Privacy notice

QA Recruitment Privacy Notice – (version 1.3 revised 22/07/2020)

The QA group of companies ("QA", "we", "our" or "us") are committed to ensuring that your privacy is protected. This Privacy Notice describes how we use the personal information that we collect from you, or that you provide, when you are visiting our career website and applying for our vacancy or submitting your details.

QA acts as the Data Controller within our relationship during the recruitment process. If your details have been submitted to us by a preferred 3rd party supplier, the agent acting on your behalf may be a data controller in their own right or data processor acting on our behalf.

Why do we have a Privacy Notice?

Protecting the privacy and security of your personal information is something that is required by law and which QA is committed to as an organisation.

Within this Privacy Notice, we outline how and why we collect your personal information as well how we use it throughout our application process and when you join QA in accordance with GDPR and Data Protection Act (2018). On becoming an employee of QA, you will need to refer to the QA Employee Privacy Notice, which explains further how we meet the requirements of legislation for our employees.

The lawful basis for using your personal data

Our lawful basis for processing your personal information will vary depending on the specific context in which we process it.

We may rely on one or more of the following lawful bases:

· where we have your consent to do so;

· where we need the personal information to enter into a contract with you;

· Legal obligation – where we process your data to comply with the law;

· where the processing is undertaken on the grounds of legitimate interest and is not overridden by your rights.

For successful or unsuccessful candidates, prospective candidates, referees and customers, we will only collect, store, use, process, transfer and disclose personal data in so far as it is necessary to engage during the recruitment process and ultimately when creating a contract of employment. We need the information in order to assess suitability for potential roles, to find potential candidates, to contact referees and where necessary, 3rd parties that QA are recruiting on behalf of.

Personal data you give us directly or indirectly

You may give us personal data by filling in application forms on our site or by communicating with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site directly, on behalf of QA employees, 3rd parties, subscribe to our careers website/job alert updates, submit your CV to us or for any other purpose.

Here are some examples of the type of personal data you or the 3rd party representing you may give us:

· personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;

· date of birth;

· gender;

· National Insurance number;

· bank account details, payroll records and tax status information;

· recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);

· results of HMRC employment status check; and

· Identity verification documents including; passport, driving licence, birth certificate, UK government issued ID, nationality and other supporting documents as required for vetting purposes (this will vary from role to role);

We may also process your data in relation to COVID-19 or within other crisis management activities.

· Criminal convictions and offences – spent and unspent;

· Marital status.

Special category personal data

We may also collect, store and use the following “special categories” of more sensitive personal information (mainly during the onboarding process) that you or others provide about you, however, we always ask for your consent before undertaking such processing:

· Racial or ethnic origin;

· Political opinions;

· Religious and philosophical beliefs;

· Trade union membership;

· Genetic data;

· Biometric data for the purpose of uniquely identifying a natural person;

· Data concerning health;

· Sex life and sexual orientation.

Health data may include any medical condition, health and sickness records, including where you leave employment and the reason for leaving is determined to be ill-health, injury or disability.

Some data is collected to assist us in monitoring our diversity and inclusion practices e.g. ethnicity and gender. Where this is the case it will be anonymised for reporting and statistical purposes.

Personal data we receive from other sources

We may receive personal information about you from 3rd party sources (such as your current and previous employer(s) (if you accept a position with QA), or 3rd Parties if you apply for a position through one of our partners, but only where these 3rd Parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. We collect only the minimum amount of information required from these 3rd Parties to enable us to provide recruitment communication or process any application you send to us – refer to section “Personal data you give us directly or indirectly”. We only use the information we receive from these 3rd Parties as set out in this Privacy Notice.

We also work closely with 3rd Parties (including, for example, business partners, sub-contractors in technical services, advertising networks, analytics providers, search information providers, and background verification checking services/agencies) and may receive information about you from them.

We use LinkedIn, job boards (and their affiliate partners) and internet searches as publicly available sources of personal data for recruitment purposes. We may also receive information about you by word of mouth, for example by a recommendation from a friend, former or current employer(s) or former or current colleague(s).

Information that we collect automatically

When you visit our Websites, we may collect certain information automatically from your device. The information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. Please refer to our “Cookie Policy” for further details.

Processing your personal data

QA takes information security and data privacy very seriously. QA is certified to ISO27001:2013 and Cyber Essentials Plus, thus provides a comprehensive ISMS to manage the confidentiality, availability and integrity of the data trusted to it.

The personal information you provided to us is stored within QA and 3rd Party secure servers. We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.

Please note that the transmission of information via the internet (including email) is not completely secure and therefore, although we endeavour to protect the personal information you provide to us, we cannot guarantee the security of data sent to us electronically and the transmission of such data is therefore entirely at your own risk.

We retain personal information we collect from you where we both have an ongoing legitimate interest (for example, to retain your details for suitable future vacancies unless you express a preference otherwise).

When we have no ongoing legitimate interest or statutory need to process your personal information, we will either delete or anonymise it.

If you no longer wish us to process your information in this way, you must inform us (email and provide notice to us to cease processing your personal data.

Where we have given you (or where you have chosen) a password so that you can access certain parts of our sites and portals, you are responsible for keeping these passwords confidential.

How will we use your personal data?

We will only use your personal data where the law allows us to. Most commonly, we will use your personal data in the following circumstances:

· to make it (including your CV) available to relevant QA employees in connection with the recruitment process, unless you request otherwise as stated above;

· if you have applied for a job the information you provide, including your CV identifying you by name, will be used to determine your suitability for the position and, if applicable, in determining terms of employment or engagement;

· in management information used to monitor recruitment initiatives and equal opportunities, diversity and inclusion policies and practices and is anonymised where appropriate;

· if your application is progressed further, details may be disclosed to third parties (such as educational institutions, present and past employers, our employees and directors, credit reference agencies, insurance companies etc.) for reasons such as the verification of, or obtaining extra, information

· for the purposes of ensuring the validity of right to work documents and other ID your details may be disclosed to an identity verification company who will conduct a soft credit check as part of the verification. This check, although present on your credit file, will not affect your credit score;

To comply with the applicable legislation surrounding COVID-19 test and trace or other crisis management schemes;

· if required by law or for the purposes of our business requirements (e.g. to auditors or third party service suppliers);

· to provide you with information about other opportunities we offer that are similar to those that you have already enquired about;

· to personalise the content displayed on our website in order to present you with more relevant jobs and content based on your interests;

· to set up an online profile for you on our site.

How long do we keep your personal data?

We may keep any of your personal data provided to us (in line with the Personal data you give us directly or indirectly and Special category personal data sections above) in accordance with the following data retention periods:

· Candidate personal data – 2 (two) years from registering on our Applicant Tracking Service (ATS) portal. Candidates include applicants for all vacancies we advertise, including permanent, part-time and temporary positions. This also includes individuals put forward by any of our 3rd parties.

· We will permanently erase or anonymise your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so. However, some of your data may still exist within our systems e.g. backups.

You will receive emails from our ATS to alert you when your profile has reached the 2 (two) year data retention period. If you decide that you wish to remain on our data base, the retention period will reset. We both have a responsibility to ensure that the personal data provided remains accurate and up to date. You can update your data via the recruitment portal at any time.

Disclosing your information

We may disclose your personal information to any company within our corporate group. This includes, where applicable, our holding company and its subsidiaries. This will only be done where sharing is in line with the original purpose of processing the data.

We will also disclose, where required, your personal information with:

· 3rd party service providers and partners who provide data processing services to us (for example, to support the delivery of Services), or who otherwise process personal information for purposes that are described in this Privacy Notice;

· 3rd party funders, where required for apprenticeships or further/higher education;

· your employer or other third parties, where you have instructed us to obtain references. This may include exam results as well as other personal data as and when required.

· other 3rd parties with potential work placements or employments – where we do this, we will provide notice;

· NHS or other authorised government agencies in connection with COVID-19 containment measures or other crisis management scenarios;

· any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation (and may not be able to inform you so as not to compromise any investigation or other proceedings), or otherwise to protect our rights or the rights of any third party; and to

· any other person with your consent to the disclosure.

3rd Party links

You might find links to third party websites on our Websites or within documentation we provide.

If you access other websites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their own Privacy Notices which you should review.

We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

Social Networking

The Website may offer you the opportunity to share or follow information about us (or the Website or our Services) using third party social networking functionality (such as through "share this", "like" or "follow" buttons).

We offer this functionality in order to generate interest in us, the Website and our Services among the members of your social networks, and to permit you to share and follow opinions, news and recommendations about us with your friends. However, you should be aware that sharing personal or non-personal information with a social network may result in that information being collected by the social network provider or result in that information being made publicly-available, including through Internet search engines.

Please note that we do not exercise, endorse, secure or control the policies or practices of any third party social network whose functionality you may access through the Website.

You should always carefully read the Privacy Notice of any social network through which you share information in order to understand their specific privacy and information usage practices.

International data transfers

For some of our Services, your personal information may be transferred to, and processed in, countries outside of the EEA. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These measures include transferring your personal data to third parties who are located in a country which the European Commission has determined has data protection laws that are at least as protective as those in Europe, and transferring your personal data to third parties who have entered into standard contractual clauses with us. For more information about these safeguards please contact us using the contact details provided below.

Lawful basis (EEA visitors only)

Our lawful bases for collecting and using personal information will depend on the personal information being collected and the specific context in which we collect it.

However, we will normally collect personal information from you only:

· where we need the personal information to perform a contract with you (for example, to apply for a job with us);

· where the processing is undertaken on the grounds of legitimate interest and is not overridden by your rights; or

· where we have your consent to do so.

In respect of data processed within COVID-19 frameworks;

· Substantial Public Interest

· Vital interests of the individual or other individuals

In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the lawful bases on which we collect and use your personal information, please contact us using the contact details provided below.

Contacting us

The data controller of your personal information will be the QA group entity that you are dealing with.

We welcome any queries, comments or requests you may have regarding this Privacy Notice. Please do not hesitate to contact us, or our DPO, via email at:

Changes to the Privacy Notice

We may change this Privacy Notice from time to time by updating this document. The online version is available at:

If material changes are made to this Privacy Notice, we will notify you by placing a prominent notice on the Website or by contacting you to let you know via the contact details you have provided us with.

You should check this page from time to time to ensure that you are happy with any changes.