We collect your personal data directly from you in your job application. We may also collect data from other sources including:
- third party recruitment agencies;
- referees, former employers, schools, colleges and universities;
- university procedures, for example, when you connect to systems.
We may collect the following types of personal data about you:
Personal details
- including name, date of birth, contact details, National Insurance number, nationality.
Contractual employment application information
- contracts and terms and conditions of employment;
- correspondence between the University and third parties on your behalf;
- correspondence between you and the University.
Special category data
- gender and gender identity;
- health-related information relevant to your application (for example, details of any disclosed disability and reasonable adjustments);
- criminal offence data;
- racial or ethnic origin;
- religious or philosophical beliefs;
- sexual orientation.
Criminal offence data
- unspent criminal conviction(s) and/or pending cases, cautions and bind-over orders;
- for roles which require a standard or enhanced DBS certificate, unspent and spent convictions.
Application data
- application forms and references;
- right to work in the UK documentation including visa details and copies of passports.
Other data
- information generated through your use of the University's digital systems.
We process applicant personal data for the following purposes:
To manage your application
- to enable use of and access to university systems and facilities.
To comply with employment, immigration and data protection laws
- to respond to freedom of information and subject access requests;
- to return data for statutory requirements, for example, UK Visas and Immigration (UKVI).
To manage and lead the university
- to participate in quality standards and benchmarking surveys;
- to inform strategic decision making.
We have identified appropriate legal bases for processing information as follows:
For a contract
We process some of your information because it is necessary in preparation for a contract with you, for example to manage your application with us and deal with any queries you may have.
Legal obligation
We process some of your information in order to comply with employment, immigration and data protection laws.
Legitimate interests
We process some of your information because it is necessary for our legitimate interests, for example to manage and lead the university.
We may share some of your personal data with:
Other Kingston University employees
- employees of Kingston University only where they have legitimate need to access the data.
Other third parties
- third party suppliers (for example, providers of software-as-a-service for university processes).
In all cases access will be restricted to individuals with the appropriate permissions and duty of confidentiality.
We keep your personal data only for as long as is necessary. Application data will generally be retained for eighteen months after the last activity.
For full details you can access the University retention schedule on our website at policies and regulations.
Data will be anonymised or securely destroyed at the end of its retention period.
Under the GDPR and the Data Protection Act 2018, you have the following rights:
- to access the personal data we hold about you;
- to require us to correct the personal data we hold about you;
- to require us to erase your personal data;
- to require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
- to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to another controller;
- to object to any of our particular processing activities where you feel this has a disproportionate impact on your rights;
- to not be subject to a decision based solely on automated processing, including profiling, which has a legal effect on you.
Please note that the above rights are not absolute and we may be entitled to refuse requests where exceptions apply.
When considering your personal data, applicants should ensure that the information that you have provided to the University remains accurate and up to date. You should inform the University as soon as possible if details, such as your address, change. You can make changes to your personal details online via the recruitment system.
When handling other people's personal data, staff are required to maintain confidentiality and abide by the GDPR principles. These responsibilities are set out in our Data Protection Policy.
If you have any queries about this privacy notice or how we process your personal data, or you wish to request access to the personal data we hold about you, please speak to your recruiting manager or a member of HR first.
If you then wish to exercise your rights as a data subject, please use the Data Subject Request form on our website under policies and regulations.
If you have further questions, please email dataprotection@kingston.ac.uk.
If you are not satisfied, you can make a complaint to the Information Commissioner. You can find out more about your rights under data protection legislation from the Information Commissioner's Office website.
