Tysers Insurance Brokers Limited (“we”, “us”) is committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which the personal data collected from you, or that you or others provide to us, will be processed by us in connection with our recruitment processes.
For the purpose of the General Data Protection Regulation (“GDPR”) in both the UK and EU and all other applicable privacy and data protection laws that Tysers complies with globally when recruiting for its international offices, the controller is Tysers Insurance Brokers Limited in the UK.
If you have any questions in relation to this Privacy Notice or how your personal data is processed, please get in touch with your Talent Acquisition contact via email@example.com who will refer to the Tysers’ Data Protection Officer.
We use Recruitee, an online software product, to assist with our recruitment process. We use Recruitee to process personal data as a processor on our behalf. Recruitee is only entitled to process your personal data in accordance with our instructions.
Where you apply for an opportunity posted by us, these Privacy Notice provisions will apply to our processing of your personal data, in addition to our full Privacy Notice which is available on our website here.
Your Personal Data
Personal data we collect from you
We collect and process some, or all, of the following types of personal data from you:
- Personal data that you provide when you apply for a role. This includes information provided through an online application, via email, in person at interviews and/or by any other method.
- In particular, we process personal details such as name, email address, address, date of birth, qualifications, experience and any information relating to your employment history, skills and experience that you provide to us.
- If you contact us, we may keep a record of that correspondence as part of the application process or on our database for future recruitment.
Personal data we collect from other sources
Tysers may collect personal data from other sources, for the purposes of proactively searching for candidates and/or obtaining additional background information about applicants. Sources may include, LinkedIn, job boards and other professional publicly available platforms.
In addition, Tysers may receive and collect data from third party sources, including recruitment agencies, referrals and current Tysers employees.
The categories of personal data obtained from the above sources may include but is not limited to those outlined in categories 1 and 2 below.
If you are an internal applicant, Tysers may collect data from your line manager. The categories of personal data obtained from this source may include but is not limited to those outlined in category 2 below.
Uses made of your personal data
Categories of personal data
Category 1 – Contact information, including, but not limited to name, title, address, telephone number and email address.
Category 2 – Personal information, including, but not limited to date of birth, qualifications, experience and any information relating to your employment history, skills and experience, including performance information (for internal candidates only) that you or other sources (as above) provide to us.
Category 3 – Any equal opportunities information you provide to us, including, but not limited to gender, religion, age, disability, race and ethnicity.
Category 4 – General information, including, but not limited to source (where / how you applied) and details obtained throughout the recruitment process.
Purposes of processing
We use personal data held about you for the following purposes:
- Categories 1 and 2 – To consider your application in respect of a role for which you have applied.
- Categories 1 and 2 – To consider your application in respect of other/future roles.
- Categories 1 and 2 – Where collected through other sources such as LinkedIn, to consider your experience in respect of any live or future roles.
- Category 1 – To communicate with you in respect of the recruitment process.
- Category 1 – To communicate with you regarding new opportunities and to provide you with information such as newsletters/updates on Tysers.
- Categories 1 and 2 – To enhance any information that we receive from you with information obtained from additional sources as outlined above.
- Category 2 – To proactively source appropriate candidates to fill our job openings.
- Category 3 – To monitor equal opportunities and diversity and inclusion.
- Categories 2 and 4 – To undertake analysis. For example, to understand hiring trends and timescales, to improve processes and target specific sources when searching for applicants.
- All categories – some of the personal data obtained during the recruitment process may be used during the on-boarding process and will also form part of your HR record if you are successful.
Lawful basis for processing
Tysers primarily relies on legitimate interests as the lawful basis to process your personal data throughout the recruitment process. Our legitimate interests are:
- Assessing your experience, qualifications and suitability for a role.
- Making decisions about your recruitment or appointment.
- Communicating with you about new opportunities and updating you about Tysers.
- Ensuring information security.
- Conducting data analysis to better understand and develop candidate attraction strategies.
In certain circumstances we may also rely on other lawful bases, such as complying with our legal obligations or to take steps (at your request) prior to entering into a contract with you.
The lawful bases Tysers relies on when processing your special category data (as defined under the GDPR in the UK and EU) are for the purposes of carrying out Tysers’ obligations under employment law or for reasons of substantial public interest.
Automated decision making / profiling
Tysers will not be using any automated decision-making processes. However, we may undertake profiling as part of the analysis activities outlined for the purposes highlighted above.
How we store your personal data
We take appropriate technical and organisational measures to keep personal data secure, including security measures to help prevent personal data from being accidentally lost, or used or accessed without appropriate authorisation. We will only provide authorisation for access to your personal data to those who have a genuine business need to view it. Authorised individuals processing your personal data will do so only in an authorised and appropriate manner and are subject to a duty of confidentiality, this includes any third party service providers used by Tysers such as Recruitee.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
The transmission of information via the internet is not completely secure. However, we will employ suitable and adequate security measures to help ensure that your personal data is kept secure.
Where we process your personal data
All personal data obtained as part of the recruitment process will be processed in the UK and EU in compliance with all applicable privacy and data protection laws that Tysers is subject to, including the GDPR in the UK and EU.
Where your personal data is transferred outside of the UK/EU or the country where the role you are applying for is based, Tysers complies with all obligations imposed on it regarding international transfers, whether the transfer is to another part of the Tysers Group or to a third party service provider such as Recruitee and its sub processors. For the avoidance of doubt, if you are applying for a role in one of our international offices, your personal data will be processed by Tysers’ employees based in that location.
How long we keep your personal data
We retain all candidate personal data for a period of 12 months after the last point of contact. Your personal data will be deleted automatically after 12 months and also on receipt of a written request from you, subject to any legal or regulatory requirements for us to retain your personal data.
Under the UK General Data Protection Regulation you have a number of important rights. In summary, those include rights to:
- access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes pertaining to your personal data in your information that we process
- request the erasure of personal data concerning you in certain situations
- request access to the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit that personal data to a third party in certain situations
- object at any time to the processing of personal data concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal data
- otherwise restrict our processing of your personal data in certain circumstances
- withdraw consent for any processing undertaken on the basis of consent
- lodge a complaint with the appropriate Supervisory Authority (see below)
- claim compensation for damages caused by our breach of any data protection laws
Depending on where the role is based that you are applying for, you may be entitled to exercise similar or different rights in compliance with local privacy and data protection laws. If you would like to exercise any of your rights, please contact your Talent Acquisition contact (at firstname.lastname@example.org) who will refer to Tysers’ Data Protection Officer. Please ensure we have enough information to identify you, including proof of your identity and address, and provide details of what personal data your request relates to.
How to complain
We hope that we can resolve any query or concern you raise about our use of your personal data. All questions, comments and requests regarding this notice should be addressed to your Talent Acquisition contact who will refer to Tysers’ Data Protection Officer. Please contact them at email@example.com
In addition, the General Data Protection Regulation (in the UK and EU) gives, and other privacy and data protection laws to which Tysers is subject may also give you the right to lodge a complaint with a supervisory authority, in particular in the UK or European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. In the UK, which is where the controller for the personal data that is processed as part of the recruitment process is based, the supervisory authority is the Information Commissioner’s Office.
Tysers has appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice and more generally with all applicable privacy and data protection laws Tysers is subject to, including the GDPR in the UK and EU.
If you wish to contact us in relation to this notice or in relation to any of your data subject rights, you can do so as follows:
Talent Acquisition Team
Tysers Insurance Brokers Limited
71 Fenchurch Street