This Privacy Notice sets out details about the personal data that we, Delaware North Companies (UK) Services Ltd (“Delaware North”), may collect and process about you. Delaware North is a “controller” in relation to personal data. This means that we are responsible for deciding how we hold and use personal information about you. You are being sent a copy of this Privacy Notice because you are applying for work with us (whether as an employee, worker or contractor). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the UK General Data Protection Regulation (UK GDPR).
This Privacy Notice is non-contractual, regularly reviewed and may be amended by us from time to time.
Data Protection Principles
Delaware North will comply with data protection principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
Types of data we may process
We may process and collect the following information at the recruitment stage:
Personal contact details including name, address and email.
- Information collected during the recruitment process such as your CV/application (including name, title, address, telephone number, personal email address, date of birth, gender, details of previous work experience, education/qualifications, and references) and answers to any interview/recruitment questions relevant to the role you applied for, which may take the form of online video recordings depending on the recruitment process utilised.
- Psychometric testing results, where such tests are used as part of any application process (see “Automated Decision Making” below).
Equal opportunities information. This is not mandatory and is not made available to anyone outside of the Talent Acquisition team (including hiring managers and HR) save in an anonymised format so as not to identify you.
- Recruitment Agencies – we may collect your personal details, details of your application and details of your experience and qualifications from the recruitment agency you applied via.
- Basic Disclosure checks. This will reveal details of any unspent criminal convictions and is processed by the Disclosure and Barring Service. These checks are required to safeguard staff and members of the public at our protected venues and for some venues is a security requirement to work on site. Further details can be found in our Safeguarding Policy.
- For some roles, where required by law, an Enhanced Disclosure may be required. Further details can be found in our Safeguarding Policy.
- Global Watch List checks. These are recommended by the National Counter Terrorism Security Office (NaCTSO) and is a collection of caution lists from all major sanctioning bodies, law enforcement agencies and financial regulators worldwide. It is used to reveal whether individuals are on a sanctions list or are a politically exposed person. It is a crucial tool in ensuring all staff on site are not affiliated with any terrorist organisation and/or pose a risk to the public and other members of staff. Further details can be found in our Safeguarding Policy.
- At the onboarding stage, we will take and retain a photograph of yourself during your employment for identification verification purposes.
With the exception of the equal opportunities information and Basic Disclosure and Global Watch List checks, you are obliged to provide this personal data to us as it is necessary for us to explore potentially entering into a contract with you. The equal opportunities form is not mandatory and there are no consequences if you fail to provide it. However, if you do not submit your Basic Disclosure information or information for the Global Watch List checks, you may be unable to work at some of our venues, in line with the security protocols at the venues.
If you fail to provide any of the data you are obliged to provide, we may be unable to process your application and, if appropriate, offer you employment or variable work.
We may process the following information after you have been shortlisted and/or as part of a conditional job offer:
- Proof of your identity (such as passport) and any relevant right to work checks;
- Proof of your qualifications – unless you are specifically notified that we will accept a copy of your qualifications which we can verify, you will be asked to attend our office with original documents and we will take copies;
- We will contact your referees (with express consent), using the details you provide in your application, directly to obtain references.
It is in Delaware North’s legitimate interests to decide whether to appoint you to the role/work since it would be beneficial to our business to appoint someone to that role/work. The above is also usually part of a conditional offer of employment or variable work and therefore you are obliged to provide this as it is necessary to enable us to enter into a contract with you. Right to work checks are a statutory requirement which you are obliged to provide. A failure to provide this may result in us being unable to offer you employment or variable work.
The purposes of processing
- For recruitment purposes i.e., to assess your skills, qualifications, and suitability for the role being advertised and so we can contact you about this role;
- To comply with legal or regulatory obligations including right to work checks and reference checks;
- To communicate with you about the recruitment process;
- To seek professional advice advice/defend claims arising from the recruitment process;
- In line with the security requirements at some of our venues, to safeguard our staff and members of the public.
In relation to the equal opportunities form, to monitor equality in recruitment practices. Please note that if we intend to further process your personal data for a purpose other than that for which it was collected, we shall provide you with information on this other purpose and all other information as set out in this notice.
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully.
How we use particularly sensitive personal information
We will use your particularly sensitive personal information in the following ways:
- We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
- We will use information about your race or national or ethnic origin, to ensure meaningful equal opportunity monitoring and reporting. However, this data will be anonymised so as to not identify you.
Information about criminal convictions
We envisage that we will process information about criminal convictions.
We will collect information about your criminal convictions history if we would like to offer you the role (conditional on checks and other conditions, such as references, being satisfactory). We are entitled to carry out criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. In particular:
- To ensure the safety of our staff and customers, all applicants will be required to submit a Basic Disclosure from the Disclosure and Barring Service (DBS).
- For certain limited roles where required by law, applicants will be required to submit an Enhanced Disclosure.
- All staff will be subjected to Global Watch List checks. These are recommended by the National Counter Terrorism Security Office (NaCTSO) and is a collection of caution lists from all major sanctioning bodies, law enforcement agencies and financial regulators worldwide. It is used to reveal whether individuals are on a sanctions list or are a politically exposed person. It is a crucial tool in ensuring all staff on site are not affiliated with any terrorist organisation and/or pose a risk to the public and other members of staff. Further details can be found in our Safeguarding Policy.
We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
Sharing your data
Your data will be shared internally with the recruitment team which consists of the Talent Acquisition team, HR, the hiring manager and any other relevant individual connected to the hiring of the position.
If your role falls into a Joint Venture between Delaware North and a third party, the information may be shared between us and the HR team and managers of the Joint Venture to enable the Joint Venture to make a decision about the role you have applied for.
Transferring information outside the UK
We may utilise the assistance of specialist technology platforms for the purpose of conducting our recruitment process. This may necessitate the transfer of personal information to locations outside of the UK, in particular to be processed on servers located within the European Economic Area (EEA), as well as occasional transfers to other locations outside the EEA.
Additionally, we may transfer the personal information we collect about you to other Delaware North Companies, including Delaware North for America, which is based in New York State and in other locations outside the EEA, in order to perform our contract with you and for the purposes of Delaware North for America’s regular and periodic audits on its subsidiary companies (including Delaware North Companies (UK) Services Limited and any of its subsidiaries). These audits are necessary for the business and for the Delaware North for America to analyse our financial and business performance, as well as the adequacy of the systems and controls of Delaware North Companies (UK) Services UK Limited and the Delaware North group of companies as a whole. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
In compliance with UK GDPR, we will take steps to ensure your personal data continues to receive an essentially equivalent standard of protection if transferred to other jurisdictions.
This may take the form of reliance on:
- Any UK GDPR adequacy regulation in force in relation to the jurisdiction, which means that the laws and procedures of the country in question are deemed to provide an appropriate standard of data protection.
- Any other safeguards or derogations permissible under UK GDPR.
- We will also assess data protection risk and adhere to the principles and procedures required by UK GDPR, for example by ensuring:
- Only personal data that is necessary for the stated purposes will be transferred.
- Such data will be limited to those individuals for whom the purpose is carried out and will be on a need-to-know basis.
- Such information will be kept confidential by the individuals in receipt of the personal data.
- Any personal data to be disclosed shall (if appropriate) be redacted, and in any event retained for no longer than is necessary for our (and our Group and Parent companies’) compliance and due diligence obligations or for the processing required in relation to the recruitment process.
- Appropriate security measures will be taken when transferring the data to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- Appropriate contractual agreements will be entered into with all data importers where applicable.
How long we keep your data
In terms of retention periods, we will not keep your data for longer than is necessary. When deciding how long to hold your data we have regard to legal requirements (including any contractually agreed periods) and statutory limitation periods (under which it is prudent for us to retain records for longer periods). Retention periods are documented in the HR Records Management and Retention Schedule.
Legal basis for processing
We process your personal data on the basis of consent (for example where we contact your referees, for equal opportunities and security check purposes) and/or because it is necessary for our legitimate interests, namely, to ensure that you are qualified and suitable for the role you are applying for, to ensure we have a record of the recruitment process for the defence of legal claims and to comply with our security obligations.
We process details of your right to work checks in line with our legal requirement to do so.
Where we rely on consent to process your personal data, you have a right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
You can withdraw your consent to our processing at any time by contacting the HR department on firstname.lastname@example.org. Please specify the type of processing that you are withdrawing your consent to in your email.
You have a number of rights in relation to the personal information that we process about you. You:
- Have the right to be informed about your data (as set out in this Privacy Notice);
- Can request access to your personal data;
- Can request that your personal data be rectified if it is inaccurate or incomplete;
- Can request that the processing of your personal data be restricted or erased in certain circumstances, for example, where the data is no longer necessary to meet its purpose;
- Can object to processing in certain circumstances, for example where this is based on legitimate interests or involves direct marketing;
- Can request the restriction of processing your personal data, for example if you want us to establish its accuracy or the reason for processing it;
- Can request the transfer of your personal information to another party;
- Can request to receive personal data that you have provided in a structured, commonly used, and machine-readable format and to have this transmitted without hindrance where the data is processed on the basis of consent or performance of a contract.
- Can lodge a complaint with the Information Commissioner’s Officer.
Automated Decision Making (“ADM”)
ADM occurs when decisions are made about you by a computer or some other information analysing machine. Examples of this include the machine scanning of CVs, computer processed aptitude or personality tests and website profiling. There are circumstances when we use ADM during the recruitment process. If you feel you may have been subjected to ADM and wish to request human intervention or challenge the decision, please contact… email@example.com.
Where any psychometric testing is used as part of any application or for any ongoing development with us, any such profiles generated are reviewed by HR and/or your manager, as relevant, and the outcomes and any decisions resulting from such tests will not solely be based on ADM.
Support and Advice
If you are uncertain about the content and intention of this privacy notice, have any enquiries regarding how your data is protected or wish to exercise any of your rights, please do contact the HR department on firstname.lastname@example.org.