Candidate Privacy Policy

Welcome to iwoca's candidate privacy notice.

1. What is the purpose of this document?

At iwoca, we respect your privacy and are committed to protecting your personal data. This privacy notice will let you know how we will collect, process and protect your personal data.

2. Contact details

If you have any questions about this privacy notice, you can reach out in the following ways:

Email address: talent@iwoca.co.uk (or you can contact our Data Protection Officer by emailing dpo@iwoca.co.uk)

Postal address: iwoca Ltd, iwoca Ltd, 101 New Cavendish St, London, W1W 6XH

Telephone number: 020 3778 0274

3. How we use your personal data?

The below table shows ways in which we may use your personal data, and our lawful basis for doing so:

Processing activity	Lawful basis
Assessing the suitability of candidates for the open roles	As a prerequisite of entering into a contract with you
Arranging and conducting interviews and tests (including recording the outcome of these assessments and discussing it internally)	As a prerequisite of entering into a contract with you
Proactively researching potential candidates using their social media profiles	For our legitimate interests in sourcing suitable candidates
Liaising with recruitment agencies to discuss the suitability of candidates they have referred to us	For our legitimate interests in sourcing suitable candidates
Digital ID Checks - this is for UK and Irish passport holders. Digital right to work checks - this is for overseas passport holders. Digital criminal record checks - all new starters	Though this is a prerequisite of entering into a contract with you, we always gain your explicit consent due to the nature of the checks

4. The data we collect about you (from third parties)

We may receive personal data about you from third parties under the following circumstances:

Recruitment agencies, we receive certain information about you to process your application for employment. This information includes your name, address, DOB and contact details.
Professional and social media platforms, we may obtain information about you from publicly available sources to engage and make you aware of positions within iwoca that we feel may be suitable for you.
Previous employers, we request certain information to validate your credentials, positions held and dates of employment.
Background check providers, for us to assess your suitability as an employee, identity verification and a criminal record check.

5. Data transfers outside the European Union (EU)

Some of the data processors we use are outside the EU, or may host your personal data outside the EU.

Whenever we transfer your personal data out of the EU, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

Your personal data is transferred to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
Where we use certain service providers, we may use specific contracts approved by the European Commission which gives your personal data the same protection it has in the EU. For further details, see European Commission: Model contracts for the transfer of personal data to third countries;
We will be introducing International Data Transfer Agreements, and International Data Transfer Addendums in line with UK GDPR requirements. See International Data Transfer Agreement and guidance;and
Some of our providers will have binding corporate rules in place, see European Commission: Binding Corporate Rules.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EU.

6. Data retention

We will retain your personal information for a period of 6 months after we have communicated to you that you have been unsuccessful for the role you applied for. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy. If you are successful and appointed to a role we will keep your personal information for a period of 10 years after your employment has ended in accordance with our staff privacy notice.

7. Your right in connection with personal information

In certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:

For more information or to exercise your data protection rights, please use the contact details above. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns before you approach the ICO so please contact us in the first instance.

Last updated - April 2020