This privacy notice describes how the Behavioural Insights Group (“BIT”) collects and uses personal data about you in the context of an application to work for BIT in any capacity, including as an employee, worker, consultant, contractor, intern or for any form of placement or work experience. We encourage you to read this notice carefully, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information. If you provide us with personal data of a family member or other third party in connection with your recruitment application then this notice also covers the use of their information, and you should make this notice available to them.
This notice does not constitute an offer of employment, does not form part of any contract (including any contract of employment) and does not confer any contractual right on you, or place any contractual obligation on us. We may update this notice from time to time, and will let you know when we do so.
For the majority of its recruitment BIT uses the recruitment platform, Be Applied Ltd (“Applied”). Applied is therefore a data processor for BIT. See here for Applied’s privacy notice.
What information do we hold about you?
The sort of information we hold on you will vary depending on the role applied for, your location and the conditions attached to the role (if any). However, typically it will include the following:
- Your personal details – for example your name, date of birth, gender, nationality, second nationality, personal contact details (e.g. home address, telephone number, e-mail), current role and salary, other data included on a CV/résumé;
- Qualifications – qualifications, professional memberships or charterships, languages spoken, competencies and skills (ability to drive, first aid etc.);
- Immigration and right to work data – including national ID number, social security or national insurance number, visa or work permit;
- Equality and diversity data – where permitted under local law, data regarding race, ethnic origin and sexuality (stored anonymously for equal opportunities monitoring and reporting purposes except where required to establish, exercise or defend legal rights). This data will not used by BIT to assess applicants or determine hiring decisions;
- Data created during the assessment process – for example interview notes, assessment results and Be Applied Ltd responses; and
- Vetting and verification information – including references, birth certificate, drivers licence, background checks (including of publicly available information and public social media profiles) and criminal record disclosure (see below).
Criminal Record Declarations and DBS checks
As part of your recruitment application, depending on your role and location, you may be asked to complete a Criminal Record Declaration as part of the Government Baseline Personnel Security Standard (“BPSS”) which is required for many of our business contracts with the UK Public Sector. In addition, we may also need to check your criminal record through the Disclosure and Barring Service (a “DBS check”) where this is permitted by law (see section 3). If you are based outside of the UK, we may carry out other criminal record checks, consistent with local law.
Someone else’s personal details
Sometimes, you might provide us with another person’s personal data – e.g. details of a referee or of a family member or friend to contact in the event of an emergency situation.
In such cases, we require you to inform the individual what personal data you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data.
How is your information collected?
Some of the information we hold will have been provided directly by you, but some may come from other sources, such as referees, recruitment agencies or Be Applied Ltd.
Why do we hold your personal data and on what legal grounds?
We hold and use your personal data for a number of purposes connected with the recruitment process, as detailed in the table below.
In certain countries, including the UK, data protection law specifies a number of legal grounds on which we can hold and use personal data. In addition, processing of “special categories of personal data” (including data relating to health, sexual life, racial or ethnic origin or religious beliefs) must always be justified on the basis of a specific further ground. For each use of personal data, we have set out the corresponding legal ground(s). Grounds which are specific to special category data or criminal record data are marked with an (*).
| Purpose | Relevant legal ground(s) on which we process the information |
| To review eligibility to work (including conducting right to work checks) | 1. It is necessary for us to comply with a legal obligation
2. It is necessary for us to comply with an obligation in the field of employment law (*)
|
| To assess your application (including by carrying out interviews and assessments) | It is in our legitimate interest as a business in order to gauge your competence for the role and your compatibility with the culture and values of BIT |
| To carry out background and educational checks (including by communicating with referees) | It is in our legitimate interest as a business in order to verify the information provided as part of your application and to protect BIT and its staff from deception and fraud |
| To seek criminal record disclosure (via BPSS or DBS checks) where required for your role or client contract and authorised by law | It is necessary for our obligations as an employer, and or to prevent unlawful acts, including fraud (*) |
| To conduct an equal opportunities monitoring programme | It is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between employees |
| To maintain emergency contact details | It is in our legitimate interest as a business and as an employer, and our interests are not overridden by your interests, fundamental rights or freedoms |
| To exercise our rights to defend, respond to or conduct prospective or actual legal claims or proceedings | 1. It is necessary for the establishment, exercise or defence of legal claims (*)
2. It is in our legitimate interests as a business and as an employer, and our interests are not overridden by your interests, fundamental rights or freedoms |
If you do not provide personal data then, depending on the purpose for which the data is required, we may be unable to comply with our legal obligations, as indicated in the above table. This may mean we are unable to process your application any further. If you are uncertain, we can tell you more about the specific implications a decision to withhold personal data.
If in the future we intend to process your personal data for a purpose other than that which it was originally collected we will provide you with information on that purpose and any other relevant information.
Who do we disclose personal data to?
We may transfer information about you to other group companies for purposes connected with your recruitment. For example, if you apply for a job with a particular BIT company, but one of the hiring managers responsible for assessing your application works for another BIT company. Information will only be shared within the group on a need-to-know basis. As of the date of last review of this notice, the group of companies comprise:
- Nesta
- Behavioural Insights Ltd
- Behavioural Insights Ventures Ltd
- Behavioural Insights (US) (Inc)
- Behavioural Insights (Australia) Ltd
- Behavioural Insights (Singapore) Pte Ltd
- Behavioural Insights (Canada) Ltd
- Behavioural Insights Trustee Company Ltd
We will disclose information about you to third party service providers who assist us with the purposes described in section 3.
Where BIT engages third parties to process personal data on its behalf, those third parties do so on the basis of BIT’s written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. These third parties may have routine access to your personal data to perform certain functions, or may merely host your personal data as part of a “cloud based” solution (such as G-Suite by Google).
We may also need to share your information with government bodies such as the Home Office or HMRC to comply with legal obligations, for example in relation to matters such as immigration, or in response to court orders or requests from law enforcement.
Your personal data may also be disclosed to advisors, potential transaction partners or interested third parties in connection with the consideration, negotiation or completion of a corporate transaction or restructuring of the business or assets of any part of BIT.
We may transfer information about you with our parent company Nesta as part of our regular reporting activities on company performance and for purposes connected with your potential employment or the management of the company’s business.
If your application is successful, personal data collected during the recruitment process will be shared with certain interconnecting systems (such as HR information, payroll and benefits systems) in order to onboard you and create personnel records.
International transfers
The global presence of BIT means that your personal data may be transferred outside of the UK and the European Economic Area (“EEA”) – where data protection laws may not be equivalent – for any of the purposes described in this notice. Whenever we make restricted international transfers of personal data, we take steps to ensure that your personal data receives an adequate level of protection (by putting in place appropriate safeguards, such as contractual clauses), or to ensure that we are able to rely on an appropriate derogation under data protection laws. You have a right to request access to any safeguard which we use to transfer your personal information outside of the UK and the EEA (although we may need to redact data transfer agreements for reasons of commercial confidentiality).
Some of our data processors may transfer personal data outside of the UK or EEA and, as stated above, we will always ensure there are appropriate safeguards in place so that such transfers are lawful.
How long do we store personal data for?
Our general principle is that we will only store personal data for as long as it is necessary to satisfy the purpose for which it was collected by us or provided by you.
If your recruitment application is successful, we will retain a copy of your application (including your CV/résumé) for the duration of your employment. If your application is unsuccessful, we will retain your application for no more than one year in order to keep you in mind for similar vacancies which may arise in that time. Please let us know if you do not want us to do this and we will delete your application and any associated documentation about you as soon as possible.
Please note that, in certain cases, legal or regulatory obligations may require us to retain specific records from your application for longer periods of time (for example, right to work checks for successful applicants). For more details, please contact the Data Protection Officer by writing to dpo@bi.team.
In other cases, we may deliberately retain records in order to resolve queries or disputes which we think may arise from time to time.
Security of your personal data
We implement reasonable physical, technical and administrative security measures designed to protect your personal data from loss, misuse, alteration, destruction or damage. We take steps to limit access to your personal data to BIT personnel who need to have access to it for one of the purposes listed in section 3. You also have an important role to play in protecting the security of your personal data, and you should take care about whom you share personal data connected with your recruitment application with.
Your rights
Depending on data protection laws which are applicable to the BIT entity processing your personal data, you are legally entitled to know what personal information we hold about you and how that information is processed, which includes the right to:
- ask us to correct any mistakes in your information which we hold, ask us to delete your personal information;
- ask us to stop using your personal information or restrict how we can use it, for example if you feel it is inaccurate or no longer needs to be used by Nesta;
- to object to us using your personal information; and
- to object to any automated decision making that we may do using your personal information.
If you wish to know what information we hold about you, or wish to exercise any of your other rights as detailed above, or have any complaint about how we are using your personal information, then please email us using DPO@bi.team or write to us at 58 Victoria Embankment London EC4Y 0DS UK and provide enough information to identify yourself (e.g. name and address or any registration details).
If our information is incorrect or out of date, please provide us with enough information to allow us to update it. If you want us to delete, restrict or stop using any information we hold about you, please specifically confirm the reasons why you are asking this. If you are unhappy with how we are using your information, again please explain to us the reasons and we will investigate the matter. You can also write to the same address if you have a complaint about this policy.
If you are unhappy with how any data rights request or complaint has been dealt with you have the right to complain to the Information Commissioner:
- on the ICO website;
- by mail at Wycliff House, Water Lane, Wilmslow, Cheshire SK9 5AF; or
- by calling the helpline on 0303 123 1113.
This contact information for the Information Commissioner’s Office is correct as at the time this privacy policy is published.
Identity and contact details of controller and DPO
The Behavioural Insights entity with primary responsibility for your personal data (and the responsible “data controller” under applicable data protection laws) will be the entity which has advertised the vacancy you have applied for. However, from time to time other Behavioural Insights entities may also need to process your personal data, consistent with the purposes stated in this notice.
In the UK the “data controller” is Behavioural Insights Ltd, and in other countries it is as follows:
- US: Behavioural Insights (US) (Inc)
- Australia: Behavioural Insights (Australia) Ltd
- Singapore: Behavioural Insights (Singapore) Pte Ltd
- Canada: Behavioural Insights (Canada) Ltd
We use the term data controller to designate the entity which is responsible for deciding how we hold and use personal data about you. Not all entities listed above are subject to data protection laws which have the concept of a “data controller”.
Changes to the privacy policy
We may change this privacy policy from time to time. We will notify you of any changes that relate to information we already hold about you, where practicable. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you participate in a recruitment process at BIT.