Applicant Privacy Statement
Data Controller – Dublin Institute for Advanced Studies
Data Protection Officer – firstname.lastname@example.org
Legal Basis for Processing Data
The Data Protection Act 2018 provides that the processing of personal data shall be lawful where such processing is necessary for the performance of a statutory function of a controller. DIAS processes and retains recruitment data on the basis of our legitimate business interest to make recruitment decisions and on the basis of our legal obligations. Therefore, the processing of personal data necessary for this purpose is lawful as Article 6(1) (e) of the General Data Protection Regulation (GDPR) and Section 71 (2) (a) of the Data Protection Act 2018 apply.
Categories of Personal Data Concerned
Personal data is collected on all candidates for competitions run by DIAS in order to process their applications. This information is used by the HR section/relevant School administration to run a recruitment and selection competition from application up to appointment in the case of a successful candidate. Applicants are normally requested to submit a CV and cover letter but they may be required to complete an application form seeking information relevant to the role. The information provided by the applicant will be used at the shortlisting stage to assess the suitability of the candidate to be shortlisted for interview and at the interview stage to aid the Interview Panel in the assessment of candidates. Employment references may be sought at the shortlisting stage in certain instances and a record will also be maintained of the shortlisting assessment process. Additional data retained at the interview stage includes the interview schedule, interview Board Assessment Sheet/Report, references provided by candidate’s referees and communication of the recruitment decision.
Candidates may also be asked to provide equality monitoring information on a voluntary basis; this is used to ensure that our assessment processes are fair to all groups covered by the Equality legislation and processed only in line with our obligations for processing “special categories” of data.
DIAS only keeps data for purposes which are specific, lawful and clearly stated. Personal data will only be processed in a manner compatible with the stated purpose and information collected from candidates will only be used in order to process their application for a specified competition.
Regular audits are conducted on all personal information collected from all sources. This establishes that there continues to be sound, clear and legitimate purposes for collecting all of the information currently collected. These audits will be conducted by the DPO or an external audit firm appointed by DIAS. The findings are reviewed by the DIAS Audit & Risk Committee who report to the Council of DIAS.
All data is obtained and processed in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
The online e-Recruitment system used by DIAS is an in-house system. Personal data collected through the online system is held on our own server.
Information on Cookies is provided in a separate statement available at https://www.dias.ie/2010/05/14/dias-privacy/
Sharing Data with Third Parties
The Shortlisting Panel and Interview Panel appointed by DIAS for the relevant competition will be given access to the candidates’ applications. DIAS Shortlisting/Interview Panels generally have some external members. A data protection notice is issued to all interviewers and they are required to return to DIAS HR Section all hardcopy interview documentation and to confirm deletion of any copies and any electronic applicant data provided.
DIAS’ Internal and External Auditors may request sight of supporting documentation for recruitment decisions to verify that recruitment decisions are made in line with DIAS policy and legal requirements. HR staff will ensure that any documentation given for review to Auditors is done securely and in accordance with data protection principles.
Information about a candidate being considered for appointment is provided to Referees nominated by the candidate and to members of the relevant Governing Board/Council and in the case of certain positions to our parent Department.
The candidate’s details will also be provided to an external Occupational Health Specialist who is contracted by DIAS to undertake a pre-employment medical check. DIAS has a written data protection agreement in place with the Health Specialist.
Period for which personal data will be retained
Job application documents will be retained in line with the DIAS Record Retention Schedule.
Subject Access Requests
DIAS is aware of its obligations as a data controller with primary responsibility for, and a duty of care towards, the personal data within its control. Our obligations are set out in the GDPR and associated implementing and supplementary legislation in Ireland (Data Protection Act 2018).
Data subjects whose personal data is held by DIAS are entitled to ask DIAS and receive confirmation as to whether or not personal data concerning them is being processed. Where that is the case, data subjects are entitled to access the personal data as well as certain information in relation the processing of that data.
The procedure for making a Subject Access Request is set out in DIAS’ Subject Access Request policy.