Biometrics Built Better

Privacy Notice for Job Applicants

You are being sent a copy of this privacy notice because you are applying for work with us (whether as an employee, worker or contractor). This notice sets out how Veramed Limited uses and protects your personal information during the recruitment process. It provides you with certain information that must be provided under the UK General Data Protection Regulation (UK GDPR).

Veramed is the “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. We may update this notice at any time.

Data Protection Principles

Veramed will comply with data protection law and principles, which means that your personal data will be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes
  • Relevant to the purposes we have told you about
  • Accurate and kept up to date
  • Kept only as long as is necessary
  • Kept securely and protected against unauthorised or unlawful access or processing

How your information will be used

  • Veramed needs to keep and process information about you as part of our normal recruitment process. The information we hold, and process will be used to:
    • assess suitability for the role;
    • carry out reference and/or background checks as appropriate;
    • maintain records for our recruitment process;
    • ensure we remain compliant with legal and regulatory requirements;
    • communicate with you regarding the status of your application.
  • It is in our legitimate interests to decide whether to appoint you to a role since it would be beneficial to our business to appoint someone to that role.
  • Sensitive personal data will only be used as permitted by data protection law, for example:
    • data regarding nationality may be used to determine whether a work permit or similar is required; or
    • data regarding disability may be used to determine whether adjustments to the recruitment process are required
  • We may sometimes need to process your data in line with our other legitimate business interests, for example to prevent fraud, administrative purposes. We will never process your data where these interests are overridden by your own interests.
  • You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
  • If you fail to provide personal data which is necessary for us to consider your application, for example evidence of qualifications or reference details, we will not be able to take your application further.

Data held about you

  • Much of the information we hold will have been provided by you, but some may come from other internal sources, such as interviewing managers, or external sources, such as referees and recruitment agencies acting on your behalf with your permission. We may also collect information from publicly available sources such as LinkedIn.
  • The sort of information we hold during the recruitment process includes:
    • information contained in the CV and/or application form submitted;
    • information contained in any covering letter provided by you;
    • copies of any right to work documentation provided by you;
    • personal data provided by your referees.

Cookies and other anonymous web tracking techniques

When you use our website, Veramed may assign cookie files to you, which are a small amount of data we send to your web browser. Cookies enable the computers operating our websites to differentiate between visitors and to track the patterns of activities engaged in by different visitors. By tracking such activities, the computers, the computers operating our websites can recognise a visitor and customise certain features for the visitor. The cookie preferences can be updated as and when you so wish. We may also use aggregated, non-identifiable data regarding visitors to our site to learn more about the use of the site and how we can improve it.

Data sharing

  • We will only share your personal information with the following third parties for the purposes of processing your application:
    • other entities within our group of companies;
    • third party service providers including recruitment agents and head-hunters.
  • All our third-party service providers and other group entities are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
  • Data may be shared between members of our group who include Veramed Limited; Veramed GmbH; Veramed Inc.; Veramed LLC; and Veramed Data Services Private Limited. A number of entities within the Veramed Group are based outside the European Economic Area (EEA) so their processing of your personal information will involve a transfer of data outside of the EEA. We have put in place provisions between the group entities in the form of Technical and Organisational Measures (TOMS), to ensure this is done in line with data protection laws. If you would like more information, please reach out to us at DPO@veramed.com.

Data security

  • We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
  • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data storage and retention

  • Your data will be retained in recruitment files to which access is restricted to members of Veramed’s HR team.
  • Should you be invited to attend an interview, a copy of your CV/application plus covering letter will be shared with the recruiting and/or interviewing manager(s). Managers are required to delete all such information on completion of the recruitment process.
  • In the event that your application is unsuccessful, we will retain your CV for a period of up to 24 months after the date we notify you of the decision. We retain data for this period for the following purposes:
    • in order that we can demonstrate, in the event of a legal claim, that we have conducted a fair recruitment process and not discriminated against candidates on the basis of prohibited grounds;
    • to allow us to consider you for other suitable openings within Veramed unless you ask us not to do so.
  • Prior to expiry of the 24-month period, where you consented to be contacted regarding job vacancies, if we wish to retain your personal information on file, so that we may continue to consider you for further roles, we will contact you for your consent to retain your personal information for a further period of 24 months. If you do not respond to such request, or you do not consent to the continued retention of your personal data, we will securely destroy your personal information in accordance with data protection law.
  • In the event that you are offered a role with Veramed, you will be provided with a separate GDPR notice for employees.

Your rights

  • Under data protection law in certain circumstances you have a number of rights with regard to your personal data. You have the right to:
    • request access to your personal data (a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
    • request correction of any incomplete or inaccurate personal data that we hold;
    • request erasure of your personal data, where there is no good reason for us continuing to process it;
    • restrict processing;
    • object to processing where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground; and
    • data portability, to request the transfer of your personal information to another party.
  • In the limited circumstances where you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time (which will not affect the lawfulness of the processing before your consent was withdrawn) Once we have received notification that you have withdrawn your consent, and we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
  • You should be aware that your rights may be limited (for example, if making the information available would reveal personal information about another person; if we are legally prevented from disclosing such information; or in relation to references given in confidence for the purposes of the employment or prospective employment of the data subject). Where we are not able to fulfil a request, we will inform you of the reasons why when responding.
  • You also have the right to lodge a complaint your relevant supervisory authority, if you believe that we have not complied with the requirements of data protection law with regards to your personal data. The supervisory authority in the United Kingdom is the Information Commissioner’s Office. You can find which one applies to you here.

Contact details

Veramed Limited is the data controller. Our EU Representative is Veramed GmbH who can be contacted at DPO@veramed.co.uk.

If you have any concerns as to how your data is processed or wish to exercise your rights, you can contact: