Last Updated: [16 May 2018]
If you have a concern about your data or a question about this Policy for our Data Protection Officer, please contact them by email at firstname.lastname@example.org.
Affinion is the data controller for the personal data we collect from you.
For any career related queries, please email our Careers team at email@example.com.
1. What information do we collect?
When you provide your data to sign up and submit a job application, you provide us with the following information:
• your name, address and contact details, including email address and telephone number;
• details of your qualifications, skills, experience and employment history;
• information about your current level of remuneration, including benefit entitlements;
• whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process;
• information about your entitlement to work in the UK; and
• equal opportunities monitoring information
We will collect this information from you in a variety of ways. For example, your data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment including online tests.
We will also collect personal data about you from relevant third parties, such as references supplied by your former employers, information from employment and financial background check providers and information from criminal records checks. We will seek information from such third parties only once a job offer to you has been made and will inform you that we are doing so.
Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems including email.
2. Why do we process your data?
We need to process the data you provide to us in order to take steps at your request to review and assess your job application prior to entering into a contract with you and if successful, continuing employment with us.
We will also need to process your data to comply with legal obligations. For example, we are required to check a successful applicant’s eligibility to work in the UK before employment starts.
We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm your suitability for employment and decide whether you should be offered a job. We also need to process data from you to respond to and defend against legal claims.
We process information about whether or not you are disabled to make reasonable adjustments for you if you have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.
Where we process other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes.
We also seek information about criminal convictions and offences because it is necessary for us to carry out our obligations and exercise specific rights in relation to employment.
If your application is unsuccessful and you provide us with consent, we will keep your personal data on file in case there are future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.
3. Who has access to your data?
Your information will be shared internally for the purposes of the recruitment exercise and within the Affinion Group and all our subsidiary group companies where necessary. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.
Whenever we process or transfer your personal data out of the EEA, we always ensure that an adequate level of protection is afforded to it. It is the case for example when we process or transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (to see the list, please visit: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.
Whenever our affiliates or providers based in the US process your data, we include relevant mechanisms (such as standard contractual clauses approved by the European Commission, so-called EC model clauses) in contracts and agreements with them and/or rely on the EU-US Privacy Shield framework when our affiliate or provider is Privacy Shield certified to ensure that any processing of your data is in accordance with Privacy Shield obligations, namely : Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access and Recourse; and Enforcement and Liability.
You can contact our Data Protection Officer if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
4. How do we protect your data?
Securing your personal and non-personal information is very important to us. All our databases are held in a secure environment and (except for law enforcement authorities in limited circumstances), only those Affinion employees or other persons who need access to your data in order to perform their duties are allowed such access. Any of these employees or persons who violate our privacy and/or security policies may be subject to disciplinary action, including possible termination and civil and/or criminal prosecution.
Where you are using our websites, we take proactive steps to put safeguards in place to provide for the secure transmission of your data from your computer to our servers. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us, and us and you, will be free from unauthorised access by third parties, such as hackers. We have implemented all necessary and reasonable technical and organisational measures to protect your data including:
• data minimisation and encryption of personal data;
• the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
• a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Our websites utilise Standard SSL encryption on pages where secure information is transmitted over the Internet. We also use Verisign as our Certificate of Authority. If you would like more information on our Verisign Certificate, please visit https://www.verisign.com/?dmn=verisign.co.uk
5. How long do we retain your data?
If your application for employment is unsuccessful, we will hold your data on file for 12 months after the end of the relevant recruitment process. At the end of that period your data is deleted unless you request us to delete it earlier.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. We will hold your data on file for 6 years from the date of termination of your employment. Further information on periods for which your data will be held will be provided to you once employed by us.
6. Your rights
As a data subject, you have a number of rights. You can:
• access and obtain a copy of your data on request;
• require the organisation to change incorrect or incomplete data;
• require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
• object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact our Data Protection Officer by email at firstname.lastname@example.org.
If you have a concern about your data or a question about this Policy for our Data Protection Officer, please contact them by email at email@example.com. If you are not happy with the response you received or believe your data has not been used in accordance with this policy and therefore not processed in line with applicable laws, you may lodge a complaint with the Information Commissioner’s Office (ICO), the UK Supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
7. What happens if you do not provide your data?
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we will not be able to process your application properly or at all.
To view our latest opportunities please click here.