THE VERY GROUP CANDIDATE PERSONAL INFORMATION PRIVACY NOTICE

The purpose of this notice

The purpose of this notice is to ensure that we recognise and respect the privacy of all The Very Group candidates. This notice explains what information we collect, how this will be used and how it is protected.

About The Very Group

The Very Group comprises Shop Direct Ltd and its subsidiary companies including Shop Direct Home Shopping Limited and Shop Direct Finance Company Limited.

The Data Protection Regulations

The Very Group’s regulator for Data Protection is the Information Commissioners Office (ICO). They are responsible for the regulations that cover the collection, storage, processing, disclosure, transfer and destruction of personal data (including The Very Group data obtained for all potential and new employees) in the UK.

Shop Direct Home Shopping Limited and Shop Direct Finance Company Limited are registered as a Data Controllers with the ICO and our appointed Data Protection Officer ensures fair and lawful processing of The Very Group Employee information in line with the regulations.

Personal information we collect about you

The information we collect about potential employees may depend on the role a potential employee is applying to fulfil and the type of contract they may have with The Very Group (permanent/temporary contract employees/contractors). This notice also applies to potential sub-contractors to The Very Group and its group of companies.

The information we collect includes (but isn’t limited to)

  • Your name, address, contact details (i.e. email addresses, telephone numbers etc) and date of birth
  • Details we need to check your identity and process your application for employment (including performing credit reference checks, fraud checks and Disclosure and Barring Service checks)
  • Personal information on a relevant Curriculum Vitae and any accompanying Cover Letter or additional documentation provided by the candidate upon application
  • Financial details for payroll, benefits and expenses purposes
  • CCTV recordings at certain locations
  • Candidate call recording obtained and retained for monitoring and training purposes
  • Details of any accounts you hold within The Very Group of companies
  • Your employment application forms and all references
  • Contracts of employment with us (and any amendments to it)
  • Correspondence with you, or about you (e.g. communications to you about interviews, screening information requests, confirmation of successful applications and communications confirming that you have not been successful with your employment application with us
  • Information deemed essential (e.g. your own contact and emergency contact details, information needed for equal opportunities monitoring policy and records relating to your education / career history, such as certificate of achievements to confirm qualifications.
  • Start date.
  • Photographs.
  • Information about criminal convictions and offences.

How is your personal information collected?

We collect personal information about employees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies or from data already available in the public domain via social media sites such as, but not limited to, LinkedIn.

How we will use information about you

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

1. Where we need to comply with a legal obligation.

2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your personal information in the following situations, which are likely to be rare:

1. Where we need to protect your interests (or someone else's interests).

2. Where it is needed in the public interest or for official purposes.

Situations in which we will use your personal information

We need all the categories of information in the list above (see The kind of information we hold about you) primarily to allow us to pursue legitimate interests of our own or those of third parties and to enable us to comply with legal obligations. In cases when we use your personal information to pursue legitimate interests of our own or those of third parties, this is provided your interests and fundamental rights do not override those interests.

The situations in which we will process your personal information are listed in the table below and we have outlined the purpose or purposes from which we will process your information.

Situations

Lawful Basis

Assessing qualifications for particular job or task, and making a decision about your recruitment or appointment.

Legitimate Interest

Determining the terms on which you work for us.

 

Legitimate Interest

Checking you are legally entitled to work in the UK

Legal obligation

To prevent fraud.

Legitimate Interest & Legal obligation

To conduct data analytics studies to review and better understand candidate engagement and drop out rates

Legitimate interests

Equal opportunities monitoring

Legal obligation

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to make an offer or enter into a contract with you, or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal                                 basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How we use particularly sensitive personal information

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

1. In limited circumstances, with your explicit written consent.

2. Where we need to carry out our legal obligations and in line with our Data Privacy policy.

3. Where it is needed in the public interest, such as for equal opportunities monitoring, and in line with our Data Privacy policy.

4. Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

Our obligations as an employer

We will use your special category information in the following ways:

  • We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
  • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Do we need your consent?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your consent to allow us to process certain special category data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

 

Information about criminal convictions

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our Data Privacy policy.

Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

We envisage that we will hold information about criminal convictions.

We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.

How we store and secure your personal information

Security of our potential employee information is highly important to us

We protect all our potential employee information by maintaining relevant physical, electronic and procedural processes to safeguard and prevent any unauthorised access, accidental loss, disclosure or destruction of your data.

Your information will not be transferred to other countries unless it is unavoidable in the context of necessary contractual requirements (e.g. if a potential position applied for in The Very Group is based overseas). If it is necessary to transfer information to other countries, we will take care to ensure the same high level of privacy, confidentiality and security as in the UK.

Much of the information we hold will have been provided by you, but some may come from other external sources, such as your previous employer or your stated professional referees.

Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so, or where we need to comply with any contractual duties to you if you are successful with your employment application with us and we offer you employment terms that you agree to and accept (for instance, we may need to pass on certain information to our payroll provider, pension or health insurance schemes).

If in the future we intend to process your personal data for a purpose other than that which it was originally collected, we will provide you with prior information on that purpose and any other relevant information. Your rights to consent are unaffected by any changes in the use of your data

How long we will store your personal information

We have policies in place to ensure we only store the relevant candidate information we need and we will ensure it is securely destroyed when it is no longer needed. We will store candidate information for a maximum of 18 months after the account goes dormant.

Your rights as a Data Subject

Accessing your data: You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. Restrictions may be placed on providing you with certain information we hold about you (e.g. if they relate to the prevention and detection of crime and taxation, or any information we are hold about you under legal privilege via legal advice and proceedings).

Rectification: If you believe that we hold inaccurate personal data about you, then you can either update this information directly by logging into your career site and updating the relevant details or you can request that we carry out a review by emailing our Talent Acquisition Team on Talentacquisition@theverygroup.com Depending on the type of personal data you believe is inaccurate, we may ask you for further proof to ensure that the personal data is being corrected properly. If we are satisfied that the personal data is inaccurate we will make the necessary changes

Erasure:

You have a right to ask for your personal data to be erased in certain circumstances. However, this right does not apply where we have to comply with a legal obligation or where we need personal data for the establishment, exercise or defence of legal claims. Therefore we cannot comply to an erasure request were you have been involved in a selection process were we must keep records

Restricting automated processing and profiling: You have the right to have automated processing and profiling restricted. Potential employee profiling may be used to analyse or predict employee economic situations, health, personal preferences, interests, reliability behaviour, employee locations or movements.  

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

1. Where we have notified you of the decision and given you 21 days to request a reconsideration.

2. Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.

3. In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

We may take decisions about you using automated means as part of the assessment and selection process, such as but not limited to literacy & numeracy assessment.

There are a number of consequences of automated processing:

  • We may refuse your application for employment
  • We may decide to offer you alternative roles within our employment

Data portability: You have the right to request that the information we process by automated means is sent to you or another nominated data controller in a commonly used electronically readable format.

If you wish to invoke any of any of your rights, you should in the first instance raise your requirements with our Human Resources Department who will escalate any requests from you accordingly.

Links to other sites

During the course of our employee onboarding process, you may be required to log in to other sites of our third-party service providers (such as Complete Background Screening, Experian) who may be assisting us with relevant background checks we are required to carry out on potential employees, for which you may potentially need to provide personal data.  You should be aware that our candidate Privacy Notice won’t apply once you enter the other websites.    

Sharing, receiving and exchanging potential employee data

Data sharing

We may have to share your data with third parties, including third-party service providers and other entities in the group.

We require third parties to respect the security of your data and to treat it in accordance with the law.

If we do, you can expect a similar degree of protection in respect of your personal information.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?

“Third parties” includes third-party service providers (including contractors and designated agents) and other entities within our group. The following third-party service providers process personal information about you for the following purposes:

  • Other companies in The Very Group for purposes connected with your potential employment
  • Partners or agents who assist us in our on boarding processes for new employees
  • Regulators, courts or other public authorities
  • Other financial services providers to prevent fraud and to verify identities
  • CIFAS databases established for the purpose of allowing organisations to record and share data on relevant conduct
  • Credit referencing agencies
  • The Police, NCA, Action Fraud, DWP or HMRC in relation to prevention or detection of Financial Crime
  • Emergency Services

Fraud Prevention

We will check your details against the Cifas databases established for the purpose of allowing organisations to record and share data on their fraud cases, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct (“Relevant Conduct”) carried out by their staff and potential staff. “Staff” means an individual engaged as an employee, director, trainee, homeworker, consultant, contractor, temporary or agency worker, or self-employed individual, whether full or part time or for a fixed-term.

The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and other relevant conduct and to verify your identity.

 

Details of the personal information that will be processed include: name, address, date of birth, any maiden or previous name, contact details, document references, National Insurance Number, and nationality. Where relevant, other data including employment details will also be processed.

We and Cifas may also enable law enforcement agencies to access and use your personal data to detect, investigate, and prevent crime

When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also necessary to enable us to enter into and perform our contracts with you.

We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

Consequences of processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse     or withdraw employment terms with you. Should our investigations identify fraud or any other Relevant Conduct by you when applying for or during the course of your engagement with us, your new engagement may be refused or your existing engagement may be terminated or other disciplinary action taken (subject to your rights under your existing contract and under employment law generally)

A record of any fraudulent or other Relevant Conduct by you will be retained by Cifas and may result in others refusing to employ you. If you have any questions about this, please contact the organisation that referred you to this page

Data Transfers

Cifas may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then Cifas will ensure your data continues to be protected by ensuring appropriate safeguards are in place. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Your  Rights

Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data, request that your personal data is erased or corrected, and request access to your personal data.

For more information or to exercise your data protection rights, please contact the The Very Group at DPO@theverygroup.com

 You also have a right to complain to the Information Commissioner's Office which regulates the processing of personal data

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

When might you share my personal information with other entities in the group?

We may share your personal information with other entities in our group as part of the recruitment process.

What about other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may need to share your personal information with a regulator or to otherwise comply with the law.

Transferring information outside the EU

We may transfer the personal information we collect about you to the following countries outside the EU in order to perform our contract with you.

  • Hong Kong
  • South Africa

If the countries to which we transfer your data to are not deemed to provide an adequate level of protection for your personal information, we will ensure that your personal information does receive an adequate level of protection. To ensure this is the case, we will take measures to compensate for the lack of data protection in a third country, by way of appropriate safeguards (for example safeguards consisting of contractual clauses relating in particular to compliance with the general principles relating to personal data processing) If you require further information about this, you can request it from the Data Protection Office.

We will only transfer your personal data to third parties who adhere to appropriate data security standards and controls. From time to time we may need to transfer your personal data to other countries. Where this is the case, we will ensure that the transfer is subject to appropriate safeguards to protect your personal data and complies with applicable law which may include having standard contractual clauses in place with the third party. For further information on how data can be transferred to other countries, please find enclosed a link to the European Commission website: https://ec.europa.eu/info/law/law-topic/data-protection_en

Credit reference agencies

We will use credit reference agencies to check your identity and to provide us with information on how your accounts are conducted. It is likely that they may record our enquiries

We use the following credit reference agencies;-

  • Experian, PO Box 8000, Nottingham, NG80 7WF
  • Equifax, 8 Fletcher Gate, Nottingham NG1 2FS
  • Call Credit Ltd, PO Box 491, Leeds, LS3 1WZ

Credit referencing agencies do publish details of their privacy notices referred to as CRAIN (Credit Referencing Agency Information Notice). You can view this at www.experian.co.uk/crain

You have the right to apply directly to these agencies for more details of the information that they hold about you.

Contact details of controller and Data Protection Officer

If you have any concerns as to how your data is processed you can contact The Very Group’s Data Protection Officer at DPO@theverygroup.com or you can write to the Data Protection Officer at the following address: DPO Office

Sandringham House

Sandringham Avenue

Chelmsford
CM92 1LQ

 

Updates to our ‘Candidate’ Privacy Notice

This Privacy Notice was last updated November 2021