EO Charging Recruitment Data Protection Notice

Effective Date: 12 February 2024
Version number: 2.0

1. Introduction


Juuce Limited trading as EO Charging (referred to as “we” “our” and “us”) is a data controller and responsible for deciding how we collect, store and process personal data on individuals we interact with. This also includes any candidates who apply to any of our job vacancies.

This recruitment privacy notice is designed to ensure any job applicants are aware of how and why personal data will be used for recruitment purposes, for how long it will be retained for and where any recruitment data may be shared to name as a few examples.

We have designed this recruitment privacy notice in accordance with requirements under the UK GDPR. This notice will be reviewed and updated where changes in legislation may occur, for example when new or replacement legislation is introduced.

You can contact our head office using the following details:


Post: 
Tomo House 
Tomo Road
Stowmarket 
IP14 5AY
United Kingdom

Phone: +44 (0)333 77 20383
Email: hello@eocharging.com 

We have a Data Protection Officer (DPO) who can be contacted on  DPO@EOCharging.com if you would like to raise or discuss any data protection matters, complaints and/or concerns directly to them.

2. Lawful Basis


For our recruitment data processing activities, we may rely on the following lawful bases:

  • Consent, to carry out relevant checks only (see below)

  • Contractual obligation, to take the necessary steps to enter into and conclude contracts of employment

  • Legal obligation, to help fulfil requirements (as examples) under employment laws and equality laws

  • Legitimate interests, to review and screen CVs received and see where improvements can be made to our recruitment process

There may be instances of where we may need to process certain categories of data referred to as Special Category Personal Data. These may include personal data related to health as an example, but where identified and needed, we will ensure the relevant special conditions are applied and documented where needed.

3. Data Subjects


For our recruitment process we may process the personal data of the following individuals (“data subjects”):

  • Enquirers

  • Applicants

  • Past unsuccessful applicants

4. Personal Data Collection

 
We do not currently advertise for roles on our main website and only advertise our job vacancies on the following websites: 

  • LinkedIn

  • Indeed

  • Reed

When you apply to a role on the above sites our recruitment team based in the UK will receive an email notification informing them of an application. The recruitment team will be able to review data of applicants which can include the following sets of personal data:

  • Name

  • Contact details

  • Position applied for

  • CV

  • Cover letter

  • Social media profiles (e.g. LinkedIn profile)

  • Answers to any application questions

As mentioned above, there may be instances of where we may need to process special category personal data, for example health information to help us make any reasonable adjustments for any in-person interviews should we ever be informed. We will request such information prior to confirmation of an interview so any reasonable adjustments can be made in advance. This data will also be held for as long as necessary in line with our data retention schedules.

We strongly encourage applicants to not send through any documents such as ID documents (e.g. passport scans) or copies of certifications as they may not be necessary and may be deleted unless requested.

Please also note applications made on LinkedIn will enable our recruitment team to view your LinkedIn profile and view information not included on your CV.

As mentioned in our data protection notice on our website, we use recruitment agencies to help find suitable candidates for certain job roles. These agencies are all based in the UK and will collect and send us information such as CVs, cover letters and other sets of data/information from candidates they feel may help them stand out more. We ensure our recruitment agencies only send us data that is necessary for our recruitment activities and nothing that can be deemed as excessive/unnecessary (e.g. if someone is a politically exposed person).

5. How We Obtain Personal Data


During our recruitment process we may obtain personal data about candidates through various means, which include (but is not limited to):

  • Directly from the candidate

  • Candidates social media profile (e.g. LinkedIn profile)

  • Specified referees

  • Employee referrals

  • From our third-party recruitment agencies

  • From our background check providers

6. How Is Personal Data Used?
 

Personal data processed as part of the recruitment process can include the following activities:

  • To assess your skills, qualifications, and suitability for the role

  • Carry out background and reference checks, where applicable

  • Communicate with you and our recruitment agencies about the recruitment process

  • Keep records related to our hiring processes

  • Comply with legal or regulatory requirements

  • If successful offer suitable candidates’ contracts of employment

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history) we will not be able to process your application successfully.

7. Criminal Conviction and Offences Data

None of our roles advertised require a criminal background check. If this ever was to change we will update our privacy notices as required.

8. Background Checks

Via a third party we carry out background checks (employment and right to work) with candidates as a condition of employment. Upon satisfactory checks being completed we will be able to conclude our onboarding process. Our third-party provider will contact the employee directly and ask for their consent to begin the background check. If consent Is not given or withdrawn during the background check we cannot progress further with an application.

The personal data collected and processed by our background check provider will include (but is not limited to):

  • Name

  • Contact details

  • Employment history

  • Right to work documents

  • Drivers license

For more information you can contact using our details as mentioned above.

9. Data Retention
 

We retain data of applicants for a maximum period of 6 months if unsuccessful. This is to show and evidence we have carried out a fair, equal recruitment campaign in line with equality law requirements and to also contact past applicants if they have consented us to hold their CVs on file. After 6 months their information is deleted from our systems. Any successful candidates will have their recruitment data added to their employee file.

 
10. Data Sharing

As mentioned above personal data of job applicants can be shared between different functions and departments across our organisation. We do this to ensure the recruitment process has been carried out in accordance with our recruitment policies and the appropriate files can be created and maintained.

Where we share data with any relevant third parties we will ensure their agreements contain appropriate data protection clauses, and/or where needed and necessary we will enter into the appropriate data processor agreement or data controller sharing agreement. These agreements are reviewed and approved by our legal and privacy team to ensure compliance with all applicable laws and regulations.

For more information on data sharing you can contact us using our details as mentioned above.

 
11. International Data Transfers

We do not transfer any recruitment data outside the UK to other companies or individuals based in the EEA (European Economic Area) or globally.

12. Automated Decision Making and Profiling

We do not conduct any automated decision making and profiling as part of our recruitment process.

 
13. Data Security

As mentioned above we take security of personal data seriously, and we have certifications to various data security frameworks such as Cyber Essentials, Cyber Essentials Plus and ISO 27001, and we review our certifications annually.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

If we become aware of any loss, misuse, alteration of personal data we will work closely with our IT team and other parties as necessary to investigate the incident at hand. We have put into place the relevant procedure and policies in place to investigate, mitigate and report (when needed to relevant parties) such instances.

14. Data Protection Rights

If you are based in the UK/EEA you have several Rights to how an organisation processes your personal data. The Rights are as follows:

  • Right to be informed

  • Right to access data

  • Right to rectification

  • Right to erasure

  • Right to restrict processing

  • Right to objection

  • Right to portability

  • Right not to subject to automated decision making and profiling

 

If you would like to exercise any of the above Rights you can do so by sending us a written request using our details mentioned above.

Please note we may ask for ID (e.g. passport scan, drivers license etc) to verify identity where needed. Upon successful verification we will delete and remove all copies of ID received.

Should we also require extension of time to help fulfil any Right requests, we will be sure to contact requestors as soon as possible with reason(s) why an extension is needed and when Right requests can be fully carried out and completed.

15. Concerns and Complaints

We understand you may have concerns and complaints to this notice and any aspects to how we process personal data. If you would like to contact us directly to talk to us about a concern or to raise a complaint, you can do so by using our contact details above.

You can also submit a complaint directly to the Information Commissioners Office (the ICO), the UK supervisory authority for data protection in the UK, via this link.

  
16. Review and Updates
 

We will review this notice and make changes to it from time to time. We recommend that you check this notice to see where changes have been made and to ensure you are able to review updated information at all times.