Applicant Privacy Statement
This Applicant Privacy Notice sets out what personal data The Kite Factory ("the Company” or “we or us") holds about you and how we collect and use it, when you apply for a role within our business.
It is important that you read the Privacy Notice carefully, together with any other information that we might give you from time to time about how we collect and use your personal data.
The Kite Factory is committed to protecting the privacy and security of the personal data of employees. We will only use your personal information when the law allows us to do so. Please read this privacy notice carefully as it contains important information on how and why we collect, store, use and share your personal information, your rights in relation to your personal information and on how to contact us in the event you have a complaint.
1. Who we are
The Kite Factory is the data controller, which means we are responsible for deciding how we hold and use personal data about you. The service for handling recruitments and simplifying the hiring process (the "Service") is powered by Team Tailor on our behalf. Team Tailor does not use your information for their own purposes.
2. Data Protection Law
The Kite Factory will comply with data protection law, and the information we hold about you will be:
Processed lawfully, fairly and transparently
- Only collected to the extent necessary to fulfil the stated specific purposes
- Accurate and up to date
- Not kept for longer than necessary; and
- Made available upon request
- Transferred using secure means, whether electronically or otherwise
- Employees are made fully aware of the reasons for the collection of the data and are given details of the purpose for which the data will be used
3. Keeping your personal data secure
Your personal information will be protected by the The Kite Factory’s Data Goverance and Compliance processes including the company Information Security Policies and Procedures (Information Security Management System (ISMS). The Kite Factory has ISO 27001 certification.
Your information will be held in a secure environment, and access to it will be restricted to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and protect the information we collect online. We use state of the art technology for processing and storing data, and data transfers, including encryption and access control. Your personal data is processed with confidentiality and integrity.
4. What we collect about you
The Company only holds personal data which is directly relevant to its employees. That data will be held and processed in accordance with the data protection principles and with this Policy.
The following categories of personal data may be collected, held and processed by the Company:
The information you have provided to us in your curriculum vitae and covering letter
The information you have provided on our application form, including name, title, address, telephone number, personal email address, employment history, qualifications, current salary, driving licence information, UK residence restrictions, requirement of a work permit
Any information you provide to us during an interview
Any other information you provide to us during the application process in any format, including any tender documents (where applicable)
Results of any tests undertaken as part of the application process
We may also collect, store and use the following “special categories” of more sensitive personal information if you provide it voluntarily:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
- Information about your health, including any medical condition, health and sickness records.
- Information about criminal convictions and offences.
5. How we collect your personal data
From you: You provide us with most of the personal data about you that we hold and use.
Internal sources: in some cases, existing employees can make recommendations about potential applicants. Such employees will add personal data about such potential applicants.
External sources: Some of the personal data about you that we hold and use may come from external sources. For example,
- specific recruitment agencies from which we collect general contact information, your CV and qualifications.
- Your named referees, from whom we collect dates of employment, reason for leaving, details relating to honesty, reliability, punctuality, ability to work in a team, standard of work, and so on
- we may obtain information about you from publicly available sources such as your LinkedIn profile or other social media sources;
6. How we use your personal data
All applicants’ personal data collected by the Company is collected in order to ensure that the Company can efficiently assess job applicants and conform with its equal opportunities’ obligations. Personal data shall also be used by the Company in meeting any and all relevant obligations imposed by law.
The table below summarises how we will use the personal information we collect about you, and our purpose and legal basis for processing your personal data:
Personal data
- Biographical details (including name, title, contact details)
- Any information you provide to us in your CV and covering letter; qualifications (including educational, vocational and training); current salary; driving license information; images, and information in Chat
- Information you provide during your interview; results of any tests undertaken as part of the application process
- Performance and career progression; references (dates of previous employment, reasons for leaving, details of honesty, reliability, punctuality, teamworking cooperation, standard of work)
- Recruitment information including correspondence, right to work checks and related documents
Additional legal grounds for processing special category or other sensitive data
- Medical information (disability status)
- Race, ethnicity, religious beliefs, sexual orientation or health
Purpose/ Keeping Records for our hiring processes
- Communicate with you about the recruitment process.
- Assess your skills qualifications, and suitability for the role; determine whether you meet basic requirements for shortlisting and invitation to interview.
- To decide whether to offer you the role.
- If you are offered the role, to carry out background and reference checks to confirm your skills qualifications, job history and suitability for the role – final decision on whether or not to employ.
- Where we need it to comply with a legal obligation, for example, to verify you are entitled to work in the country in which you are to be employed.
Additional legal grounds for processing special category or other sensitive data
- To consider whether we need to provide appropriate adjustments during the recruitment process – for example during a test or interview, or at any other stage in the process
- Where it is needed in the public interest, such as for equal opportunities monitoring and reporting
Legal basis for processing
- Legitimate Interest
- Legal obligation
- Legal obligation/Performance of a contract/Assessment of working capacity.
- Legal obligation/Public interest in monitoring equal opportunities within the workforce.
We will only use your personal information for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
7. Data Sharing
The Kite Factory may from time to time share an Employee’s personal data with third parties, providing that the legal obligations have been met. For example, where your application involves the use of a recruitment agency, we may pass information regarding the progress of your application, including feedback on your performance in the recruitment process, and the terms on which we are prepared to make a job offer, if applicable, to your recruitment agent.
Where The Kite Factory engages a third party (for example, Teamtailor) to process your personal data on our behalf, they are provided with written instructions, are under a duty of confidentiality, and are obliged to implement appropriate technical and organisational measures to ensure the security of your personal data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes, and in accordance with our instructions.
We limit access to your personal information to only those employees, agents, contractors and other third parties who have a business need-to-know. They are subject to a duty of confidentiality. In no circumstances will your personal data be passed to any department or any individual within the Company or to a third party that does not reasonably require access to that personal data in view of the purpose(s) for which it was collected and is being processed.
8. International Data Transfers
In limited instances, your personal data may be stored, processed and transferred outside the UK or EEA for processing. When transferring personal information outside the UK or EEA, we shall ensure that it is secure and transferred under contractual arrangements that offer the same level of protection as in the UK. We shall make sure that any transfers of your personal information from one country to another comply with those data protection and privacy laws which apply to us and:
- Ensure that the country in which your personal information will be handled has been deemed “adequate” by the government; or
- Include standard data protection contact clauses approved by the ICO for transferring personal information outside the UK within into our contracts with those third parties as required under the General Data Protection Regulation (UK GDPR)); or have entered into such binding agreements that fully comply with the lawfulness of the third country transfers.
9. Retention & Deletion
Your personal data will only be kept for as long as is necessary and in accordance with our company retention and deletion policy. We only keep your personal information for as long as we need to, so that we can use it for the reasons described above.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirement.
Where necessary, we shall keep your personal data for as long as required to do so by law; and where required to establish, exercise or defend our legal rights.
We will usually retain your personal information for a period of time, depending on the outcome of your application (outlined below), subject to any additional legal obligations and in accordance with any legitimate interests of the company.
- Candidates who attend interviews have their data stored for 6 months before deletion.
- Any inactive candidates automatically have their data deleted after 1 month.
- Any rejected candidates have their data deleted after 1 day.
- Candidates without active purpose have their data deleted after 1 months.
- Any candidates who submit a data removal request, have their data deleted after 1 day.
We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations unless you give us permission to retain it for a specified longer period, in case another opportunity arises within the company for which we believe you may be suitable.
10. Your Rights and Control over Your Personal Data
Under the General Data Protection Regulation and the Data Protection Act 2018, you have a number of rights over your personal data. These include:
- Right to know: the right to be informed about what data we collect, the purposes for processing your data, how long we will keep it, and with whom it will be shared. This Privacy Policy has been designed to meet that right.
- Right of access: you have the right at any time to ask us (by making a subject access request) what personal information we hold about you, how we are using it, with whom we are sharing it, and where we obtained your personal data. You may also request a copy of the personal information.
- Right to correct: the accuracy of your personal data is important to us. You can ask us to rectify/update your personal data, including your address and contact details at any time, and we shall do so promptly at your request. You may also request that we restrict processing if this is justified.
- Right to erasure: in some instances, you have the right to request that we delete your personal data. If the request is valid, we shall do so promptly.
- Right to object: in some limited instances, you have the right to ‘block’ or suppress processing of your personal data. You also have the right to object to decisions being taken by automated means which product legal or similar effects concerning you.
- Right to withdraw consent: Where our processing of your personal data is based on your consent, you have the right to withdraw that consent at any time.
- Right to portability: you have the right to receive personal data which you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit that data to a third party in certain situations.
If you wish to exercise any of your rights, or to request details of personal information which we hold about you or have any questions about this privacy notice or the information we hold about you please contact people@thekitefactorymedia.com.
11. Cookies
A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the site again, the cookie allows that site to recognise your browser and retrieve the information you previously provided. Cookies may store user preferences and other information to enhance your experience on the site or be used to track you when you navigate to other sites.
Two types of cookies are used on this site:
- Strictly necessary cookies: These cookies are necessary to make the site work properly.
- Analytics cookies: These cookies collect information that is used to help us understand how the site is being used.
Name: _tt_session
Type: Strictly necessary Teamtailor
Vendor: Teamtailor
Expires: 2 days
Description: This cookie is used to keep the context of a visitor (e.g. to keep you logged in on the site).
Name: referrer
Type: Analytics
Vendor: Teamtailor
Data shared with: Teamtailor
Expires: Session
Description: This cookie is used to identify the web link used to direct visitors to the site.
Name: _ttCookiePermissions
Type: Strictly necessary
Vendor: Teamtailor
Data shared with: Teamtailor
Expires: 6 months
Description: This cookie is used to hide the cookie banner once you have interacted with it.
Name: _ttAnalytics
Type: Analytics
Vendor: Teamtailor
Data shared with: Teamtailor
Expires: 6 months
Description: This cookie is used to gather insights about how visitors use the site.
You can decide whether to accept or reject cookies that are not strictly necessary. You can do so by:
- Indicating your preference on the banner that appears when you enter the site.
- Clicking “Cookie Preferences” on the banner that appears when you enter the site, to tailor your preferences.
- Changing your already selected preferences by clicking the link “Manage Cookies”, which is always available at the bottom of the site.
- Restricting cookies by altering your browser settings. The way in which you can restrict cookies varies from browser to browser. You should therefore visit your web browser's help menu for more information.
12. Privacy Policy Updates
We have the right, at any time, to make changes or additions to the Privacy Policy. The latest version of this privacy policy will always be available on our website. This Privacy Policy is dated 12th January 2024