Data Protection - Recruitment

DATA PROTECTION - RECRUITMENT

1. introduction

Under the General Data Protection Regulation (the “GDPR”), we are required to explain to you why we are asking for information about you, how we intend to use the information you provide to us and whether we will share this information with anyone else.

This Staff Recruitment Data Protection Statement sets out specific information relating to individual candidates applying for temporary, permanent and intern positions in King’s Inns (referred to as “Candidates”).

We treat the protection of your personal data seriously and when we collect and process your Personal Data, we will do so in accordance with the GDPR and relevant local data protection laws (the “Data Protection Laws”).

When we refer to “Personal Data” in this Data Protection Statement we mean any information relating to an identified or identifiable natural person (‘Data Subject‘); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.1 ORGANISATION Information

We are The Honorable Society of King’s Inns (referred to herein as “we”, “us”, “our” and the “King’s Inns”).

1.2 LEGISLATION

All personal data we gather will be processed in accordance with all applicable Data Protection Laws and principles, including the GDPR and the applicable Irish Data Protection Acts.

1.3 QUERIES AND COMPLAINTS

If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us please contact:

Data Protection Officer

King’s Inns, Henrietta Street, Dublin 1, DO1 KF59, Ireland

Email: data.privacy@kingsinns.ie

Telephone: +353 1 874 4840

You have the right to lodge a complaint with the Office of the Data Protection Commissioner. To contact the Office of the Data Protection Commissioner, please use the following details:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Telephone: 01 7650100

Telephone: 1800437 737

Email: info@dataprotection.ie

2. ABOUT US

King’s Inns is the oldest institution of legal education in Ireland. Its main objectives are:

· the promotion and advancement of learning in the law;

· the education and training of students and members of the King’s Inns;

· the protection and furtherance of the reputation and standing of the degree of Barrister–at–Law;

· the preservation of the heritage that is comprised in the King’s Inns, its buildings, library, furnishings and environs; and

· to ensure the fitness of persons to practice as or to hold themselves out as barristers prior to and, subject to Part 6 of the Legal Services Regulation Act 2015, after their call to the Bar of Ireland.

In addition to our main activities listed above, the King’s Inns provides a number of products and services including merchandising, newsletters, dining services, cottage rental, venue hire, and parking services. Our Data Protection Statements provides further information about the Personal Data we process in connection with these activities.

3. WHO THIS DATA PROTECTION STATEMENT APPLIES TO?

This Data Protection Statement applies to the Personal Data we process about Candidates applying for positions at King’s Inns.

When you apply for a job with King’s Inns, we will collect Personal Data related to you for the purpose of your job applications which will be stored securely by King’s Inns and will be used for the purposes of the recruitment process. Additional Personal Data may be collected to complete background checks on individuals offered a role.

During the recruitment process, we may contact references or stated previous workplaces, to verify the information provided.

We may collect Personal Data about you such as your identification data (given name, family name), contact details (telephone, email, address details), preferred language, requests for reasonable adjustments and/or accessibility requirements for assessments and to attend interviews. We use this information to process your recruitment application and to provide you with access to the recruitment process.

Please see Section 5 for further information on the categories of Personal Data we process.

4. how do we collect PERSONAL DATA?

We receive Personal Data about Candidates from a variety of sources. Usually, Candidates provide us with certain information directly, for example, when the Candidate sends us their CV, applies directly for a position advertised on the King’s Inns website, or interacts with our communications (e.g. websites and advertisements).

We may also receive Personal Data about a Candidate when:

· the Candidate applies to a position advertised on a third-party job’s website;

· the Candidate may be sourced from publicly accessible platforms such as LinkedIn;

· the Candidate may be sourced from a recruitment business

· the Candidate may be sourced from third party CV providers such as jobs websites that provide CV search facilities and where users have made their CV data available to registered customers of these sites; and

the Candidate’s nominated referees or other individuals may provide us with Personal Data relating to the Candidates

5. CATEGORIES OF PERSONAL DATA

We process the following categories of Personal Data in relation to Candidates:

Personal Data Category	Description
Contact Data	may include: home address, work address, email address, phone number, online communication id (e.g skype)
Identification Data	may include: name, date of birth, (copy of or details from) driving license, passport, birth certificate, member ID, identification card, photograph, employment visa
Professional Data	may include: profession, company, department, employment history, skills/ experience, membership of professional bodies
Education Data	may include: degrees, certificates and diplomas awarded, languages, educational history, qualifications
CV Data	may include: Contact Data, Identification Data, Professional Data, Education Data, Application Data
Application Data	may include: information provided as part of an application for a permanent or contract position such as Contact Data, Identification Data, Professional Data, Education Data, CV Data and information about achievements and hobbies
Financial Data	may include: payment and bank details, tax information, social security and salary expectations
Test Data	may include: test answers and results for any job application
Health Data	may include: health information including information about any disability or illness
Media Data	may include: video data and recordings from any interview with the Candidates including, Contact Data, Professional Data, Education Data, Health Data, Application Data and Communications Data
Legal Data	may include: criminal record and credit checks undertaken where required as part of the application process
Position Data	may include: information on salary/rate of pay, working hours and job description
Emergency Contact Data	may include: the name and contact details provided by Candidates in case of an emergency
Communications Data	may include: communications with us over email, text, phone or letter
Web Data	may include: information provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you are using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use

6. LAWFULNESS OF PROCESSING

We process all Personal Data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds for processing Personal Data.

When King’s Inns processes Personal Data about Candidates, any one of the following legal grounds will generally apply. Further detail about the lawful basis for our processing activities is included in the relevant sections of this Data Protection Statement.

Contract

We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering that contract. When you apply for a job some of our processing activities will be carried out in order to take steps necessary to enter into a contract of employment with you.

Consent

For certain processing activities we may rely on your consent. Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so. You can withdraw consent provided by you at any time by contacting us at data.privacy@kingsinns.ie. If you do withdraw your consent, it does not mean that any processing, with your consent, of your personal data up to that point is unlawful.

Legitimate Interest

At times we will need to process your Personal Data to pursue our legitimate interests, for example for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and recruitment portals or to maintain their security and protect intellectual property rights.

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweighs our legitimate interests.

You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at data.privacy@kingsinns.ie and we will review our processing activities.

Legal Obligation

If we have a legal obligation to process Personal Data, we will process Personal Data on this legal ground.

Defence Of Legal Claims

In limited circumstances and in accordance with the law we may use Personal Data in the defence of legal claims or enforcing legal rights.

Assessment Of Working Capacity

In certain circumstances, we may be required to assess the working capacity of a Candidate and we may operate under this legal ground in relation to any tests or assessments undertaken involving the processing of health data or other special category Personal Data.

7. OUR PROCESSING ACTIVITIES

We can only collect your Personal Data if we have a lawful basis for doing so.

We have set out in the table below, the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.

Purpose/Activity	Type of Personal Data	Lawful basis for processing
Candidate Sourcing
to advertise roles on our website/ to create a record/file for the Candidate on our system and to associate all notes and tracking throughout the interview, and onboarding process/ to keep up to date information about Candidates in relation to their requirements, in order to assess their suitability for current or future vacancies to maintain our database/ to communicate with Candidates about positions that might be of interest to them/ to receive and review Candidate applications/ to understand current and expected salary, notice period and availability	Identification Data/ CV Data/ Communications Data/ Application Data/ Web Data	Legitimate interest in sourcing Candidates/ Consent
Job Applications
responding to Candidates queries/ receiving and reviewing applications received from Candidates directly/ communications with Candidates re application/ setting up interviews with the Candidate	Identification Data/ Contact data/ CV Data/ Communications Data	Consent/ Legitimate Interest in recruiting / Candidates
Job Interview and follow up
to arrange and undertake interview/ recording notes of Interview/ to communicate with the Candidates / following interview including unsuccessful applicants/ to offer position/ to follow up with references	Identification Data/ Contact Data/ CV Data/ Communications Data/ Media Data	Consent/ Legitimate Interest in recruiting Candidates/ Contract/
Candidate Screening
to identify if the Candidate is fit to work/ to assess the Candidate working capacity	Identification Data/ Contact Data/ CV Data/ Health Data/ Test Data	Consent/ Assessment of Working capacity
Candidate Finance Activities
to ensure salary expectations are met/ to remunerate Candidate for interview / travel expenses	Identification data/ Contact Data/ Position Data/ Financial Data	Consent/ Legitimate Interest in recruiting Candidates/ Contract
Website Delivery
to respond to web forms completed by Candidates/ to administer the Website/ for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes to ensure the safety and security of our website and our services.	Identification Data/ Contact Data/ Web Data	Consent/ Legitimate Interest in managing and maintaining the website

8. SECURITY OF YOUR PERSONAL INFORMATION

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process. Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

9. DISCLOSURE OF PERSONAL DATA

We will need to share your Personal Data in order to provide complete relevant recruitment and employment screening. Personal Data is shared in certain circumstances as follows:

· to business partners and sub-contractors to support our recruitment activities including email, chat and hosting service providers

· for the purposes of third-party screening and verification, if applicable, including doctors or testing companies (for example, criminal record checks / pre-employment screening services and assessments)

· for the purposes of liaising with the relevant governing bodies in King’s Inns

· to tax, audit or other authorities, if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation or in order to enforce or apply any contract that we have

· to official authorities to protect our rights, property, or safety, or those of other persons (including you)

· to providers of services to King’s Inns including IT consultants and hosting companies, marketing, legal and finance

· to King’s Inns insurance brokers and providers where required for administering claims

It may be necessary to transfer your Personal Data to service providers located in countries outside of the European Economic Area (EEA). King’s Inns will take all reasonable steps necessary to ensure that your Personal Data is treated securely and in accordance with our Recruitment Data Protection Statement.

If we transfer Personal Data to a third party or outside the EEA, we, as the data controller, will ensure the recipient has the necessary protections in place, such as Standard Contractual Clauses or an Adequacy Decision. Where we engage a third party to provide a service to us, we ensure the provider has taken appropriate technical and organisational measures to process, store, and safeguard your Personal Data.

Your Personal Data will not be disclosed to any third party without your consent, except where necessary to comply with statutory requirements or to provide normal services or as otherwise outlined in this Recruitment Privacy Policy. Internally, your Personal Data will be kept confidential and only made available as necessary. You may, at any time, make a request for access to the Personal Data held about you. Should you wish to make any changes, or erasures, to any of the information stored about you, please contact the HR department.

10. RETENTION OF YOUR PERSONAL DATA

We only keep your Personal Data if it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.

Our retention policy is as follows:

Purpose of Processing	Retention Period
Job Applications	Duration of campaign +18 months
Candidate Interview	Duration of campaign +18 months
Website Delivery	Please see our Cookie Notice* below

Cookie Notice*

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on our purpose for processing the Personal Data. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims. We may also delete Personal Data earlier than the specified Retention Period where the Personal Data is no longer required for the purpose.

11. YOUR RIGHTS

You have a number of rights when it comes to your personal data. On receipt of a valid request to invoke one of your rights, we will do our best to adhere to your request as promptly as reasonably possible, however, restrictions may apply in certain situations.

Right of Access

You have a right to know what personal data we hold on you, why we hold the data, and how we are using the data. When submitting your request, please provide us with information to help us verify your identity and as much detail as possible to help us identify the information you wish to access (i.e. date range, subject of the request).

Identity verification will require a copy of your photographic ID, as well as the provision of three unique identifying factors from your medical record. If the request is submitted by a third party (such as a solicitor) on your behalf, the request will be required to include written authorisation from you for the provision of a specific data to the third party.

We will provide the first copy of your personal data free of charge, but we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your personal data in some limited cases including where this might adversely affect the rights and freedoms of others.

Right to Rectification

You have a right to request that the personal data held in relation to you is up to date and accurate. Where information is inaccurate or incomplete, we encourage you to contact us to have this information rectified. Upon receipt of your request, we will ensure that the personal data is rectified and as up to date as is reasonably possible.

Right to Erasure

In some circumstances you can ask for your personal data to be deleted, for example, where:

· your personal data is no longer needed for the reason that it was collected in the first place

· you have removed your consent for us to use your personal data (where there is no other lawful basis for us to use it)

· there is no lawful basis for the use of your personal data

· deleting the personal data is a legal requirement

Please note that we can’t delete your personal data where:

· we are required to have it by law

· it is used for freedom of expression

· it is used for public health purposes

· it is used for scientific or historical research or statistical purposes where deleting the personal data would make it difficult or impossible to achieve the objectives of the processing

· it is necessary for legal claims.

Right to Restriction

You have the right to restrict the extent for which your personal data is being used by us in circumstances where:

· You believe the personal data is not accurate (restriction period will exist until we update your information).

· The processing of the personal data is unlawful, but you wish to restrict the use of the data rather than erase it.

· Where the personal data is no longer required by us, but you require the retention of the data for the establishment, exercise, or defence of a legal claim.

· You have a pending objection to the future use of your personal data.

When the use of your data has been restricted, your personal data will only be further used:

with your consent;

· for the establishment, exercise or defence of legal claims;

· for the protection of the rights of other people; or

· for reasons important to public interest, such as for the protecting against cross-border threats or ensuring high standards of quality and safety of health care.

We will contact you to confirm where the request for restriction is fulfilled and will only lift the restriction after we have informed you that we are doing so.

Right to Data Portability

You have the right to the provision of all personal data, which you provided to us, provided to you in a structured, commonly used and machine-readable format where:

· The lawfulness of the use of your personal data by us is reliant on the provision of your consent.

· The data is being utilised by fully automated means.

You may also request that we send this personal data to another legal entity where technically feasible. We will only refuse such a request if the data being requested may adversely affect the rights and freedoms of others.

Right to Object

You have the right to object to the further use of your personal data where:

· The lawfulness of the use of your personal data by us is reliant on the basis of our legitimate interests.

· Where the data is non-sensitive and being used for reasons in the public interest.

· Where the data is being used for direct marketing purposes.

If you wish to object to the use of your data, please contact us with your request. We will then stop using the data or personal data unless it is required for legal proceedings.

Right not to be subject to Automated Decision-Making Profiling

You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.

Right to Complain

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.

Where do I send requests?

Please send all requests to the contact details provided in Section 1, with as much detail as possible regarding your requirements to enable us to deal with your request efficiently. To answer your request, we may ask you to provide identification for verification purposes.

How long will a request take to complete?

Upon receipt of a request, we will have 30 days to provide a response, with an extension of two further months if required. If we require more time to deal with your request, we will notify you of the delay, and of the factors responsible for the delay, within 30 days of the receipt of your request. If we refuse your request, we will notify you within 30 days of the receipt of the request accompanied by the reason for refusal.

You are entitled to contact the Office of the Data Protection Commissioner if we refuse your request.

How much does it cost to submit a request?

We will not charge a fee for any requests, provided we do not consider them to be unjustified or excessive. If we do consider these to be unjustified or excessive, we may charge a reasonable fee (also applicable for multiple copies) or refuse the request.

12. USE OF THIRD PARTY WEBSITES

Websites that you access via a link on the King’s Inns website are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect Personal Data from you, which will be used by them in accordance with their own data protection statements, which may differ from ours. Please check the data protection statements on those websites before you submit any Personal Data to them.

13. COOKIES

Please see our separate Cookie Notice available for further information.

14. AMENDMENTS TO THIS DATA PROTECTION STATEMENT

We will post any changes on the Website and when doing so will change the effective date at the top of this Data Protection Statement.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

Members' Dining

Hilary Term 2022