Application and Recruitment policy - DAC Beachcroft

Application and Recruitment policy

INTRODUCTION

DAC Beachcroft is committed to protecting the data of all people we deal with.  Our Privacy Policy is divided into separate sections for your ease. Each section sets out important information about how DAC Beachcroft may collect and use your data depending upon the categories of individuals whose data we process (such reference to “data” means all forms of personal data).

This Policy applies if you are applying to join us as an employee, Partner/Member, contractor, consultant, temporary or agency staff,  trainee solicitor, apprentice, or applying for work experience. It applies globally and is based on UK and European data protection principles. We will update this Policy from time to time.

WHO WE ARE

DAC Beachcroft is an international legal business which operates through separately constituted and regulated legal entities providing legal and/or claims handling services in accordance with the relevant laws of the jurisdictions in which the different entities operate. 

The use of words and/or phrases such as "DAC Beachcroft", "we", "us" or "our" is for convenience only and refers to any of the entities listed on our Legal and Regulatory page, each of which is a separate data controller in their own right.

WHAT DATA DO WE COLLECT AND WHERE DO WE GET IT FROM?

DAC Beachcroft will collect, use and store your personal data for a wide variety of reasons in connection with our application and recruitment process.

The table below sets out the main categories of data that we collect and the sources we collect it from. The table is not exhaustive and there may be other data and other sources which DAC Beachcroft collects, uses and stores in the context of our relationship.

Type of data

Source of data

Contact and personal information including your name, home address, personal telephone number(s) and/or personal e-mail address), date of birth and gender

 

You, recruitment agencies and where appropriate existing colleagues

Work history and other relevant experience including information contained in CV, cover letter and/or job application form

 

You, recruitment agencies, former employers, third party referencing and vetting (see further below) and publically available resources such as LinkedIn

Education information including degrees awarded, transcripts and other information provided in support of the job application

You, recruitment agencies, third party referencing and vetting (see further below) and publically available resources such as LinkedIn

Reward history

You and recruitment agencies

Interviews including information collected during phone screenings/interviews, interviews virtually and/or interviews in person such as details regarding the type of employment sought, desired salary, willingness to relocate, job preferences, other information related to compensation and/or benefits and information related to previous applications to us or previous employment history with us

You, our IT and other systems, building access records and CCTV recordings

Reference information and information received from background checks (where applicable)

You, former employers, third party referencing and vetting (see further below), official bodies such as regulators or criminal records bureaus

Right to work, documents evidencing your right to work (including information about your immigration status where relevant)

You, third party referencing and vetting (see further below) and official bodies such as regulators

Referencing and vetting

As part of our referencing and vetting referred to above, we may contact certain third parties in order to verify your personal information (including personal information that you provide as part of the application and recruitment process). These third parties may include:

  • former employers in order to verify your previous employment history (this may include contacting your current or former accountants where you are or were self-employed or an agency where you were paid through the agency);
  • universities and/or other establishments for higher education that you attended in order to verify your education history;
  • other institutes in order to verify other qualifications (such as CIPD);
  • verification agencies to verify your credit reference, directorships, identification and criminal record checks; and/or
  • professional bodies in order to verify membership.

We will only seek this information in relation to successful candidates that have accepted a conditional offer of employment with us and we will specifically inform such candidates that we will be contacting these third parties in advance of doing so.

Please note that the majority of the data to be provided by you is mandatory in connection with our recruiting activities. Failure to provide mandatory data may affect our ability to accomplish the purposes stated in this Policy, including considering your suitability for employment and/or entering into an employment contract with you.

HOW DO WE USE DATA?

DAC Beachcroft uses your data for a variety of purposes in order to take steps necessary to enter into an employment contract with you, to comply with legal obligations or otherwise in pursuit of our legitimate business interests.

We have set out in the table below the main purposes for which your data may be processed and the ‘lawful basis’ for the processing i.e. the legal reason we are able to process your data. For information regarding how we use cookies and similar technologies in connection with your use of our website and digital platforms, please read our Cookies Policy.

Personal data

What we use data for

Our reasons / lawful basis

Corresponding with you or to others (electronically and/or physically (e.g. by letter, fax, telephone (including within any recording or transcription), email, secure sharing portal or SMS), which may include the use of third party suppliers (such as electronic signature providers))

For a legitimate interest

Verifying candidate information and carrying out employment, background and reference checks, where applicable and in order to prevent fraud

For a legitimate interest

To identify and evaluate job applicants, including assessing skills, qualifications and experience

For a legitimate interest

Communicating with you about the recruitment process and your application

For a legitimate interest

To comply with our legal, regulatory, or other corporate governance requirements

For a legitimate interest

For the purposes of conducting data analytics to review and better understand the operation of our recruitment processes

For a legitimate interest

To consider you for other roles that may be appropriate for you

For a legitimate interest

Special categories of data

Certain categories of data are considered "special categories of personal data" and are subject to additional safeguards. DAC Beachcroft limits the special categories of data which it processes as follows:

Health Information

We may process information about a candidate's physical or mental health in compliance with our obligations owed to disabled employees.

We will always treat information about health as confidential and it will only be shared internally where there is a specific and legitimate purpose to do so. We have implemented appropriate physical, technical, and organisational security measures designed to secure your data against accidental loss and unauthorised access, use, alteration, or disclosure.

If a candidate is successful, any health information processed as part of the recruitment process that is relevant to DAC Beachcroft's compliance with its obligations in connection with employment will be retained and processed in accordance with the Employee and Member Privacy Policy.

If a candidate is unsuccessful, any health information obtained as part of recruitment process will be deleted with the rest of the candidate's data within 15 months of their rejection subject to any exceptional circumstances and/or to comply with particular jurisdictional laws and/or regulations and/or business continuity purposes.

Criminal Record Information

Given the nature of our business, we ask successful candidates who have accepted a conditional offer of employment to disclose their criminal record history and we carry out criminal record checks as part of our background vetting process and in compliance with our obligations in connection with employment.

We will always treat criminal record history as confidential and it will only be shared internally where there is a specific and legitimate purpose to do so. We have implemented appropriate physical, technical, and organisational security measures designed to secure your data against accidental loss and unauthorised access, use, alteration, or disclosure.

Criminal record information will be deleted once the recruitment process has been completed, subject to any exceptional circumstances and/or to comply with particular laws or regulations. Criminal record information will be retained in accordance with our information retention and destruction policy, although the outcome of any check will remain on the employee's record. Criminal record information will typically be retained for a maximum of 15 months, although the outcome of any check will remain on the employee's record.

Equal Opportunities Monitoring

DAC Beachcroft is committed to providing equal opportunities for employment and progression to all of its employees and from time to time it will process information relating to ethnic origin, race, nationality, sexual orientation and disability, alongside information relating to gender and age, for the purposes of equal opportunities monitoring.

We have implemented appropriate physical, technical, and organisational security measures designed to secure your data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, this monitoring will always take place in accordance with appropriate safeguards as required under applicable law, including:

  • the provision of information relating to ethnic origin, race, nationality, sexual orientation and disability for the purposes of monitoring will be voluntary and processed for this purpose only with your consent;
  • wherever possible, the monitoring will be conducted on the basis of using anonymised data so individual candidates cannot be identified; and/or
  • the information processed for monitoring purposes will be maintained separately from general management and HR records.

WHEN DO WE SHARE DATA?

DAC Beachcroft may share data with the following in certain circumstances and where it is necessary to achieve the purposes detailed above:

  • Recruitment agencies;
  • Referencing & vetting specialists;
  • Occupational health providers;
  • HMRC (in the UK), Revenue (in Ireland) and/or any other applicable government body;
  • Criminal records bureaus;
  • Accountants, lawyers and other professional advisers; and/or
  • Our regulators.

The list above is not exhaustive.

Transferring data out of the United Kingdom (UK) and European Economic Area (EEA)

As we are a global employer, data may be transferred outside of the UK and the European Economic Area ('EEA'). For example this may be to share your data with other group companies from time to time for the purposes to set out in this Policy. In particular, DAC Beachcroft may share your data with other group companies for the purposes of support with employee administration and the management of participation in the employee stock plan and related benefits.

Where we transfer your personal data outside the UK or the EEA we do so on the basis of an adequacy decision or (where this is not available) legally-approved standard data protection clauses. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your data outside the UK or the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection legislation.  

HOW DO WE KEEP DATA SECURE?

We have appropriate technical and organisational measures in place to protect data. We limit access to data to those who have a genuine business need to access it. Those processing data will do so only in an authorised manner and are subject to a duty of confidentiality. We continually test our systems and are ISO 27001 and Cyber Essentials PLUS certified, which means we follow industry standards for information security.

We also have procedures to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

HOW LONG WILL WE KEEP DATA?

DAC Beachcroft's policy is to retain data only for as long as needed to fulfil the purpose(s) for which it was collected, or otherwise as required under applicable jurisdictional laws and/or regulations and/or business continuity purposes. Under some circumstances we may anonymise your data so that it can no longer be associated with you. We reserve the right to retain and use such anonymous data for any legitimate business purpose without further notice to you.

For unsuccessful candidates:

  • We will typically retain data collected during the recruitment process for a maximum period of 15 months from the end of the process subject to any exceptional circumstances and/or to comply with particular jurisdictional laws and/or regulations and/or business continuity purposes.
  • We may retain select data relating to particular candidates on file for a longer period than 15 months in order to follow up with the candidates in relation to future vacancies; if you do not wish for your data to be maintained on file for this purpose, please inform us.

For successful candidates:

  • If you are offered and accept employment with us, the data we collected during the application and recruitment process will become part of your employment record and we may use it in connection with your employment in accordance with our Employee and Member Privacy Policy available internally.


WHAT ARE YOUR RIGHTS IN RELATION TO YOUR DATA?

DAC Beachcroft will always seek to process your data in accordance with our obligations, our rights and your rights.

You will not be subject to decisions based solely on automated data processing without your prior consent.

In certain circumstances, you have the right to seek the erasure or correction of your data, to object to particular aspects of how your data is processed, and otherwise to seek the restriction of the processing of your data. You also have the right to request the transfer of your data to another party in a commonly used format.

You have a separate right of access to your data processed by DAC Beachcroft. You may be asked for information to confirm your identity and/or assist DAC Beachcroft to locate the data you are seeking as part of DAC Beachcroft's response to your request. If you wish to exercise your right of access, please contact our Data Protection Enquiry Team (outlined below).

You have the right to raise any concerns or complain about how your data is being processed with:

Location

Data Protection Supervisory Authority

Contact details

UK

Information Commissioner's Office (ICO)

ICO's website: https://ico.org.uk/concerns/ or contact the ICO on 0303 123 1113 or casework@ico.org

Ireland

Data Protection Commissioner (DPC)

DPC's website: https://dataprotection.ie/docs/complaints/1592.htm or contact the DPC on 1890 25 22 31 or info@dataprotection.ie

Spain

Spanish Data Protection Agency/Agencia Española de Protección de Datos (AEPD)

AEPD's website: https://www.agpd.es/portalwebAGPD/index-iden-idphp.php or contact the AEPD on 901 100 099 – 912 663 517

France

Commission nationale de l'informatique et des libertés (CNIL)

CNIL’s website: https://www.cnil.fr/ or contact CNIL on +33 (0) 1 53 73 22 22

We have elected the DPC as our Lead Supervisory Authority within the EU.

WHERE CAN YOU GET FURTHER INFORMATION?

If you have any questions about this Policy, want to exercise any of your rights in relation to your data as set out above or want to raise any concerns or complain about how your data is being processed, please use our contact details below in the first instance:

Emaildataprotectionenquiryteam@dacbeachcroft.com

Post: Data Protection Enquiry Team
DAC Beachcroft
St Paul's House
23 Park Square South
Leeds
United Kingdom
LS1 2ND

DO YOU NEED EXTRA HELP?

If you would like this Policy in another format (for example audio or large print), please contact us (see ‘Where can you get further information’ above).

Last updated: May 2022