Privacy Notice - Job Applicants

  1. As part of any recruitment process, Neath Port Talbot Council collects and processes personal data relating to job applicants. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
  2. In providing us with your personal information on the application form and during the recruitment process you hereby acknowledge that Neath Port Talbot County Borough Council is the Data Controller for all the personal information you provide (for the purpose of the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018 (DPA)).
  3. The personal data which we collect from you on the application form and during the recruitment process will be used by the Council (pursuant to it carrying out its various statutory and business functions) for the following purposes:-
    1. To manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We do this by checking any gaps in employment, qualifications attained, pre-placement medical information via a questionnaire and criminal records check via the Disclosure and Barring Service (DBS). We may also need to process data from job applicants to respond to and defend against legal claims.
    2. To ensure that we are complying with our legal obligations. For example, it is mandatory to check a successful applicant's eligibility to live and work in the UK before employment starts. For registered posts, eg Social Care Wales and the Education Workforce Council, we check to ensure you are a registered worker.
    3. To take steps at your request prior to entering into a contract with you. We may also need to process your data to enter into a contract with you.
    4. To monitor recruitment statistics in relation to gender, nationality, ethnic origin, welsh language ability, gender identity, sexual orientation, religion or belief, to monitor recruitment statistics. We also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability.
  4. As a Data Controller the Council is required under GDPR to inform you which of the Article 6 GDPR “Data Processing Conditions” it is relying upon to lawfully process your personal data. In this respect please be advised that in regards to the data provided by you on the application form and during the recruitment process we are relying on the following two Article 6 conditions;
    1. "The data processing is necessary for compliance with a legal obligation to which the controller is subject". (Article 6(c) GDPR).
    2. "The data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller." (Article 6(e) GDPR).
  5. If your application is successful and you are made a conditional offer of employment, we may share your personal data securely with the following third parties (i.e. persons/bodies/entities outside the Council) in accordance with data sharing arrangements which we have in place with this third party:-
    • the Disclosure and Barring Service (DBS) to obtain a Standard or Enhanced Check (where required). Please note we use an online system to process our DBS checks and all information contained within the online system will be provided to Powys County Council and stored and processed by Kent County Council
  6. The personal information collected from you during the recruitment process will be held by the Council for a period of:-
    • 6 months (for unsuccessful candidates)
    • 6 years after your employment ceases (for successful candidates)
  7. Please note that we are required to collect certain personal data under statutory requirements and in such cases a failure by you to provide that information to us may result in you not being shortlisted or interviewed for the post or not being offered a post within the Council.
  8. We would inform you that under Article 21 GDPR you have the right at any time to object to the Authority about the fact that we are processing your personal data for the purposes of carrying out a public task or exercising our official authority.
  9. The Council will not transfer any of your personal data outside of the European Union. All processing of your personal data by us will be carried out in the United Kingdom or other European Union countries.
  10. The Council will not use your personal data for the purposes of automated decision making.
  11. Please be advised that under GDPR individuals are given the following rights in regards to their personal data
    1. The right of access to their personal data held by a data controller.
    2. The right to have inaccurate data corrected by a data controller.
    3. The right to have their data erased (in certain limited circumstances).
    4. The right to restrict the processing of their data by a data controller (in certain limited circumstances).
    5. The right to object to their data being used for direct marketing.
    6. The right to data portability (i.e. electronic transfer of data to another data controller).

    Further information on all the above rights may be obtained from the Information Commissioner's website.

  12. In the event that you have any queries regarding our use of your personal data, you wish to have access to the same or you wish to make any complaint regarding the processing of your personal data please contact the Council’s Data Protection Officer at the Directorate of Finance & Corporate Services, Civic Centre, Port Talbot, SA13 1PJ.
  13. Please be advised that in the event that you make a request or a complaint to the Council’s Data Protection Officer (see 9 above) and you are dissatisfied with the Council’s response you are entitled to complain directly to the Information Commissioner’s Office. Details of the Commissioner’s Office contact details and further information on your rights may be obtained from the Information Commissioner's website.