Data privacy statement

Candidate Privacy Notice

1. Introduction

    This privacy notice is to let you know how we use the information collected about you during the recruitment process only. If you are successful, you will receive the RSA Employee Privacy Notice describing how we will process your personal information.

    2. Who are we?

      In this Privacy Notice, references to “we” “us” and “our” mean RSA Limited a subsidiary of Intact Financial Corporation (Intact). We provide employment opportunities that can be sought directly with us or through an employment agency, acting on your behalf.

      3. What information do we collect and process about you during the recruitment process?

        To progress through our candidate screening and evaluation process, we will collect and process your personal information which will include, but is not limited to your name, address, telephone number, personal email address and employment and academic history.

        If we make you an offer of employment, we will need to carry out pre-employment screening checks in line with our responsibilities as an FCA regulated firm. These will entail you being asked for additional information including proofs of right to work in the UK, and of address, employer references or evidence of activity during gaps in employment, and permission for financial probity and criminal checks to be undertaken. We will also ask you to complete a confidential medical questionnaire to enable us to make any reasonable adjustments that may be needed during your employment.

        If we do not make you an offer of employment, we will retain your details on file (relying on our legitimate interest) so that we can contact you should we identify any future vacancies that we believe you may be interested in applying for.

        Collection of criminal conviction data

        For those positions where regulatory approval for an appointment is required, for example, FCA-designated senior management functions (under the SMCR regime), in addition to standard criminal records checks, we may ask exempted questions to fulfil our obligations under the Financial Services and Markets Act 2000 which may include the collection of information about convictions considered to be “spent” within the meaning of the Rehabilitation of Offenders Act 1974. We are permitted to ask these questions and collect this information pursuant to Article 3 of the Rehabilitation of Offenders Act 1974 (Exemptions) Order 1975.

        4. Where do we collect the information we hold about you?

          Your personal information is collected from a number of different sources. A few examples are:

          • You – personal details, financial details, contact information, CV, etc.
          • Recruitment Consultants
          • Previous employers or referees
          • Medical professionals
          • HMRC or other tax authorities
          • Home Office and/or other government agencies/offices
          • Credit Reference Agencies
          • Fraud prevention agencies
          • Vetting agencies
          • Educational/training institution

          5. Why do we collect your personal information and what is the legal basis for doing so?

            We need your personal information in order to contact you, evaluate your suitability for roles and where successful provide an offer of employment.

            To ensure we are meeting our responsibilities when processing your personal information, we must have a suitable legal basis (lawful reason) to do so. In most cases the legal basis will be one of the following:

            • Performance of contract: For example, as a prospective employer, we process your personal information where it is necessary for the performance of the contract of employment, to take steps prior to entering into such a contract.
            • Necessity to establish, exercise or defend legal claim: For example, if you, or we, bring a legal claim (e.g. a court action) against the other, we may use your information in either establishing our position, or defending ourselves in relation to that legal claim.
            • Compliance with a legal obligation: For example, where laws or regulations may require us to use your personal information in certain ways such as where it is needed for meaningful equal opportunities and diversity monitoring.
            • Legitimate Interests: We will also process your personal information where this processing is in our "legitimate interests". When relying on this condition, we are required to carry out a balancing test of our interests in using your personal information (for example, assessing training requirements) against the interests and the rights you have under data protection laws. The outcome of this balancing test will determine whether we can use your personal information in the ways described in this Privacy Notice.
            • Consent: In rare circumstances, usually where there are no other lawful bases for processing, we may need your consent to process your personal information.
            • Vital Interests: In exceptional circumstances, it may be necessary to process your personal information when you are incapable of providing your consent.

            6. Who will we share your personal information with?

              We will keep your personal information confidential at all times and only process it in accordance with this Privacy Notice. We will only share your personal information for the purposes set out above within RSA or the Intact Group on a ‘need to know’ basis. However, there are occasions where we have to share your personal information with third parties outside of these such as:

              • Recruitment agencies and outsource providers
              • Background and criminal check providers (including education, employment, financial and address history)
              • Learning and training companies
              • Fraud and financial crime detection/prevention agencies
              • External consultants and appointed auditors including our legal advisers
              • Occupational health providers or other medical professionals. If we require the health professional to share your Special Categories of Personal Data with us, we will seek your explicit consent at the time
              • Regulators
              • Your advisors (such as lawyers or professional advisors), who you have given authority for us to share your personal information with or given authorisation to deal with us directly, for example, a power of attorney

              In the event that we may be taken over, or sell any business or assets, in which case we will disclose your personal information to the prospective buyer of such business or assets. They will only be able to use the information for the same purposes for which it was originally provided.

              Sometimes your personal information may be sent to other parties outside of the UK and the European Economic Area (EEA) in connection with the purposes set out above. We will take all reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Notice, and in doing so may rely on certain "transfer mechanisms" such as the standard contractual clauses approved by the European Commission and the UK Information Commissioner’s Office. If you would like further information, please contact HR Services.

              7. How long will we keep your information?

                We will keep your personal information for the duration of the recruitment process and may retain your information after this to respond to questions or complaints, to demonstrate we have treated you fairly, and for legal and compliance reasons.

                8. What are your rights over the information that is held by us?

                  We understand that your personal information is important to you, therefore, in accordance with your rights under data protection laws, you may request that we:

                  1. Provide a copy of the personal information we hold about you. This is known as the right of subject access and is an entitlement to a copy of the information only, you are not entitled to documents.

                  2. Delete your personal information. This is known as the right of erasure. Please note, we may not be able to comply with this request in full where, for example, we have a legal obligation to retain your personal information.

                   3. Give you (or a third party) an electronic copy of the personal information you have given us. This is known as the right of data portability. We would provide the information in a commonly used electronic format.

                  4. Restrict how we use your personal information under the following circumstances:         

                           a. If you believe that the information we hold about you is inaccurate

                           b. If you believe that our processing activities are unlawful but you do not want your information to be deleted

                           c. Where we no longer need to use your information for the purposes set out in this Privacy Notice, but it is required for the establishment, exercise or defense of a legal claim

                           d. Where you have made an objection to us (in accordance with point 5 below), pending the outcome of any assessment we make regarding your objection

                  5. Enable you to object to the ways in which we are using your personal information, under the following circumstances

                             a. Where we believe it is in the public interest to use your information in a particular way, but you disagree.           

                             b. Where we have told you that we are using your information for our legitimate business interests and you believe we shouldn’t be.

                    For points a and b above, we will stop using your information unless we can reasonably demonstrate legitimate grounds for continuing to use it in the manner you are objecting to.

                    6. Correct any personal information we hold. Please contact us if any information is incorrect, or any of your personal information has changed.

                      For certain limited uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent at any time.

                      If you would like to request any of the above or withdraw your consent, please contact HR Services.

                      To ensure that we do not disclose your personal information to someone who is not entitled to it, when you are making the request we may ask you to provide us with:

                      • Your name
                      • Address(es)
                      • Date of birth
                      • A copy of your photo identification, such as your photocard driving licence or passport; and
                      • A copy of a utility bill showing your name and address dated within 3 months of your request.

                      If you appoint a third party to act on your behalf, for example, a recruiter or a solicitor, we will ask them to provide your signed authority for them to act on your behalf AND the identity information and documents listed above.

                      Wherever possible, we will respond within one month from receipt of the request, but if we don’t, we will notify you of anticipated timelines ahead of the one-month deadline together with a brief explanation as to why we are unable to respond within the timeframe.

                      Please note that simply submitting a request doesn’t necessarily mean we will be able to fulfil it in full on every occasion – we are sometimes bound by law which can prevent us from fulfilling some requests in their entirety, but when this is the case, we will explain this to you in our response.

                      If you have any concerns about the way in which your personal information is being processed by us please contact HR Services in the first instance.

                      In the event you are unhappy with the response of HR, you have the right to complain to the Information Commissioner’s Office. You can register a complaint on their website, or call their helpline on 0303 123 1113. Or if you prefer, you can write to them at the address below. You also have the right to seek a judicial remedy.

                      Information Commissioner’s Office
                      Wycliffe House
                      Water Lane
                      SK9 5AF

                      9. Will we use any automated processing or profiling to make decisions about you?

                        We may from time to time process your personal information in an automated way where this is necessary in relation to your recruitment, for example as part of our initial automated screening process.

                        If you do not agree with the result, you have the right to request that we perform a manual reassessment using the same information that you originally provided and any additional information you feel is relevant. If you wish to do so, please contact HR Services.

                        10. Our Privacy Notice

                          If you have any queries regarding our Privacy Notice, please contact HR services and they will be happy to discuss any query with you. Our Privacy Notice will be updated from time to time, and although we will endeavour to inform you of these changes you should regularly review it.