Privacy notice

QA Recruitment Privacy Notice – (version 1.2 14th January 2020)

The QA group of companies ("QA", "we", "our" or "us") are committed to ensuring that your privacy is protected. This Privacy Notice describes how we use the personal information that we collect from you, or that you provide, when you are visiting our career website and applying for our vacancy or submitting your details.

QA acts as the Data Controller within our relationship during the recruitment process. If your details have been submitted to us by a preferred 3rd party supplier, the agent acting on your behalf may be a data controller in their own right or data processor acting on our behalf.

Why do we have a Privacy Notice?

Protecting the privacy and security of your personal information is something that is required by law and which QA is committed to as an organisation.

Within this Privacy Notice, we outline how and why we collect your personal information as well how we use it throughout our application process and when you join QA in accordance with GDPR and Data Protection Act (2018). On becoming an employee of QA, you will need to refer to the QA Employee Privacy Notice, which explains further how we meet the requirements of legislation for our employees.

The lawful basis for using your personal data

Our lawful basis for processing your personal information will vary depending on the specific context in which we process it.

We may rely on one or more of the following lawful bases:

  • where we have your consent to do so;
  • where we need the personal information to enter into a contract with you;
  • Legal obligation – where we process your data to comply with the law;
  • where the processing is undertaken on the grounds of legitimate interest and is not overridden by your rights.

For successful or unsuccessful candidates, prospective candidates, referees and customers, we will only collect, store, use, process, transfer and disclose personal data in so far as it is necessary to engage during the recruitment process and ultimately when creating a contract of employment. We need the information in order to assess suitability for potential roles, to find potential candidates, to contact referees and where necessary, 3rd parties that QA are recruiting on behalf of.

Personal data you give us directly or indirectly

You may give us personal data by filling in application forms on our site or by communicating with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site directly, on behalf of QA employees, 3rd parties, subscribe to our careers website/job alert updates, submit your CV to us or for any other purpose.

Here are some examples of the type of personal data you or the 3rd party representing you may give us:

  • personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
  • date of birth;
  • gender;
  • National Insurance number;
  • bank account details, payroll records and tax status information;
  • recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
  • results of HMRC employment status check; and
  • Identity verification documents including; passport, driving licence, birth certificate, UK government issued ID, nationality and other supporting documents as required for vetting purposes (this will vary from role to role)
  • Criminal convictions and offences – spent and unspent
  • Marital status

Special category personal data

We may also collect, store and use the following “special categories” of more sensitive personal information (mainly during the onboarding process) that you or others provide about you, however, we always ask for your consent before undertaking such processing:

  • Racial or ethnic origin.
  • Political opinions.
  • Religious and philosophical beliefs.
  • Trade union membership.
  • Genetic data.
  • Biometric data for the purpose of uniquely identifying a natural person.
  • Data concerning health.
  • Sex life and sexual orientation.
  • Health data may include any medical condition, health and sickness records, including where you leave employment and the reason for leaving is determined to be ill-health, injury or disability.

Some data is collected to assist us in monitoring our diversity and inclusion practices e.g. ethnicity and gender. Where this is the case it will be anonymised for reporting and statistical purposes.

Personal data we receive from other sources

We may receive personal information about you from 3rd party sources (such as your current and previous employer(s) (if you accept a position with QA), or 3rd Parties if you apply for a position through one of our partners, but only where these 3rd Parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. We collect only the minimum amount of information required from these 3rd Parties to enable us to provide recruitment communication or process any application you send to us – refer to section “Personal data you give us directly or indirectly”. We only use the information we receive from these 3rd Parties as set out in this Privacy Notice.

We also work closely with 3rd Parties (including, for example, business partners, subcontractors in technical services, advertising networks, analytics providers, search information providers, and background verification checking services/agencies) and may receive information about you from them.

We use LinkedIn, job boards (and their affiliate partners) and internet searches as publicly available sources of personal data for recruitment purposes. We may also receive information about you by word of mouth, for example by a recommendation from a friend, former or current employer(s) or former or current colleague(s).

Information that we collect automatically

When you visit our Websites, we may collect certain information automatically from your device. The information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. Please refer to our “Cookie Policy” for further details.

Processing your personal data.

QA takes information security and data privacy very seriously. QA is certified to ISO27001:2013 and Cyber Essentials Plus, thus provides a comprehensive ISMS to manage the confidentiality, availability and integrity of the data trusted to it.

The personal information you provided to us is stored within QA and 3rd Party secure servers. We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.

Please note that the transmission of information via the internet (including email) is not completely secure and therefore, although we endeavour to protect the personal information you provide to us, we cannot guarantee the security of data sent to us electronically and the transmission of such data is therefore entirely at your own risk.

We retain personal information we collect from you where we both have an ongoing legitimate interest (for example, to retain your details for suitable future vacancies unless you express a preference otherwise).

When we have no ongoing legitimate interest or statutory need to process your personal information, we will either delete or anonymise it.

If you no longer wish us to process your information in this way, you must inform us (email recruitment@qa.com) and provide notice to us to cease processing your personal data.

Where we have given you (or where you have chosen) a password so that you can access certain parts of our sites and portals, you are responsible for keeping these passwords confidential.

How will we use your personal data?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • to make it (including your CV) available to relevant QA employees in connection with the recruitment process, unless you request otherwise as stated above;
  • if you have applied for a job the information you provide, including your CV identifying you by name, will be used to determine your suitability for the position and, if applicable, in determining terms of employment or engagement;
  • in management information used to monitor recruitment initiatives and equal opportunities, diversity and inclusion policies and practices and is anonymised where appropriate;
  • if your application is progressed further, details may be disclosed to third parties (such as educational institutions, present and past employers, our employees and directors, credit reference agencies, insurance companies etc.) for reasons such as the verification of, or obtaining extra, information
  • for the purposes of ensuring the validity of right to work documents and other ID your details may be disclosed to an identity verification company who will conduct a soft credit check as part of the verification. This check, although present on your credit file, will not affect your credit score;
  • if required by law or for the purposes of our business requirements (e.g. to auditors or third party service suppliers);
  • to provide you with information about other opportunities we offer that are similar to those that you have already enquired about;
  • to personalise the content displayed on our website in order to present you with more relevant jobs and content based on your interests;
  • to set up an online profile for you on our site.

How long do we keep your personal data?

We may keep any of your personal data provided to us (in line with the Personal data you give us directly or indirectly and Special category personal data sections above) in accordance with the following data retention periods:

  • Candidate personal data – 2 years from registering on our Applicant Tracking Service (ATS) portal. Candidates include applicants for all vacancies we advertise, including permanent, part-time and temporary positions. This also includes individuals put forward by any of our 3rd parties.
  • We will permanently erase or anonymise your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so. However, some of your data may still exist within our systems e.g. backups.

You will receive emails from our ATS to alert you when your profile has reached the 2 (two) year data retention period. If you decide that you wish to remain on our data base, the retention period will reset. We both have a responsibility to ensure that the personal data provided remains accurate and up to date. You can update your data via the recruitment portal at any time.

Disclosing your information

We may disclose your personal information to any company within our corporate group. This includes, where applicable, our subsidiaries, our holding company and its subsidiaries. This will only be done where sharing is in line with the original purpose of processing the data.

We will also disclose, where required, your personal information with:

  • 3rd party service providers and partners who provide data processing services to us (for example, to support the delivery of Services), or who otherwise process personal information for purposes that are described in this Privacy Notice;
  • 3rd party funders, where required for apprenticeships or further/higher education;
  • your employer or other third parties, where you have instructed us to obtain references. This may include exam results as well as other personal data as and when required.
  • other 3rd parties with potential work placements or employments – where we do this, we will provide notice;
  • any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation (and may not be able to inform you so as not to compromise any investigation or other proceedings), or otherwise to protect our rights or the rights of any third party; and to
  • any other person with your consent to the disclosure.

3rd Party links

You might find links to third party websites on our Websites or within documentation we provide.

If you access other websites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their own Privacy Notices which you should review.

We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

Social Networking

The Website may offer you the opportunity to share or follow information about us (or the Website or our Services) using third party social networking functionality (such as through "share this", "like" or "follow" buttons).

We offer this functionality in order to generate interest in us, the Website and our Services among the members of your social networks, and to permit you to share and follow opinions, news and recommendations about us with your friends. However, you should be aware that sharing personal or non-personal information with a social network may result in that information being collected by the social network provider or result in that information being made publicly-available, including through Internet search engines.

Please note that we do not exercise, endorse, secure or control the policies or practices of any third party social network whose functionality you may access through the Website.

You should always carefully read the Privacy Notice of any social network through which you share information in order to understand their specific privacy and information usage practices.

International data transfers

For some of our Services, your personal information may be transferred to, and processed in, countries outside of the EEA. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These measures include transferring your personal data to third parties who are located in a country which the European Commission has determined has data protection laws that are at least as protective as those in Europe, and transferring your personal data to third parties who have entered into standard contractual clauses with us. For more information about these safeguards please contact us using the contact details provided below.

Contacting us

The data controller of your personal information will be the QA group entity that you are dealing with.

We welcome any queries, comments or requests you may have regarding this Privacy Notice. Please do not hesitate to contact us, or our DPO, via email at: privacy@qa.com

Changes to the Privacy Notice

We may change this Privacy Notice from time to time by updating this document. The online version is available at: https://qa-vacancies.qa.com/brochure/DataProtection.aspx

If material changes are made to this Privacy Notice, we will notify you by placing a prominent notice on the Website or by contacting you to let you know via the contact details you have provided us with.

You should check this page from time to time to ensure that you are happy with any changes.