Our Recruitment Privacy Notice
Why read this?
Data gives us the power to do incredible things - being able to provide fairer premiums is our favourite example. But handling it is a big responsibility, and one we take very seriously. This privacy notice is in relation to how we use your personal information during the recruitment and onboarding process, and what we do to keep it safe.
- What words mean
Who we are
Who does this privacy notice apply to?
- Information we may collect about you
Information we collect from third parties
What’s the legal basis for us processing your information?
How do we use (or process) your information?
- Your rights
How to complain to us or the ICO
How to get a copy of the data we have about you (raise a ‘Subject Access Request’ or ‘SAR’)
How to amend your personal data (the GDPR ‘right to rectification’)
How to request your data is deleted (‘right to erasure’)
How to change marketing consent
Who do we share your personal data with?
Which countries do we transfer your personal data to?
How do we keep your data secure?
How long do we keep your data for?
Profiling and automated decision-making
Changes to this notice
1. What words mean
This privacy notice (the “Notice”) describes how By Miles (“we”, “us”, “our” and “By Miles”) collects, stores and uses information about you in connection with the By Miles recruitment and onboarding process.
“Data Protection Law” means the Data Protection Act 2018, the UK General Data Protection Regulation (the UK GDPR), and the Privacy and Electronic Communications (sometimes shortened to EC Directive) Regulations 2003 (also known by the acronym PECR), as amended from time to time, and all other applicable privacy and data protection laws and regulations, as well as any guidance and/or codes of practice issued from time to time by the Information Commissioner’s Office.
For the purposes of Data Protection Law we, as the employer, are data controllers. This means that we control the processing of your personal information in accordance with Data Protection Law, and are each responsible for holding your personal information safely.
1.1. Who we are
By Miles is a company registered in England and Wales under company number 09498559 and our registered office is at By Miles Ltd, Churchill Westmoreland Road, Bromley, BR1 1DP. We are part of the Direct Line Group of companies. "You" refers to the individual (also known as the Data Subject) about whom we collect and process data and the purposes by which we do so.
We’re registered with the Information Commissioner's Office (ICO), with reference number ZA219758.
You can contact us:
By post: By Miles Customer Relations, By Miles Ltd, Churchill Court, Westmoreland Road, Bromley, BR1 1DP.
For general requests by email: hello@bymiles.co.uk
For data related queries or requests by email: data@bymiles.co.uk
To contact our Data Protection Officer (DPO), by email: DPO@bymiles.co.uk
By telephone: 0330 088 3838
As we try to be as paperless as possible, we’ll communicate with you using the email address you give us in your application to work for us, so it’s important that you keep this accurate and up-to-date. If you wish to change the email address that we use to communicate with you, please let us know.
1.2. Who does this Privacy Notice apply to?
This Privacy Notice applies to anyone who has expressed an interest in working for us, anyone who has applied for a role with us and/or is offered a role.
2. Information we may collect about you
Most of the personal information we collect about you is provided directly to us, by you, for reasons relating to recruitment and onboarding.
The personal data you have provided to us as part of recruitment and onboarding process includes, but is not limited to:
Identity information such as your title and full name.
Contact information such as your home address, email address and phone number.
Profile information as detailed on your curriculum vitae (CV), LinkedIn profile, your right to work in the UK, nationality, employment status, information submitted to support your application to work for us, information provided during an interview, emergency contact details.
Identification documents such as your passport, driving licence, national insurance number and other national identifiers.
Reasonable adjustments for any reasonable adjustments you may need as part of the recruitment process.
Regulatory information including education history, employment history, any applicable licence, qualifications, or certifications for the role or registration with the appropriate authority.
Contract of employment information such as the offer made, contract, details of any agreed packages, and payroll information.
Remuneration and benefits such as your salary information and allowances, bank account details for payroll, tax information and benefits.
Diversity, inclusion, equity information (where applicable by law and with your explicit consent) such as gender, sex, age, nationality, religious beliefs, sexuality, ethnicity and caregiving responsibilities.
2.1. Information from third parties
Where an offer of employment has been made, we use a third party service provider to collect personal data from you and to conduct screening checks on our behalf to help us understand if you are suitable for the role and to meet our legal and regulatory obligations. Screening checks include obtaining previous employment references, right to work in the UK checks, soft credit checks, criminal record checks and sanctions checks.
In some cases, existing employees at By Miles can make recommendations about potential applicants. Such employees will provide additional personal data about such potential applicants. In cases where this is made, the potential applicant will be informed about the processing.
3. What’s the legal basis for us processing your information?
We’ll process your personal data in one or more of the following circumstances, but is not limited to:
You’ve given us permission to do so. For example, because you have applied for a role with us and have expressed a wish to remain in contact.
You have applied for a role with us which will allow us to manage the recruitment process, assess and confirm your suitability for the role, decide to whom to offer the role, and to keep you updated during the recruitment process.
It is necessary to comply with legal, statutory or regulatory obligations. For example, we are required to check your eligibility to work in the UK before employment starts and to make reasonable adjustments to the recruitment process for you.
Where it is necessary to process your information to enter into a contract with us. For example, setting up an employment contract.
To defend against legal claims.
Responding to queries or requests made by you.
Where we process diversity, inclusion and equity information (with your explicit consent), this is to monitor and improve our equal opportunities process.
4. How do we use (or process) your information?
We may process your information for the following reasons:
To review and assess information provided by you in a job application, interview(s) and offers.
To allow us to make reasonable adjustments to the recruitment process for you.
To comply with our legal, statutory and regulatory obligations, including obtaining references from previous employers and managing screening checks as part of an offer made by us.
To contact you with any queries or requests you have made.
To contact you and/or your emergency contact in the event of an issue.
Check your details against a database of people under government financial sanctions, as required by law.
To set up your employment with us such as payroll, training, health and safety and system access.
To monitor and improve our diversity, inclusion and equity.
If we need to use your personal information for an unrelated reason, we’ll notify you to explain the legal reason why we’re doing so.
Please note that if we need to process your personal information without your knowledge or consent, we’ll only do so in line with the above and as we are required or permitted to do so by law.
5. Your rights
Under data protection law, you have the following rights (please note that some may only apply under certain circumstances):
The right to be given a copy of the personal data we’ve collected about you (a Subject Access Request or Data Subject Access Request). See ‘How to get a copy of the data we have about you’.
The right to update or change the personal data we have collected about you if it’s inaccurate or incomplete.
The right to erase the personal data we’ve collected about you.
The right to restrict processing (which is usually a temporary measure) while we verify any changes made to your data or deal with a request or issue.
The right to object to the processing of the personal data we have collected about you, including in respect of any data processed for direct marketing purposes (see below ‘how to object to processing’).
The right to withdraw any consents you have provided in respect of our processing of your personal data.
The right to lodge a complaint with the ICO (www.ico.org.uk).
5.1. How to complain to us or the ICO
If you have any concerns about our use of your personal information, you can make a complaint to us at DPO@bymiles.co.uk.
You can also complain to the ICO if you’re unhappy with how we’ve used your data. The ICO’s address is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
5.2. How to get a copy of the data we have about you (raise a ‘Subject Access Request’ or ‘SAR’)
Under Article 15 of the UK GDPR you have a ‘right of access’ as the data subject. To exercise your right to be given a copy of your data, please write to us at data@bymiles.co.uk. In most cases we’ll respond to legitimate requests within one calendar month, free of charge, but we reserve the right to (in accordance with the guidelines set out by the ICO):
Verify your identity before carrying out any rights request.
Charge a fee in exceptional, repetitive or unreasonable circumstances.
Refuse your request if we believe it’s unreasonable, excessive or repetitive.
Extend the time, if we need more information.
5.3. How to amend your personal data (the GDPR ‘right to rectification’)
Under Article 16 of the UK GDPR you have the right for your personal data to be accurate. If you want to amend your personal data, you can do so by emailing data@bymiles.co.uk.
5.4. How to request your data is deleted (‘right to erasure’)
Under Article 17 of the UK GDPR, you have the right to be forgotten or withdraw your consent for it to be processed, as long as your personal data is no longer required for processing. If your personal data is retained for legal reasons then we may keep it for legal reasons. See ‘How long do we keep your data for’ for more detail.
5.5. How to change marketing consent
If you have opted in to receive emails from us about any job postings, you have the right, at any time, to ask us to stop processing your information for job posting purposes. If you wish to exercise this right, you should contact us by emailing data@bymiles.co.uk, giving us enough information to identify you and deal with your request. Alternatively, you can login into your account on the By Miles Careers page and update your preferences, or follow the unsubscribe instruction in job posting emails you receive from us.
6. Who do we share your personal information with?
We won’t sell or share your personal data with third parties for them to use for marketing purposes. Your information is securely stored and managed within our Information Security Management System (ISMS).
As part of the recruitment and onboarding process, we may share information:
Internally at By Miles. This includes members of the People and Recruitment team, the hiring manager and interviewers involved in the recruitment process and other business areas once an offer has been made to set up employment and systems access.
With a third party service provider to collect, store and manage your personal data to facilitate the recruitment and onboarding process.
Where an offer has been made, we use a third party service provider to obtain necessary background checks such as criminal record checks, soft credit checks, sanctions checks, previous employer references and right to work in the UK checks.
7. Which countries do we transfer your personal data to?
Some of the third parties we work with (such as software and service providers) that we transfer your personal data to may be located in countries outside the UK, including the US. We put steps in place to ensure the security and protection of your information, which includes the following:
Performing risk assessments (Data Protection Impact Assessments or DPIAs) on the data being shared, the supplier’s own security measures and methods of transfer (often referred to as ‘safeguards’).
Requiring a Data Processing Addendum (DPA) that specifies how data will be processed throughout its lifecycle and the security measures we expect to be used to protect the data.
In all cases, we’ll ensure that your personal data is protected in line with the UK GDPR (that’s the UK General Data Protection Regulation).
8. How do we keep your data secure?
We’re committed to protecting information that we collect from you and third party service providers. In line with this, we limit access to your personal information to a select group of people within By Miles for managing the recruitment and/or onboarding and certain third party service providers who need to process it in accordance with this notice.
We’ll use technical and organisational physical, electronic and procedural safeguards in line with good industry practice to safeguard your information collected against unauthorised or unlawful processing and against accidental loss, damage, destruction, alteration or disclosure.
9. How long do we keep your data for?
We’ll only keep your information for as long as we need to process it, including to comply with our legal, statutory and regulatory obligations.
If your application to work for us is unsuccessful, we will hold your information on file for 12 months after the end of the recruitment process. This will allow us to respond to any queries or requests submitted by you, defend against employment tribunals or other legal challenges.
After this period, if you wish to retain your information on our file on the basis that a further role may arise in future and would like to be considered for it, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.
Following acceptance of an offer of employment, your information will be transferred to your employee record. The period for which your personal data will be held will be provided to you in a separate privacy notice.
10. Profiling and automated decision making
We do not use automated decision making for recruitment and onboarding purposes.
11. Changes to this notice
We may change this notice from time to time.
If you have any questions about this privacy notice, please contact our Data Protection Officer by sending an email to DPO@bymiles.co.uk.