Privacy Policy
DECHRA
Candidate Privacy Notice
1. Terminology
In this Policy, the following terms are used:
|
Term |
What does this mean?
|
|
Automated Decision Making
Candidate |
a decision which is taken solely on the basis of automated Processing of your Personal Data. This means Processing using, for example, software code or an algorithm, which does not require human intervention
any person applying for a role at Dechra |
|
|
|
|
Data Controller |
the person or company who, either alone or with others, determines how and why Personal Data is Processed
|
|
Data Processor |
a person or company who processes Personal Data on behalf of the Data Controller |
|
|
|
|
Data Subject |
an identified or identifiable living person |
|
|
|
|
Dechra, “we” or “us” |
Dechra Pharmaceuticals PLC, which includes all subsidiaries, divisions, branches, affiliates or companies under control of Dechra Pharmaceuticals PLC |
|
|
|
|
European Economic Area or EEA |
the EU Member States plus Iceland, Liechtenstein and Norway |
|
|
|
|
Personal Data |
any information relating to the Data Subject, such as name, address, date of birth, email address, telephone number, nationality, identification number, location data, online identifier or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity |
|
|
|
|
Processing |
any operation or set of operations that is performed upon Personal Data, whether or not by automated means, including collection, recording, organisation, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, restriction, deleting, erasure, or destruction (and "Process", "Processes" and "Processed" shall be interpreted accordingly) |
|
|
|
|
Profiling |
using automated processes without human intervention (such as computer programmes) to analyse Personal Data in order to evaluate a Data Subject’s behaviour or to predict things about the Data Subject. As profiling uses automated processing, it is sometimes connected with Automated Decision Making. Not all profiling results in Automated Decision Making, but it can. |
|
|
|
|
Sensitive Personal Data |
the special categories of personal data that are considered to be "sensitive", requiring additional care when handling, including health, racial or ethnic origin, sexual life or orientation, religious or philosophical opinions, political opinions, trade union membership, or genetic or biometric data
|
2. INTRODUCTION
Dechra respects and protects your privacy. This candidate privacy notice ("Notice") sets out the basis on which Dechra Processes the Personal Data we collect from or about all candidates globally. It applies to all candidates applying for a role at Dechra, including permanent, fixed term and temporary roles, whether the role is as an employee, director, intern, agency worker or other contractor.
If you are submitting information about others to Dechra, please make them aware of the terms of this Notice, as this explains how we will use the information we receive about them.
The Dechra Group Company which is advertising the role will be the primary controller of the Candidates’ Personal Data, however, other entities within the Dechra Group may also Process Personal Data from time to time, consistent with the purposes set out in this Notice. If you wish to receive confirmation as to the identity of the data controller in relation to your application, please contact us by email at DataProtection@dechra.com stating ‘data controller’ in the subject line or by telephone at +44 1606 814730.
This Notice does not form part of any contract (including any contract of employment) and does not confer any contractual right on you, or place any contractual obligation on us.
We reserve the right to update or otherwise amend this Notice at any time. Updated versions of the Notice will be made available for your review.
3. POLICY STATEMENT
Dechra collects and uses personal details which you provide as part of the recruitment and onboarding processes.
The Personal Data that Dechra collects from Candidates is used primarily for recruitment, managing our recruitment processes, and complying with its contracts of employment and with employment and health and safety laws. The data may be stored in systems based around the world, and may be Processed by third party service providers acting on Dechra's behalf.
You have various rights (explained below) in relation to your Personal Data. If you wish to investigate the exercising of any of these rights, please contact us by email at DataProtection@dechra.com or by telephone at +44 1606 814730.
4. types of personal data processed
The types of Personal Data which we Process will vary depending on the role the Candidate is applying for and their location. We will not collect any data we are not legally permitted to collect. The relevant details may be collected at time of application or upon appointment, depending on the country to which you are applying. Typically the types of Personal Data will include, but may not be limited to, the following:
- Candidate’s personal details - for example name, date of birth, gender, personal contact details, emergency contact / next of kin details, immigration and right to work data, languages spoken, drivers licence or marital status.
- Candidates’ citizenship and diversity details (such as ethnic origin, religious /similar beliefs, sexual preference and any disabilities) may be collected (on a voluntary basis) in some countries – we will only ask for this information in countries where we have a legal basis to do so.
- Government identification – such as passports, national ID cards, driving licences or other permits.
- Referees details (people who provide references for a Candidate) - personal details, for example name, contact details, job title, job description, employer;
- Employment Agent’s details (people who provide information about Candidates) - personal details, for example name, contact details, job title, job description, employer;
- Candidate’s basic work details - for example job title, job description, assigned business unit or group, reporting lines, primary work location, working hours, terms and conditions of employment;
- Candidate’s professional qualifications and regulatory data - for example and where applicable, including certifications, charterships and unique regulatory identifiers;
- Candidate’s recruitment/selection data - for example any Personal Data contained in any CV, Candidate application form, record of interview or interview notes, references and vetting and verification documentation;
- Candidate’s remuneration and benefits data - for example, details of pay and benefits package, share options and/or awards, company car allowance, bank account details, grade, social security or national insurance number, tax information and third party benefit recipient information;
- Candidate’s criminal records data - where permitted under local law in relation to recruitment for specific roles or contracts;
- Candidate’s incapacity data - for example, any Personal Data contained in absence records, medical forms, reports or certificates and records relating to disability and reasonable accommodations or adjustments;
- Candidate’s training and development data - data relating to training and development needs or training received, training costs, apprenticeship schemes;
- monitoring data - where permitted under local law and in accordance with Dechra's CCTV Policy, if the Candidate visits any Dechra premises;
- system login and access records;
- Candidate’s drug and alcohol testing data (if applicable to the role) - results of screening associated with name and job title;
- Conflict of interest information – such as details of investment portfolios and / or other positions (if applicable to the role).
- any other Personal Data which is disclosed to Dechra during the course of the recruitment process, whether verbally or in written form (for example on emails).
5. legal basis and purposes for processing
Whenever we Process Personal Data, we do so on the basis of a lawful "condition" for Processing. In addition, Processing of Sensitive Personal Data (including data relating to health or disabilities) is always justified on the basis of a specific exemption under either EU or local law.
In the majority of cases, the Processing of your Personal Data will be justified on one of the following bases:
- it is necessary for us to comply with a legal obligation;
- it is necessary to take steps at your request to enter into a contract of employment and/or necessary for us to perform the contract of employment between you and us;
- it is in our legitimate interests as a business and as your employer, and our interests are not overridden by your interests, fundamental rights or freedoms.
The Processing of Sensitive Personal Data will be justified by one of the above conditions, and normally by one of the following special conditions:
- it is necessary for the purposes of carrying out obligations under employment law (for example, making reasonable adjustments for disabilities);
- it is necessary for reasons of substantial public interest authorised under local law (for example, carrying out equal opportunity monitoring exercises);
- it is carried out subject to your explicit consent (for example, voluntary programmes);
- it is necessary for the establishment, exercise or defence of legal claims (for example, in the context of employment tribunals, claims or litigation);
- it is necessary for an assessment of your working capacity (for example, occupational health assessments or drug and alcohol testing); or
- in exceptional circumstances, it is necessary to protect your vital interests and you are incapable of giving consent (for example, in medical emergencies).
The Processing of data revealing criminal convictions will only be carried out where there is a legal authorisation to do so under either EU or local law.
For more details about the legal basis and purposes for Processing your Personal Data, see the schedule to this Notice.
6. Retention of Personal Data
Our general approach is to only retain Personal Data for as long as is required to satisfy the purpose for which it was collected by us or provided by you.
We will retain candidate data for a period of 12 months from initial collection date (or for a shorter period if you specifically request this), unless we need to retain this data for longer in order to resolve queries or potential or actual disputes.
7. Profiling and Automated Decision Making
We undertake candidate screening for applicants for certain roles. If you apply for one of these roles, you will need to take an aptitude test as part of the application process which may have an automatic pass/fail score attached to them. Should this be the case, a decision as to whether you proceed in the recruitment process or are rejected is made automatically as a result of your score in this test. This is Automated Decision Making.
We may also sometimes use Profiling techniques to assess candidates’ suitability for the role such as through the use of personality testing.
The purpose of each of these activities is to ensure that we recruit and select individuals to work at Dechra with the appropriate ability, skills and aptitude, and this processing is necessary to take steps at your request to enter a contract of employment.
8. Sources of Personal Data
Primarily, the Personal Data we Process will have been provided by the Candidate (or provided to us on their behalf), during the Candidate’s application for employment and the onboarding process.
During the recruitment process, we may request references about the Candidate from third parties, and carry out screening and vetting processes using third party sources.
We may also receive information which may include Personal Data from Dechra personnel (for instance, in the course of conducting an interview) and third party recruitment and/or employment agencies.
We may receive Personal Data from:
• LinkedIn, when a Candidate applies for a role via LinkedIn or other means, or where we are proactively searching for Candidates. We can see full profiles and contact details unless you have changed your LinkedIn settings. Please see the LinkedIn Privacy Policy for more information.
• Internet searches / job boards.
• The Dechra Academy or any of Dechra’s websites.
• Social Media channels such as Twitter, where we will make or keep in contact with potential candidates.
• Events / networks / lectures.
• Technical competitions and challenges.
• Employees (and others) who may refer a Candidates for a role.
Depending on the applicable screening practices in the relevant country, we may collect information from other sources such as:
• Screening provider – the service may involve the provider requesting data from the police, past employers and other relevant third parties.
• Government departments – for example driving license authorities to check the Candidate is safe to drive on business. Our screening process in certain countries may involve government or military departments – with the level of screening depending on the role.
Where we obtain screening information, we’ll look to make sure the Candidate is informed in advance.
9. Disclosures of Personal Data
We routinely share Personal Data with other members of the Dechra Group where required in order to, for example, run global processes, carry out Group-wide reporting, or, for example, take decisions about senior hires or promotions.
We use a number of third party service providers and consultants to help us provide HR services or benefits. These third parties may have routine access to Personal Data to perform certain functions, or may merely host Personal Data as part of a "cloud based" solution used by Dechra personnel. In both cases, third party suppliers will act under our instruction and subject to a contractual relationship.
Some third parties to whom we may disclose Personal Data, for instance health insurance providers and pension scheme trustees, are Data Controllers in their own right, and you should refer to their own privacy notices and policies in respect of how they use Personal Data.
We may be required to disclose your Personal Data to third parties:
- in response to orders or requests from courts, regulators, government agencies, parties to a legal proceeding or public authorities; or
- to comply with regulatory requirements or as part of a dialogue with a regulator.
Your Personal Data may also be disclosed to advisors, potential transaction partners or interested third parties in connection with the consideration, negotiation or completion of a corporate transaction or restructuring of the business or assets of any part of the Dechra Group.
10. Cross-border Transfers
The global nature of our business means that Personal Data may be disclosed to members of the Dechra Group, or to third party suppliers or partners, located outside of the UK or European Economic Area ("EEA").
In respect of internal transfers within the Dechra Group, we have entered into an Intra-Group Data Transfer Agreement to ensure your data receives an adequate level of protection.
Where third parties transfer Personal Data outside of the UK and the EEA, we will take steps to ensure that Personal Data receives an adequate level of protection, including by, for example, entering into data transfer agreements or by ensuring that third parties are certified under appropriate data protection schemes.
You have a right to request a copy of any data transfer agreement under which your Personal Data is transferred, or to otherwise have access to the safeguards which we use. Any data transfer agreement made available to you may be redacted for reasons of commercial sensitivity.
11. Security of your Personal Data
We implement reasonable physical, technical and administrative security measures designed to protect Personal Data from loss, misuse, alteration, destruction or damage.
We take steps to limit access to Personal Data to those colleagues who need to have access to it for one of the purposes listed above.
12. Data Subject Rights
You have the following rights in respect of your Personal Data:
- to obtain access to your Personal Data together with information about how and on what basis that Personal Data is Processed;
- to rectify inaccurate Personal Data (including the right to have incomplete Personal Data completed);
- to erase your Personal Data in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or Processed;
- to restrict Processing of your Personal Data where:
- the accuracy of the Personal Data is contested;
- the Processing is unlawful but you object to the erasure of the Personal Data;
- we no longer require the Personal Data for the purposes for which it was collected, but it isrequired for the establishment, exercise or defense of a legal claim;
- to challenge Processing which we have justified on the basis of a legitimate interest;
- to object to decisions which are based solely on Automated Decision Making (to the extent that these are taken);
- to obtain a portable copy of your Personal Data, or to have a copy transferred to a third party controller; or
- to obtain a copy of or access to safeguards under which your Personal Data is transferred outside of the UK and the EEA.
In addition to the above, you have the right to lodge a complaint with your local data protection authority. In the UK this is the Information Commissioner’s Office (https://ico.org.uk/). In the EU, you can choose to lodge your complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement) at any time. You can find details of the identity of your local supervisory authority at the following address: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080).
We ask that you please attempt to resolve any issues with us before contacting any supervisory authority.
If you wish to investigate the exercising of any of these rights, please contact us by email at DataProtection@dechra.com or by telephone at +44 1606 814730.
13. CHANGES TO THIS PRIVACY NOTICE
Any changes we may make to the Candidate Privacy Notice will be posted on this page. Please check back frequently to see any updates or changes.
14. document control
|
Version |
Date |
Owner |
Status |
Updated from Previous Version (details) |
|
V1 |
26/01/2021 |
Group HR |
Approved |
Original version |
SCHeDULE: purpose and Legal Basis for Processing
|
Purpose of data collection |
Relevant legal bas(is)(es) on which we Process the information |
|---|---|
|
To assess applications for employment and make recruitment decisions |
|
|
To review eligibility to work |
|
|
To seek criminal record disclosure where required for the role or client contract and authorised by law |
|
|
Drug and alcohol testing |
|
|
To conduct an equal opportunities monitoring programme |
|
|
Create a Candidate record on our recruitment system |
|
|
Addressing occupational health issues, incapacity at work and making reasonable adjustments; |
|
|
To monitor through CCTV systems consistent with the law and Dechra internal policies |
|
|
To exercise our rights to defend, respond to or conduct prospective or actual legal claims or proceedings |
|
Bases which relate to Sensitive Personal Data or criminal record data are marked with a star (*)