Please ensure Javascript is enabled for purposes of websiteaccessibility
Open menu

Privacy Policy for Job Applicants 

What is the purpose of this privacy notice? 

Affinity Trust (the company) is aware of its obligations under the General Data Protection Regulation (GDPR) and committed to processing your data securely and transparently. This privacy notice explains, in line with GDPR, the types of data that we collect and hold on you as a job applicant. It also sets out how we use that information, how long we keep it for, and other relevant information about your data. 

Data protection principles 

Affinity Trust will comply with the data protection principles that say that the personal information we hold about you must be: 

  1. Used lawfully, fairly and in a transparent way. 
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes. 
  3. Relevant to the purposes we have told you about and limited only to those purposes. 
  4. Accurate and kept up to date. 
  5. Kept only as long as necessary for the purposes we have told you about. 
  6. Kept securely. 

The kind of information Affinity Trust may hold about you 

In connection with your application for employment with us, we may collect, store, and use the following categories of personal information about you: 

  • Personal details such as name, title, date of birth, gender, marital status, dependents, next of kin, emergency contact information 
  • Contact details such as addresses, telephone numbers, and personal email addresses 
  • Recruitment information (including copies of right to work documentation, references, and other information included in a CV or cover letter/email or as part of the application process) 
  • Employment history and qualifications 
  • Any information you give to us during any interview. 

We may also collect, store and use the following “special categories” of more sensitive personal information: 

  • Information about your ethnicity, disability and medical or health details. 
  • CCJ, bankruptcy and insolvency checks. 
  • Information about criminal convictions and offences. 

How will Affinity Trust collect your personal information? 

Affinity Trust typically collects personal information about candidates, either directly from candidates or from third parties including recruitment agencies, former employers, credit reference agencies, disclosure and barring service in respect of criminal convictions, other background check agencies and your named referees. 

How Affinity Trust will use personal information about you 

Affinity Trust will only use your personal information when the law allows us to. This includes but is not limited to the following grounds: 

  • Where we need to perform the contract we have entered into with you. 
  • Where we need to comply with a legal obligation. 
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. 
  • Where we need to protect your interests (or someone else’s interests). 
  • Where it is needed in the public interest or for official purposes. 

Generally, we will rely on the first three reasons above to process your data. Examples of how we will process your personal information in accordance with the above grounds are listed below. 

  • Making a decision about your recruitment or appointment. 
  • Determining the terms on which you will be offered potential work for us, for example, part-time hours. 
  • Communicating with you about the recruitment process. 
  • Checking you are legally entitled to work in the UK. 
  • Carrying out background and reference checks where applicable. 
  • Complying with legal or regulatory requirements, for example, Care Quality Commission Regulations, (fit and proper persons employed). 
  • Dealing with legal disputes involving you, or other candidates, employees, workers and contractors. 
  • Equal opportunities monitoring. 

If you fail to provide information when requested, that is necessary for us to consider your application (such as evidence of relevant qualifications or work history), we will not be able to process your application successfully. 

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. 

How Affinity Trust may need to use particularly sensitive personal information about you 

Most commonly, we will process special categories of data when the following applies: 

  • You have given explicit consent to the processing. 
  • We must process the data to carry out our legal obligations. 
  • We must process the data for reasons of substantial public interest. 
  • You have already made the data public 
  • Where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. 

Affinity Trust will use information about your disability status to consider whether we need to provide appropriate reasonable adjustments during the recruitment process or for employment and for equal opportunity monitoring. 

Affinity Trust will use information about your race, national or ethnic origin, religious or philosophical beliefs, and your sexual orientation, to ensure meaningful equal opportunity monitoring and reporting. 

Generally, when information of this type is used for monitoring and reporting it is anonymised and the individual providing the information cannot be identified. 

Information about criminal convictions 

We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law allows. This data is usually collected at the recruitment stage, however, may also be required during your employment. We use criminal conviction data to determine your suitability, or your continued suitability, for the role. 

Automated decision making 

We do not make any decisions about you solely by automated means (i.e. without human involvement). 

Do we need your consent? 

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in accordance with employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. 

Will Affinity Trust share your information with third parties? 

We will only share your personal information externally where required to do so by law. 

Data security 

Affinity Trust has put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to training on data protection and a duty of confidentiality. 

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. 

Data retention 

We will retain your personal information for the retention periods below after we have communicated to you our decision about whether to appoint you to work. After this period, we will securely destroy your personal information in accordance with our data retention policy. 

For unsuccessful candidate data – one year after the recruitment process has finished unless you provide us with consent to keep your data for a further period so we may contact you for future opportunities. 

If your application is successful, your data will be kept and transferred to our employee systems. We have a separate privacy notice for employees which will be provided to you. 

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. 

Rights of access, correction, erasure, and restriction 

Please keep us informed if your personal information changes during the application process or during your subsequent working relationship with us. 

You have the following rights in relation to the personal data we hold on you: 

  • the right to be informed about the data we hold on you and what we do with it; 
  • the right of access to the data we hold on you. More information on this can be found in the section headed below 
  • the right to correct any inaccuracies in the data we hold on you, however they come to light (rectification); 
  • the right to have data deleted in certain circumstances (erasure); 
  • the right to restrict the processing of the data; 
  • the right to transfer the data we hold on you to another party (portability); 
  • the right to object to the inclusion of any information; 
  • the right to regulate any automated decision-making and profiling of personal data. 

Right to withdraw consent 

In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact recruitment@affinitytrust.org in writing. 

Changes to this privacy notice 

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. If you have any questions about this privacy notice or wish to verify or correct your personal information, please contact: 

Director of Operations, Affinity Trust, 1 St Andrew’s Court, Wellington Street, Thame, Oxfordshire OX9 3WT. 

You have the right to make a complaint at any time relating to the way we process your personal information to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.