DATA PRIVACY NOTICE
Introduction
AFH Financial Group takes your privacy very seriously. We ask that you read this privacy notice carefully as it contains important information on how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact supervisory authorities in the event you have a complaint.
When you choose to apply for a role with any firm within AFH Group we will need to process personal information about you. This privacy notice helps you to understand how we use your personal information during the recruitment process. If you are successful after submitting your application, our Advisers and Staff Privacy Notice will apply.
Although you may apply for a role with one firm within AFH Group, information may pass freely between the different firms within the group in order to fulfil the application process.
The personal data we collect and use
In the course of providing our service to you we may collect the following personal data when you provide it to us:
- Contact information
- Date of Birth
- Employment history
- Recruitment Details
- Employment status
- Health information
- Your CV and Covering Letter
- A record of your progress during the hiring process
- Qualifications
- Data about criminal convictions or offences
How we use your personal data
The below table sets out how we use your personal data.
Rationale/Reason for Processing |
Lawful Basis for Processing |
Information that you have provided within the application process to allow us to properly assess your application:
Information received from third parties in relation to pre-employment vetting checks such as reference responses, the Disclosure Barring Service (criminal history) and Credit Reference Agencies (financial checks). Please note some of these are only applicable to those applying for a regulated position. Where you have visited an office within AFH Group we may have recorded video/CCTV footage of your visit |
|
How we store your personal data
The personal information contained within our recruitment system is held in an electronic format and is stored in a secure web-based back office system and on secure server drives. We may also keep paper copies of personal data where necessary. For full details on storage locations please contact our Data Protection Officer.
Special category data
Certain types of personal data are considered more sensitive and so are subject to additional levels of protection under data protection legislation. These are known as ‘special categories of data’ and include data concerning your health, racial or ethnic origin, genetic data and sexual orientation. Data relating to criminal convictions or offences is also subject to additional levels of protection.
We may process:
- Health information and lifestyle information: when you disclose information about health or a disability which may require additional support measures to assist in your job role.
In addition to the lawful basis for processing this information set out in the above table, we will be processing it either (i) in line with arranging on a potential contract between AFH and the applicant (ii) for the establishment, exercise, or defence of legal claims.
During the application process you will also be asked to fill out our diversity questionnaire. This is not mandatory- if you do not provide it, it will not affect your application. The information that is collected on this questionnaire is anonymised by the time it reaches our recruitment team. We cannot identify an individual through the results of the questionnaire.
- Information about Criminal Conviction: when it is applicable and appropriate to the nature of the role and where we are legally able to do so.
Where appropriate, we will collect information about criminal conviction as part of the recruitment process. As a regulated company we have a legal obligation and legitimate interest to process this information for certain job roles within the business. The criminal data collected in ways that a person would reasonably expect, as part of the disclosure process.
How we share your information
In order to meet our legal and contractual obligations, there may be instances when we are required to share your personal information with other companies, including entities within AFH group of companies and with external entities. Examples include:
- Provision of information to Credit Reference Agencies and Disclosure and Barring Services (or equivalent) in order to fulfil our legal and regulatory obligations
- Provision of information to regulatory bodies in line with our legal and regulatory obligations
Whenever we share your data, we ensure we have the lawful basis to do so and require all parties to respect the security of your personal data and to treat it in accordance with relevant legislation.
Disclosure of information from a third party
Where you have applied for a job opening through a third party, such as an agency or job board (like Indeed) they are responsible for disclosing their legal basis for processing and sharing your personal data with third parties. The service provider shall be the data controller of this data and shall therefore be responsible for complying with all applicable law in respect of the use of that personal data and if the data is transferred to a third party. With your consent we will share only relevant personal data with the agency working on your behalf.
How long your personal data will be kept
We will hold your personal data for differing periods of time depending upon the reason we have for processing it. We will retain your information for a period of up to 12 months if your application is unsuccessful, however if you are successful in your application your information will be retained in line with our Advisor and Staff Privacy policy.
Where we store your personal data
The data that we collect from you and process using our Applicant Talos System will be stored within the UK and EEA. If you use our online application system, your details will be stored by our system provider on our behalf. We will only transfer data to third parties who have the appropriate safeguards in place to provide an adequate level of protection for your personal data.
Your rights
You have legal rights under data protection regulation in relation to your personal data. These are set out under the below headings:
- To access personal data
- To correct / erase personal data
- To restrict how we use personal data
- To object to how we use personal data
- To ask us to transfer personal data to another organisation
- To object to automated decisions
- To understand how we protect information transferred outside Europe
- To find out more about how we use personal data
We will always let you know if we think a response will take an extended period of time. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
To access personal data
You can ask us to confirm whether we have and are using your personal data. You can also ask to get a copy of your personal data from us and for information on how we process it.
To rectify / erase personal data
You can ask that we rectify any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first.
You can ask that we erase your personal data if you think we no longer need to use it for the purpose we collected it from you.
You can also ask that we erase your personal data if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal data.
We may not always be able to comply with your request, for example where we need to keep using your personal data in order to comply with our legal obligation or where we need to use your personal data to establish, exercise or defend legal claims.
To restrict our use of personal data
You can ask that we restrict our use of your personal data in certain circumstances, for example:
- where you think the information is inaccurate and we need to verify it;
- where our use of your personal data is not lawful, but you do not want us to erase it;
- where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
- where you have objected to our use of your personal data, but we still need to verify if we have overriding grounds to use it.
We can continue to use your personal data following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
To object to use of personal data
You have the right to ask us to review and explain our legitimate interests to you where we are collecting, storing and using your personal data on a legitimate interest basis, including when collecting, storing and using for profiling or to make automated decisions. You have the right to object to our legitimate interests and that collection, storage and use unless we can demonstrate that we have compelling legitimate interests to use the personal data.
You also have the right to object to us sending you marketing communications.
To request a transfer of personal data
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).
You may only exercise this right where we use your personal data in order to perform a contract with you, or where we asked for your consent to use your personal data. This right does not apply to any personal data which we hold or process outside automated means.
Security and Data Privacy
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, accessed, altered or disclosed in an unauthorised manner. You can ask for a copy of, or reference to, the safeguards we have put in place when your personal data is transferred outside of the European Economic Area. We are not required to share details of these safeguards where sharing such details would affect our commercial position or create a security risk. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information are subject to a duty of confidentiality and will only do so in an authorised manner.
Some of the measures we use are:
- Ensuring all IT facilities are protected
- Ensuring security of our website and portals
- Training and procedures are provided to staff, ensuring that understanding and responsibility of our staff to protect the confidentiality of personal data and how they handle the information
- Ensuring appropriate procedures and policies are in place to support staff with handling personal data and how to handle suspected data security breaches.
You can contact us for more information
If you are not satisfied with the level of information provided in this privacy notice, you can ask us about what personal data we have about you, what we use your information for, who we disclose your information to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any automated decision making using your personal data.
If you would like further information or would like to exercise any of the rights referred to within this policy, please:
- email our Data Protection Officer at: privacy@afhgroup.com;
- let us have enough information to identify you, e.g. name, address, date of birth;
- let us know the information to which your request relates.
Our supervisory authority
If you are not happy with the way we are handling your information, you have a right to lodge a complaint with the Information Commissioners Office (ICO). It has enforcement powers and can investigate compliance with data protection regulation (www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO and so, if you are happy to do so, please contact us in the first instance and we will try to resolve your complaint.
Links to other sites
Our website may, from time to time, contain links to and from the websites of third parties as a service to our users. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How to contact us
Please contact our Data Protection Officer if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact our Data Protection Officer, please send an email to: privacy@afhgroup.com