Privacy Policy
Neilson Holidays Ltd – Recruitment Privacy Notice (Applicants)
We are fully committed to complying with Data Protection Act 2018 legislation, including the General Data Protection Regulation (GDPR), which regulates how we process personal information. Here we explain how we collect and use personal data during the recruitment process and subsequently, if you become an employee, tells you about your rights and gives contact details for help and advice.
The software we use to help manage recruitment processes is called Tribepad which is owned by Tribepad Limited. This means that your personal data is processed by Tribepad Limited (the ‘data processor’) on behalf of Neilson, following the instructions that we have set out.
What personal information do we collect about you?
As part of every recruitment process, Neilson collects and processes personal data relating to job applicants. This will include but is not limited to:
- Your name, address and contact details, including email address, telephone number and date of birth
- Details of your qualifications, skills, experience, employment history, other relevant experience and achievements
- Passport information – such as country of issue and expiry date
- Whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process
- Proof of your entitlement to work in the UK and/or the EU
- Equality monitoring information, including information about your gender, ethnic origin, sexual orientation, sexual identification, age, health and religion or belief.
- Employment references and the results of any pre-employment screening, including enhanced DBS checks and criminal checks
- The outcome and results of any interviews or tests which formed part of the recruitment process
- Pay details, national insurance number, tax coding and details of the bank or building society account
We collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including tests and/or online tests.
We will also collect personal data about you from third parties, such as references supplied by your former employers, information from employment background check providers and information from criminal records checks.
Data will be stored in a range of different places, including on your application record, in electronic HR Management Systems and on other IT systems (including email).
Why do we need collect and use personal data about you?
We need to collect and process data during the recruitment process and to make offers of employment to each successful candidate.
We will use this information to:
- Communicate with you about job applications made and provide you with alerts about vacancies for roles you have indicated you will be interested in.
- Evidence how you meet the requirements of the job being applied for.
- Make decisions about whether and how to progress your application through the various stages of the recruitment process.
- Initiate pre-employment and employment checks when job offers are made.
- Enter an employment contract with successful candidates.
- Help us maintain and promote equality in the workplace.
We process personal data because it is necessary to comply with our legal obligations which change throughout the recruitment process:
Consent: We use the personal data in your candidate profile to communicate with you and provide you alerts about vacancies for roles you have indicated you will be interested in.
Contract: Processing your data is necessary to move your application forward before signing a contract of work. This concerns employment or pre-employment checks.
Legal obligation: UK law requires Neilson as an employer to check that candidates are entitled to work in the UK and/or EU.
How we use your Personal Information
We will request your initial consent to process the personal data that you supply when you first apply for work with Neilson. However, after this point we will rely on legal and legitimate interests as reason for your processing data.
Whenever we use information, we will always limit this to only what is needed and ensure that it is used safely and securely. We require anyone we share information with, or who uses it on our behalf, to do so too.
All staff receive regular training on data protection and information security.
Who has access to your personal information?
Your information will be shared internally for the purposes of the recruitment process and only be accessed and processed by authorised personnel for the performance of their duties such as:
- Recruitment and Resourcing Team
- Hiring Managers
- People named by candidates as referees
- The DBS for criminal records checks
- Visa agencies and embassies if a working visa or permit is required
We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with:
- Former employers to obtain references for you
- Employment background check providers to obtain necessary background checks e.g. right to work checks
- Disclosure and Barring Service to obtain necessary criminal records checks.
- Our third-party payroll provider, to process salary and payroll information
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by organisations operating outside the EEA that work for us or for any of our suppliers (e.g. airlines, hoteliers, etc.).
Countries outside of the EEA may not have the same level of privacy laws as exist in the UK. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
How do we protect data?
Neilson takes the security of your data seriously and has a range of robust policies, processes and technical measures in place to safeguard personal information.
Access to systems that hold employment related information is restricted to authorised personnel using unique identifiers and passwords. Your information is stored on systems that are protected by secure network architectures and are backed-up on a regular basis (to a second secure location) for disaster recovery and business continuity purposes; and to avoid the risk of inadvertent erasure or destruction.
How long will we keep your information?
We only keep information for as long as it is needed.
If your application for employment is unsuccessful, we will hold your data on file for 12 months after the end of the relevant recruitment process. If you register and agree to allow us to keep your personal data on file, we will hold your data on file for 2 years from the date of your last access/update.
At the end of that period, your data will be deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your employee file and retained during your employment with us. The periods for which your data will be held is in line with our privacy notice, which states: Neilson retains personal data for seven years, after a customer’s last interaction with us, unless you exercise your right to be forgotten (see below). Data is retained for this period to ensure we can comply with any legal obligations that may arise where we are required to share historic data.
Third Party Processing
Neilson has a number of contracts with third party suppliers and service providers e.g. Payroll providers, visa agencies, who provide specialist services. These third parties will process candidate information in accordance with our instructions and make decisions regarding the information as part of the delivery of their services. They are also required to put in place appropriate security measures that ensure an adequate level of protection for personal information.
What Rights do you have?
You have a number of rights relating to the data we hold about you. These include the right to:
- Ask to see the personal information we hold about you
- Withdraw consent
- Ask us to change information we hold about you if it is wrong
- Ask us to delete the information we hold about you
- Ask us to limit the way we use your personal Information
- Ask for human intervention regarding decisions made about you by a computer
- Data portability (have your data transferred)
- Complain to the Information Commissioner’s Office
If you would like to exercise any of these rights or are unhappy with any aspect of how your information has been collected and/or used, please see our contact dataprotection@neilson.com
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to Neilson during the recruitment process. However, please be aware that if you decline, it will not be possible for your application to progress as we will be unable to process the data needed to do this.
Data Protection Officer Contact Details
The contact details for the Data Protection Officer for Neilson are outlined in our privacy policy https://www.neilson.co.uk/privacy-policy