2. Principles of Data Protection
We will comply with data protection law and principles in respect to your personal data, which means that your personal data will be:
• Used lawfully, fairly and in a transparent way.
• Collected only for lawful purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely and protected.
Our site may provide links to third party websites. Serco is not responsible for the conduct of non-Serco companies linked to the site and you should refer to the privacy notices of these third parties as to how they may handle you personal information when visiting their websites.
3. Sources of Personal Data
We collect personal data about you from a variety of sources, as follows:
• The personal data is provided to us by you (e.g. when you apply for a role and register with us, including additional communications via email, telephone or Skype).
• The personal data is collected in the normal course of our relationship with you (e.g. when we check references.)
• The personal data has been made public by you (e.g. contacting Serco via a social media platform about future career opportunities
• The personal data is received by us from third parties (e.g. recruitment agencies, your employer, law enforcement agencies, job boards).
• The personal data is collected when you visit our Website or use any features or resources available on or through the Website, some of which may be personal data.
• The personal data may be created by us, such as records of your communications with us or reports from your job interviews.
5. Personal Data Collected
The following is a summary of the types of personal data we collect on our Website/careers portal:
• Personal and contact details: title, full name, data of birth, age, gender, address, telephone numbers, email address, visa and immigration status, language and dialect spoken, preferences, subscriptions and pastimes.
• Family and friends information: name and contact details of family members, dependents and emergency contact details.
• Career history: business activities, work history, employment roles, experience and referees, work address, work telephone number, former and current names and contact details of employees, work-related social media profile details.
• Qualification, Training and Education History: Schools and universities attended, qualifications obtained, additional training obtained.
• Consents: consents, permissions, or preferences that you have specified, such as whether you wish to subscribe to receive Serco regulatory stock exchange announcements or alerts about business units, or when you agree to the terms and conditions for submitting your application for employment.
• Interview details: interview responses, opinions of interviewers.
• Sensitive Personal Data: health and medical information, political opinions or memberships, trade union membership, nationality, religion and sexual orientation, information about criminal convictions and offences, including civil offer barring information, geneic and biometric data.
• Website Access Details: your computers unqiue identifier (e.g. IP Address), the date and time you accessed the Website, passwords to access alerts preferences.
• Security information: Security clearances and vetting information.
6. Purposes and Use of Personal Data
The main purpose for using your personal information is to:
• to support and progress your applications for employment with Serco,
• to improve and monitor the operation of our Website and the careers portal.
• to facilitate the delivery of the requested services, such Serco information alerts.
We use information held about you in the following ways:-
• to assess your application and determine whether a certain job/contract/role is suitable for you.
• to contact you to arrange an interview or to discuss a particular role/contract.
• to inform you of similar opportunities arising at Serco in the future
• to obtain references from your referees.
• to assess whether any adjustments would need to made to your working environment.
• to contact you with communications about regulatory regulatory stock exchange announcements or alerts about Serco areas of business to which you have subscribed.
• To administer our website and for internal operational purposes to make user experience more efficient (including troubleshooting) and to analyse how the systems are used.
• to enable you to participate in interactive features within our website.
• to carry out vetting.
7. When is sensitive information collected?
We may from time to time request that you provide sensitive personal information in relation to a job application, such as medical information or personal attributes such as nationality, religion and sexual orientation. Where we collect and handle such sensitive personal information, we will only handle that information:
• Where we have your given your consent – including where you voluntarily provide us with that information.
• Where the law permits us to do so, to comply with our legal obligations or to exercise scpecif legal rights;
• You have clearly made the sensitive personal information public;
• The processing is necessary for the detection or prevention of crime (including the prevention of fraud); or
• Where it is needed in the public interest, such as for equal opportunities monitoring or in relation to our occupational pension scheme.
Equality and Diversity
We may collect sensitive information to promote diversity and monitor equal opportunirites within Serco’s workforce. However these questions are not mandatory and will not affect your application if you chose not to provide this information.
We may be required to carry out vetting of staff members if you apply for a designated role which is conditional on such checks. This might involve the collection and use of sensitive information obtained from criminal checks such as offences or alleged offence including any past or ongoing criminal proceedings. We have in place an appropriate policy documents and safeguards which we are required by law to maintain when processing such data.
8. Legal basis for using your personal information
Data protection and privacy laws requires us to have a “legal basis” or “lawful ground” to collect and handle your personal information. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal justification to do this.
• We need to use your personal information to take steps before entering into a contract with you. For example to review your employment history before entering into a contract of employment with you;
• Our use is necessary for the complying with our legal obligations;
• Where it is necessary for our legitimate interests (or those of a third party) as a commercial organistion ( (to the extent that your interests and fundamental rights do not override those interests), such as:
• maintaining adequate applicant records;
• to assess suitability for a role including contacting references for verification purposes;
• to detect and protect against fraud;
• delivering the requested news alerts or updates to you;
• establishing, exercising or defending our legal rights in the event of a claim;
• monitoring operational efficiency of the Website;
• managing and operating our website IT systems and ensuring security of those systems; and/or
• vetting candidates for relevant roles.
9. Sharing Your Personal Information With Others
We will only disclose personal information to a third party in very limited circumstances, or where we are permitted to do so by law. The third parties to whom we provide your personal data include:
• Other organisations within the Serco group of companies, where such disclosure is necessary to provide you with our services or to manage our business. For example for the purposes of recruitment.
• Customers where required for specific business purposes, such as additional vetting procedures.
• Banks and payment providers to authorise and complete payments.
• Credit reference agencies and organisations working to prevent fraud in financial services.
• Serco’s third party providers including information technology suppliers and infrastructure support services, law firms and other third party suppliers/partner organisations.
• Service providers which assist in sending drafting and sending requested news alerts.
• Third parties which perform he pre-employment checks, including relevant vetting services.
• Government, regulatory and law enforcement bodies where we are required in order:
a) to comply with our legal obligations;
b) to exercise our legal rights (e.g. pursue or defend a claim); and
c) for the prevention, detection and investigation of crime.
Less commonly, we may process and share your personal data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public. We may also process and share your personal data about members or former members in the course of legitimate business activities with the appropriate safeguards.
Serco will only share your personal data with our contracted service providers when we have established they have adequate and sufficient data protection controls and security controls in place (please refer to section 10 below). We also implement contractual obligations on these third parties to ensure they can only use your data to provide services to Serco for the purposes listed above. The third parties cannot pass your details onto any other parties.
10. Transferring Your Personal Information Globally
We operate on a global basis. Accordingly, your personal data may be transferred and stored in countries outside the European Economic Area (EEA), including the Middle East, America and Asia-Pacific, which are subject to different standards of data protection.
We will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognised as providing an adequate level of legal protection or where we are satisfied that alternative arrangements are in place to protect your privacy rights. To achieve this:
• we ensure transfers within Serco Group are covered by an intra-group data sharing agreement entered into be all entities within Serco Group, which contractually obliges each member to ensure that personal information receives and adequate and consistent level of protection.
• We will, when transferring personal data to third parties outside the EEA:
- put in place Binding Corporate Agreements, to ensure that your information is safeguarded where we transfer your personal information outside Serco Group or to third parties who help to provide our products and services and store information outside of the EEA;
- include the standard contractual clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties; or
- ensure that the country in which your personal information will be handled has been deemed "adequate" by the European Commission.
• we carefully validate any requests for information from law enforcement or regulators before disclosing the information
We will always co-operate with any regulators as required by law to ensure that we remain transparent about the way we handle your personal information.
11. Security of Your Personal Information
Serco takes precautions including administrative, technical and physical measures to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, modification, disclosure, alteration and destruction. We protect electronic data using a variety of security measures including:
• password access,
• data back-up,
• placing confidentiality requirements on employees and service providers,
• destroying or permanently anonymising personal information if it is no longer needed for the purposes it was collected
12. How long do we keep your personal information?
Serco will only retain your personal information for the period necessary to fulfill the purposes outlined in this Policy and as otherwise needed to comply with applicable law and internal company policies.
Talent Pool Retention
When you submit your application to us or register for job alerts, we will retain your information and if any other opportunities become available which you may be interested in, we will contact you by email or telephone. Our policy is to retain your data for 6 months and we will periodically contact you via email to confirm that we have your permission to continue to hold your data for talent purposes.
13. Your Legal Rights in Respect of Your Personal Information
You have legal rights in connection with personal information. Under certain circumstances, by law you have the right to:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Right to be forgotten enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it and we have no legitimate ground for retaining such unformation. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
• Object to processing of your personal information by us or on our behalf in certain situations.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please submit your requests in writing to the DPO via the contact details set out in Section 14 below.
Please note, to ensure security of personal information, we may ask you to verify your identity before proceeding with any such request.
If you have requested Serco to contact you regarding business alerts, or receive alerts in respect future job opportunities, you may withdraw your consent to be contacted at anytime. You can tell us that you no longer wish to be contacted by:
• Logging into your careers account or news alert accounts and changing your preferences.
• Sending us an email to firstname.lastname@example.org.
14. Data Protection Officer
Data Protection Officer, Serco Belgium SA, 6th Floor, Avenue Cortenbergh 60, 1000 Brussels, Belgium
You also have the right to contact the Commission de la Protection de la vie privee and file a complaint. (https://www.belgium.be/fr/adresses_et_sites/Urls/http_www_privacycommission_be).
You are also entitled to contact your local data protection authority. On filing of a complaint, it will then be investigated accordingly.