BDO Services Ltd (“we”, “us”) are committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about you during the recruitment process, how we protect this information and the choices you can make about how we use this information in accordance with the General Data Protection Regulation (GDPR).
It applies to all job applicants.
BDO Services Ltd is a “data controller”. This means we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
Personal data or personal information means any information about an individual from which that person can be identified.
There are “special categories” of more sensitive personal data which require a higher level of protection.
You are under no statutory or contractual obligation to provide personal data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application.
WHAT INFORMATION DO WE COLLECT?
We may collect, store and use the following categories of information about you:
Personal details such as your name and title.
Contact details such as postal address, email address and telephone number.
Details of your qualifications, skills, experience and employment history.
Information about your current level of remuneration, including benefit entitlements.
Information about your right to work in the UK.
We may also collect, store and use the following “special categories” of more sensitive personal information, which is stored separately to your application:
Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions, including socio-economic details for early in careers candidates in accordance with Access to Accountancy.
Information about criminal convictions and offences; and
Whether or not you have a disability for which the firm needs to make reasonable adjustments during the recruitment process.
We may collect this information in a variety of ways. For example, information might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.
We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer has been made and we will inform you that we are doing so.
HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT
We will only use your personal information when the law allows us to. We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process.
Processing information from job applicants allows us to manage the recruitment process, assess and confirm your suitability for employment and decide to whom to offer a job. We may also need to process data from you to respond to and defend against legal claims.
We may also need to process your personal information to enter into an employment contract with you.
In some cases, we need to process your personal information to ensure that we are complying with our legal obligations. For example, it is mandatory to check a successful applicant’s eligibility to work in the UK before employment starts.
If your application is unsuccessful, we may keep your personal information on file in case there are future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.
WHO HAS ACCESS TO YOUR PERSONAL INFORMATION?
Your information may be shared internally for the purposes of recruitment. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
We share your personal information with third parties, including third party service providers such as our recruitment team and some IT service providers.
We require third parties to respect the security of your data and treat it in accordance with the law. All third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We take the security of your data seriously. We have internal policies and controls in place to ensure that your information is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
AUTOMATED DECISION MAKING
Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention.
We use automated decision making as part of our Early in Career resourcing process. This takes place at early stages in the process across three tests: Situational Strength Test, Numerical Reasoning Test and Critical Reasoning. Candidates have to meet the set benchmark in each test to proceed to the next test/later stages in the process. The benchmarks which are in place are pre-determined and an automated decision to progress/reject a candidate is made based on how a candidate scores against the required benchmark.
We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process the information and whether we can achieve those purposes through other means, and the applicable legal or regulatory requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
If your application for employment is successful, personal information collected during the recruitment process will be transferred to your Human Resources file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
In certain circumstances, by law, you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
Request correction of the personal information we hold about you.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
Object to the processing of your personal information where we are relying on a legitimate interest as the legal ground for processing and there is something about your particular situation which makes you want to object to the processing on this ground.
If you would like to exercise any of the above rights, please contact our Data Protection Officer at email@example.com.
If you have questions about this privacy notice or how we handle your personal information please contact the firm’s Data Protection Officer, at 55 Baker Street, London, W1U 7EU or firstname.lastname@example.org.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, using their website www.ico.org.uk