Verarbeitung personenbezogener Daten durch die für das Online-Bewerbungsverfahren verantwortliche Stelle
For Employees, Workers, Contractors and Job Applicants
Our commitment to your privacy
The Jeremy Coller Foundation (“we” or the “Foundation”) is committed to protecting and respecting your privacy rights. This privacy statement ("Statement") tells you about the use that the Foundation will make of the personal information we hold about you, how we will collect certain personal information, under what circumstances we may share or otherwise use the information, and who we may disclose it to.
The Foundation is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this Statement.
This Statement applies to current and former employees, workers, contractors and job applicants. This includes temporary or agency workers, students, secondees and consultants. This Statement does not form part of any contract of employment or other contract to provide services. We may update this Statement at any time.
It is important that you read this Statement, and any subsequent revisions, together with any other privacy statement we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
Where we refer to "employment data" or "employment" in this Statement, we do so for convenience only, and this should in no way be interpreted as purporting to confer employment status on non-employees to whom this Statement also applies.
What personal data do we collect about you?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, store, and use personal information about you in paper form, in databases operated by us or third-party service providers, in the form of e-mails and other communications, through internal and third-party websites, and in such other forms as may from time to time be necessary or appropriate.
Personal information about you that we collect, store, and use may comprise any or all of the following categories:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Date of birth.
- Gender.
- Marital status and dependants.
- Next of kin and emergency contact information.
- Copies of official identification documents, visas and related documentation.
- National Insurance, social security and similar numbers.
- Bank account details, payroll records and tax status information.
- Salary, annual leave, pension and benefits information.
- Carried interest awards and related contributions and distributions.
- Start date, promotion dates, leave date and if informed, date of death.
- Location of employment or workplace.
- A copy of your identification documents such as your passport or birth certificate.
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter (to include qualification information/test results where required) as part of the application process, interview information.
- Employment records (including job titles, work history, holidays taken, working hours, skills information, any work related injury, training records, travel bookings, expenses records and professional memberships).
- Family leave information.
- Remuneration records and history.
- Performance information.
- Information regarding personal investments, including in respect of co-investment opportunities offered to staff.
- Details of outside directorships and other outside interests.
- Investigatory, disciplinary and grievance information.
- CCTV footage and other information obtained through electronic means such as swipe card records.
- Information about your use of our information and communications systems.
- Information on termination of employment/worker/contractor relationship.
- Photographs.
We may also collect, store and use the following "special categories" of sensitive personal information:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
- Information about your health, including any medical condition, health and sickness records and information provided for income protection schemes.
- Information about criminal convictions and offences, where relevant to your role.
How is your personal information collected?
We collect personal information about employees, workers, contractors and job applicants through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies
We will continue to collect additional personal information in the course of job-related activities throughout the period of you working for us as described above.
Why do we ask for this information?
We need all the categories of information above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The reasons for which we, or a contracted third party, will process your personal information are set out below.
Job applicants:
All of the information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. This includes, making a decision about your recruitment or appointment, determining the terms on which you work for us and confirming that you are legally entitled to work in the UK. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. You should not provide sensitive personal data as part of your job application. If you do, we may choose not to consider your application further unless the information you have voluntarily provided relates to your health and you have provided it because you want it to be taken into account for the purposes of making adjustments to the application process. If you consent to this particularly sensitive data relating to your health, it can be stored and used in compliance with this Statement. Any other sensitive personal data may be removed from your application and deleted by us upon our becoming aware of it.
Other personnel:
In the event that you are offered and accept a role with the Foundation, the information we collect about you will be used for the purposes of: administering and maintaining HR records (including but not limited to information relevant to induction, on-boarding and leaver processes); planning, paying and reviewing your salary or fees, other remuneration and benefits; assessments of your performance or conduct including performance appraisals, promotions and reviews and for the purposes of disciplinary, grievance, whistleblowing and other internal procedures; making decisions about your continued employment or engagement; dealing with family leave matters; planning, delivering or arranging training courses related to your role and/or continued professional development, including providing information to external training providers; maintaining sickness and other absence records and reference to income protection schemes where appropriate; maintaining health and safety records and ensuring a safe working environment; taking decisions on your fitness to work and complying with our obligations under applicable laws and regulations, including employment equality or fair employment legislation; making arrangements for the termination of our working relationship; providing references and information to future employers; alumni relations; providing information to relevant external authorities for tax, social security and other purposes as legally required; conducting data analytics studies to review and better understand employee retention and attrition rates; equal opportunities monitoring; monitoring IT usage, including in connection with an investigation or employment disciplinary action, monitoring building access; allowing and removing access to data systems; ensuring network, information and building security, including preventing unauthorised access to our buildings, computer and electronic communications systems and preventing malicious software distribution; preventing fraud and other financial crime; assessing regulatory compliance risks and carrying out monitoring and reviews in respect of such risks; dealing with legal disputes involving you, or other employees, workers and contractors, including in respect of accidents at work; providing information to any future purchasers of the Foundation or parts of its business, including but not limited to due diligence purposes; and planning or reviewing options, in relation to the operation or management of the Foundation. For the avoidance of doubt, personal information (including sensitive personal information) will be processed in a manner consistent with any equal opportunities policy in place from time to time.
Which of the above grounds for processing are relevant in your case, will depend on the type of your relationship with, as well as your role in or services to, the Foundation. Some of the grounds are likely to overlap and there may be several grounds which justify our use of your personal information.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
What is the legal basis for processing your data?
We will only use your personal information when the law allows us to. Most commonly, we will rely on one or more of the following bases for processing your personal information:
- Where it is necessary to comply with a legal obligation.
- Where it is necessary for the performance of a contract we have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest or for official purposes.
These different bases, and others, are explained, in summary, in the table below.
Basis | Description | Example | |||
Legal Obligation (including Employment Law) | The Foundation can rely on this lawful basis if we need to process personal data to comply with a common law or statutory obligation. | The Foundation needs to process personal data to comply with its legal obligation to disclose employee salary details to the applicable tax and social security authorities. | |||
Performance of a Contract | The Foundation can rely on this lawful basis for processing if it needs to process an individual’s personal data to fulfil its contractual obligations to them; or because they have asked the Foundation to do something before entering into a contract. The processing must always be necessary. | The Foundation needs to process personal data to fulfil fundamental contractual obligations such as paying individuals or monitoring attendance. | |||
Legitimate Interest | The Foundation can rely on this lawful basis if the processing is necessary for the Foundation's legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. | It is in the Foundation's legitimate interests to ensure that individuals are fit and proper and meet the requirements for the role they have been hired to perform. This includes pre-employment or pre-engagement screening checks (e.g. criminal record check, employment history checks, credit/compliance checks). | |||
Vital Interest | The Foundation can rely on this lawful basis if the processing is necessary to protect someone’s life. | An individual employed by, or providing services to the Foundation is admitted to the emergency department of a hospital with life-threatening symptoms during working | |||
Basis | Description | Example | |||
Legal Claim | The Foundation can rely on this lawful basis if the processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. | hours. The disclosure to the hospital of the individual’s personal data (including their name and any known medical condition) is necessary in order to protect his/her vital interests. The Foundation may need to litigate in certain situations to protect its legal position, brand or reputation. | |||
Explicit Consent | Consent is a further lawful basis for processing, and explicit consent can also legitimise the processing of sensitive personal information. Consent may also be relevant where the individual has exercised their right to restriction, and explicit consent can legitimise automated decision-making and overseas transfers of data. Please note that, in the event the Foundation seeks your consent, we will provide you with full details of the information that we would like and the reason we need it so that you can carefully consider whether you wish to consent. We will also inform you about the fact that you can revoke your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal and how you should do that. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us and you will not be subject to disciplinary action for withholding your consent. | Consent will be requested when the Foundation processes certain benefits, which require the processing of sensitive personal information. | |||
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How will we use your sensitive personal information?
We will use your sensitive personal information in the following ways:
- We will use information relating to leaves of absence, which may include sickness absence, leave for religious observance or family related leave, to comply with employment and other laws and as necessary in the performance of your contract.
- We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
- We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
- We will use information about proposed or actual political contributions made by you to recipients in the United States (which may reveal political opinions you hold) for regulatory compliance purposes.
Do we need your consent to use the information you provide to us?
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. Please see the 'Explicit Consent' section of the above table for further information. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of any contract you may have with us that you agree to any request for consent from us.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Human Resources Department. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose or purposes you originally agreed to, and unless we have another lawful basis for continuing to process your personal information, we will dispose of it securely.
Information about criminal convictions
Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. Therefore, we envisage that we will hold information about unspent criminal convictions. We will use information about criminal convictions and offences for the following purposes:
- To make decisions about your recruitment and/ or continued employment or engagement
- In determining your ability to perform a role and the department or environment in which you work
- In complying with our regulatory reporting obligations or with our professional obligations
We may process special categories of personal information (as defined above) because we have a lawful basis for doing so (as set out above) and because:
- we need to carry out obligations or exercise specific rights in the field of employment and social security law and in line with our Data Protection Policy; and/or
- It is needed in the public interest and in line with our Data Protection Policy.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
Data sharing
As required by data protection legislation, the Foundation has security procedures regarding the storage and disclosure of personal data. In the course of your application process or employment with or engagement by us, the Foundation may engage or use third-party service providers, for example to perform reference or background checks; perform and analyse psychometric and other testing; administer general human resources, payroll, expenses and tax matters; provide pension, insurance and other benefits; facilitate business travel bookings; maintain records and provide monitoring in respect of personal regulatory compliance obligations; perform reference or background checks; benchmark salary and benefits information; administer carried interest awards; facilitate and document performance and other reviews; carry out equal opportunities and other job-related assessments; or grant and control access to office facilities. The Foundation may disclose your personal data to these third parties in connection with services provided by them to the Foundation or (for example in the case of certain benefits) directly to you. We will share your personal information with such third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
At all times, the Foundation will require that the personal data is processed in accordance with our instructions and in circumstances which require the recipient to observe industry standard security measures in respect of personal data. The Foundation may also be under a duty to disclose or share your personal data in order to comply with a legal or regulatory obligation, where such disclosure is required by HMRC, the FCA, the police, another governmental or regulatory agency or authority, or a court of law. The Foundation will not disclose or transfer personal data about you to third parties for the purposes of marketing.
Transferring information outside the EU
The personal data that we collect about you may be transferred to, and stored at, one or more countries outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for the Foundation, its affiliates or their third-party service providers. In such cases, The Foundation will take appropriate steps to ensure an adequate level of data protection by the recipient as required under the EU General Data Protection Regulation and as described in this Statement, including by seeking appropriate contractual undertakings from affiliates and third parties. Where the Foundation is not successful in taking such steps, your personal data will only be transferred outside the EEA if you have given your prior consent to such transfer.
How is your personal information protected?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long is the information retained for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we will no longer treat such information as subject to data protection legislation, and we may use such information without further notice to you.
Job applicants
If you are successful in your application to join the Foundation, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 7 years following the end of your employment.
If you are unsuccessful at any stage of the process, the information generated throughout the assessment process, for example interview notes, is retained by us for 18 months, among other things to enable you to ask any questions in relation to the application process or raise any concerns. We may contact you if we would like to retain your data for a longer period to discuss this with you and seek your consent.
Employees, workers and consultants
Once you are no longer an employee, worker or consultant we will retain, and ultimately securely destroy, your personal information in accordance with applicable laws and regulations.
Your rights under the EU General Data Protection Regulation
Under certain circumstances, by law you have the right to request access to your personal data we hold about you and to request rectification or erasure of such personal data, object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, request the restriction of processing of your personal information, or to request its transfer. You may address your requests to the Foundation's Human Resources department.
Changes to this Statement
The Foundation reserves the right to change this Statement and any other relevant policies or procedures at any time without notice to you. Any changes we may make to this Statement in the future will be posted on sharepoint and you are advised to regularly check and review the Statement to ensure you understand how we may be processing your personal data. Any changes the Foundation may make to this Statement (which will, unless otherwise indicated, apply to any personal data already obtained by the Foundation before the changes were made) will be effective from the date on which those changes have been posted on this page. Where appropriate, the Foundation may also notify you of any changes made by e-mail.
Complaints or queries
If you have any questions on this Statement or how we handle your personal information, please contact the Foundation’s Human Resources department.
Where you are dissatisfied with any aspect of our handling of your personal data, you have a right to lodge a complaint with the Information Commissioner's Office: www.ico.org.uk/concerns