- Purpose and lawful basis for processing
- What will we do with the information you give us?
- What information do we ask for, and why?
- Application stage
- Conditional offer
- After your start date
- How long is the information kept?
- How we make decisions about recruitment
- Your rights
- Do we use any data processors?
Our purpose for processing this information is to assess your suitability for a role you have applied for and to help us develop and improve our recruitment process.
The lawful basis we rely on for processing your personal data are article 6(1)(b) of the UK GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract. And article 6(1)(f) for the purpose of our legitimate interests.
If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.
The lawful basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious, sexual orientation or ethnicity information are article 9(2)(b) of the UK GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights or article 9(2)(g) - necessary for reasons of substantial public interest.
The additional DPA 2018 processing conditions we rely on are Schedule 1 part 1(1) which again relates to processing for employment purposes and Schedule 1, part 2 paragraph 6 – statutory etc and government purposes.
We process information about applicant criminal convictions and offences. The lawful basis we rely to process this data are Article 6(1)(e) for the performance of our public task. In addition we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a).
We’ll use all the information you provide during the recruitment process to progress your application with a view to offering you an employment contract with us, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide with any third parties for marketing purposes.
We’ll use the contact details you give us to contact you to progress your application. We may also contact you to request your feedback about our recruitment process. We’ll use the other information you provide to assess your suitability for the role.
We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it may affect your application if you don’t.
We will use any feedback you provide about our recruitment process to develop and improve our future recruitment campaigns.
If you use our online application system, your details will be collected by our data processor Vacancy Filler on our behalf.
We ask you for your personal details including name and contact details. We’ll also ask you about previous experience, education, referees and for answers to questions relevant to the role. Our recruitment team will have access to all this information.
You will also be asked to provide equal opportunities information. This is not mandatory – if you don’t provide it, it won’t affect your application. We won’t make the information available to any staff outside our recruitment team, including hiring managers, in a way that can identify you. Any information you provide will be used to produce and monitor equal opportunities statistics. This information may also be shared with external equality and diversity auditors.
Our hiring managers shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information if you have provided it.
We may ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; attend an interview; or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by us.
If you are unsuccessful after assessment for the role, we may ask if you would like your details retained in our talent pool. If you say yes, we would proactively contact you should any further suitable vacancies arise.
If you attend an assessment day we may ask you to bring identification documents, such as your passport or driving licence, as well as proof of your qualifications. We will take copies should we need to progress any pre-employment checks. We collect this information at the assessment day from all candidates to minimise any delay to successful candidates being able to commence their role at the ICO. If you’re not appointed to a role, we will delete your information immediately.
If we make a conditional offer of employment, we’ll carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We must confirm the identity of our staff and their right to work in the United Kingdom, and seek assurance as to their trustworthiness, integrity and reliability.
You must therefore provide:
- proof of your identity – you will be asked to attend our office with original documents; we’ll take copies
- proof of your qualifications – you will be asked to attend our office with original documents; we’ll take copies
- a criminal records declaration to declare any unspent convictions
- your email address, which we’ll pass to the Government Recruitment Service, which will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service, or Access NI, which will verify your declaration of unspent convictions.
- We’ll contact your referees, using the details you provide in your application, directly to obtain references
- We’ll also ask you to complete a questionnaire about your health to establish your fitness to work.
- We’ll also ask you about any reasonable adjustments you may require under the Equality Act 2010. This information will be shared with relevant ICO staff to ensure these are in place for when you start your employment.
If we make a final offer, we’ll also ask you for the following:
- bank details – to process salary payments
- emergency contact details – so we know who to contact in case you have an emergency at work
- any membership of a Civil Service Pension scheme – so we can send you a questionnaire to see whether you are eligible to rejoin your previous scheme. Or we’ll provide your information to our partnership pension provider if you don’t want to join the Civil Service Pension scheme.
Some roles require a higher level of security clearance – this will be clear on the advert or job description (or both). If so, you will be asked to submit information via the National Security Vetting process to HMRC. HMRC will be the data controller for this information.
HMRC will tell us whether your application is successful or not. If it is not, we will not be told the reasons but we may need to review your suitability for the role or how you perform your duties.
Our Code of Conduct requires all staff to declare if they have any potential conflicts of interest, or if they are active in a political party. If you complete a declaration, the information will be held on your personnel file. You will also need to declare any secondary employment.
We also offer opportunities for people to come and work with us on a secondment basis. We accept applications from individuals or organisations who think they could benefit from their staff working with us.
Applications are sent directly to us. Once we have considered your application, if we are interested in speaking to you further, we’ll contact you using the details you give.
We may ask you to provide more information about your skills and experience or invite you to an interview.
If we do not have any suitable work at the time, we’ll let you know but we may ask if you would like us to retain your application so that we can proactively contact you about possible opportunities in the future. If you say yes, we’ll keep your application for six months.
If you are seconded to us, we’ll ask you to complete a political affiliation declaration. Also you will be expected to adhere to a confidentiality agreement and code of conduct, which will be agreed with your organisation.
We may also ask you to complete our pre-employment checks or to obtain security clearance via the National Security Vetting process – both of which are described in this notice. Whether you need to do this will depend on the type of work you will be doing for us.
We ask for this information so that we fulfil our obligations to avoid conflicts of interest and to protect the information we hold.
For information about how long we hold personal data, see our retention schedule.
How we make decisions about recruitment
Final recruitment decisions are made by hiring managers and members of our recruitment team. We take account of all the information gathered during the application process.
Any online testing is marked and a result is generated automatically. However, if you wish to challenge the mark you have received, the result can be checked manually.
You can ask about decisions on your application by speaking to your contact in our recruitment team or by emailing [email protected].
As an individual, you have certain rights regarding your own personal data.
For more information on your rights, please see ‘Your rights as an individual’.
Yes – we use several processors to provide elements of our recruitment service for us.
We use Vacancy Filler to operate our our online application system and to produce anonymised management information about campaigns. Here is a link to Vacancy Filler's privacy notice.
If you accept a final offer from us, some of your personnel records will be held on CIPHR, which is an internally used HR records system. Here is a link to its privacy notice.
If you are employed by us, relevant details about you will be provided to Capita HR Services who provide our payroll services. This will include your name, bank details, address, date of birth, National Insurance Number and salary.
Likewise, your details will be provided to MyCSP who is the administrator of the Civil Service Pension Scheme, of which we are a member organisation. You will be auto-enrolled into the pension scheme and the details provided to MyCSP will be your name, date of birth, National Insurance number and salary. Your bank details will not be passed to MyCSP at this time.
We use BHSF to provide our Occupational Health service.
We’ll send you a link to the questionnaire that will take you to their website The information you provide will be held by BHSF, who will give us a fit to work certificate or a report with recommendations. You are able to request to see the report before it is sent to us. If you decline for us to see it, this could affect your job offer. If an occupational health assessment is required, this is likely to be carried out by BHSF.
CEB provide online testing for us. If we ask you to complete one of its tests, we’ll send you a link to the test. Your answers will be provided to and held by CEB. Here is a link to CEB's privacy notice.
For senior vacancies, we sometimes advertise through Hays Recruitment. Hays will collect the application information and may ask you to complete a work preference questionnaire that is used to assess your suitability for the role; the results are assessed by recruiters. Information collected by Hays will be kept for 12 months after the end of our agreement with Hays. Here is a link to Hays' privacy notice.