PLEASE NOTE: This statement is also available to view online by clicking here.
This notice is applicable to people using TalentVine to apply for roles with Farncombe Estate.
We need to process personal data about people applying to work for us so that we can carry out our role (for example, by ensuring that we have the right staff to deliver our services) and so we can meet our legal and contractual responsibilities as an employer.
What is the purpose of this Notice
Farncombe Estate is committed to ensuring that your privacy is protected. This Privacy Notice sets out why Farncombe Estate is collecting your personal data, and how we will use and protect it.
Farncombe Estate is the Data Controller and processes and stores information in accordance with the data protection legislation of the UK and in line with our policies and procedures. The Data Protection Officer can be contacted at: Farncombe Estate, Broadway, Worcestershire, WR12 7L.
What we need
As part of the recruitment process we need to collect
Why we need it
This data is collected so that we can
What we do with it
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect from you.
The data will be held on the portal (in line with the TalentVine privacy notice) and accessed by Farncombe Estate staff in the recruitment process.
We will not use your data to make any automated decisions
How long we keep it
In some cases we are required by law to keep your personal data for a minimum period.
Your personal data will be stored in line with our Retention Schedules and relevant legislation and regulation.
The retention period for the data collected through this portal is 6 months for unsuccessful applicants.
If you are successful, copies of your application and information uploaded to the TalentVine website may be extracted and held locally to include on your employee file.
What are your rights
You are able to exercise the following rights of access under Data Protection legislation and you can do this by contacting the Data Protection Officer. Each request will be considered against other relevant legislation and regulation:
How you can control your personal information
As well as exercising your rights, you may choose to restrict the collection or use of your personal information and will be provided with the opportunity to do so. For example:
If you believe that any information we are holding on you is incorrect or incomplete, please contact us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
What if you are not satisfied
If you are not satisfied with how your personal data is processed, or your access request is handled, we offer an internal review procedure which provides you with the opportunity for your matter to be independently reviewed within 20 working days of the complaint being received. You can request this by contacting the Data Protection Officer.
Alternatively you can log a complaint directly with the Information Commissioner’s Office. The address for the Information Commissioner is:
The Information Commissioners Office
The ICO website is available at: www.ico.org.uk
PLEASE NOTE: This is a bullet point summary of our commitments and practices under the GDPR, the full statement can be found below.
We are Workvine Ltd t/a Talentvine. We provide the software the recruiter uses to manage your application and are the primary "Data Processor" dealing with your application.
For direct recruiters, they are a "Data Controller", for agencies, depending on their recruitment practice, they may be a "Data Controller" (usually for temp role recruitment) or "Data Processor" (usually for permanent roles with an employer).
There may be other data processors involved in the process and you will be informed of their involvement. If we need to, we will ask you before providing these third parties with your data. Some third parties can be passed limited data about you without the need for consent.
When processing an application, we gather the following information as a minimum:
This data is used to enable a recruiter to contact you about the vacancy you've applied to.
When you apply via a job board, sometimes, they send more information than we require. We store this extra information for auditing purposes only. This data may include prior work experience and other employment information you have provided to them in the past.
The Data Controller can ask for further information when processing your application using custom forms defined by them. Custom form data is only ever processed in relation to your application.
For more details on any of these points, please refer to our full GDPR data management statement.
By submitting your details, your data will be added to a talent pool which will be used by recruiters to match you against any suitable vacancies that they may have now and in the future. When in the talent pool, you may receive occasional invitations to apply to vacancies from the employer to whom the talent pool belongs.
You can remove yourself from the talent pool at any time by removing your "application" to it using the Applicant Portal provided to you.
There may be several stages of your application that allow us to process your data in an automated, semi-automated or manual way, each of which is described below.
As part of your application, if you have not provided explicit consent, we may need to ask you for consent later in the process to do something specific to your application.
If we require consent to perform a specific action, we will automatically e-mail you and ask that you provide consent. If you decline or do not provide consent within a pre-defined response time, we will assume that you do not consent and will proceed with your application in a way that is permitted under legitimate interest.
Talentvine is a trading name of Workvine Ltd and is a reseller of the iintegra Talent Acquisition Platform from iintegra Ltd.
iintegra Ltd ("iintegra") takes the privacy and security of your information very seriously. This policy explains how and for what purposes we use the information collected about you via the iintegra Talent Acquisition Platform (referred to below as the “TAP”). Please read this data management policy carefully.
For the purposes of the GDPR, iintegra is classed as a Data Processor and processes your information on behalf of the Data Controller.
If you have any queries about the policy, please get in touch with us using the contact details set out here and we will do our best to answer your questions.
iintegra uses the Azure platform from Microsoft to deploy its servers. All of the servers used by the iintegra platform are restricted to physical locations based in the European Union.
Microsoft and its employees do not have access to any data stored on the iintegra platform. However, restricted access may be required occasionally to assist with technical issues as they arise.
The TAP is configurable on a client by client basis to collect any data they deem reasonable for the purposes of recruiting individuals to open positions that they have.
The TAP requires a minimum of information to start an application which is set out below:
The TAP may be configured by the client to request additional information from you in furtherance of your application.
The TAP uses the information you provide to assist our client in the management of the application.
Where our client requires a third party to process your data, we will make the minimal amount of information available for the process to work. Your data may be shared with a third party as part of your application process for the purposes of telephone interview, assessment or background checks.
We have implemented technology and policies to safeguard your privacy from unauthorized access and improper use. We use secure sockets, currently implementing the TLS v1.2 standard to encrypt any personal information you need to input before it is sent to us. Your password is stored as a one-way hash (a special string of characters mathematically generated using your password as a starting point) using the SHA-512 hashing algorithm which does not contain any trace of your original password. When you login, we re-calculate the hash based on the password you provide and compare it with the hash we store.
All of your data is stored within encrypted databases and on storage mediums with encryption enabled. This is typically referred to as encryption at rest.
As the data processor, we provide services and facilities that help you to manage your data and exercise your rights according to the GDPR. These facilities are outlined below:
At any time, you can access your application management portal and withdraw your consent for each application individually. When you withdraw consent, your application will still be processed but under the stricter "Legitimate Interest" clauses of the GDPR.
In addition to the ability to withdraw your consent for individual applications, you can at any time remove either individual applications or all of your data from iintegra in your account. When you do this, anonymised copies of your applications are retained for reporting purposes.
If you are unhappy with the way your data has been handled, you have the right to complain at any time. If you wish to make a complaint, please contact our Data Protection Officer via our Support portal by emailing email@example.com. You also have the right to lodge complaints with the Information Commissioners Office. Please visit https://ico.org.uk/concerns/ for further information or to start a live chat. Alternatively, you may call the ICO on 0303 123 1113.
When you make your application, we store a one-way hash of your e-mail address against the vacancy to which you apply in order to detect and prevent duplicate applications. This hash is not connected to your personal data and will be retained if you remove an application or your entire account.
When you apply to a vacancy, we calculate a one-way hash of the e-mail address you provide and compare the hash against any previous hashes we have stored for that vacancy. If we find a match using this technique, we prevent the application from being made.
We review the ways we manage your information in accordance with the guidelines and legal requirements set out by the GDPR and other relevant Data Protection acts. As a result of these reviews we may change how we manage and store the information collected and who we share it with. Consequently, this privacy notice may be updated from time to time.
Contact us with your views about our privacy practices, or with any enquiry relating to your personal information. You can do so by sending an e-mail to the data officer or write to us at Florence House, St. Mary's Road, Hinckley, LE10 1EQ.
Date : 30/Apr/2018