How the College uses personal data about you
Depending on your role, the College may process personal data (including special categories of personal data) about you for the following purposes:
the recruitment and selection process
completion of pre-employment checks
assessing the College’s performance against equality objectives as set out by under College policies, Statutes and employment legislation.
The College needs to process special category data for a number of administrative purposes. These include:
Lawful grounds for processing your personal data
We will only use your personal data when we are permitted to do so by law. Most commonly, we will use your personal data:
to perform a contract the College has entered into with you or take steps before entering into a contract with you at your request (for example, your employment contract or contract for services)
to comply with the College’s legal obligations (for example, complying with employment and tax, immigration, health and safety and safeguarding laws, preventing and detecting crime, assisting the police and other authorities with their investigations)
where necessary for our legitimate interests or those of a third party provided your interests and rights do not override those interests (for example, evaluating the suitability of a candidate for a role or defending employment claims brought by you)
to protect your vital interests or those of another person (for example, where we know or have reason to believe that you or another person may suffer harm)
In circumstances where you have a genuine choice as to whether we should process your personal data, we will ask you for your consent. The method used to obtain your consent will depend on the scope and context of the processing that we propose.
What personal data will be collected
The data the College collects includes:
Personal contact details including name, address and contact details, including email address and telephone number
Education, professional qualifications details
Details of your skills, experience and employment history
Information about your current level of remuneration, including benefit entitlements
Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process
Information about your entitlement to work in the UK
Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief.
Reference details
Visual images
Special category data processed may include:
How long the College will retain your personal data
The College must only retain your personal data for as long as necessary to fulfil the purposes for which it was collected and to satisfy any legal, regulatory, accounting or reporting requirements.
Your applicant account will be automatically deleted from the system after 12 months of inactivity, or 12 months from the last email received from a jobs by email subscription. The data that you provide in your application will be retained for use, as detailed below.
Specified retention periods are applied to each category of personal data that we may process about you. In setting these retention periods, the College has taken into account:
the nature, sensitivity and volume of the personal data
the potential risk of harm to you arising from the College’s continued retention of the personal data
the purposes for which the College may process your personal data
whether the College is required to retain any personal data by law or in accordance with its legitimate interests
Your data will be kept in accordance with the College’s Records Retention Policy and Schedule.
In general, all relevant correspondence in relation to your recruitment will be held and retained for at least 10 years, or longer where necessary after you have left the College or your engagement has ceased, after which time it will be securely disposed of.
In some cases, the College may anonymise your personal data so that it can no longer be identified with you, in which case the College may retain such data indefinitely.
CCTV and automatic number plate recognition (ANPR)
The College has a comprehensive, image-only CCTV surveillance system across its campus. Cameras located on and within buildings are monitored by Security. On occasions, Security staff will wear Body Worn Cameras in the course of their duties. These cameras record both images and sound, and data captured in this manner is processed in compliance with GDPR.
College uses ANPR (Automatic Number Plate Recognition) camera technology to manage, control and enforce parking on its sites. They are governed under guidelines from the Information Commissioner’s Office on the use of CCTV and ANPR Cameras and are operated by College’s Security team. In exceptional circumstances this information may be used as evidence in disciplinary cases.
Sharing your personal data with third parties
Where there are lawful grounds for doing so, the College may share your personal data with third parties. A list of parties with whom we share the data includes but is not limited to the following:
Government departments, affiliated organisations and Higher Education bodies including:
Organisations contracted by the College to perform specific functions including:
NorthgateArinso UK Ltd (HR & Payroll System provider)
Stonefish Software Ltd (Online Recruitment System provider)
The College’s internal and external auditors
Organisations with which the College has a relationship to fulfil specific obligations or objectives including:
Where the College uses third parties to process personal data on its behalf (acting as data processors), a written contract will be put in place to ensure that any personal data shared will be held in accordance with the requirements of data protection law and that such data processors have appropriate security measures in place in relation to your personal data.
Parents, family members and guardians are considered to be third parties and your personal data will not be disclosed to such persons unless you have given your consent or the disclosure is otherwise made in accordance with data protection law.
Please note that we may need to share your personal information with a regulator or to otherwise comply with the law, and the list above is not necessarily exhaustive.
International Data Transfers
Most personal data about you, will be stored on servers within the UK or elsewhere within the European Economic Area (EEA).
On occasion it may be necessary for the College to transfer your personal data outside of the European Economic Area (EEA). This will only take place in circumstances where there are appropriate and adequate safeguards in place which incorporate appropriate assurances to ensure the security of the information and compliance with legislative and regulatory requirements.
How the College keeps your personal data secure
The College has put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in any unauthorised way or altered or disclosed. In addition, the College limits access to your personal data to the persons and organisations, including those described above, who have a lawful and legitimate need to access it.
The College has also put in place procedures to deal with any suspected personal data security breach and will notify you and any applicable regulator of a suspected breach where legally required to do so.
You and your data
You have a number of rights in relation to the processing of your personal data by the College:
Access: You have the right to request access to and be provided with a copy of the personal data held about you together with certain information about the processing of such personal data to check that the College is processing it lawfully and fairly.
Correction: You have the right to request correction of any inaccurate or incomplete personal data held about you.
Deletion: You have the right to request erasure of any personal data held about you where there is no good reason for the College to continue processing it or where you have exercised your right to object to the processing of your personal data.
Restriction: You have the right to request restriction of how the College processes your personal data; for example, to confirm its accuracy or the College’s reasons for holding it or as an alternative to its erasure.
Objection: You have the right to object to the College’s processing of any personal data which is based on the legitimate interests of the College or those of a third party based on your particular circumstances. You also have the right to object to the College processing your personal data for direct marketing purposes.
Portability: You have the right to receive or request that the College transfers a copy of your personal data in an electronic format where the basis of the College processing such personal data is your consent or the performance of a contract, and the information is processed by automated means.
Complaints: You have the right to complain to the Information Commissioner’s Office (ICO) or any other EU supervisory authority in relation to how the College processes your personal data.
The College may be entitled to refuse any request in certain circumstances and where this is the case, you will be notified accordingly.
Where the lawful ground relied upon by the College to process any of your personal data is your consent, you have the right to withdraw such consent at any time without having to give any reason. However, if you do so, the College may not be able to provide some or all of its services to you or the provision of those services may be affected.
You will not have to pay any fee to exercise any of the above rights, though the College may charge a reasonable fee or refuse to comply with your request if any request is clearly unfounded or excessive. Where this is the case, you will be notified accordingly.
To protect the confidentiality of your personal data the College may ask you to verify your identity before fulfilling any request in relation to your personal data.
Changes to this notice
The College may update this notice at any time and may provide you with further notices on specific occasions where we collect and process personal data about you. You should check this notice regularly to take notice of any changes.
Questions or comments
If you have any questions or comments regarding this notice or you wish to exercise any of your rights you should contact our Data Protection Officer by email at dataprotection@royalholloway.ac.uk.
You also have the right to complain to the Information Commissioner’s Office and you can find more information on their website – www.ico.org.uk
Cookies
Cookies are used on this website to allow access to authenticated areas of the website (e.g. applying for a vacancy), for storing individual user preferences, and for gathering analytical visitor data. For more information please visit the Cookies information page.