The information on this page explains how the Senedd Commission (“the Commission”) uses your personal information when you apply for a job with us. It also describes how long that information is kept for and the circumstances in which we will share it with other organisations.
Who we are
The Senedd Commission is the data controller of the information you provide, and will ensure it is protected and used in line with data protection legislation.
If you have any further questions about the way in which we process personal data, or how to exercise your rights, please contact our Data Protection Officer at:
Tŷ Hywel, Pierhead Street, Cardiff Bay CF99 1SN
0300 200 6494
What information are we collecting?
The information we ask for is used to enable us to consider your suitability for an advertised job vacancy. Whilst you don’t have to provide the information we ask for, not providing sufficient information may affect our ability to process your application, assess your suitability, and offer you a position.
We will request feedback from you at various stages throughout the recruitment process. This will be sent to you as a link to a Forms page in automated outcome emails. This is optional feedback and you do not have to submit any information if you do not wish to. It will not record your email address or contact details however, if you do respond to our feedback form you may inadvertently provide personal identifiable information, however this information will not be used or processed.
If you are a successful candidate this feedback link will be sent to your new work email address.
Information processed at application
Our Application Tracking System (ATS) is run by WebRecruit, a third party provider. To submit an application through the ATS, you will be required to create an account by inputting your name, email address and telephone number. You may also choose to set up a Job Alert for certain types of roles. The information detailed above will be stored by WebRecruit and they will be the Data Controller of this information. Details about what WebRecruit will do with your registration and application information can be seen in their Privacy Notice. WebRecruit will not be a Data Controller for the information you submit as part of your application for an advertised role within the Commission.
Information you submit will be held by WebRecruit on a server environment provided by another third party, OVH (http://www.ovh.co.uk). The servers used by OVH are located within the European Economic Area (EEA). WebRecruit also use a number of other third parties processors in the provision of this system. Details about the purposes for which Web Recruit share personal data with those third parties are set out in their privacy notice. One of those third parties transfer personal data outside of the EEA. However, that transfer is covered by contractual clauses under which they will ensure that personal data is treated in line with European legislation. All remaining personal data is processed within the EEA.
All relevant information to conduct a sift will be saved onto Senedd information systems which will be shared with Panel members, who will then have access to the information in order to review applications. Following the completion of the sift, the applications will be deleted from these folders and kept solely in the ATS. Only members of the Commission’s Human Resources and WebRecruit administrative teams will have access to the information stored within the ATS.
Personal data processed includes your title, name, home address, email address, telephone number, education, qualifications, employment history and skills, employment references and answers to questions that we have deemed relevant to the role and any other personal information you may provide on your application form. In order to improve the effectiveness of our recruitment process, we also record information about how you reached the vacancy page, such as via a third party platform (Facebook, Twitter, and other recruitment websites etc.) and the type of device used.
Data protection law recognises certain “special categories” of information. These are defined as information revealing a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for uniquely identifying a person, information concerning heath, and information concerning a person’s sex life or sexual orientation.
These special categories are considered particularly sensitive and are afforded special protection. This is also the case for information relating to criminal offences or convictions.
At application, special categories of data are also requested for monitoring of equal opportunity and treatment which may include your gender, ethnicity, nationality, sexual orientation, disability, religion/belief.
We utilise any declaration of disability to enable us to assess and make reasonable adjustments to the recruitment process should they be required by the applicant.
Why we are collecting this information
Personal data is collected and used to facilitate the recruitment process of Commission staff and to fulfil our duties to publish diversity monitoring data as part of the Equality Act 2010’s public sector duties (this data is published anonymously).
The completion of the diversity information questions for equal opportunities monitoring is mandatory. However, candidates have the opportunity to select ‘Prefer not to say’ to each question. We collect this information to assist us with our monitoring responsibilities.
If provided, your diversity information will be treated as confidential and will be held separately and will not be seen by the recruiting panel. No individual will be identified as part of this process.
If you complete the feedback form which is sent within the automated outcome emails, the information you provide will be used to assist us with ongoing improvements and how we make any changes to our processes in future. Within the feedback form we will also ask Equal Opportunities / Equality and Diversity questions based on the following criteria: gender, gender identity, national identity, ethnicity, sexual orientation, age, disability and religion.
The Senedd Commission wants to continue to be an exemplar organisation in valuing diversity, promoting inclusion and embedding equality, both as an employer and parliamentary organisation. We are continuously reviewing our recruitment processes and practices to ensure that they are fair and inclusive. In order to continue to achieve this, we are seeking candidates’ feedback to inform our approach to recruitment. This information will be kept in the strictest confidence separate from your application form and used for statistical purposes only. Please note, the provision of information in this section is entirely voluntary and will be stored on our monitoring database for 24 months after an appointment decision. We understand that not everyone wishes to provide this information and for those, please either type or choose ‘prefer not to say’.
What we will do with the personal information you provide
The Commission will use your personal information to:
- Evaluate your application and assess your suitability for the role in question;
- Make a decision about whether you should be selected for interview and appointment;
- Conduct relevant pre-employment screening (e.g. carry out criminal record/National Security Vetting checks; verify your address, academic qualifications and work experience);
- Review and audit the recruitment process and its outcomes;
- Carry out diversity monitoring activities.
- We will use your data to seek feedback.
Details about what WebRecruit will do with your registration information can be seen in their Privacy Notice.
Information processed at interview stage
If you are invited to an interview, we ask you to provide the following items:
- Valid Driving Licence / Passport;
- Completed Criminal Record Declaration (CRD) form:
- The CRD form contains its own Privacy Notice with regards to how the Vetting office uses the information provided;
- This may include obtaining information about criminal convictions, cautions or other offences committed, whether past, current or pending;
- The CRD form contains personal information that is held in line with the retention schedule outlined in the Vetting Policy;
- Passport or Visa to confirm eligibility to work in the UK.
Information Processed at Pre-employment stage
If you are successful at interview, we will also ask you to provide:-
Via the ATS:
- Contact details of referees;
- Details of any membership to a Civil Service Pension Scheme;
- Car parking request form (if required).
You will also be asked to return your Offer of Employment document and Contract of Employment through the system, or through the post if you prefer.
- Completed Occupational health questionnaire to establish your fitness to work;
- Bank details;
- Emergency contact details.
- We will use your new work email to seek feedback on our processes.
Sources of Data
The information we collect will be provided directly by you, or sometimes from a recruitment agency.
If successful at interview, we will collect information from third parties, including your referees, education provider, Disclosure and Barring Service.
Sharing personal information
We may use recruitment agencies depending on the role. Information will be kept by them 12 months after appointment. The appointed agency will provide details of their respective privacy notice. If successful at interview, your data will be processed as above.
We have an Independent Occupational Health Service which may share personal information with us in regards to assessing your fitness for work and/or any recommendations for reasonable adjustments. Further information this service can be found at www.insynchealth.co.uk.
Some of your personal information will also be exchanged with third parties where it is necessary to carry out pre-employment screening e.g. UK National Security Vetting and/or obtaining references from previous employers, personal references and education, qualification/professional checks.
Other than as set out above, your information will only be accessed and processed by authorised personnel of the Commission (i.e. hiring managers and HR) who are directly involved in the management and administration of the recruitment process and have a business need to access your personal information.
The Commission may also disclose applicant information to other third parties for example, in order to establish or defend the legal rights of the Commission, or in an emergency where the health or personal security of an applicant is at risk.
Any feedback you provide might be used to inform the wider Human Resources team and our Executive Board of changes needed to our processes.
Where will the information be stored?
Some information will be stored on the Commission’s ICT network, which includes third party cloud services provided by Microsoft. Any transfer of data by Microsoft outside of the EEA is covered by contractual clauses under which Microsoft ensure that personal data is treated in line with domestic legislation. Details about how Microsoft will use your information is available in their Privacy Statement.
How long your information will be retained
Personal details of unsuccessful applicants will be retained for 12 months, in accordance with the Commission’s retention schedule. Documents will be destroyed in accordance with our destruction schedule. You will be notified by us two weeks prior to your information being deleted.
Personal details of successful candidates will be kept for the duration of their employment and retained for 100 years after the end of employment.
If you submit feedback, your information will be stored securely on our ICT systems which includes third party cloud services provided by Microsoft. Any transfer of data by Microsoft outside of the EEA is covered by contractual clauses under which Microsoft ensure that personal data is treated in line with European legislation. To find out more about how Microsoft will use your information, you can read their privacy statement here.
Our legal basis for collecting, holding and using your personal information
Data protection law sets out various legal bases which allow us to collect, hold and use your personal information. These are:
- Where we use your personal information to carry out our public functions. A key function of the Commission is to provide the Senedd with the staff and services it requires for its purposes and its work. An example of this is the processing undertaken in order to assess which applicant is best suited to a particular job;
- Where the processing is necessary in order to take steps to enter into a contract with you. An example of this is contacting your selected referees;
- Where we are under a legal obligation which requires us to process your personal information. An example of this is where we need to make reasonable adjustments to enable an applicant to take part in the recruitment process;
- Where we process your information in order to protect your vital interests. An example of this would be if we shared information about your health if a medical emergency occurred whilst you were on site;
- We will sometimes collect and use your personal information based upon your agreement. This is known as ‘consent’. We will always tell you where this is the case. An example is where we keep details of unsuccessful applicants for a fixed period to advise them of suitable future posts.
In addition, we will process special category personal data as part of the recruitment process. We will only collect and use this information where we:
- consider it necessary and in the substantial public interest to do so, such as for equal opportunities monitoring;
- consider it necessary to meet our legal obligations or exercise rights in connection with employment;
- where it is necessary to protect you or another person from harm; or
- in limited circumstances, where you have given us your explicit consent to do so. For example, where we will collect special categories of data when you complete your feedback form, this will be voluntary.
We will also process data relating to criminal convictions or offences as part of the recruitment process. We will only process this personal data if we have a legal basis for doing so. Information collected as part of the CRD form is also subject to its own Privacy Notice.
As a data subject, you have a number of rights. The rights which apply depend on the legal bases we are relying on to use your personal information. Those rights will not apply in all instances, and the Commission will confirm whether or not that is the case when you make a request.
The rights include the right to request access to your own personal information, sometimes called a ‘subject access request’.
Additionally, you have the right to request from us:
- that any inaccurate information we hold about you is corrected (please note that you are required to keep us up to date with any changes to your personal information);
- that information about you is deleted (in certain circumstances);
- that we stop using your personal information for certain purposes or in certain circumstances; and
- that your information is provided to you or a third party in a portable format (again, in certain circumstances).
If you would like to engage any of the rights that you have under data protection legislation, ask a question or make a complaint about how your information is used; please contact the Data Protection Officer using one of the methods set out in the “Who are we” section above.
If you are dissatisfied with how we are using your personal information or if you wish to complain about how we have handed a request, then please contact our Data Protection Officer and we will try to resolve any issues you may have.
You can also make a complaint to the Information Commissioner’s Office (ICO) if you believe we have not used your information in line with the law. The ICO’s contact details can be found on their website.
Requests for information made to the Commission
The Senedd is subject to access to information legislation. In the event of a request for information being made under access to information legislation, it may be necessary to disclose all or part of the information that you provide. This may include information which has previously been removed by us for publication purposes. We will only do this if we are required to do so by law.
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained using the contact information below. This privacy statement was last updated on July 2021