Privacy Statement of Ascenti Health Limited and Ascenti Physio Limited
The Ascenti Group (referred to as “Ascenti”, “We, “Our” or “Us”) is committed to protecting your privacy and the security of the personal information that we collect and process as part of the recruitment process.
You have been directed to or otherwise sent a copy of this privacy notice because you are applying for work with us (whether as an employee or contractor).
This notice has been designed to inform you of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under Data Protection Legislation, which means the Data Protection Act 2018 (DPA 2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003, the EU General Data Protection Regulation (EU GDPR) where relevant, and any legislation implemented in connection with the aforementioned legislation.
If you are successful in your application, you will be provided with a separate privacy notice relating to your employment with us.
Who is the Data Controller?
When you apply for a role at the Ascenti, either Ascenti Health Limited (ICO reg: Z7390990) or Ascenti Physio Limited (ICO reg: Z2452913) will be the controller of your personal information, depending on which organisation you are applying to work for, and only as identified in this privacy notice. We refer to both parties collectively as Ascenti throughout this notice.
We have appointed a Data Protection Officer to help us monitor internal compliance, inform and advise on data protection obligations, and act as a point of contact for data subjects and the ICO.
Our Data Protection Officer is:
The DPO Centre Ltd.
50 Liverpool Street
London
EC2M 7PY
For further details on how you can contact us, please see the contact us section below.
What do we collect?
We only collect personal information that we know we will genuinely use and in accordance with Data Protection Legislation. In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:
- Contact details, including name, email address and telephone number
- Details of your qualifications, professional registrations, skills, experience and employment history.
- Information about your current level of remuneration, including employee benefits
- Whether you have a disability for which Ascenti needs to make reasonable adjustments during the recruitment process
- Information about your race or ethnicity, religious beliefs, sexual orientation.
- Information about your entitlement to work in the UK
- For successful candidates, information generated from a DBS check, which could include information about criminal convictions and offences
- Cookies and IP addresses if you have applied via our website. For more information please see our Cookie Policy on our website
- Other information that you have provided with us as part of the application or interview process, including any assessments that you have undertaken as part of the process
How we collect your information
In most instances we collect data directly from you through application forms, CVs, online recruitment questions, obtained from your right to work and identity documents, or collected through interviews/assessments. In other instances we may collect data from:
- Recruitment agencies
- Background check providers
- Credit reference agencies
- Disclosure and Barring Service in respect of criminal convictions
- Your named referees
- The Home Office, for employees requiring visas
- Our immigration lawyers, with your consent, as part of the visa application process
Why we collect data
We will use the personal information we collect about you to:
- Assess your skills, qualifications, and suitability for the role
- Carry out pre-employment checks, where applicable
- Communicate with you about the recruitment process
- Keep records related to our hiring processes
- Comply with legal or regulatory requirements
We only process your data when we have a lawful basis to do so, namely:
- Where it is in our legitimate interests to decide whether to appoint you as it would be beneficial to our business to appoint someone in the position you have applied for
- We also need to process your personal information to to take steps as part of the recruitment process, prior to entering a contract with you. We may also need to process your data to enter into a contract with you if you are successful in your application for employment
- In some cases we process your data to ensure that we are complying with our legal obligations, for example to check a successful applicant’s eligibility to work in the UK before employment starts
- We may ask for your consent to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that
How we use sensitive data
Ascenti may process special categories of data, such as information about ethnic origin, sexual orientation or religion in order to ensure meaningful equal opportunity monitoring and reporting in accordance with any governing legislation or such that a regulatory body requires us to do so. During the process, we may also capture some sensitive personal data about you (e.g. disability information) in order to make reasonable adjustments to enable our candidates to apply for jobs with us and to prepare for commencing employment (if successful); to ensure that we comply with regulatory obligations placed on us with regard to recruitment.
If we offer you a position with us and you accept (conditional on checks and any other conditions, such as references, being satisfactory), we will collect information about your criminal convictions history. Specifically, we process information required for a Disclosure and Barring Service (DBS) check on criminal convictions history. We do this to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. Our roles require a high degree of trust and integrity and it is therefore best practice to undertake such checks and a pre-requisite for employment with us.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
How we secure your data
We have put in place appropriate technical and organisational security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Our commitment to the security of your data is underpinned by our Information Management System which is certified to ISO 27001 and therefore demonstrates that we have defined and put in place best-practice information security processes.
If you would like additional assurances regarding how we process data securely please contact us as set out below.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Transfer or sharing of data
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers/assessors involved in the recruitment process, and managers in the business area with a vacancy.
We may share your data with third parties as part of the pre-employment screening process. Depending on the role, this may include: your previous employer, academic institutions, personal referees, credit reference agencies and the criminal records bureau. Ascenti shall notify you before your data is shared and this disclosure is managed in line with Ascenti’s internal policies and procedures.
We may also share your personal data with recruitment agencies and process your data using our third-party recruitment system, as necessary, to further your application.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Where we use third party service providers who are based outside of the UK or EEA, such as the interview scheduling platform we use to schedule your interview, we will ensure that these organisations provide sufficient guarantees to implement appropriate technical and organisational measures for the protection of Personal Data. Where necessary, we require that any such third-party service providers execute the relevant Standard Contractual Clauses, Binding Corporate Rules or adhere to any certification procedures issued by the Information Commissioner for transfer of personal data to a third country and undertake a transfer impact assessment to identify any supplementary measures required to safeguard your personal data.
How long we keep your information
We will retain your personal information for no longer than 6 months after we have communicated to you our decision about whether to appoint you. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy and applicable laws and regulations.
If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a longer period.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your HR file and retained during the period of your employment and in some circumstances afterwards. The periods for which your data will be held should you become an employee will be provided to you in the Privacy Notice for employees.
Your rights
You have the following rights regarding our processing of your information:
- The right to be informed about our collection and use of personal data
You have the right to be informed about the collection and use of your personal data. We ensure we do this through this privacy notice. This is regularly reviewed and updated to ensure it is accurate and reflects our data processing activities.
- Right to access your personal information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed a ‘Data Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within one month from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
- Right to rectify your personal information
If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.
- Right to object or restrict our processing of your data
You have the right to object to us processing your personal information for particular purposes or have its processing restricted in certain circumstances.
- Right to erasure
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
- Right to portability
The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine-readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.
- For more information about your privacy rights
If you would like to exercise any of these rights, please contact us as set out below.
The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here: https://ico.org.uk/for-the-public.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
Changes to our privacy notice
We may change this privacy notice from time to time (for example, if the law changes). We recommend that you check this notice regularly to keep up-to-date.
Further queries
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this notice, the way your personal information is processed, please contact us by one of the following means:
By email: DPO@ascenti.co.uk
By post: Ascenti, Carnac House, Cams Hall Estate, Fareham, Hampshire PO16 8UZ
By phone: 01329 245249
Thank you for taking the time to read our privacy notice.