Privacy Notice for Job Applicants

1. Introduction

Oxford nanoSystems Limited understands that your privacy is important to you and that you care about how your personal data is used. We are committed to protecting personal data and to fair and transparent processing.

Please read this privacy notice: it will help you to understand how we collect and use personal data from job applicants during the course of our recruitment process.

In accordance with UK data protection laws, we have implemented this privacy notice to inform you of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

2. Scope of this Policy

This policy applies to the prospective employees, apprentices, volunteers, placement students, advisors, workers and self-employed contractors of Oxford nanoSystem Limited (“OnS”).

For the purposes of this policy:

‘personal data’ is as defined in the Data Protection Act 2018 and the ‘UK GDPR’ as defined in that Act (collectively, “the Data Protection Legislation”) as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier
the ‘data controller’ for the purposes of the Data Protection Legislation is Oxford nanoSystems Limited (“OnS”, “we” or “us”), a limited company registered in England under company number 07523447, whose registered address is Unit 11 Blacklands Way, Abingdon Business Park, Abingdon, OX14 1DY.

3. Data Protection Principles

Under the Data Protection Legislation, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

processing is fair, lawful and transparent
data is collected for specific, explicit, and legitimate purposes
data collected is adequate, relevant and limited to what is necessary for the purposes of processing
data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
data is not kept for longer than is necessary for its given purpose
data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
we comply with the relevant Data Protection Legislation for international transfers of personal data

4. Types of Data Held

We keep a range of personal data from job applicants in order to manage and to carry out effective and efficient recruitment processes. We keep this data in restricted electronic format relating to each individual. This data may include (but is not necessarily limited to):

your name, gender, marital status, address and contact details, including email address and telephone numbers
information gathered during the recruitment process including your CV or cover letter, details of your education, academic and professional qualifications, skills and experience, employment history
references provided by former employers, supervisors or colleagues
details of your qualifications, skills, experience and employment history
information about your current level of remuneration, including benefit entitlements
whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process
information and documentation concerning your identity and entitlement to work in the UK including passports, birth certificate, driving licence, residence permits / cards and visas
information about your criminal record

5. Collecting your Data

You provide personal data to us directly during our recruitment or hiring process.

In some cases, we will collect data about you from third parties, such as from the public domain, employment agencies, information from employment background check providers, former employers and when gathering references or from criminal records checks permitted by law.

Should you be successful in your job application, we will gather further information from you, such as your bank details and emergency contact details once your employment begins.

6. Lawful Bases for Processing

The law on data protection allows us to process your data for certain reasons only. The information below categorises the types of data processing we undertake and the lawful basis we rely on.

We need to process data to take steps at your request prior to entering into a contract with you. We may also need to process your data to enter into a contract with you.

In some cases, we also need to process data to ensure that we comply with our legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability.

We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We also need to make decisions about salary and contractual and other benefits to provide. We may also need to process data from job applicants to respond to and defend against legal claims or to prevent fraud. For some roles, we are obliged to seek information about criminal convictions and offences. Where the organisation seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.

7. Special Categories of Data

Special categories of data means data relating to your health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data.

We may carry out processing activities using special category data:

for the purposes of equal opportunities monitoring
to determine reasonable adjustments made during the recruitment process

Most commonly, we will process special categories of data when the following applies:

you have given explicit consent to the processing or have elected to send the data to us
we must process the data in order to carry out our legal obligations
you have already made the data public

8. Failure to Provide Data

You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to consider your application in full and this may prevent you from progressing through the recruitment process. It may also prevent us from fulfilling our requirements for entering into a contract of employment should your application be successful.

9. Criminal Conviction Data

We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, it may also be collected during any subsequent employment or engagement by OnS. We use criminal conviction data to determine your suitability, or your continued suitability for the role.

10. Who we share your data with

Your information may be shared internally, including with OnS members of staff that will be involved in the selection or hiring process and for who access to the data is necessary for performance of their roles in this process.

All individuals with access to that data have been trained in ensuring data is processed in line with Data Protection Legislation.

We may share your personal data with:

our agents / professional advisors
third party contractors who provide services to us
potential investors or acquirers
other third parties where we are under a legal obligation to do so
These kinds of disclosures will only be made when strictly necessary for the purpose.
We may also be required to transfer personal data to a country/countries outside of the UK or EEA. Transfers may take place where third party providers (e.g. Google, Microsoft) store our cloud data outside of the UK or EEA. Where we share your data with third parties, we will request that they have appropriate technical and organisational measures in place to ensure the security of such data as required under Data Protection Legislation.

11. Protecting your data

The security of your personal information is important to us. We seek to use reasonable physical, technical, and administrative safeguards to protect the information we process. We have internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.

12. How long do we keep personal data?

If your application is unsuccessful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable job vacancies, we will keep your data for six months after the successful candidate has commenced in role (i.e. their probation period).

If we have sought your consent to keep your data on file for future job vacancies, and you have provided consent, we will keep your data for a further year. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.

Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data and there will be no consequences of withdrawing consent.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.

13. Automated Decision Making

Automated decision-making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you. Our recruitment processes are not based on automated decision-making

14. Your Rights as a Data Subject

Individuals have certain rights over their personal data that we process as a data controller.

If we process your personal data and you exercise any of your rights we will aim to respond promptly and within any required time limit. However, please note that the length of time it will take us to respond will be dependent on the nature and extent of your request.

You have a right to:

access – you can ask us for a copy of the personal data that we hold on you
rectification – if you become aware of any errors or inaccuracies concerning your personal data, please let us know and we will update these for you
withdraw consent – where we process personal data based on consent, you have a right to withdraw consent at any time. To stop receiving direct marketing emails from us, please click on the unsubscribe link in the relevant email or contact us
erasure/deletion – you can ask us to erase or delete your personal data when we no longer need it for the purposes it was obtained
data portability – you can ask for your personal data to be sent to you or to another organisation. in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you
automated decision making – if we make automated decisions about you, you can ask for those decisions to be reviewed
restrict or object to our processing – you can ask to restrict or object to our processing of your personal data (eg removal from a marketing subscription list).

Further information on your rights as a data subject can be found on the Web site of the UK’s Information Commissioner (ICO), including at https://ico.org.uk/your-data-matters/.

If you would like to exercise any of these rights, please contact us at: dataprotection@oxfordnanosystems.com.

15. Consent

Where our use of your data is on the basis of your consent, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.

16. Making a Complaint

If you think your data rights have been breached, please contact us and we will try our best to put things right.

You are also able to raise a complaint with the UK’s Information Commissioner (ICO).

17. Changes to this Privacy Notice

We may change this privacy notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be immediately posted on our Site and you will be deemed to have accepted the terms of the privacy notice on your first use of our Site following the alterations. We recommend that you check this page regularly to keep up-to-date. This privacy notice was last updated on 09 March 2021.

This document is uncontrolled when printed. Before use, please verify that this is the current version.

Intellectual Property and Confidentiality Notice: Unless otherwise agreed in writing all copyright and intellectual property rights embodied in this document are and shall remain the property of Oxford nanoSystems Ltd. The information contained herein is the property of Oxford nanoSystems Ltd and is supplied without liability for errors or omissions. The information supplied herein is provided solely for the intended purpose and no other rights whatsoever to use such information are granted. The contents of this document are confidential information and must not be disclosed to any third party without the written consent of Oxford nanoSystems Ltd. No part may be reproduced or used except as authorised in writing by Oxford nanoSystems Ltd. The copyright and the foregoing restriction on reproduction and use extend to all media in which the information may be embodied.

Oxford nanoSystems Ltd, UK Company number 07523447. Registered office: Unit 11, Blacklands Way, Abingdon Business Park, Abingdon, OX14 1DY UK. VAT Registration: 151850716