Talent GDPR and Privacy Notice
1. Purpose of This Notice
Outdoor and Cycle Concepts Ltd (O&CC) values the right to your privacy and is committed to ensuring all personal data is obtained, processed, and used in a safe, secure, ethical, and transparent way. Your privacy is important to us and we commit ourselves to processing your personal data both carefully and sensibly, in conformity with the principles laid out in this document during and after the recruitment process.
This notice is meant to help you understand what personal data we collect about you, why we collect it and what we do with it. References to personal data in this notice include – but are not necessarily limited to – any information which directly or indirectly identifies you, such as your name and surname, e-mail address and other forms of online and offline identifiers, your address, skills and work experience, and education history.
The information in this document applies in conjunction with other People policies. It intends to inform candidates about the processing of their personal data to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the ‘General Data Protection Regulation’ or ‘GDPR’).
This notice outlines what personal data we collect about you (Section 3.1 & 3.2), what legal grounds we rely on to collect your personal data (Section 3.3), how we protect your personal data (Section 4), to whom we disclose your personal data (Section 5), if necessary, outside the European Union (Section 6). In addition, we also define for how long we need to keep your personal data (Section 7) and which measures we adopt in order to securely and permanently remove your personal data when the right time comes (Section 8).
2. Who Controls Your Personal Data
O&CC is the controller of your personal data that is processed in relation to your application and recruitment under the applicable data protection legislation. Our registered address is Unit 11, Kemble Business Park, Crudwell, Malmesbury, Wiltshire, SN16 9SH. O&CC is registered in the United Kingdom under company number 3382348.
3. How We Collect and Process Your Personal Data
3.1 Information We Collect from You
Because your privacy is of high importance to us, we intend to remain open and transparent about how we use your personal data. As a general principle, O&CC will only collect and process your personal data if this is required for the start, administration, and management of your recruitment and potential employment with us.
In the context of your recruitment, we may thus collect, use, and disclose (these are all forms of ‘processing’) the following types of your personal data:
- Information that you provide when you apply for a role. This includes information provided through an online job site, via e-mail, in person at interviews and/or by any other method.
- In particular, we process personal details such as name, e-mail address, address, telephone number, date of birth, qualifications, information relating to your employment history, skills experience that you provide to us, as well as your video if you conduct your interview using a video interview option.
- If you contact us, we may keep a record of that correspondence.
- A record of your progress through any hiring process (directly or through a nominated third party) that we may conduct.
- Details of your visit to our recruitment platform (Octo Platinum’s website), including but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to Octo Platinum’s website, and the resources that you access.
- In our offices, our stores, and our warehouses we use cameras to ensure the security of our employees, products, and business process. We save and use the images within a clear framework, in line with the governing employment contract and applicable regulations. More information can be found in the O&CC CCTV policy.
Although we are considered ‘data controllers’, the ultimate control over your personal data remains with you at all times. As the person whom the personal data concerns, you have the right to a transparent response to your request for transparency and access to the personal data we currently maintain about you. In case you notice an error in your personal data or any information that is not up-to-date, you may also request that we rectify the inaccurate or incomplete personal data. You also have the right to request that we remove all or parts of your personal data. Due to applicable legal requirements, we may not always be able to fully fulfil your request, but we will always be fully transparent about any removal and retention of personal data.
3.2 Information we collect from Other Sources
Some job boards allow us to search databases which may include your personal data (including your CV or resumé), to find possible candidates to fill our job openings. Where we find you in this way, we will obtain your personal data from these sources.
We may receive your personal data from a third party who recommends you as a candidate for a specific job opening or for our business more generally.
3.3 Lawful Basis for Processing Personal Data
We use Octo Platinum, an online application provided by Blue Octopus, to assist with our recruitment process. We use Octo Platinum to process personal information as a data processor on our behalf. Octo Platinum is only entitled to process your personal data in accordance with our instructions We also use a selection of third party applications and providers to support with sourcing and selection activity
We rely on legitimate interest as the lawful basis on which we collect and use your personal data. Our legitimate interests are the recruitment of staff for our business.
Where you apply for a job opening, we rely on your consent, which is freely given by you during the application process, to disclose your personal data on the basis described below.
We use information held about you in the following ways:
- To consider your application in respect of a role for which you have applied.
- To consider your application in respect of other roles.
- To communicate with you in respect of the recruitment process.
- To enhance any information we receive from you with information obtained from third party data providers.
- To find appropriate candidates to fill our job openings.
- To help our service providers (such as Octo Platinum and it’s processor and data providers) and Partners (such as the job sites through which you may have applied) improve their services.
3.4 Automated Decision Making/Profiling
We may use Octo Platinum’s technology, or a third party, to select appropriate candidates for us to consider, based on criteria expressly identified by us, or typical in relation to the role for which you have applied for. The process of finding suitable candidates can be automated; however, any decision as to who we will engage to fill the job opening will be made independently by the hiring manager.
3.5 Vacancy Alerts
Some candidates might be genuinely interested in receiving ‘Vacancy Alerts’ about new and relevant vacancies however, we understand not everyone feels the same way. Therefore, the processing of your personal data for ‘Vacancy Alert’ purposes is based solely on your explicit prior consent, which means we will not send you ‘Vacancy Alerts’ if you do not want to receive them.
If you wish to receive Vacancy Alerts, you are able to create a candidate account and subscribe under the ‘Job Alert Preferences’ section, in which case we will process your email address and your vacancy preferences.
Once subscribed you can object at any time by editing your Account Details in the Octo Platinum system: https://outdoorcycleconcepts.octo-firstclass.co.uk/.
4. How We Protect Your Personal Data
We are committed to protecting your personal data with great care against any unauthorised access, unlawful use, accidental loss, corruption, or destruction. In a multitude of ways, we take measures at technical and organisation level to ensure that personal data of our candidates remains secure at all times. Also, we continuously evaluate the measures we take to make sure that they remain up-to-date and adhere to industry standards and best practices in the context of cyber and information security.
At a technical level, we make sure that our network and information systems are appropriately secured against malicious attackers and threats from the outside. We also ensure that our systems are continuously scanned for malicious packages that shouldn’t be there.
At an organisation level, we make sure that the right people are in the right place. This means that we have clear roles and responsibilities within the organisation to take care of the security of our network and information systems, the protection of our information in general, and our compliance with applicable data protection regulations.
5. External Parties with Whom We May Share Your Personal Data
In some cases, we rely on external service organisations to assist us with the administration and management of our recruitment process. In this context, we share (sub)sets of your personal data with external service organisations to make sure that they can provide their service with appropriate quality and efficiency.
When we share your personal data with external service providers, we require these organisations to treat your personal data with the same care and according to the same standards we do.
To do so, we put clear contractual agreements in place with third party service organisations to stipulate mutual responsibilities and obligations that ensure the protection and secure treatment of personal data exchanged with them.
For example, we may share your Personal Data with:
- Sourcing and selection agents
- Professional advisors such as lawyers and consultants.
- Processors such as providers of cloud hosting solutions or translation companies.
- An auditor, regulator, or to otherwise comply with the law.
- Clients, potential clients or collaborating partners where this was the purpose of collection.
6. International Transfers of Your Personal Data
As a general rule, we don’t transfer our candidate’s personal data to be processed by organisations outside the European Economic Area. Should this – in exceptional cases – be required, then we will ensure that personal data is processed in compliance with our standards and our requirements, for example by adding the European Commission’s Standard Contractual Clauses to the contractual agreement with the party outside of the European Economic Area.
In any of these cases, we still remain responsible for the protection of our candidate’s personal data.
7. How Long We Keep Your Personal Data
As a general principle, we keep personal data of our candidates as long as we explicitly need it or as long as we are legally required to do so.
We will hold all data for 12 months unless otherwise agreed (e.g. when you create a candidate account on Octo Platinum). Your personal data will be deleted on one of the following occurrences:
- Deletion of your personal data by you (or another person engaged by you)
- Receipt of a written request by you (or another person engaged by you) to us
- No longer required for the purpose it was submitted for
However, if you are successful in joining Outdoor and Cycle Concepts, we may hold your data for longer than 12 months as part of your employee file. We will notify you when we will do this.
8. How We Erase Your Personal Data
Taking into account our security measures, both technical and organisational, we also ensure that the security of information is taken into account when removing personal data from our information systems.
Based on the retention periods defined according to the principles set out in Section 7, we will erase personal data from our information systems securely and appropriately according to our best efforts. This means that information which is stored in a structured format (i.e. a database or a structured file storage system) will be removed effectively or anonymised fully to remove entirely all parts of the information that allow for individual identifying of the candidate.
9. Your Rights as Data Subjects
You are entitled to a number of rights that are attributed to data subjects in the applicable data protection regulation:
- Right to access – You have the right to request access to the personal data we process about you as a candidate for our organisation.
- Right to modification/rectification – You have the right to request any modification or rectification of your personal data if you notice any error or incompleteness in the personal data we store and process about you.
- Right to object – You have the right to object to any processing of your personal data by us in the context of your potential employer. However, any resulting objection or interruption is subject to the nature of processing and lawful basis by which personal data is processed.
- Right to erasure – You have the right to request erasure of your personal data that we process and store about you. However, any request for erasure is subject to the nature of processing and lawful basis by which personal data is processed.
- Right to data portability – You have the right to request a copy of all personal data that we store and process about you. According to our best efforts, we will provide you with an overview of all personal data we process about you in a structured, electronically readable format.
10. Other considerations
As part of the application process, you may be asked to complete our Equal Opportunities questionnaire. We will use this information as part of our Equality, Diversity and Inclusion strategy. All information is anonymised at completion of the questionnaire by the applicant. There may be few occasions where this information is passed onto third parties, such as for reporting purposes in Northern Ireland. Under no circumstances will the answers to these questions impact the decision making in offering/not offering a role.
For more details about your privacy rights or about the processing of your personal data in general you can get in touch with the People Team or with the Data Protection Officer.
For your information, we would also like to provide you with relevant information regarding the national Data Protection Authority overseeing our operations, issuing periodical guidance and ensuring that organisations adhere to the applicable data protection regulation.
Information Commissioner’s Office
Wycliffe House – Water Lane
Wilmslow, Cheshire – SK9 5AF
Tel. 0303 123 1113
Fax 01625 524510