This infographic gives you some basic details about what we do with you information during the application process. There is more detail below.

What we do with your personal data when you apply for a job

Purpose and legal basis for processing

Our purpose for processing this information is to assess your suitability for a role you have applied for.

The legal basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract. The legal basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnic information is article 9(2)(b) of the GDPR, which also relates to our obligations in employment  and the safeguarding of your fundamental rights and article 9(2)(h) for assessing your work capacity as an employee. And Schedule 1 part 1(1) and (2)(a) and (b) of the DPA2018 which relates to processing for employment, the assessment of your working capacity and preventative or occupational medicine.

What will we do with the information you give us?

We’ll use all the information you provide during the recruitment process to progress your application with a view to offering you an employment contract with us, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide with any third parties for marketing purposes.

We’ll use the contact details you give us to contact you to progress your application. We’ll use the other information you provide to assess your suitability for the role.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it may affect your application if you don’t.

Application stage

If you use our online application system, your details will be collected by a data processor on our behalf (please see below).

We ask you for your personal details including name and contact details. We’ll also ask you about previous experience, education, referees and for answers to questions relevant to the role. Our recruitment team will have access to all this information.

You will also be asked to provide equal opportunities information. This is not mandatory – if you don’t provide it, it won’t affect your application. We won’t make the information available to any staff outside our recruitment team, including hiring managers, in a way that can identify you. Any information you provide will be used to produce and monitor equal opportunities statistics.

Shortlisting

Our hiring managers shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information if you have provided it.

Assessments

We may ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; attend an interview; or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by us.

If you are unsuccessful after assessment for the role, we may ask if you would like your details retained in our talent pool. If you say yes, we would proactively contact you should any further suitable vacancies arise.

Conditional offer

If we make a conditional offer of employment, we’ll ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We must confirm the identity of our staff and their right to work in the United Kingdom, and seek assurance as to their trustworthiness, integrity and reliability.

You must therefore provide:

• proof of your identity – you will be asked to attend our office with original documents; we’ll take copies
• proof of your qualifications – you will be asked to attend our office with original documents; we’ll take copies
• a criminal records declaration to declare any unspent convictions
• your email address, which we’ll pass to the Government Recruitment Service, which will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service, or Access NI, which will verify your declaration of unspent convictions.

• We’ll contact your referees, using the details you provide in your application, directly to obtain references
• We’ll also ask you to complete a questionnaire about your health to establish your fitness to work.

If we make a final offer, we’ll also ask you for the following:

• bank details – to process salary payments
• emergency contact details – so we know who to contact in case you have an emergency at work
• any membership of a Civil Service Pension scheme – so we can send you a questionnaire to see whether you are eligible to rejoin your previous scheme. Or we’ll provide your information to our partnership pension provider if you don’t want to join the Civil Service Pension scheme.

After your start date

Some roles require a higher level of security clearance – this will be clear on the advert or job description (or both). If so, you will be asked to submit information via the National Security Vetting process to HMRC. HMRC will be the data controller for this information.

HMRC will tell us whether your application is successful or not. If it is not, we will not be told the reasons but we may need to review your suitability for the role or how you perform your duties.

Our Code of Conduct requires all staff to declare if they have any potential conflicts of interest, or if they are active in a political party. If you complete a declaration, the information will be held on your personnel file. You will also need to declare any secondary employment.

Secondments

We also offer opportunities for people to come and work with us on a secondment basis. We accept applications from individuals or organisations who think they could benefit from their staff working with us.

Applications are sent directly to us. Once we have considered your application, if we are interested in speaking to you further, we’ll contact you using the details you give.

We may ask you to provide more information about your skills and experience or invite you to an interview.

If we do not have any suitable work at the time, we’ll let you know but we may ask if you would like us to retain your application so that we can proactively contact you about possible opportunities in the future. If you say yes, we’ll keep your application for six months.

If you are seconded to us, we’ll ask you to complete a political affiliation declaration. Also you will be expected to adhere to a confidentiality agreement and code of conduct, which will be agreed with your organisation.

We may also ask you to complete our pre-employment checks or to obtain security clearance via the National Security Vetting process – both of which are described in this notice. Whether you need to do this will depend on the type of work you will be doing for us.

We ask for this information so that we fulfil our obligations to avoid conflicts of interest and to protect the information we hold.

How long is the information kept for?

For information about how long we hold personal data, see  our retention schedule.

How we make decisions about recruitment

Final recruitment decisions are made by hiring managers and members of our recruitment team. We take account of all the information gathered during the application process.

Any online testing is marked and a result is generated automatically. However, if you wish to challenge the mark you have received, the result can be checked manually.

You can ask about decisions on your application by speaking to your contact in our recruitment team or by emailing recruitment@ico.org.uk.

Your rights

As an individual, you have certain rights regarding your own personal data.

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors?

Yes – we use several processors to provide elements of our recruitment service for us.

We use Vacancy Filler to operate our our online application system and to produce anonymised management information about campaigns. Here is a link to Vacancy Filler's privacy notice.

If you accept a final offer from us, some of your personnel records will be held on CIPHR, which is an internally used HR records system. Here is a link to its privacy notice.

If you are employed by us, relevant details about you will be provided to Capita HR Services who provide our payroll services. This will include your name, bank details, address, date of birth, National Insurance Number and salary.

Likewise, your details will be provided to MyCSP who is the administrator of the Civil Service Pension Scheme, of which we are a member organisation. You will be auto-enrolled into the pension scheme and the details provided to MyCSP will be your name, date of birth, National Insurance number and salary. Your bank details will not be passed to MyCSP at this time.

We use Health Management to provide our Occupational Health service.
We’ll send you a link to the questionnaire that will take you to Health Management’s website. The information you provide will be held by Health Management, who will give us a fit to work certificate or a report with recommendations. You are able to request to see the report before it is sent to us. If you decline for us to see it, this could affect your job offer. If an occupational health assessment is required, this is likely to be carried out by Health Management. Here is a link to Health Management's privacy notice.

CEB provide online testing for us. If we ask you to complete one of its tests, we’ll send you a link to the test. Your answers will be provided to and held by CEB. Here is a link to CEB's privacy notice.

For senior vacancies, we sometimes advertise through Hays Recruitment. Hays will collect the application information and may ask you to complete a work preference questionnaire that is used to assess your suitability for the role; the results are assessed by recruiters. Information collected by Hays will be kept for 12 months after the end of our agreement with Hays. Here is a link to Hays' privacy notice.