Oxford nanoSystems Limited understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of prospective employees and will only collect and use your personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
|“Cookie”||means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in Part 17, below; and|
|“Cookie Law”||means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;|
2. Information About Us
Our Site is owned and operated by Oxford nanoSystems Limited, a limited company registered in England under company number 07523447, whose registered address is Unit 11 Blacklands Way, Abingdon Business Park, Abingdon, OX14 1DY.
Data Protection Representative
Email address: email@example.com.
Telephone number: +44 1235 521138.
Postal address: Oxford nanoSystems Ltd, Unit 11 Blacklands Way, Abingdon Business Park, Abingdon, OX14 1DY, United Kingdom.
3. What Does This Policy Cover?
This Policy only applies when you contact Us via email, phone or when enter into any communications with Us in connection with a job application or when you contact us by using the job application form on Our Site.
Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
4. What Is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
5. Our Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- processing is fair, lawful and transparent
- data is collected for specific, explicit, and legitimate purposes
- data collected is adequate, relevant and limited to what is necessary for the purposes of processing
- data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- data is not kept for longer than is necessary for its given purpose
- data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- we comply with the relevant GDPR procedures for international transferring of personal data
6. What Are My Rights?
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 18.
- The right to access the personal data we hold about you. Part 16 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 18 to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 18 to find out more.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 18.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Part 18.
7. What Data Do You Collect and How?
|Data Collected||How We Collect the Data|
|Identity Information including name, title (from which gender may be inferred), etc.||when you contact Us via email, phone or by using the job application form on Our Site, or when enter into communications with Us about a job application.|
|Contact information including address, email address, messaging service addresses, telephone number, skype addresses, social media addresses, etc.||when you contact Us via email, phone or by using the job application form on Our Site, or when enter into communications with Us about a job application.|
|Information gathered during our recruitment and selection process, including your CV or cover letter, details of your education, academic and professional qualifications, skills and experience, employment history, etc.||when you contact Us via email, phone or by using the job application form on Our Site, or when enter into communications with Us about a job application.|
|References provided by former employers, supervisors or colleagues, etc.||from you via email, phone or letter when enter into communications with Us about a job application; and from third parties, such as references supplied by former employers.|
|Information about your current level of remuneration, including benefit entitlements.||from you via email, phone or letter when enter into communications with Us about a job application.|
|Information about your gender, marital status and ethnic origin.||from you via email, phone or letter when enter into communications with Us about a job application.|
|Information as to whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process.||from you via email, phone or letter when enter into communications with Us about a job application.|
|Information and documentation concerning your identity and entitlement to work in the UK including passports, birth certificate, driving licence, residence permits / cards and visas, etc.||from you via email, phone or letter when enter into communications with Us about a job application; and information from employment background check providers.|
|Information about your criminal record (if applicable)||from criminal records checks.|
|Technical information including IP address, browser type and version, operating system, device type, etc.||when you contact Us via email, phone or by using the job applicationform on Our Site, or when enter into communications with Us about a job application.|
8. Special Categories of Data
Special categories of data means data relating to your health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data.
We may carry out processing activities using special category data for the purposes of equal opportunities monitoring. We may also process special categories of data when the following applies:
- you have given explicit consent to the processing
- we must process the data in order to carry out our legal obligations
- you have already made the data public
9. Criminal Conviction Data
We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your employment. We use criminal conviction data to determine your suitability, or your continued suitability for employment with us.
10. How Do You Use My Personal Data?
Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The following table describes how we may use your personal data, and our lawful bases for doing so:
|What We Do||What Data We Use||Our Lawful Basis|
|Operate our recruitment process||All information described in Part 7 above.||To allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. To make decisions about salary and contractual and other benefits to provide. For some roles, we are obliged to seek information about criminal convictions and offences.|
|Keep records of our recruitment process.||All information described in Part 7 above.||To defend against legal claims relating to, for example, discrimination or to prevent fraud.|
Where the organisation seeks your personal data, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.
We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in Part 18.
If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.
In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
11. How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. If your application is unsuccessful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable job vacancies, we will keep your data for six months after the successful candidate has commenced in role (i.e. their probation period).
If we have sought your consent to keep your data on file for future job vacancies, and you have provided consent, we will keep your data for a further year. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data and there will be no consequences of withdrawing consent.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.
12. How and Where Do You Store or Transfer My Personal Data?
The security of your personal information is important to us. We seek to use reasonable physical, technical, and administrative safeguards to protect the information we process. We have internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.
We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation as follows:
We share your data with certain external third parties, as detailed below in Part 13, that are based outside of the EEA. The following safeguards are applied to such transfers:
- We will only transfer your personal data to third countries whose levels of data protection are deemed ‘adequate’ by the European Commission. More information is available from the European Commission.
- Where we transfer your data to a third party based in the US, the data may be protected if they are part of the EU-US Privacy Shield. This requires that third party to provide data protection to standards similar to those in Europe. More information is available from the European Commission.
Please contact us using the details below in Part 18 for further information about the particular data protection mechanisms used by us when transferring your personal data to a third country.
The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:
- limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
- procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so;
- Note that the transmission of information via the internet is not completely secure. Although we will do our best to protect an individual’s personal data, we cannot guarantee the security of data transmitted to our website; any transmission is at the individual’s own risk. Once we have received an individual’s information, we will use strict procedures and security features to try to prevent unauthorised access>.
13. Do You Share My Personal Data?
Employees within our company who have responsibility for recruitment will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processed in line with GDPR. We may sometimes contract with the following third parties to supply certain services.
|Recipient Type||Activity Carried Out||Sector||Location|
|Recruitment agencies.||Managing the recruitment process||Recruitment||UK/EEA|
|Academic institutions and referees.||Confirming qualifications.||Education||Worldwide|
|Former employers.||Obtaining references||Various||Worldwide|
|Employment background check providers.||Obtaining necessary background checks.||Recruitment / Human Resources||UK/EEA|
|Disclosure and Barring Service.||Obtaining necessary criminal records checks.||Government agency||UK/EEA|
|Cloud storage providers, such as Microsoft, Google, Dropbox (acting as Data Processors).||Hosting of file servers and storage in the cloud. Personal data will be processed within files stored on these servers.||Cloud storage for business.||EEA and United States.|
|Email service hosting providers such as GoDaddy and MicroSoft (acting as Data Processors).||Hosting of email servers in order to provide hosted email services in the cloud. Personal data will be processed within emails.||Email services||EEA and United States.|
If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Part 12.
If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation, as explained above in Part 12.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
14. Automated Decision Making
Automated decision making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Our recruitment processes are not based on automated decision-making.
15. Can I Withhold Information?
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment, or administer contractual benefits.
16. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 18. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within thirty (30) days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
18. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please contact our Data Protection Representative, the details of who are included in Part 2 of this policy.