Search

Applicant Privacy Notice

Introduction

As an applicant for employment/work opportunities with Ashfords LLP, you have the right to know what, how and why your personal data (hereafter “personal information”) is collected and is used by us. You also have the right to know who is it shared with, and for how long it will be retained by us. You also have various other rights under the General Data Protection Regulation (GDPR).

Ashfords LLP ("Ashfords") is a "data controller" in respect of any of your personal information which we process in connection with your application. This means that we are responsible for deciding the purposes and means of the processing of your personal information.

Data protection principles

When we use your data we are required to comply with the law, which includes a set of data protection principles set out in the GDPR.  What this means is that your data will be:

  • Processed lawfully, fairly and in a transparent way.
  • Collected only for specified, explicit and legitimate purposes that we have clearly explained to you. Your data will not be used in any way that is incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to the said purposes we have told you about.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the said purposes we have told you about.
  • Processed in a manner that ensures appropriate security.

The kinds of personal information we process about you

In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:

  • The information you or your agent provide on our application form(s) (which may include online submission boxes), including your name, title, address, telephone numbers, personal email addresses, other contact details, date of birth, gender, employment history, qualifications and any other information you provide to us as part of your application.
  • Any information in your curriculum vitae or any covering letter you or your agent sends to us.
  • Any information you provide to us during an interview.
  • Any information supplied to us by your referees, including former employers and character reference contacts, from whom we collect the following categories of data:

- position(s) held;

- dates of employment; and

- feedback relating to the specific enquiry, which may include the referee's personal views, opinions and judgments relating to their context and connection with you.

  • Any information which can be found about you on publicly available websites (e.g. LinkedIn; Companies House; etc.) or via publicly available social media accounts (e.g. Facebook).
  • Any information supplied to us by third parties when we carry out checks that by law or regulation we are required to carry out (e.g. identity checks; right to work checks; professional registration status checks; qualification checks; criminal records checks).

Special Category Data

We may collect, store and use your sensitive personal data, known in the GDPR as ‘special category’ data, which is provided to us by you/your agent during the course of your application and the assessment/interview process. Such 'special category' data will be data consisting of racial or ethnic origin, religious beliefs, data concerning health and sexual orientation. In addition, we may also collect, store and use information relating to criminal convictions and offences. Please see below for further details on how we process both special category and criminal convictions data.

How your personal information is collected

We collect personal information about candidates from the following sources:

  • You, the candidate.
  • Any agent you use.
  • Your named referees, including former employers and character reference contacts.
  • The Disclosure and Barring Service (“DBS”), in respect of a basic criminal records check for all new starters.
  • Publicly available websites (e.g. LinkedIn; Companies House; etc.).
  • Publicly available social media accounts (e.g. Facebook).
  • Vero Screening – in respect of pre-employment checks relevant to the role.
  • The SRA.

How we will and why we can lawfully use your personal information

We may collect the following information up to and including the shortlisting and interview stage of the recruitment process:

Personal Data

What we use it for

Our legal basis

Your name and contact details (such as your address, home and mobile phone numbers and email address).

To contact you regarding your application for a position with Ashfords LLP, such as to invite you to the next stage of the recruitment process, arrange an interview or let you know that you’ve been unsuccessful.

This processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (i.e. to process your job application).

Details of your qualifications, experience, employment history (including job titles, salary and working hours) , interests and any referee details supplied.

 

To determine whether you are suitable for that job role and whether you meet the application criteria, to carry out background / reference checks (where applicable) as well as ensuring we have a fair recruitment process.

This processing is necessary:

- for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (i.e. to process your job application);

- to comply with our own legal obligation relating to employment law; and

- to establish, exercise and/or defend any legal claims that may be brought by or against us in connection with your recruitment.

We may confirm your nationality and immigration status.

To ensure you have the right to work in the UK.

This processing is necessary to comply with our own legal obligations relating to employment law.

Any other information that you voluntarily provide to us as part of the recruitment process or which you include on your application or CV (such as education details, social media profiles and personal experiences).

To determine whether you are suitable for that job role and whether you meet the application criteria, as well as ensuring we have a fair recruitment process.

This processing is necessary:

- for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (i.e. to process your job application);

- to establish, exercise and/or defend any legal claims that may be brought by or against us in connection with your recruitment.

 

In addition to the specific legal basis for processing your personal data set out in the table above, it is in our legitimate interests to process your personal information in order to decide whether or not to appoint you to a role, since it would be beneficial to our business to appoint someone suitable and appropriate to that role.

We may rely on more than one lawful ground for processing personal data – please contact us using the details below should you require information on the specific ground that we are relying on to process personal data.

With regard to the storage of your data and our legal basis to do so, please see below under the heading “Data Retention”.

Having received your application we will decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will, inter alia, use the information you provide to us at the interview to assist us to decide whether to offer you the role. If we decide to offer you the role, we will then perform:

  • Employment history and reference checks.
  • Criminal records checks (undertaken via Vero Screening with the DBS).
  • Professional registration status checks, where appropriate.
  • Right to Work checks, where appropriate.
  • Qualification checks in line with the Job Description and the information supplied to us by you or your agent.
  • Identity checks.
  • Further pre-employment screening checks (undertaken by Ashfords LLP or Vero Screening). For example, for those seeking a partner role, further financial integrity checks will be carried out, media searches conducted, compliance data base checks (which are carried out by Vero Screening and include a search made against an extensive range of UK and international government, law enforcement, regulatory and financial databases. This is designed to reveal potential links to bribery, money laundering, politically exposed persons, (alleged) terrorism, corruption, fraud or miscellaneous risk) before confirming or not confirming your appointment.
  • The processing of such additional information for a successful applicant is covered by our Employee Privacy Notice, which will be presented to you at the time we collect such information.

 

If you fail to provide personal information

If you fail to provide information when requested, which we consider is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require references for a role and you fail to provide us with relevant details, we will not be able to take your application further.

How we use your special category data

We will use your special category data in the following ways:

  • If you have a disability or health condition we will only use information about your disability status or health to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during an assessment or an interview, in order to comply with our legal obligations. Please note that we will only collect disability and health information if you provide this to us as part of the recruitment process.
  • We may collect information about your race or ethnic origin, religious beliefs, or your sexual orientation, to ensure meaningful equal opportunity monitoring and reporting in accordance with our legal and regulatory obligations should your application be successful, in which case this will be processed in accordance with our Employee Privacy Notice.

Information about criminal convictions

We are required pursuant to our regulatory obligations (as set down by the SRA), to carry out a basic criminal records check for all roles, in order to satisfy ourselves that there is nothing in a candidate’s criminal convictions history which makes them unsuitable for the role.

We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing both special category and criminal conviction data, as required by law. If you require further information about these safeguards or would like to see our appropriate policy document, please contact us using the contact details set out below.

Data sharing and third parties

We will only share your personal information with our staff and partners/members and the following third parties, for the purposes of processing your application and complying with our legal and regulatory obligations:

  • cvMail, our chosen recruitment portal.
  • RARE Contextual Recruitment System: this relates solely to our trainee application process, as described within the application form itself.
  • Vero Screening Limited.
  • Our IT service providers.
  • Relevant legal and regulatory bodies/organisations and third-party organisations engaged by these bodies/organisations to carry out audit functions.

All our third-party service providers are required to take appropriate security measures to protect your personal information. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data in accordance with our instructions and the law.

Data security

We have put in place measures so that your personal information is processed in ways that ensure appropriate security of your personal information, including protection against your personal information being accidentally lost, altered or destroyed, or used or accessed in an unauthorised or unlawful way. We limit access to your personal information to those persons and entities who have a business need-to-know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

How long we will use your personal information for

If we do not appoint you to a role, we will (save for any emails that have been sent to or by us in connection with your application, which we retain for 15 years from the year in which we receive or send the email) retain your personal information for a period of 12 months after we have communicated to you our decision not to appoint you to a role (save for applicants for trainee solicitor roles where the period is 2 years). We retain your personal information for that period to comply with our regulatory obligations (including, specifically, the terms of our accreditations) and so that we can show, in the event of a legal claim or an audit carried out by a regulatory body/organisation, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After the aforementioned periods, we will securely destroy your personal information in accordance with our data retention policy, save that if we wish to retain your personal information on file beyond the aforesaid 12 month period, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.

If your application is successful your personal information will be retained on your personnel file and will then be governed by our privacy notices for employees and partners of Ashfords LLP. We will provide you with a copy of the relevant privacy notice before you accept a job/work opportunity with us.

Please note that, as a business, we store and can access every email we are sent and/or receive for 15 years, via a third party service provider we use.  They operate a password protected cloud based email-management system. It is in our legitimate interests to store such emails in order that we are able to defend ourselves against any legal claims that may be threatened or brought against us.

Transferring personal information outside the UK and EEA

We may transfer the personal information we collect about you outside the UK and European Economic Area (EEA), for example if one of our IT service providers operates outside of the UK and EEA. Where we do, we will before doing so satisfy ourselves that we are permitted to do so by law and, in our dealings and contractual relationships with our relevant third party service providers, that your personal information will be treated by those third parties in a way that is consistent with and which respects EU and UK laws on data protection.

To obtain a copy of the measures we put in place when transferring your personal information outside of the UK and EEA you can contact us using the contact details set out below.  

Your rights in connection with your personal information

Under certain circumstances, by law you have the right to:

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you.

Request rectification of the personal information that we hold about you. This enables you to have any inaccurate information we hold about you corrected.

Request erasure of your personal information - the ‘right to be forgotten’. This enables you, in certain circumstances, to ask us to delete or remove personal information. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes, which we will not be doing.

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party – ‘data portability’.

For further information on each of these rights, including the circumstances in which they apply, please contact us or consult the guidance issued by the UK Information Commissioner’s Office (“ICO”) on individuals’ rights under the GDPR. If you want to exercise any of these rights, please contact us in writing at the address set out at the end of this notice.

Data protection enquiries or complaints

If you have any questions about this privacy notice or how we handle your personal information, or you wish to make a complaint, please contact us at: Risk & Compliance, Ashfords LLP, Ashford House, Grenadier Road, Exeter, EX1 3LH, or by email at RiskandCompliance@ashfords.co.uk.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, who may be contacted via www.ico.org.uk.

Last updated: October 2020.

Send us a message