1. Introduction

Keller values applicants for recruitment and respects and protects their privacy. This recruitment privacy notice sets out the basis on which we process the personal data which you provide to use in the course of your application for employment.

Please note that all entities within Keller may process their own copies of your personal data if they are involved in the recruitment.

This notice applies to applicants for recruitment, as well as any third parties whose information you provide to us in connection with your application (for example, referees or emergency contacts). 

This notice is not an offer of employment, nor does it put any contractual right on you, or place any contractual obligation on us.

2. Collection of personal data

We collect, store, and use personal details which you provide as part of the recruitment process. The personal data we collect as part of this process is used for recruitment and selection and is collected via the vacancy application form or upon submission of your details to one of the email addresses stated on the website. The data may be processed by third party service providers acting on our behalf.

3. Types of personal data 

‘Personal data’ is a concept defined by data protection law, and refers to information which relates to an identified or identifiable individual.

The types of personal data which we process will vary depending on the role applied for, your location and the conditions attached to the role. Typically the types of personal data will include:

  • Your personal details - for example your name, date of birth, gender, nationality, second nationality, personal contact details (e.g. home address, telephone number, e-mail), current role and salary;
  • Qualifications - qualifications, professional memberships or charterships, languages spoken, competencies and skills (ability to drive, first aid etc.)
  • Immigration and right to work data - including national ID number, social security or national insurance number, visa or work permit;
  • Equality and diversity data - where permitted under local law and provided voluntarily, data regarding race and ethnic origin (stored anonymously for equal opportunities monitoring purposes;
  • Vetting and verification information - including references, birth certificate, drivers licence, background checks (including of publically available information and public social media profiles); criminal record disclosure (where authorised by law).
  • Any other personal data - which you choose to disclose to us during the application or interview process, whether verbally or in written form, including in particular any other information which you disclose on a CV / résumé.

4. Use of personal data

Whenever we process your personal data, we do so on the basis of there being a lawful ‘condition’ for processing.

In the majority of cases, the processing of your personal data will be justified on one of the following bases:

  • it is in our legitimate interests as a business and our interests are not overridden by your interests, fundamental rights or freedoms (for example, grading candidates performance in interviews, carrying out background checks to verify your identity and qualifications / experience);
  • it is necessary to take steps at your request before entering into an employment contract with you (this applies at the post-offer stage, where we need to collect further information, or process information already collected, in order to enter into and then perform the contract of employment).

The processing of special categories of data will normally be justified by one of the following special conditions:

  • it is necessary for the purposes of carrying out obligations under employment law (for example, processing of ethnicity data contained in immigration or right to work documents);
  • it is necessary for reasons of substantial public interest authorised under local law (for example, carrying out equal opportunity monitoring exercises); or
  • You have provided your voluntary explicit consent.

We will only process data revealing criminal convictions (ie in the context of vetting) where there is a legal authorisation to do so under local law.

Generally, the purposes for which we process your personal data are to assess your suitability for employment with us. If you do not provide some or all of this data it may affect our ability to process your application. In some cases, it may mean that we are unable to continue with your application as we do not have the personal data necessary for effective and efficient recruitment.

We may use your personal data in the evaluation and selection of applications including, for example, setting up and doing interviews and tests, evaluating and assessing as required, including the final recruitment, reviewing your eligibility to work, where authorised by law and required for your role, seeking criminal record disclosure, conducting an equal opportunities monitoring programme and other purposes relevant to the recruitment process.

5. Retention of personal data

Generally, we only keep applicants' personal data for as long as required to satisfy the purpose for which it was collected. In certain circumstances, legal or regulatory obligations require us to keep specific records for a set period of time, including following the end of the recruitment process, particularly where an applicant is successful in the recruitment process.

In limited circumstances, we retain records for an extended period of time where we believe a query or a dispute may arise.

In any case, we will not keep data of unsuccessful applicants for more than six (6) months after the notification of the decision, unless they have expressly authorised us to keep their data for any future job vacancies.  

6. Sources of personal data

Primarily the personal data we process about you will have been provided by you during your application for employment by using one of our careers websites or by writing to us directly by post or email.

During the recruitment process, we may request references from third parties, for example, references from a previous employer, and we also carry out screening and vetting processes using third party sources.

7. Disclosures of personal data 

Within Keller, your personal data can be accessed by the hiring manager and any other relevant business colleagues responsible for managing or making decisions in connection with your potential employment. Additionally we may disclose your personal data with other entities of the Keller Group internally where required to, for example, take decisions about your recruitment, but we will only ever do this with your consent.

We may use third party suppliers to help us provide recruitment services. These third parties may have access to, or merely host, your personal data, support and maintain the framework of our recruitment system, but will always do so under our instruction and be subject to a contractual relationship.

  • We may be required to disclose your personal data to third parties:
  • including tax authorities, IT administrators, lawyers, auditors, investors, consultants and other professional advisors;
  • in response to orders or requests from court, regulators, government agencies, parties to a legal proceeding or public authorities; or
  • to comply with regulatory requirements or as part of a dialogue with a regulator.

We expect third parties to process any data disclosed to them in accordance with applicable data protection laws, including with respect to data confidentiality and security.

8. Cross-border transfers

Provided your consent, your personal data may be disclosed to members of the Keller Group, or to third party suppliers or partners, located outside of the European Economic Area (‘EEA’).

In respect of internal transfers within the Keller Group, we have entered into an Intra-Group Data Transfer Agreement to ensure your data receives an adequate level of protection.

Where third parties transfer your personal data outside of the EEA, we take steps to ensure that your personal data receives an adequate level of protection, including by, for example, entering into data transfer agreements or by ensuring that third parties have sufficient safeguards in place to protect your data.

You have a right to request a copy of any data transfer agreement under which your personal data is transferred, or to otherwise have access to the safeguards which we use. Any data transfer agreement made available to you may be redacted for reasons of commercial sensitivity.

9. Security of your personal data

We take steps to analyse the level of risk relevant to the processing activity which collects your data, and then implement reasonable physical, technical and administrative security standards designed to protect your personal data from loss, misuse, alteration, destruction or damage and to ensure a level of security appropriate to the risk.

We take steps to limit access to your personal data to those staff who need to have access to it for one of the purposes listed in ‘Uses of personal data’.

10. Rights in respect of your personal data 

You have the following rights in respect of your personal data, where applicable to the processing we carry out:

  • to get a copy of your personal data together with information about how and on what basis that personal data is processed;
  • to rectify inaccurate personal data (including the right to have incomplete personal data completed);
  • to erase your personal data in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed;
  • to restrict processing of your personal data where:
    • the accuracy of the personal data is contested; 
    • the processing is unlawful but you object to the erasure of the personal data;
    • we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim;
  • to challenge processing which we have justified on the basis of a legitimate interest;
  • to object to any decisions which are based solely on automated processing;
  • to get a portable copy of your personal data, or to have a copy transferred to a third party controller; or
  • to get a copy of or access to safeguards under which your personal data is transferred outside of the EEA.

In addition to the above, you have the right to lodge a complaint with the supervisory authority.

11. Contact information

If you have any questions about the way we use your personal data, or you wish to investigate exercising any rights in respect of your personal data, please contact the Keller Legal Team or the Data Protection Steering Committee at [email protected]

12. Document change history

Status: Final

Issue date: February 2018

Version last reviewed and updated: June 2024

Next review date: June 2025

Policy owner: Data Protection Steering Committee