Recruitment Privacy Notice

Introduction

Owlstone Medical Limited (referred to as “OML”, “We, “Our” or “Us”), is committed to protecting the privacy and security of your personal information.

You have been directed to or otherwise sent a copy of this privacy notice because you are applying for work with us (whether as an employee, worker or contractor). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under Data Protection Legislation, which means the Data Protection Act 2018 (DPA 2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003, the EU General Data Protection Regulation (EU GDPR – where relevant) and any legislation implemented in connection with the aforementioned legislation.

If you are successful in your application, you will be provided with a separate privacy notice relating to your employment with us.

Data Controller

Owlstone Medical Limited is the controller for the personal information we process as identified in this privacy notice.

We are registered with the Information Commissioner’s Office (the ICO) with registration number ZB023504.

We have appointed a Data Protection Officer to help us monitor internal compliance, inform and advise on data protection obligations, and act as a point of contact for data subjects and the ICO.

Our Data Protection Officer is:

The DPO Centre Ltd.
50 Liverpool Street
London
EC2M 7PY
www.dpocentre.com

We have also appointed an EU Representative to act on our behalf for EU GDPR matters

Our EU Representative is The DPO Centre Europe Ltd.

For further details on how you can contact us or our EU Representative, please see the contact us section below.

The information we collect and when

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:

The information you have provided to us in your curriculum vitae and covering letter.
The information you have provided on our application form, including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications.
Any information you provide to us during an interview.
The results of any tests or assessments as part of our interview process.
Information generated from background and/or security checks, where necessary, which could include information about criminal convictions and offences.
Cookies and IP addresses if you have applied via our wesbite. For more information please see our Cookie Policy on our website
CCTV images if you visit one of our sites

We may also collect, store and use the following types of more sensitive personal information:

Information about your race or ethnicity, religious beliefs, sexual orientation.
Information about your health, including any medical condition, health and sickness records.

How we collect and use your information

In most instances we collect personal information directly from you, the candidate. In other instances, we may collect personal information from:

Recruitment agencies
Background check providers
Credit reference agencies
Disclosure and Barring Service in respect of criminal convictions
Your named referees
The Home Office, for employees requiring visas
Our immigration lawyers, with your consent, as part og the visa application process

We will use the personal information we collect about you to:

Assess your skills, qualifications, and suitability for the role
Carry out background and reference checks, where applicable
Communicate with you about the recruitment process
Keep records related to our hiring processes.
Comply with legal or regulatory requirements.

We only process your data when we have a lawful basis to do so:

It is in our legitimate interests to decide whether to appoint you as it would be beneficial to our business to appoint someone in the position you have applied for.
We also need to process your personal information to decide whether to enter into a contract of employment with you.
We may ask for your consent to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that.

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

How we use particularly sensitive personal information

Special category data

We may use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.

We may use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting in accordance with any governing legislation or such that a regulatory body requires us to do so.

Information about criminal convictions

We will collect information about your criminal convictions history if we offer you a position with us and you accept (conditional on checks and any other conditions, such as references, being satisfactory). Specifically, we process information required for Baseline Personnel Security Standard (BPSS), which will include a report from the DBS on criminal convictions history. We do this to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role and as part of our security policy. Our roles require a high degree of trust and integrity and it is therefore best practice to undertake such checks and a pre-requisitie in some instances.

We have in place an Appropriate Policy Document and safeguards which we are required by law to maintain when processing such data.

Automated decision making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Who we might share your information with

We will only share your personal information with the following third parties for the purposes of processing your application: recruitment agencies, Workable (our recruitment system) and parties involved with pre-employment checks, VISA applications and so on. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers of information

Our data processing largely takes place in the UK.

If we were required to transfer your personal information out of the UK or EU to countries not deemed by the ICO (and or European Commission as relevant) to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the data protection legislation, such as the specific contracts approved by the ICO (or European Commission as relevant) providing adequate protection of personal information.

Your rights over your information

The right to be informed about our collection and use of personal data;

You have the right to be informed about the collection and use of your personal data. We ensure we do this through this privacy notice. This is regularly reviewed and updated to ensure it is accurate and reflects our data processing activities.

Right to access your personal information

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed a ‘Data Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within one month from when your identity has been confirmed.

We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.