Privacy Policy

 

Privacy Notice for Prospective Workers at the Met Office

The wording in the Privacy Notice reflects the requirements of the UK General Data Protection Regulation (UK-GDPR) and Data Protection Act 2018 (DPA). However, its extent is not limited to the fulfilment of requirements of the UK-GDPR and DPA and therefore it will capture and incorporate (as necessary) any applicable updates to data protection laws in the future. Data protection laws require all employers to inform individuals applying for jobs or assignments with them about the specifics of their personal data handling practices, which the Met Office will do by issue of this Privacy Notice. This Candidate Privacy Notice applies to all prospective employees, workers, contractors, summer placements, industrial placements and work experience applicants about the personal data that we propose to hold relating to you. It informs you about what personal data we may collect, how we may collect it, how we may use it and how we may store it. The wording in the Privacy Notice reflects the requirements of the UK General Data Protection Regulation (UK-GDPR). However, its extent is not limited to the fulfilment of requirements of the UK-GDPR and therefore it will capture and incorporate (as necessary) any applicable updates to data protection laws in the future.

What is the purpose of this document?

We are providing you with a copy of this privacy notice because you are applying for work with us (whether as an employee, worker, contractor, summer placement, industrial placement or work experience). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will be retained for. It provides you with certain information that must be provided under the UK-GDPR and the DPA.

Our Commitments

We will comply with UK-GDPR DPA law and principles, which means we will do our utmost to protect your personal data and will ensure that we: 1. Use your personal data lawfully, fairly and in a transparent way; 2. Only collect your personal data for valid purposes that we have clearly explained to you and we will not use your personal data in any way that is incompatible with those purposes; 3. Ensure that our use of your personal data is relevant to the purposes we have told you about in this Privacy Notice and limited to those purposes; 4. Promptly action any requests from you to correct inaccuracies, or update, your personal data; 5. Only keep your personal data for as long as necessary for the purposes we have told you about; 6. Keep your personal data secure.

Data Controller

The Data Controller is the Met Office, FitzRoy Road, Exeter, Devon, EX1 3PB on behalf of the Department for Science, Innovation and Technology of the United Kingdom of Great Britain and Northern Ireland (“DSIT”). DSIT is a registered Data Controller, Registration No. ZB546218. The Met Office is an Executive Agency of DSIT. This means that we (the Met Office) are responsible for deciding how we collect store and process your personal information (namely for the purposes of the recruitment exercise). We are required under the UK-GDPR DPA to notify you of the information contained in this Privacy Notice.

Data Protection Officer (“DPO”) and Data Protection Practitioner (“DPP”)

We have appointed a DPP to oversee our compliance with data protection law. The DPP reports to the DPO (located at DSIT). If you would like to contact the DPP because you believe we have not complied with your rights as a data subject, or our obligations, or you have any questions about this Privacy Notice, or how we handle your personal information, please contact the DPP, at legal@metoffice.gov.uk

You may also contact the DPO:

1. By e-mail to dataprotection@dsit.gov.uk, or;

2. In writing, addressed to the “Data Protection Officer” at: DSIT Data Protection Officer, Department for Science, Innovation and Technology, 1 Victoria Street, London, SW1H 0ET.

You are also reminded that you have the right to escalate any complaint at any time to the Information Commissioner’s Office (the UK supervisory authority for Data Protection issues) Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF: helpline on 0303 123 1113, or via https://ico.org.uk/

What personal data do we collect?

In connection with your application for work with us, we collect and processes a range of information about you. This includes: • your name, address and contact details, including email address and telephone number, date of birth and gender; • Marital Status • National Insurance Number • Previous/current salary information • Copy of driving licence, and/or Passport • Recruitment information (including copies of right to work documentation, references, and other information included in a CV or cover letter; • information provided to us during an interview  • Employment records (including details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the Met Office; • information about your nationality and entitlement to work in the UK; We may also collect, store and process the following special categories of more sensitive personal information: • Information about criminal convictions or offences; • information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments; • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.

How do we collect your personal data?

We collect this information in a variety of ways. For example, data is collected through application forms, CVs or resumes; obtained from your passport, or other identity documents such as your driving licence; from forms completed by you during the recruitment process; from correspondence with you; or through interviews, meetings or other assessments. We may collect personal information from you directly, or through an employment agency where applicable. We collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, and information from criminal records checks permitted by law.

Why do we process your personal data?

We will use the personal information we collect about you to: • run recruitment campaigns and processes; • Assess your skills, qualifications, and suitability for the role; • Carry out background and reference checks, where applicable; • Communicate with you about the recruitment process; • Keep records related to our hiring processes; • Comply with legal or regulatory requirements; • to ensure that we comply with duties in relation to individuals with disabilities, meet our obligations under health and safety law; • Ensure compliance with Met Office Policy, including IT, information security and fraud and anti-bribery policy; • maintain and promote equality. Please note, in some cases our grounds for processing will overlap and there may be more than one ground that can justify our use of your personal information. Some special categories of personal data, such as information about health or medical conditions, is processed to carry out our obligations under employment law (such as those in relation to candidates with disabilities and for health and safety purposes). Where we process special category data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that we use for these purposes only is collected with your express consent, which can be withdrawn at any time. You are entirely free to decide whether to provide such data and there are no consequences of failing to do so. It is in our legitimate interests to decide whether to appoint you to a role. We also need to process your personal information to decide whether to enter into a contract of employment with you. Having received your CV and covering letter or your application form, we will process your information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will take up references, carry out a criminal record, and carry out security checks before confirming your appointment.

If you fail to provide personal information

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we may not be able to take your application further.

Who has access to your personal data?

Your personal data will be shared internally, including with members of the HR team, Campaign Managers, IT staff and Security/Vetting team (only if access to the data is necessary for performance of their roles). We share your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks, including from third party providers, obtain criminal records checks or where otherwise necessary in connection with the management of the recruitment process. We may also need to share your personal information with a regulator if necessary, or to otherwise comply with the law. Whenever we share your personal data with third parties, we ensure they are obliged to follow strict rules to protect it. We have agreed to terms and conditions of third party service providers, which allows them to transfer your personal data outside of the UK/EEA. Whenever we transfer your personal information out of the UK/EEA, we ensure third parties afford either the same or similar degree of protection to it by ensuring at least one of the following safeguards is implemented: • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries • Where we use certain data processors, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

How secure is your personal data?

We take the security of your data seriously. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and third parties who have a business need to access it. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. This also allows us to ensure that are obliged to implement appropriate technical and organisational measures to ensure the security of data. All our third party service providers are required to implement appropriate technical and organisational security measures to protect your personal information in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions and the law. We have in place procedures to deal with any suspected data security breach. We will notify you as necessary where any suspected or actual breach relates to you.

How long do we keep your personal data?

We will retain your personal information for a period of 24 months after we have communicated to you our decision about whether to appoint you to a role. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy.

What are your rights as a data subject?

As a data subject, you have a number of rights surrounding our use of your personal data. You can: • request access and obtain a copy of your data on request; (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it • ask us to change incorrect or incomplete data; this enables you to have any incomplete or inaccurate information we hold about you corrected. • ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; this enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing • object to the processing of your data where we are relying on ‘legitimate interests’ as the legal ground for processing; where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. • ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your fundamental rights or freedoms override our legitimate grounds for processing data. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. If you would like to exercise any of these rights in relation to your employment with the Met Office, you can make a request either to careers@metoffice.gov.uk or the DPP.

Can you withdraw your consent?

When you applied for a role, you provided consent for us to process your personal information for the purposes of the recruitment exercise. Where you have provided your separate express consent to the collection, storage and processing of any of your personal data, you may submit a request to withdraw this consent. We will stop processing your personal data for the original purpose that you provided your express consent for, unless we have a legitimate reason not to do so. If you would like to withdraw your express consent, please contact either careers@metoffice.gov.uk or the DPP (see page 2) providing full details of the original express consent provided, including the recruitment campaign you gave consent, the date and any other relevant information.