With your knowledge, we may also collect, store and use the following types of more sensitive personal information which could include:
[While we may become aware of other sensitive personal information during the recruitment process, for example if you provide suchinformation to us, we do not actively request such information, nor use it tocome to a decision.]
Diversity, Equity & Inclusion Information
If you use our online application system, you will be asked to provide certain information as part of our diversity, equity and inclusion efforts on a voluntary basis. It is not mandatory to provide this information and it won’t affect your application if you do not provide this information. The answers to these questions are not seen on an individualized basis and your submission will only be used to assess our diversity, equity and inclusion efforts.
3. How we collect your personal data
We primarily collect personal information from you. We may also collect personal data about you from third parties, for example any employment agencies or background check providers we use, your former employer(s), named referees, and the Disclosure and Barring Service in respect of any criminal records checks we do. We also collect personal information from publicly accessible sources such as social media platforms like LinkedIn, collaboration or recruitment platforms like Github and Cord, and other sources like Companies House and sanctioned party screening lists.
4. How we use this personal data and our lawfulbasis for doing so
We will use the personal information we collect about you to:
We have a legitimate interest in processing your personal data in this way as it allows us to identify potentially suitable candidates, manage our recruitment process, decide who to shortlist and invite for an interview, assess and confirm a candidate's suitability for employment or the work, and decide to who to appoint to undertake that role or work.
We take up references and carry out relevant checks (such as entitlement to work in the UK, sanctioned party screening, and other appropriate background checks) in the later stages of the hiring process, only. In some instances we are required by law to carry out these checks, as well as it being within our legitimate interests.
While you may have a right to object to our use of your personal data, we do not rely on consent as a legal basis for processing your personal data.
If you fail to provide personal information
If you fail to provide information we need to consider you application when requested (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.
How we use particularly sensitive personal information
We may use your in the following ways:
In addition, we will use information about race or national or ethnic origin, religious, philosophical or moral beliefs, sexual life or sexual orientation or gender, to ensure meaningful diversity, equity and inclusion monitoring and reporting. Such information is non-individualised.
Information about criminal convictions
We only process information about criminal convictions where egally required to do so or where it is permissible to do so and appropriate given the nature of the role or work. For example, if the role or work requires a high degree of trust and integrity, we might seek a basic disclosure of your criminal records history.
Automated Decision Making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
5. When we may share your personal data with third parties
We will only share your personal information with third parties for the purposes of processing your application where appropriate, for example, with talent sourcing and recruitment tool providers, recruitment consultancies, or with other companies within our corporate group. The main recruitment tool we use is Ashby (
https://www.ashbyhq.com/). We also use Fetcher (
https://www.fetcher.ai/) and platforms such as LinkedIn and Cord (
https://cord.co/) to source candidates.
All our third-party service providers and other entities in thegroup are required to take appropriate security measures to protect your personal information. We do not allow our third-party service providers or others in our corporate group to use personal data that we have provided to them for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not sell personal data to advertisers or marketing companies.
6. International Transfers
We may transfer your personal data outside the UK. For example, to other companies in our corporate group or to service providers. In particular, some of the talent sourcing and recruitment tools we use process and store data in the USA. Whenever we transfer your personal data outside the UK or EEA, we only do so where the transfer is permitted by data protection law and ensure a similar degree of protection is afforded to it.
We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government. The list of countries that benefit from adequacy decisions changes from time to time, but includes the EEA and the USA under the UK Extension to the EU-US Data Privacy Framework. We will usually seek to rely on an adequacy decision where one exists.
Where we use certain service providers or are otherwise transferring your personal data to a country for which there is no adequacy decision, we will only do so if we are satisfied appropriate safeguards are in place and enforceable rights and effective legal remedies are available for data subjects. These safeguards will usually include using specific contracts approved for use for international transfers which give personal data similar protection to that it has in the UK.
We may also transfer personal data where a specific exception applies under data protection law, for example if the transfer is necessary for the performance of a contract between us or to take pre-contract steps at your request, for a contract in your interests between us and another person, or to establish, exercise or defend legal claims.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
7. Data Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. The recruitment tool we use to store candidate data, Ashby, is SOC2 compliant and Type 2 audited annually. Further information on the security measures Ashby applies may be found at
https://trust.ashbyhq.com/.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
8. How long we may keep your data for
Where we have proactively identified you as a potentially suitable candidate for a role, if you do not respond to us after several contact attempts or you indicate you are not interested in the role, unless you ask us otherwise we will retain the personal information we have about you on file until the role for which we identified you (or any similar roles which come in in that period) is filled in order to try to avoid proactively contacting you again.
Where you have applied to us (whether directly or after indicating your interest in the role when we proactively contact you), we will retain your personal information for a period of 12 months after we have communicated to you our decision about whether or not you’ve been successful. We retain your personal information for that period both so that we can contact you if any further roles arise in which you may be interested, and so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.
If you are successful in your application for a role, relevant information collected as part of the recruitment process will be transferred to your personnel file and retained during your employment. Information about our retention of personal information about employees, workers and contractors will be provided to you at the relevant time.
Retention after expiry of main retention period
If we wish to retain your personal information on file beyond that period, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your consent to retain your personal information for a fixed period for that purpose. You have the right to withdraw your consent for that processing for that purpose at any time – to exercise that right please contact us using the contact details at the end of this privacy notice. After, we have received notification that you have withdrawn your consent, subject to our retention policy, we will no longer process your data for this purpose and dispose of your personal data securely
9. Your legal rights
You have rights under data protection laws in relation to your personal data in certain circumstances. These include the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you (with some exceptions).
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances. For example, where we have no good reason for continuing to process it. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons. If so, these reasons will be notified to you at the time of your request.
Object to processing of your personal data where we are relying solely on a legitimate interest (or those of a third party) as the legal basis for processing it. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain circumstances.
You can find out more about these rights on the InformationCommissioner’s website at ico.org.uk. If you wish to exercise any of the rights set out above, please contact us using the details at the end of this privacy notice.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. To do that you can use their online complain form at
https://ico.org.uk/make-a-complaint/data-protection-complaints/. We’d appreciate the chance to deal with your concerns before you approach the ICO, so please consider contacting us first.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. Contact details
If you have any questions or concerns about this privacy notice or how we handle your personal information, or wish to exercise your legal rights, please contact us. The best way to contact us is by email. Our contact details are:
Email address:
legal@five.aiPostal address: FAO Legal, Five AI Limited, Fora, 20 Station Road, Cambridge, CB1 2JD.
