At the TUC we respect everyone’s right to privacy, and value the trust you place in us by sharing your data with us. We’re committed to:
This notice explains:
Please be aware that we don’t accept CV applications or speculative CVs. They will therefore be deleted from our systems upon receipt.
If you’re returning your completed application by email, please send it only to email@example.com. This is a secure email address that only authorised Personnel staff have access to. Do not send your application to any other TUC email address including those of TUC employees.
The Trades Union Congress (TUC) is the ‘controller’ of the data you submit in relation to your job application. If you have any queries about how we gather, and use your personal data then you can get in touch with our Data Protection Officer by post at:
Data Protection Officer
Trades Union Congress
Great Russell Street
Or via email: firstname.lastname@example.org please put ‘For the attention of the Data Protection Officer’ in the subject line of your email.
As a data subject, you’ve a number of rights (subject to a few legal exemptions). You’ve the right to:
To learn more about these rights please see the Information Commissioner’s Office website.
If you’d like to exercise any of these rights, please contact the Data Protection Officer by post or email. We’ll need to ask you to confirm your identity before we can deliver on a number of these rights.
The personal data that you supply with your application may be retained by us for the purposes of managing your application, and for statistical and audit purposes and will be stored in accordance with our standard procedures as set out above.
If you believe that we’ve not complied with your data protection rights, you can complain to the Information Commissioner’s Office (the regulator for privacy / data protection legislation). The Information Commissioner’s Office (ICO) can be contacted at:
Information Commissioner’s Office
Tel: 0303 123 111
We’ll use the information to assess your suitability for the position you’ve applied for and to fulfil regulatory or legal requirements.
For example, our Personnel team may use your contact details to get in touch with you to progress your application. This process may include references, medical screening and disclosure and barring service (DBS) check to assess your suitability for the role you’ve applied for.
We don’t share any of the data that you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide is held securely by us and/or our data processors and appropriate access restrictions are applied.
We only collect information we need to process and make a decision about your application.
At this stage we collect (via your application form):
We need to process the data you’ve given us in your application before we can enter into a contract of employment with you. We also process your data using the ‘contract’ lawful basis for processing in relation to your personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide who to offer the job to.
We may also need to process data from job applicants to respond to and defend against legal claims.
In some cases, we need to process data to ensure that we’re complying with our legal obligations. For example, we’re required to check a successful applicant's eligibility to work in the UK before employment starts.
Where we rely on our legitimate interests as a reason for processing data, we’ve considered whether or not those interests are overridden by the rights and freedoms of future employees. We’ve concluded that they’re not.
We process health information if we need to make reasonable adjustments to the recruitment process for those candidates that declare they’ve a disability. This may require us to make reasonable adjustments so for attendance at interview or when a new employee starts working for us. In doing this we’re carrying out our obligations and exercising specific rights in relation to employment.
Where we process other special categories of data, such as information about ethnic origin or gender, this is for diversity monitoring purposes.
For some roles, we’re obliged to seek information about criminal convictions and offences. We do so because it’s necessary to carry out obligations and exercise specific rights in relation to employment.
We won’t use your data for any purpose other than the recruitment exercise you’ve applied for.
Your information will only be available to the recruitment panel for the purpose of the recruitment exercise.
Unless your application for employment is successful and we make you an offer of employment, we won’t share your data with third parties. We then share your data (your name) with your former employers to obtain references for you, employment background check providers (name, address, phone numbers, date of birth, NI numbers) to obtain necessary background checks, pre-employment health screening (name, date of birth, contact details) and the Disclosure and Barring Service to obtain necessary criminal records checks.
We never transfer your data outside the European Economic Area.
We take the security of your data seriously. We’ve internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
Our Personnel database has applied security levels, personal data (with the exception of any trade union membership mentioned in the application form) is removed from the shortlisting process, personal data (with the exception of your name to panel members at the interview stage) is only available to members of the Personnel team, recruitment timetables are kept securely, hard copies of applications are kept under lock and key and emailed applications are only accessible to members of the Personnel team.
We’ve named the specific organisations involved in processing personal data in relation to our recruitment below. As we have contracts / agreements with them, it means that they can’t do anything with your personal information unless we’ve instructed them to do it. They won’t share your personal information with any organisation apart from us.
We need to carry out standard Disclosure and Barring Service (DBS) checks for some of our jobs such as those with responsibility for cash transactions and therefore we’ll share some personal information with Care Check, our DBS provider. Once we’ve had sight of the relevant information you provide us with, we’ll complete an online form which Care Check then processes.
Once the checks are complete, Care Check will send you a certificate and we’ll take a copy for own records. We’ll keep the copy in line with the data retention period below. Here’s a link to Care Check’s Privacy Notice.
Once our Personnel team receives your application by email or post and then input the relevant data into Cascade, our internal HR system. Your data will be in line with our recruitment and selection procedure. Here is a link to Cascade’s Privacy notice:
If we make you a conditional offer, we’ll provide our Occupational Health provider, Maitland Medical, with your personal data. Maitland Medical will contact you directly and ask you to complete an online questionnaire that will help them to determine if you’re fit to undertake the work that you have been offered, or to advise us of any reasonable adjustments needed to the work environment or systems so you may work effectively.
The information you provide will be held by Maitland Medical who will provide us with a fit to work certificate or a report with recommendations. You’re able to request to see the report before it’s sent to us. If you decline us access to the report, this this may affect your job offer. If an occupational health assessment is required, this is likely to be carried out by Maitland Medical. Maitland Medical make it clear about how your data is stored, how you can make a request to access any data it holds and what information will be shared with us. Here’s a link to Maitland Medical’s website:
We don’t keep your data for longer than is necessary.
If your application for employment is unsuccessful, we’ll hold your data on file for 6 months after the closing date for the job you’ve applied for.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. We’ll retain all the information for 6 years after you’ve left the company. This includes your criminal records declaration, fitness to work, records of any security checks and references.
None of our recruitment decisions involve automated decision-making.
We keep our privacy notice under regular review. Any changes we make to our privacy notice will be advertised via our website, and through our email communications to stakeholders.
This policy was last updated on 24th May 2018.
To access the admin area, you will need to setup two-factor authentication (TFA).