Applicant Privacy Notice

Introduction

As an applicant for employment/work opportunities with Ashfords LLP, you have the right to know what, how and why your personal data (hereafter “personal information”) is collected and is used by us. You also have the right to know who is it shared with, and for how long it will be retained by us. You also have various other rights under the UK General Data Protection Regulation (“UK GDPR”).

Ashfords LLP ("Ashfords") is a "data controller" in respect of any of your personal information which we process in connection with your application. This means that we are responsible for deciding the purposes and means of the processing of your personal information.

Data protection principles

When we use your data we are required to comply with the law, which includes a set of data protection principles set out in the UK GDPR.  What this means is that your data will be:

  • Processed lawfully, fairly and in a transparent way.
  • Collected only for specified, explicit and legitimate purposes that we have clearly explained to you. Your data will not be used in any way that is incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to the said purposes we have told you about.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the said purposes we have told you about.
  • Processed in a manner that ensures appropriate security.

The kinds of personal information we process about you

In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:

  • The information you or your agent provide on our application form(s) (which may include online submission boxes), including your name, title, address, telephone numbers, personal email addresses, other contact details, date of birth, gender, employment history, qualifications and any other information you provide to us as part of your application.
  • Any information in your curriculum vitae or any covering letter you or your agent sends to us.
  • Any information you provide to us during an interview.
  • Any information supplied to us by your referees, including former employers and character reference contacts, from whom we collect the following categories of data:

- position(s) held;

- dates of employment; and

- feedback relating to the specific enquiry, which may include the referee's personal views, opinions and judgments relating to their context and connection with you.

  • Any information which can be found about you on publicly available websites (e.g. LinkedIn; Companies House; etc.) or via publicly available social media accounts (e.g. Facebook).
  • Any information supplied to us by third parties when we carry out pre-employment screening checks, some of which will depend on the role in question (e.g. identity checks; right to work checks; professional registration status checks; qualification checks; criminal records checks).

Special Category Data and Criminal Convictions and Offences

We may collect, store and use your sensitive personal data, known in the UK GDPR as ‘special category’ data, which is provided to us by you/your agent during the course of your application and the assessment/interview process. In the context of recruitment, such 'special category' data may be data consisting of racial or ethnic origin, religious beliefs, data concerning health and sexual orientation but may also include data revealing political opinions and trade union membership where higher levels of pre-employment screening are required for the role in question. In addition, we may also collect, store and use information relating to criminal convictions and offences which you may reveal to us during the course of your application and/or the assessment/interview process and/or which is revealed through our pre-employment screening checks. Please see below for further details on how we process both special category and criminal convictions and offences data.

How your personal information is collected

We collect personal information about candidates from the following sources:

  • You, the candidate.
  • Any agent you use.
  • Your named referees, including former employers and character reference contacts.
  • Publicly available websites (e.g. LinkedIn; Companies House; etc.).
  • Publicly available social media accounts (e.g. Facebook).
  • Vero Screening – in respect of pre-employment checks relevant to the role. Vero Screening’s checks will include a basic criminal records check with The Disclosure and Barring Service (“DBS”).  Further information on pre-employment screening checks is set out on page 4.
  • The SRA – for regulatory information in respect of all new starters.

How we will and why we can lawfully use your personal information

We may collect the following information up to and including the shortlisting and interview stage of the recruitment process:

Personal Data

What we use it for

Our legal basis

Your name and contact details (such as your address, home and mobile phone numbers and email address).

To contact you regarding your application for a position with Ashfords LLP, such as to invite you to the next stage of the recruitment process, arrange an interview or let you know that you’ve been unsuccessful.

This processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (i.e. to process your job application).

Details of your qualifications, experience, employment history (including job titles, salary and working hours), interests and any referee details supplied.

 

To determine whether you are suitable for that job role and whether you meet the application criteria, to carry out background / reference checks (where applicable) as well as ensuring we have a fair recruitment process.

This processing is necessary:

- for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (i.e. to process your job application);

- to comply with our own legal obligation relating to employment law; and

- to establish, exercise and/or defend any legal claims that may be brought by or against us in connection with your recruitment.

We may confirm your nationality and immigration status.

To ensure you have the right to work in the UK.

This processing is necessary to comply with our own legal obligations relating to employment law.

Any other information that you voluntarily provide to us as part of the recruitment process or which you include on your application or CV (such as education details, social media profiles and personal experiences).

To determine whether you are suitable for that job role and whether you meet the application criteria, as well as ensuring we have a fair recruitment process.

This processing is necessary:

- for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (i.e. to process your job application);

- to establish, exercise and/or defend any legal claims that may be brought by or against us in connection with your recruitment.

 

In addition to the specific legal basis for processing your personal data set out in the table above, it is in our legitimate interests to process your personal information in order to decide whether or not to appoint you to a role, since it would be beneficial to our business to appoint someone suitable and appropriate to that role.

We may rely on more than one lawful ground for processing personal data – please contact us using the details below should you require information on the specific ground that we are relying on to process personal data.

With regard to the storage of your data and our legal basis to do so, please see below under the heading “Data Retention”.

Having received your application we will decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will, inter alia, use the information you provide to us at the interview to assist us to decide whether to offer you the role. If we decide to offer you the role, we will then consider the following list of checks and determine which checks need to be carried out for the role in question.  A number of these checks will be performed for all roles, but some of the checks will only be performed for certain roles (e.g. partnership, client facing roles / higher risk roles in support teams, or other roles in  support teams etc):

  • Employment history and reference checks.
  • Criminal records checks (undertaken via Vero Screening with the DBS).
  • Professional registration status checks, where appropriate.
  • Right to Work checks, where appropriate.
  • Qualification checks in line with the Job Description and the information supplied to us by you or your agent.
  • Identity checks.
  • Further pre-employment screening checks (undertaken by Ashfords LLP or Vero Screening) including an SRA regulatory check. For those seeking a partner or other head of department management role, financial integrity checks will be carried out. Also, for staff in client facing roles and/or higher risk roles in support teams, media searches will be conducted, together with compliance data base checks (which are carried out by Vero Screening and include a search made against an extensive range of UK and international government, law enforcement, regulatory and financial databases - this is designed to reveal potential links to bribery, money laundering, politically exposed persons, (alleged) terrorism, corruption, fraud or regulatory risk) before confirming or not confirming your appointment.

The processing of such additional information for a successful applicant is covered by our Employee Privacy Notice and our Member Privacy Notice.  The Privacy Notice relevant to you will be presented to you at the time we collect such information.

If you fail to provide personal information

If you fail to provide information when requested, which we consider is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require references for a role and you fail to provide us with relevant details, we will not be able to take your application further.

How we use your special category data

We will only process special category data in accordance with applicable Data Protection legislation.

For special category data, there are separately specified lawful reasons which we rely on in addition to the requirement that such processing is necessary for compliance with a legal obligation or necessary for performing a contract with you or necessary for our legitimate interests.  The relevant additional reasons for processing special category data are summarised in a) to d) below:

a) It is necessary for our or your obligations or rights in the field of employment law or social security law;

This means that, if you have a disability or health condition, we will only use information about your disability status or health to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during an assessment or an interview, in order to comply with our legal obligations. Please note that we will only collect disability and health information if you provide this to us as part of the recruitment process.

b) The personal information has been manifestly made public by you, for example, it is in the public domain via social media;

c) It is necessary in relation to legal claims;

d) It is necessary for reasons of substantial public interest.

The laws of England and Wales place our monitoring of diversity and equality of opportunity in this category providing certain safeguards are in place.  We may therefore collect and process information about your race or ethnic origin, religious beliefs, or your sexual orientation, to ensure meaningful equal opportunity monitoring and reporting in accordance with our legal and regulatory obligations should your application be successful, in which case this data will be processed in accordance with our Employee or Member Privacy Notice.

Our processing of the results of the pre-employment screening checks which may reveal special category data also falls within this category.

We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing special category data, as required by law. If you require further information about these safeguards or would like to see our appropriate policy document, please contact us using the contact details set out below.

Information about criminal convictions and offences

We will only process information about criminal convictions and offences in accordance with applicable Data Protection legislation.

For information about criminal convictions and offences, there are separately specified lawful reasons which we rely on in addition to the requirement that such processing is necessary for compliance with a legal obligation or necessary for performing a contract with you or necessary for our legitimate interests.  We will only process this information where such processing falls within at least one of the following reasons:

a) It is necessary for our or your obligations or rights in the field of employment law or social security law;

b) The personal information has been manifestly made public by you, for example, it is in the public domain via social media;

c) It is necessary in relation to legal claims;

d) It is necessary for reasons of substantial public interest, such as where the processing is necessary for the purpose of (i) preventing or detecting unlawful acts, or (ii) protecting the public against dishonesty, or (iii) regulatory requirements relating to unlawful acts and dishonesty, or (iv) preventing fraud, or (v) making disclosures of suspicions of terrorist financing or money laundering.

We are required pursuant to our regulatory obligations (as set down by the SRA), to carry out a basic criminal records check for most roles in our organisation.  We also undertake this check more widely to give us assurances that there is nothing in a preferred candidate’s criminal convictions history which makes them unsuitable for the role we have offered or for working in a regulated organisation.  If you have any questions about the level of screening applicable to the role in question, please ask the HR team.

We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing criminal conviction and offences data, as required by law. If you require further information about these safeguards or would like to see our appropriate policy document, please contact us using the contact details set out below.

Recruitment of ex-offenders policy statement

We are committed to the fair treatment of our people and prospective people regardless of their offending background.

The firm promotes equality of opportunity for all with the right mix of talent, skills and potential. Having a criminal record will not necessarily bar an individual from working with us and we welcome applications from a wide range of candidates. The firm selects all candidates for interview based on their skills, qualifications and experience.

If we have concerns about the information that has been disclosed by an applicant and/or criminal record bureau, or the information is not as expected, we will discuss our concerns with the applicant and carry out a risk assessment. Our risk assessment will take into account the circumstances and background of any offences and whether they are relevant to the position in question, balancing the rights and interests of the individual, our current workforce, clients, suppliers and the public.

We treat all applicants fairly but reserve the right to withdraw an offer of employment if an individual does not disclose relevant information, or if a criminal bureau check reveals information which we reasonably believe would make an individual unsuitable for a role in our regulated business.

Data sharing and third parties

We will only share your personal information with our staff and partners/members and the following third parties, for the purposes of processing your application and complying with our legal and regulatory obligations:

  • cvMail, our chosen recruitment portal.
  • RARE Contextual Recruitment System: this relates solely to our trainee application process, as described within the application form itself.
  • Vero Screening Limited (which may, in turn, share this information with other third parties for the purposes of conducting the relevant screening checks including, for example, DBS).
  • Our IT service providers.
  • Relevant legal and regulatory bodies/organisations and third-party organisations engaged by these bodies/organisations to carry out audit functions.

All our third-party service providers are required to take appropriate security measures to protect your personal information. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data in accordance with our instructions and the law.

Data security

We have put in place measures so that your personal information is processed in ways that ensure appropriate security of your personal information, including protection against your personal information being accidentally lost, altered or destroyed, or used or accessed in an unauthorised or unlawful way. We limit access to your personal information to those persons and entities who have a business need-to-know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

How long we will use your personal information for

If we do not appoint you to a role, we will (save for any emails that have been sent to or by us in connection with your application, which we retain for 15 years from the year in which we receive or send the email) retain your personal information for a period of 12 months after we have communicated to you our decision not to appoint you to a role (save for applicants for trainee solicitor roles where the period is 2 years). We retain your personal information for that period to comply with our regulatory obligations (including, specifically, the terms of our accreditations) and so that we can show, in the event of a legal claim or an audit carried out by a regulatory body/organisation, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After the aforementioned periods, we will securely destroy your personal information in accordance with our data retention policy, save that if we wish to retain your personal information on file beyond the aforesaid 12 month period, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.

If your application is successful your personal information will be retained on your personnel file and will then be governed by our Employee Privacy Notice and Member Privacy Notice. We will provide you with a copy of the relevant Privacy Notice before you accept a job/work opportunity with us.

Please note that, as a business, we store and can access every email we are sent and/or receive for 15 years, via a third party service provider we use.  They operate a password protected cloud based email-management system. It is in our legitimate interests to store such emails in order that we are able to defend ourselves against any legal claims that may be threatened or brought against us. 

Transferring personal information outside the UK

We may transfer the personal information we collect about you outside the UK, for example if one of our IT service providers operates outside of the UK. Where we do, we will before doing so satisfy ourselves that we are permitted to do so by law and, in our dealings and contractual relationships with our relevant third party service providers, that your personal information will be treated by those third parties in a way that is consistent with UK laws on data protection.

For further information on the measures we put in place when transferring your personal information outside of the UK you can contact us using the contact details set out below.  

Your rights in connection with your personal information

Under certain circumstances, by law you have the right to:

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you.

Request rectification of the personal information that we hold about you. This enables you to have any inaccurate information we hold about you corrected.

Request erasure of your personal information - the ‘right to be forgotten’. This enables you, in certain circumstances, to ask us to delete or remove personal information. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes, which we will not be doing.

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party – ‘data portability’.

For further information on each of these rights, including the circumstances in which they apply, please contact us or consult the guidance issued by the UK Information Commissioner’s Office (“ICO”) on individuals’ rights under the UK GDPR. If you want to exercise any of these rights, please contact us (or our authorised representative if you are based in the EEA) in writing at the relevant address set out at the end of this notice.

Data protection enquiries or complaints

If you have any questions about this privacy notice or how we handle your personal information, or you wish to make a complaint, please contact us at: Risk & Compliance, Ashfords LLP, Ashford House, Grenadier Road, Exeter, EX1 3LH, or by email at Risk&Compliance@ashfords.co.uk.

From 1st January 2021, if you are based in the EEA you may contact our authorised representative:

Contact: Data Protection Officer

Address:

CORNET VINCENT SEGUREL

251 bd Pereire – 75852 Paris

France

Email: rgpd@cvs-avocats.com

Please ensure that, in any correspondence you send, Ashfords LLP is referenced in the subject heading.  You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, who may be contacted via www.ico.org.uk.

Last updated:  30 January 2023