AXA UK Group Recruitment
Our privacy policy – How we use your
personal information
We’re providing you with this privacy
policy to help you understand how we collect, store and use your personal
information during our resourcing activity.
Where AXA UK plc is your employer or
recruiting entity it acts as the Data Controller for employment purposes; where
your employer or recruiting entity is another UK AXA entity your employer acts
as a Data Controller and AXA UK plc will act as a Processor providing HR
Services on behalf of your UK AXA employing or recruiting entity.
May 2018
1. Introduction
In this Privacy Policy references to "we"
or "us" or "AXA" are to AXA UK Plc, or your
UK AXA employing or recruiting entity.
AXA collects and processes your
personal data for the purpose of employment with AXA. We are also obliged to process personal data
for legal and regulatory purposes, such as for conducting certain background
checks. In addition, it is our
legitimate interest to collect data via cookies, which are placed on our website
to improve its functionality and monitor effectiveness.
2.
Personal information that we collect
In order to be considered for
employment you will be asked to provide us with personal information. The types
of personal information that we may collect and use include:
- Name
- Address,
and evidence of it
- Contact
details
- National
Insurance Number
- Business
Title/Job Title
- Grade/Level
- Employment
history
- Education
history
- Financial
information relating to your salary and taxation (such as credit history,
reward and overall current and requested salary package)
- Aptitude
testing of cognitive abilities through psychometric testing
When
providing us with the information, you represent that such information is
accurate, complete, up to date and true and is supplied for the sole purpose of
seeking job or employment vacancies or positions.
3. Special Categories
information that we collect
The types of special categories of personal
information that we may collect and use include:
- Nationality
(including visa status, the need for sponsorship, current right to work in
the UK and full identity verification)
- Ethnicity
(language details, education institutions, background information and Equal
Opportunities data)
- Gender
- Picture
(copy of your ID)
- CCTV
if you enter our premises for an interview
- Employment
references
- Certifications
- Background checks, via a third-party specialist provider. Criteria would include right to work in
the UK, proof of current address, criminal activity, current and previous employment
(including directorships and similar positions listed on Companies House),
academic verification, international sanctions and credit history
- Health data (obtained only at offer stage and through our
Occupational Health provider, who will act as a separate data controller
for that purpose)
- Health
& Safety related information, where relevant.
- Information
on your family members (for employees who work outside home / host
country, emergency contact details and financial beneficiaries)
AXA is an equal opportunities
employer and does not in any way discriminate against any individual who
provides information in line with Equal Opportunity categories should you
choose to provide this. Information provided is only used for reporting on the diversity
of our candidate base across the organisation.
4. Where does your personal
information come from?
Most of the personal information that we hold about
you is provided by you. In addition, we
may collect data from:
- Official
authorities and publicly available data sources (for identity
verification, financial, immigration, directorship and criminal history)
- Your
previous employers
- Your
attended education institutions
- HMRC
- Credit
reference agencies
- Third
party providers specialising in background screening
- The
recruitment agency, if applicable
- We
also use cookies to follow the application process and to improve the use
of our website
5. What do we do with your
personal information?
Your information is used to assess and administer
your application for employment at AXA:
- Contacting
you as a potential candidate
- Conducting
interviews
- Assessing
the suitability of you as a potential candidate
- Doing
background checks
- Preparing
your employment contract for signature
- Internal
procedures to onboard
- Monitor
and review AXA’s resourcing practices
6. Legal grounds for processing
your personal information
Previous grounds for processing
personal data for employment purposes have relied on consent. Under the new data protection laws in force from
May 2018 the following legal grounds replace the previous legal grounds for
processing:
- Our data processing in resourcing is based initially on our
legitimate interest, when we initiate contact with you.
- We conduct resourcing from the basis of entering into a contract
where we advertise a vacancy, and a job applicant sends us their CV and
application to be considered.
- In addition, during the resourcing process when you indicate that
you are interested in proceeding, our legal basis for processing your data
will change into preparing to enter into a contract with you, and a legal
obligation to process certain data, such as for conducting background
checks.
- It may be necessary to process special categories of data or
criminal conviction data as part of the resourcing process. We do this as
a result of obligations placed upon us as an employer and in order to
safeguard your fundamental rights. We are able to process this type of
data without seeking your consent.
- There may be some limited circumstances in the recruitment process
where it is appropriate to seek your consent, for example retaining your
CV for future opportunities if you have been unsuccessful with your
application. When we rely on your consent, it will be done on a
case-by-case basis. In these limited circumstances, we will explain
the purpose and give you the opportunity to decline.
- In exceptional cases, we may process your data for the protection
of a vital interest of yourself or another person.
7. Sharing your personal
information with other parties
In some cases where third party
suppliers provide technical support such as AXA Group HR Strategic Solutions,
third party technical support companies may operate in countries outside the
EEA, such as India or the United States. In these instances, we ensure those
parties have appropriate arrangements in place to allow for international
transfer (see section 10).
All disclosures are made following the applicable
laws and regulations, and the necessity to disclose data.
Disclosures within our group:
- If
you agree for your CV to be retained for possible future vacancies, we may
share your data within the AXA group.
- HR,
Payroll and Reward teams to administer your employment
Data transfers to third parties and
processors:
We also disclose your information to the third
parties listed below for the purposes described in this Privacy Policy. This
might include:
- Outsourced
recruitment organisations (including background checking, psychometric assessments,
video interviewing etc.)
- Resourcing
team who assess and administer your application for employment at AXA.
- Third
party providers who facilitate discussions with current employees to
enable you to talk about working for AXA
- Relevant
entities to process your financial data (HR, Payroll and Reward teams)
- Insurance
and healthcare entities
- Technical
support teams
For recruitment purposes, your data may be shared
with the Hiring Managers and relevant Senior Members of the hiring team.
8. How long do we keep your personal information for?
We will only keep your personal
information for as long as reasonably necessary to fulfil the relevant purposes
set out in this Privacy Policy and to comply with our legal and regulatory
obligations. Unless you have consented for us to hold your CV for longer
to be considered for other roles, we will retain application records for 6
months.
9. Your rights on your personal
information
Data protection legislation gives individuals the
following rights in relation to personal information held about them:
- individuals
can ask what personal information is held about them and be provided with
a copy;
- if
personal information held about an individual is incorrect, he or she can
ask for it to be corrected;
- individuals
can ask for personal information about them to be deleted or for the processing
of their personal information to cease in certain circumstances;
- individuals
can request that certain types of personal information held about them is
sent to them or another organisation, in a format that is read electronically;
- individuals
can withdraw their consent to process their personal information, where
that processing is based on their consent;
- individuals
can make a request to restrict the processing of their personal
information in certain circumstances.
Exercising these rights is subject to certain
restrictions under data protection legislation. For further information about these rights,
you should write to us using the contact details in section 13.
10. Security measures.
We apply appropriate security measures to protect
your privacy and data.
- We ensure that data is transferred and disclosed using secure
means.
- All the data transfers are also covered with appropriate legal
safeguards, such as Binding Corporate Rules, (“BCR”) which are inter-AXA agreements.
- We also have contractual agreements with third party data
processors, who are required to adhere to AXA’s privacy and security
standards and policies.
- We maintain your data within the EEA with limited technical support
outside the EEA, such as India or the United States. In these instances, we ensure those
parties have entered into contractual clauses which ensure a legally
compliant level of protection. In
some circumstances when transferring data to the US we may rely on the Privacy
Shields as an appropriate safeguard.
- Where
applicable, we use encryption, anonymization and pseudonymisation.
- We
limit the amount of data processed, to what is necessary for the purpose for
which we collect the data.
- We
follow AXA’s data retention policies
- We
follow AXA’s privacy and security policies.
11. Complaints
If you are unhappy at any stage with
how AXA is using your personal information, you have the right to contact AXA’s
Data Protection Officer in the first instance or to lodge a complaint with the
Information Commissioner's Office (www.ico.org.uk).
12. Changes to our privacy policy
This Privacy Policy is subject to
regular review and may be updated from time to time. This version applies from August
2020.
13. Contact us
If you have any questions about how your personal
information is used, please feel free to contact us at the following address:
The Data Protection Officer of the UK AXA entity responsible for recruitment,
or
The Data Protection Officer:
AXA UK Plc
5 Old Broad Street
London EC2N 1AD
email address: ukgroupprivacy@axa-uk.co.uk
If you are dissatisfied with the way in which AXA
has processed your personal data, you can contact:
The Information Commissioner’s Officer direct;
please write to the Information Commissioner's Office Wycliffe House, Water
Lane, Wilmslow, Cheshire, SK9 5AF, Telephone: 0303 123 1113 (local rate) or
01625 545 745 if you prefer to use a national rate number.
https://ico.org.uk/global/contact-us/email/