Privacy Notice in Relation to Public Appointments

Download this Privacy Notice as a PDF

Introduction

The Assembly Commission takes your privacy seriously.  This Privacy notice explains our data protection policy and describes how we will use any personal data you provide to us, or that we collect from you.

For the purposes of the Data Protection Act and the General Data Protection Regulation (GDPR) the data controller is:

NI Assembly Commission
Parliament Buildings
Belfast
BT4 3XX

If you have any queries about the process or how we handle your information, please contact us at mailto:HRCore@niassembly.gov.uk

Section One - Job applicants

Why are you processing my personal information?

We process your personal information to decide whether you are suitable for appointment to a role which you have applied for.

What is the lawful basis for processing my personal information?

Your information is processed under Article 6 (2) (b) because by applying for a role, you have asked for something to be done so you can enter into a contract.

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, and to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the appointment you have applied for. 

At the end of the process, we may use your details to ask for feedback on your experience of the recruitment process.

What categories of personal data are you processing?

We process personal data and special category personal data.

Personal data means any information relating to an identifiable person who can be directly or indirectly identified.

Special category personal data is personal data which the GDPR says is more sensitive, and so needs more protection. This includes (among others) information about your health, religion, race or ethnic origin.

What information do you ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to assess your suitability for appointment. You don’t have to provide what we ask for but it might affect your application if you don’t. 

Application stage

If you use our online application system, this will be collected by a data processor on our behalf (please see below).

We ask you for your personal details including name, contact details and National Insurance number. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.

You will also be asked to provide equal opportunities information. This information will not be made available to any staff outside of our recruitment team, including recruitment panel, in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.

Shortlisting

Our recruitment panel shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information.

Assessments

We might ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes.

Conditional offer

If we make a conditional offer of appointment, we will ask you for information so that we can carry out pre-appointment checks. You must successfully complete pre-appointment checks to progress to a final offer. We are required to confirm the identity of appointees, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. 

You will therefore be required to provide: 

• Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
• Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
• You will be asked to complete a criminal records declaration to declare any unspent convictions.
• You will be asked to complete Basic Access NI or Enhanced Access NI depending on the appointment applied for, which will verify your declaration of unspent convictions.
• You will be asked to provide information to enable the completion of a financial check.
• We will contact your referees, using the details you provide in your application, directly to obtain references.

If we make a final offer of appointment, we will also ask you for the following:

• Bank details – to process payments

Use of data processors 

Data processors are third parties who provide elements of our recruitment service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. 

Midland HR

If you accept a final offer from us, some of your personnel records will be held on i-Trent which is an internally used HR records system, provided by Midland HR.

Here is a link to their Privacy Notice.

How long do you keep my personal data?

If you are not appointed following the recruitment competition, the information you have provided until that point will be retained for 1 year from the closure of the merit list.

Information generated throughout the assessment process, for example interview notes, is retained by us for 1 year following the closure of the merit list.

How do you make decisions about recruitment?

Final recruitment decisions are made by the recruitment panel. All of the information gathered during the application process is taken into account.

You are able to ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing recruitment@niassembly.org.uk.

Section Two – Appointees

Why are you processing my personal information?

We need to process personal data to enter into a contract with you and to meet our obligations under that contract. For example, we need to process your data to provide you with a contract and to administer your remuneration entitlements.

What is the lawful basis for processing my personal information?

Your information is processed under Article 6 (1) (b) of the General Data Protection Regulation (GDPR) because the processing is necessary in relation to the contract you have entered into when accepting appointment with the Assembly Commission. In very limited circumstances, we may seek explicit consent to use special categories of personal data.

We will also process your personal information to fulfil our legal obligations under any present or future legislation or regulation, such as, in relation to Her Majesty’s Revenue and Customs (HMRC) and National Fraud Initiative (NFI).

What will we do with the information you provide to us?

All of the information you provide during the process will only be used to fulfil legal or regulatory requirements if necessary.

We may use your personal information to establish and defend our legal rights, and to prevent and detect crimes such as fraud. We may need to share your personal information with other people for this reason, such as courts and law enforcement agencies (for further information, please see paragraph ‘Who has access to your data?’ below).

We will not share any of the information you provide with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

Who has access to your data?

Your information may be shared internally with staff involved in managing your appointment with the Assembly Commission, including with members of the HR Office and the Finance Office.

We may share or disclose your personal information to any of the following trusted recipients (but not limited to) in order to fulfil our contractual and legal obligations and to deliver our services:

Midland HR

Some of your personnel records will be held on i-Trent which is an internally used HR records and payment system, provided by Midland HR.

Here is a link to their Privacy Notice.

Her Majesty’s Revenue and Customs (HMRC)

Your details will be provided to HMRC in order for us to comply with statutory obligations. The personal information disclosed will be limited to only that necessary for compliance.

Here is a link to HMRC website for further information

National Fraud Initiative

We have a duty to protect public money so we may use the information we hold to prevent and detect fraud.

The National Fraud Initiative (NFI) is an exercise that takes place every two years by the Cabinet Office and matches electronic data within and between public sector bodies to prevent and detect fraud. It does not require the consent of the individuals concerned under the Data Protection legislation and we have a legal obligation under Audit and Accountability (NI) Order 2003, articles 4A to 4H, to take part in the exercise.

Further information about the National Fraud Initiative can be found on GOV.UK.

We will disclose your personal information to the police and other law enforcement agencies when they ask for it during the investigation of a crime, as permitted by the Data Protection legislation.

Other Organisations

Accounting System Maintenance and Support, currently provided by Sysco Software Solutions Limited.

Financial Institutions, to process payments on your behalf in the course of business.

Suppliers, for the provision of relevant services, for example business travel.

Our auditors, internally – Internal Audit Unit, and externally – the Northern Ireland Audit Office.

Police and other law enforcement agencies when they ask for it during the investigation of a crime, and emergency responders

Courts, tribunals and parties to litigation

What categories of personal data are you processing?

We process personal data and special category personal data.

Personal data means any information relating to an identifiable person who can be directly or indirectly identified.

Special category personal data is personal data which the GDPR says is more sensitive, and so needs more protection. This includes (among others) information about your health, religion, race or ethnic origin.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. Please refer to Section One – Job Applicants for details of information gathered during recruitment.

The information we ask for is used to manage the contract. Sometimes we may obtain information from other sources: for example, parties who provide information in fulfillment of a legal obligation, such as government department like HMRC or National Fraud Initiative, or representatives you have authorised to act on your behalf.

How long do you keep my personal data?

We will only retain your data for as long as necessary to process and in line with our Retention and Disposal Schedule. 

How do we protect your data?

We take the security of your data seriously. We have in place internal policies and controls to ensure that your data is not lost, accidently destroyed, misused or disclosed and is not accessed except by our employees in the performance of their duties.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written agreement, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data and to comply with general principles in relation to data protection.

How do I complain if I am not happy?

If you are unhappy with how any aspect of this privacy notice, or how your personal information is being processed, please contact the NI Assembly Information Standards Officer at:

Email: dpo@niassembly.gov.uk
Tel: (028) 90521147

If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Email: casework@ico.org.uk
https://ico.org.uk/global/contact-us/

What rights do I have?

Under the Data Protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you.

You can read more about these rights on the Information Commissioner's Office's website. here – 

• You have the right to obtain confirmation that your data is being processed and access to your personal data
• You are entitled to have personal data rectified if it is inaccurate or incomplete
• You have a right to have personal data erased and to prevent processing, in specific circumstances
• You have the right to ‘block’ or suppress processing of personal data, in specific circumstances
• You have the right to data portability, in specific circumstances
• You have the right to object to the processing, in specific circumstances
• You have rights in relation to automated decision making and profiling
• When we have asked for your consent to use information, you can withdraw your consent at any time by contacting us. If you do so, it may restrict what we can do for you, unless we have another lawful reason for using your information.

Disclosure of personal information

In many circumstances we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies. You can also get further information on:

• agreements we have with other organisations for sharing information;
• circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
• our instructions to staff on how to collect, use and delete personal data; and
• how we check that the information we hold is accurate and up to date.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 22 April 2020.

How to contact us

If you want to request information about our privacy notice you can email us or write to: HR Office, Parliament Buildings, Stormont Estate, Belfast, BT4 3XX.

Version control – for HR Office use