Skip to content

Recruitment Privacy Policy

Privacy Notice for Recruitment

Sheraton Systems Limited (“SSL”) is the Controller under the UK General Data Protection Regulation, Data Protection Act 2018 and other applicable national implementing legislation.

You may contact SSL to make requests, for example to exercise your data protection rights, to provide positive feedback or to make complaints by writing to us at the address below.

Our Contact Details

Name: Sheraton Systems Limited, trading as Websure, company number 02348058
Address: Sheraton Systems Limited, 34 The Broadway, Wickford, Essex SS11 7AN
Phone Number: +44 (0)20 7977 8255
Email: ITsecurity@websure.com or HR@websure.com
Sheraton Systems Limited ICO Registration: ZA213388

We have appointed a representative in the EU who can be contacted by using the contact details below:

Name:Mishcon de Reya Representative Services (Europe) Limited
Address:2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
Email: representative@mishcon.com

The purposes of processing your personal information

SSL processes your personal data for the following purposes:

  • For recruitment – to process applications from potential employees and consultants (this includes providing personal data directly to SSL or indirectly, through a recruitment agency)
  • To assess your suitability for a role you have applied for
  • To securely destroy unsolicited applications
  • To shortlist
  • To interview
  • To make conditional offers
  • To verify application details when an offer has been accepted

When you apply for a role that has been advertised, we will use all the information you provide during the recruitment process to progress your application with a view to offering you an employment contract with us, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide with any third parties for marketing purposes.

We’ll use the contact details you give us to contact you to progress your application. We’ll use the other information you provide to assess your suitability for the role.

The type of personal information we collect

SSL will not collect more information than is necessary to fulfil its stated purpose and will not keep it any longer than is necessary. With respect to advertised roles, the information asked for is used to assess your suitability for employment. You do not have to provide what SSL asks for, but it may affect your application if you don’t

Unsolicited Applications

SSL does not normally consider unsolicited applications. Where unsolicited CVs are received from agencies, SSL will request details of the candidates email address, to provide them with a copy of this Privacy Notice.

Where unsolicited CVs are received directly from an individual, SSL will automatically send the individual a copy of this Privacy Notice.

SSL will consider if there is current suitable role, or if the CV looks suitable for the future, and if so, will seek agreement and permission from the individual to keep the CV on file for any future vacancies. In the absence of such permission being forthcoming in a timely manner, the CV will be securely destroyed within one month.

Applications

SSL may receive your personal data and special categories of personal data either directly or, more usually, from a third party (e.g. a recruitment agency) for the recruitment purposes set out above. The categories of personal data may include:

  • Name and contact details
  • Previous experience
  • Education
  • Answers to questions relevant to the role

Our hiring managers shortlist applications for interview and are given access to your personal details.

Assessments

We might ask you to complete tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by SSL.

Conditional Offer

If we make a conditional offer of employment, we’ll ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks before commencing employment with us. We must confirm the identity of our staff and their right to work in the United Kingdom, and seek assurance as to their trustworthiness, integrity and reliability.

You must therefore provide upon request:

  • proof of your identity
  • proof of your qualifications (if requested)
  • a criminal records declaration to declare any unspent convictions (if requested)
  • your email address
  • A copy of your in-date passport plus either your Driving Licence or a Utility Bill dated within the previous three months.
  • you will be asked to complete a Background Checking Form which, once received, we will provide to Experian, a data processor, who will conduct background checks, to verify the personal information provided, including past employment, qualifications, references and criminal declarations.
  • Experian will contact your referees, using the details you provide in your application, directly to obtain references.

How we get your personal information and why we have it

Most of the personal information SSL process is provided directly by you or indirectly, from recruitment agencies or SSL staff referrals. SSL use your personal information for the purposes listed in this Privacy Notice.

What is the lawful basis to process your personal information

SSL collect and use this information under provisions contained in the UK General Data Protection Regulation. Specifically, we collect the information referred to above under the requirements of a contractual obligation or to take steps at your request, before entering a contract. (Article 6 (1) (b)).

In relation to those elements of personal data described above as ‘special category’ items of personal information, we also collect that information under Article 9 of the UK General Data Protection Regulation, The legal basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnic information is Article 9(2)(b) of the UK GDPR, which also relates to our obligations in employment and the safeguarding of your fundamental rights and Article 9(2)(h) for assessing your work capacity as an employee. And Schedule 1 part 1(1) and (2)(a) and (b) of the Data Protection Act 2018 which relates to processing for employment, the assessment of your working capacity and preventative or occupational medicine.

SSL collect criminal offences data, which is necessary for the purposes listed above, pursuant to Schedule 1 Part 1(1) and (2)(a) and (b) of the Data Protection Act 2018 which relates to processing for employment, the assessment of your working capacity and preventative or occupational medicine.

Who do we share your personal information with

Within SSL, only those members of the workforce who have a valid business ‘need to know’ will be granted access to your personal data. Further, individual team members will only be given access to the part of your data that they need to perform their roles.

Our recruitment team will have access to your application. Your data will be used by the recruitment team to:

  • provide human resources services to you related to recruitment
  • decide whether to shortlist or reject your application
  • prepare for and carry out the interview process
  • to make a decision whether to employ you including contacting you to inform you about our decision
  • where relevant, to make a conditional offer
  • where relevant, to verify the details of your application
  • where relevant, to provide a transition for you to become an employee

NB When you become an employee, the SSL Employment Privacy Notice will apply.

Externally, your data may be shared with the external organisations / individuals for the following purposes, as set out below:

  • recruitment agencies – to inform them about the recruitment decision
  • referees – to obtain references as part of the recruitment process
  • to allow criminal records check and credit check (if applicable) or sanctions search to be performed (Experian).

Wherever possible the data shared are either anonymised and/or minimised and only those with a valid business ‘need to know’ in the receiving organisation are granted access.

Details of transfers of personal information to any third countries and safeguards

Your personal data is not stored or made accessible to any supplier based in a third country.

Retention period or criteria used to determine the retention period

  • Unsolicited applications will usually be destroyed immediately as a matter of best practice, unless, by agreement with the applicant their details can be kept on file for consideration for future roles
  • Successful recruitment candidate information (including third party referee details provided by the applicant) will be SSL retains your personal information, as part of your employee file for the duration of your employment, plus 6 years following the end of your employment. This includes criminal records declarations, fitness to work, records of any security checks and references, in accordance with our Retention Policy.
  • Unsuccessful recruitment candidate information (including third party referee details provided by the applicant) if you are unsuccessful at any stage of the process, the information you have provided us until that point is retained for 12 months from your initial application to fulfil legal or regulatory requirements. During this 12-month period we will continue to retain your information for recruitment purposes, to enable us to consider you for future employment opportunities for which you may be suited.

How we store your personal information

Your information is securely stored.

We keep all your personal information, detailed in this Privacy Notice, for employment purposes, for a period specified in our retention policy.

We will then dispose your information by:

  • Any paper copies of CVs will be shredded or put in the confidential waste bin.
  • Saved copies of the CV will be deleted. CVs are saved in a folder of the year in which they were sent to us so the whole folder is deleted.
  • Emails from the recruiters relating to candidates are also saved in folders of the year in which they were sent to us so the folder is deleted.

Your data protection rights

You have the right to exercise the following rights under UK data protection law. These rights are not absolute and will depend on which legal basis we use to process your personal data.

Please contact us using the contact details set out above if you wish to exercise any of these rights:

  • Transparency – we must provide you with all the information set out in this privacy notice in a concise, transparent, intelligible and easily accessible form, using clear and plain language, so that you may understand how and why we process your data and what your rights are. We must keep you informed in timely manner about our progress in responding to requests from you to access your rights under data protection law.
  • Rights of access by the data subject – you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, to access your personal data.
  • Right to rectification – you have the right to have the personal data concerning yourself rectified without undue delay, if it not accurate. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement.
  • Right to erasure (‘right to be forgotten’) – in some limited circumstances, you may have the right to obtain from us the erasure of your personal data without undue delay, when and if:
    • Processing your personal data is no longer necessary in relation to the purposes for which your data were collectedWhere you withdraw consent for processing, but only if consent was the legal basis relied upon for that processingYou object to processing and there are no overriding legitimate grounds for the processing or where you withdraw your consent to marketing.
    NB This does not apply to employees or former employees or applicants where we have a legal obligation to retain your data
    • Your personal data has been unlawfully processed
    • Your personal data has to be erased to comply with a legal obligation to which the Controller is subject
    • Your personal data has been collected in relation to the offer of information society services to children
  • Right to restriction of processing – In some limited circumstances you have the right to request that the processing of your personal data is restricted, in some cases for a limited time only, specifically when:
    • You are contesting the accuracy of your personal data while we verify its accuracy or correct it
    • The processing is unlawful and you oppose the erasure of your data;
    • Where we no longer need your personal data for the purposes for which it was obtained but where you require the data for the establishment, exercise or defence of legal claims
    • Where you have objected to the processing of your data pending the verification whether legitimate grounds of the Controller override your interests.
    • You have the right to be informed by the Controller before the restriction of processing is lifted
  • Notification obligation regarding rectification or erasure of personal data or restriction of processing – we will let you know when the following things happen, unless it proves impossible or disproportionate to do so:
    • When we have rectified your data
    • When we have erased your personal data
    • When we have restricted the processing of your personal data
    • When we intend to lift any restriction to the processing of your personal data
    • We will also advise you about any recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
  • Right to data portability – upon your request and where the legal basis for processing your personal data is ‘consent’ or ‘contract’, we will provide you with a copy of your personal data that you have provided to us and which are processed by automated means, in a structured, commonly used and machine-readable format. Upon your request and where technically feasible, we will also transmit those data to another data controller.
  • Right to object – In some limited circumstances, you have the right to object to our processing of your personal data. When certain conditions are met we, as Controller, will no longer process your personal data. This right can be exercised only when:
    • You are contesting the accuracy of your personal data while we verify its accuracy or correct it
    • The processing is unlawful and you oppose the erasure of your data;
    • Where we no longer need your personal data for the purposes for which it was obtained but where you require the data for the establishment, exercise or defence of legal claims
    • Where you have objected to the processing of your data pending the verification whether legitimate grounds of the Controller override your interests.
    • You have the right to be informed by the Controller before the restriction of processing is lifted
  • Notification obligation regarding rectification or erasure of personal data or restriction of processing – we will let you know when the following things happen, unless it proves impossible or disproportionate to do so:
    • Either the processing is necessary for the performance of a task carried out in the public interest or processing is necessary for the purposes of our legitimate interests (including profiling), but where we cannot demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or where processing is necessary for the establishments, exercise or defence of legal claims
    • Processing for direct marketing purposes, including profiling
    • When personal data are processed for scientific or historical research purposes or statistic purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest
  • Automated decision-making, including profiling – you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significant effects. At the current time SSL does not perform automated decision making or profiling.
  • Details of whether you are under a statutory or contractual obligation to provide the personal data – SSL has a legal obligation to perform checks for employment purposes for some roles. Failing to do so would be a breach of the law.
  • The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences – SSL does not currently perform automated decision making or profiling, relating to recruitment processing.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us, by using the contact details provided above, in this Privacy Notice.

Please ensure that you state ‘Data Protection Complaint’ in the subject field.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Sheraton Systems Limited ICO Registration: ZA213388

Changes to our Privacy Notice

Any changes SSL make to this Privacy Notice in the future will be posted on our website.

Current Notice Date: 26 June 2024

Terms & Conditions
Privacy Policy
Recruitment Privacy
Cookies Policy
flexible-by-design-black