Recruitment Privacy Notice

1. Introduction

Seedrs is committed to protecting the privacy and security of your personal data.

This privacy notice describes how we collect and use personal data about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).

Seedrs is a “data controller”. This means that we are responsible for deciding how we hold and use personal data about you.

Throughout this document we use the term “processing” to cover all activities involving your personal data, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of the information.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you.

2. Data protection principles

We will comply with data protection law. This says that the personal data we hold about you must be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes we have told you about; and
  • Kept securely.

3. The kind of information we hold about you

Personal data, or personal information, means any data about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, store, and use the following categories of personal data about you:

  • Personal details such as name, address, date and place of birth;
  • Work history/job data; previous employers, positions, dates, etc;
  • Compensation; basic salary, benefits, bonuses, etc.;
  • Education and work history including professional qualifications and skills;
  • Videos submitted as part of CV;
  • Employer feedback / references to include regulated references where necessary;
  • Nationality / visa / right to work permit information; (e.g. passport, driving licence, National Insurance numbers);
  • Individual demographic information in compliance with legal requirements (such as marital status, national identifier, passport/visa information, nationality, citizenship, military service, disability, work permit, date and place of birth or gender);
  • Assessment results;
  • Health issues requiring adaptations to working environment;
  • Photographs;
  • Disciplinary records; and
  • Notes from face to face interviews.

During the process we also capture some sensitive personal data about you (e.g. disability information). We do this in order to make reasonable adjustments to enable our candidates to apply for jobs with us, to be able to take online/telephone assessments, to attend interviews/assessment centres, to prepare for starting at Seedrs (if successful) and to ensure that we comply with regulatory obligations placed on us with regard to our hiring.

4. How is your personal data collected?

We typically collect personal data either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers.

5. How we will use information about you

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we have your consent;
  • Where we need to comply with a legal obligation;
  • Where we need to perform a contract we have entered into with you; and/or
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.

We may also use your personal data in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else’s interests); or
  • Where it is needed in the public interest or for official purposes.

6. Why do we collect your personal data?

In order to manage your application, we need to process certain personal data about you. The purposes for this are set out below. We only process your information as necessary for the purposes of progressing your application or as required by law or regulatory requirements, so not all of the purposes set out below will apply to you all of the time.

  • Application;
  • Assessment: and/or
  • Pre-employment screening.

7. Who do we share your personal data with?

Seedrs will need to share your personal data internally (both in the country where you may work and in other countries in which we have operations) and may be required to share it with some external parties or associates of Seedrs. Your information will only be shared if it is necessary or required.

To enable the recruitment process your personal data may be shared internally, but the information shared is limited to what is required by each individual to perform their role in the recruitment process.

Your personal data may be shared internally with the following people:

  • Those employees who would have managerial responsibility for you or are acting on their behalf;
  • Employees in HR who have responsibility for certain HR processes (for example recruitment, assessment, pre-employment screening);
  • Employees in Legal and/or Compliance with responsibility for investigating issues of non-compliance with laws and regulations, policies and contractual requirements;
  • Employees in Tech who manage user access;
  • Audit employees in relation to specific audits/investigations; and/or
  • Security managers for facilities/premises.

Seedrs may also need to share your information with certain external third parties including:

  • Suppliers who undertake background screening on behalf of Seedrs;
  • Academic institutions (universities, colleges, etc.) in validating information you’ve provided; and/or
  • Other third-party suppliers (or potential suppliers), who provide services on our behalf.

8. Sensitive personal data

We will use your particularly sensitive personal data in the following ways:

  • We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws;
  • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits; and/or
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

9. Information about criminal convictions

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.

Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

10. Data sharing

We may have to share your data with third parties, including third-party service providers and other entities in the group, in accordance with a legal processing condition. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal data outside the EU. If we do, you can expect a similar degree of protection in respect of your personal data.

10.1 Which third-party service providers process my personal data?

The following categories of third-party service providers may process personal data about you:

  • Error monitoring and detection;
  • Fraud detection;
  • HR recruitment management;
  • Payroll provision;
  • Pension provision;
  • Business intelligence;
  • Cloud hosting;
  • Email hosting;
  • Image processing;
  • Process and log management;
  • Internal communication and intranet;
  • Customer support;
  • Electronic document signing;
  • Task automation;
  • Event management;
  • Social media channels and management;
  • Business development management;
  • Marketing tools;
  • Document storage, email platform, calendar; and
  • Regulator or other government body.

10.2 How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

10.3 Transferring information outside the EU

We may transfer the personal data we collect about you to the USA, or otherwise outside the EU in order to perform our contract with you. We ensure that any organisation based in the USA to which we would be transferring data is Privacy Shield-certified and, for organisations in other countries outside the EU we ensure that they sign model contracts to commit to  GDPR compliance. If you require further information about these protective measures, you can request it from dataprotection@seedrs.com.

11. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from dataprotection@seedrs.com. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

12. How long will you use my information for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal data in accordance with applicable laws and regulations.

13. Your rights

By law, in certain circumstances, you have the right to:

  1. Request access to your personal data (commonly known as a “data subject access request”);
  2. Request correction of the personal data we hold about you;
  3. Request erasure of your personal data;
  4. Object to processing of your personal data;
  5. Request the restriction of processing of your personal data;
  6. Request transfer of your personal data to another party;
  7. Withdraw consent where you have given this in relation to your personal data; and
  8. Lodge a complaint with the Financial Conduct Authority or the Information Commissioner’s Office.
Digital Agency Kent