.svg)
Crunch Recruitment Privacy Policy
Definitions
E-Crunch Ltd and Crunch Accounting Ltd (“Crunch” or “our” or “us” or “we”) in the context of managing the personal data of external applicants during our recruitment and selection process for our vacancies advertised externally.
Applicant (For the purposes of this Policy, an external individual who has submitted an application for employment or re-employment with the above.)
For internal applicants for roles advertised internally as well as externally, the separate Crunch Employee Privacy Policy would apply and this should be referred to by our employees for the purposes of recruitment and selection activities undertaken by Crunch.
Introduction
The UK General Data Protection Regulation (GDPR) is a regulation on data protection and privacy for all individuals within the UK. The UK GDPR is enforceable from January 2021 and sits alongside the UK Data Protection act 2018.
This Recruitment Privacy Policy sets out how we collect and process personal data from external applicants during the recruitment and selection process for roles with Crunch, or that is provided by other sources such as third party jobs boards and recruitment agencies with whom we have pre-agreed Terms of Business.
This policy summarises our procedures on data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer and store data from these sources.
Crunch is committed to being transparent about how it collects and uses such data and to meeting its data protection obligations.
How does GDPR apply in relation to recruitment activities?
The GDPR applies to ‘controllers’ and ‘processors’ of personal data of external applicants who may or may not be successful for roles applied for in Crunch.
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.
The GDPR places specific legal obligations on processors, who are required to maintain records of personal data and processing activities.
Who are the Crunch data controllers and processors?
The data controller is Crunch, for the purposes of this Policy encompassing the business entities E-Crunch Ltd and Crunch Accounting Ltd, whose registered Company Addresses are as follows:
E-Crunch Ltd Correspondence Address for any queries relating to this policy: W8a, The Knoll Business Centre, 325-327 Old Shoreham Road, Hove, East Sussex, BN3 7GS.
E-Crunch Ltd Registered Office Address: 86-90 Paul Street, London, EC2A 4NE.
Crunch Accounting Ltd Correspondence and Registered Office Address: W8a, The Knoll Business Centre, 325-327 Old Shoreham Road, Hove, East Sussex, BN3 7GS.
The Crunch Data Protection Officer is Lucinda Watkinson, Head of Accounting.
The Crunch Deputy Data Protection Officer is Sarah Wells, Risk & Compliance Coordinator.
Data processors are the Crunch People Team and hiring managers or team members appointed to assist with hiring, using data provided by Applicants for roles on CV’s and covering letters to the careers@crunch.co.uk or people@crunch.co.uk email addresses, or from third party sources such as jobs boards and recruitment agencies.
What data is collected and processed?
Crunch collects and processes a range of personal or special category data about Applicants during the recruitment and selection process for each externally advertised role. This includes:
- Full name, home or remote working address and contact details, including personal email addresses and landline and/or mobile telephone number(s) known as SMS’s;
- Details of qualifications, skills, experience and employment history, including start and end dates with previous employers and roles held;
- Whether or not an Applicant has a disability for which Crunch needs to make reasonable adjustments during the recruitment process;
- Nationality and proof of the right to work and live in the UK;
- Dates of birth for applicants other than British or Irish citizens requiring a GOV.UK Share Code check, as the date of birth is required in order to perform the online right to work verification check before an offer of employment is made;
- Equality monitoring information, including information about an Applicant’s gender, marital status, ethnic origin, sexual orientation, sexual identification, age, health and religion or belief;
- Employment, assignment or academic references and the outcomes of any pre-employment screening as communicated to a successful Applicant in advance;
- The outcome and results of any interviews or assessments which form part of the recruitment process; and
- Payroll details that may be contained on a P45 or HMRC new starter checklist, including national insurance number and code, tax code and bank or building society account details for the purposes of onboarding new starters after an offer of employment has been made.
How is data collected and processed?
Crunch collects and processes Applicant data in a number of ways, including from CVs and covering letters, passport or other identity documents, from general e-mail or other written correspondence, or through interviews, meetings or other assessments conducted by Crunch hiring managers.
There are some roles where online tests of technical competence are completed, specifically for IT and software development type roles that Crunch may have. Crunch does not use psychometric testing for any roles.
Crunch also collects personal data from third parties with prior consent from successful applicants, such as basic employment references supplied by former employers or academic references from educational institutions. Crunch does not complete telephone reference checking.
Crunch will seek information from third parties only once a job offer to an external applicant has been made and accepted, and Applicants will be informed that we are doing so prior to contact being made with referees.
Where is Applicant data stored?
Applicant data is stored securely in the following locations which are only accessible by members of the People Team and other Crunch employees with approved access:
- The email box careers@crunch.co.uk for all direct applications or alerts received from the Tribepad ATS;
- Third party job boards such as Indeed and ACCA Careers where Crunch have secure, password protected accounts;
- The email boxes people@crunch.co.uk or careers@crunch.co.uk where a recruitment company is introducing an Applicant and doesn’t have direct access to the Tribepad ATS.
- The secure Crunch network ‘HR’ drive, which is used to store GOV.UK share code checks and other right to work checks before interviews take place and/or offers are made.
Data of successful candidates would then be added to the integrated Crunch HR information system, Hibob, following completion of an automated onboarding process after an offer of employment has been made.
For any unsuccessful Applicants, we will store information in our Google drive with restricted access sharing settings for six months from the date of application. This data will then be deleted securely.
Why is applicant data collected and processed by Crunch?
Crunch needs to collect and process this data to take the necessary steps prior to entering into a contract with a prospective employee. It also needs to process data to enter into a contract in the event of an offer of employment being made.
Crunch needs to communicate with Applicants about applications for live or prospective roles, and provide updates to Applicants on the status of their application and any next steps.
Crunch also needs to collect and process data to ensure that it is complying with its legal obligations. In particular, there is an obligation to check an Applicant’s right to work and live in the UK during the recruitment and selection process before an offer of employment has been made or before starting work.
Crunch reserves the right to use a third party company for digital verification of our Applicant right to work documentation, in particular where ‘in person’ verification checks are not possible.
Crunch has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from Applicants allows designated Crunch employees to manage the recruitment process, assess and confirm an Applicant's suitability for employment and decide to whom to offer a job. Crunch may also need to process data from Applicants to respond to and defend against legal claims.
Where Crunch relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of applicants and has concluded that they are not. If the reason of legitimate interests is used, these would be explained to the Applicant in the event of a query being raised.
Crunch processes health or other information voluntarily disclosed by Applicants if it needs to make reasonable adjustments to the recruitment process for Applicants who have a disability or other special requirement. This is to carry out its obligations and exercise specific rights in relation to employment and some of this data may be special category data if provided by the Applicant.
Where Crunch processes other special categories of data, such as information about ethnic origin, sexual orientation, sexual identification, religion or belief, this is for equal opportunities monitoring purposes and to help us maintain equity, diversity and inclusion at Crunch. This information is collected separately and will be treated in the strictest confidence. It will be used only for statistical monitoring. It is not part of the selection process and will be separated from the application process.
For some roles, Crunch is obliged to seek information about ‘unspent’ criminal convictions and offences from applicants. Where Crunch seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment. This information would be required after an offer of employment has been made using the Crunch new starter form documentation and HR information system, Hibob.
Disclosure of information regarding Protestant and Roman Catholic faiths enables us to fulfil the requirements of the Fair Employment (Northern Ireland) Act 1989 as Crunch hires remote team members who have the right to live and work in all nations within the United Kingdom, including Northern Ireland.
If an external application for a role is unsuccessful, Crunch will keep personal data on file in case there are future employment opportunities for which the Applicant may be suited. Crunch will ask for consent before it keeps data for this purpose and applicants are free to withdraw consent at any time.
If a third party recruitment agency has ‘introduced’ a prospective job applicant to us, Crunch would adhere to agreed ‘Terms of Business’ when approaching former Applicants about subsequent roles that may arise. Terms of Business can only be approved by decision makers within the People Team in accordance with our recruitment budget and authority levels.
The Crunch People Team and hiring managers receive annual refresher training on Data Protection and other periodic updates are shared as required. The Data Protection Officer and Deputy Data Protection Officer will also inform Crunch of any legislative changes or best practice in relation to Data Protection in the recruitment and selection process at Crunch.
Who has access to this data?
Applicant information will be shared internally for the purposes of the recruitment and selection process, specifically with members of the People Team, other designated employees such as hiring managers, and/or heads of department.
‘Job owners’ will be identified based on the hierarchy where the vacancy sits, in roles as set up by the People Team on the Crunch HR information system, Hibob.
Crunch will not share Applicant data with third parties, unless an application for employment is successful and a conditional offer of employment is made. Crunch will then share the relevant personal data with former or current employers, clients (if previously self-employed), or educational institutions in order to obtain employment, assignment or academic references.
Personal data provided by Crunch for the purpose of reference requests includes the Applicant’s name, job role with former employer(s), assignment with former client(s) or course attended at educational institution(s), and potentially date of birth and national insurance number if additional means of identification is required.
It is Crunch company policy to request and obtain factual references for successful Applicants including name, job role and dates of employment only. No additional information is requested.
Where applicable, depending on the type of role(s) applied for, data of successful Applicants will be shared with our assigned third party right to work and/or employment background check providers. If such right to work and/or background checks are undertaken for the role(s) applied for, the People Team will notify successful job applicants in advance of the checks commencing.
Crunch will not transfer applicant data outside the European Economic Area.
How does Crunch protect data?
Crunch takes the security of Applicant data extremely seriously. It has internal policies and controls in place to ensure that such data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our designated employees as already specified in the proper performance of their duties.
Our employees adhere to our Crunch company policies and procedures relating to data protection and acceptable use of Crunch IT systems. This also includes completion of our Essentials training modules on GDPR and Cyber Security.
For how long does Crunch retain candidate data?
If an application for employment is unsuccessful, Crunch will hold this data on file for six months, unless an Applicant withdraws their consent to the data being held in the meantime.
At the end of the six month period, or once an Applicant withdraws their consent if sooner, data such as CVs, copies of passports or share code checks will be securely deleted.
Crunch will anonymise personal identifiable information such as names, email addresses and telephone numbers as used for Applicant communications, in order to maintain a history of all applications per vacancy for reporting purposes only.
If an application for employment is successful, personal data gathered during the recruitment process will be transferred to individual personnel files stored on secure Crunch network drives and retained during the course of employment, and then up to seven years post employment.
The periods for which employee data will be held are outlined in the separate Employee Privacy Policy and included in the Crunch Data Protection Policy and accompanying document retention procedures.
What are applicant rights?
As a data subject, Applicants for roles with Crunch have a number of rights and can:
- Access and obtain a copy of personal data held by Crunch on request;
- Require Crunch to change incorrect or incomplete Applicant data;
- Require Crunch to delete, anonymise or stop processing Applicant data, for example where the data is no longer necessary for the purposes of processing;
- Object to the processing of Applicant data where Crunch is relying on its legitimate interests as the legal ground for processing; and
- ask Crunch to stop processing data for a period if data is inaccurate or there is a dispute about whether or not an applicant’s interests override Crunch’s legitimate grounds for processing data.
To exercise any of the above rights, the Crunch People Team should be contacted in the first instance, who will advise on the process for submitting a Subject Access Request (SAR). They should be contacted at careers@crunch.co.uk
The Crunch People Team and Data Protection Officer or Deputy Data Protection Officer will manage the SAR through to conclusion, resolving any queries raised after the initial SAR has been submitted until we consider it to be closed with no further action needed.
Thereafter, if an Applicant still has the belief that Crunch has not complied with their data protection rights and wish to escalate their concerns, they should seek advice from the Information Commissioner’s Office at www.ico.org.uk
What if Applicants do not provide personal data?
Crunch asks all applicants to supply a CV via a third party or to our careers email inbox in order to apply for a role with Crunch.
Applicants are under no statutory or contractual obligation to provide data to Crunch during the recruitment process. However, if Applicants do not provide the requested information or it is incomplete, Crunch may not be able to process applications for employment properly or at all.
Automated decision making and use of Artificial Intelligence in recruitment processes
Crunch recruitment processes are not based in any way on automated decision-making, defined as making a decision solely by automated means, including Artificial Intelligence (AI) without any human involvement whatsoever.
We are exploring the use of Artificial Intelligence (AI) and automation tools to streamline parts of our hiring process (such as CV processing and interview scheduling). However, candidate screening, interviews, and final decisions are conducted by humans, specifically hiring managers and the People Team at Crunch.
We do not currently use AI notetaking tools in interviews or record interviews with external candidates on video calls, unless Applicants grant hiring managers express permission for this in advance of the interview and this permission is confirmed by hiring managers to the Crunch People Team.
If interviews are recorded with the above express permission, the video recording and transcript of the interview would be retained for six months from the date of application for external candidates.
When will this Recruitment Privacy Policy be reviewed?
Crunch will review the Policy as the need arises due to changes in internal processes or systems, or as a result of relevant legislative updates.
Due to the pace of change with recruitment and the use of Artificial Intelligence (AI) to automate more of our work processes, this policy will be reviewed every six months for the foreseeable future.
Crunch reserves the right to make amendments as required, ensuring ongoing compliance with the UK GDPR 2021 and Data Protection Act 2018.
Crunch will publish updates to this Policy on the careers page of the Crunch website: www.crunch.co.uk
Who do I speak to if I have any questions?
If you have any questions regarding the contents of this Policy, please email the Crunch People Team at careers@crunch.co.uk