The following policy details the personal data we collect from you, the purpose it is collected for and which third parties your details may be passed to. This policy applies to all potential job candidates as well as our employees, temporary or agency workers and self-employed contractors –both current and former.
Arnold Clark Automobiles Limited (SC036386) takes the issue of security and data protection very seriously and strictly adheres to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) applicable from 25 May 2018 and all UK data protection legislation. Arnold Clark Automobiles Limited is notified as a Data Controller with the Office of the Information Commissioner under registration number Z6369745, and we are the data controller of any personal data that you provide to us.
All candidate and employee data is held by Arnold Clark Automobiles Limited regardless of which subsidiary you are employed by. We may disclose your personal information to another member of our group where we have a legitimate business interest to do so, including Arnold Clark Finance Limited (SC039597) (Z580926X), Arnold Clark Insurance Services Limited (SC192797) (Z7717844), GTG Training Limited (SC290157) (Z5430075), Harry Fairbairn Limited (SC043023) (Z6051177), and Assure Alarms Limited (SC139217) (Z6465740).
Any questions relating to this policy and our privacy practices should be sent to firstname.lastname@example.org
This policy amounts to a privacy notice for the purposes of the GDPR and contains all of the information which we are required to provide to you under data protection legislation.
What are our Obligations?
The law says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for legitimate purposes that we have clearly explained to you, and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up-to-date.
- Kept only for as long as is necessary for the purposes we have told you about.
- Kept securely.
Personal information we collect
We obtain information about you when we employ you. We need this information to carry out the full terms of your application and potential subsequent employment. This section sets out in more detail what information we collect.
During our recruitment process, we will collect the following information:
- Full name (also known as and maiden name)
- Date of Birth
- Phone number (home and mobile)
- E-mail address (work and personal)
- NI number
- Qualifications / Professional membership numbers
- Previous employment details
- Driving licence details.
If you are unsuccessful in your application, your information will be removed from our physical records within three months, and from our electronic records within twelve months.
If you are successful, we collect the following additional information:
- Job title and hours
- Branch location
- Bank details
- Wages Information
- Copy of your passport
- Copy of a bank statement
- Next of kin details / Emergency contact details (It is your obligation to ensure that your contact knows that their details are being held by Arnold Clark)
- Life Assurance information
We may also collect the following “special categories” of more sensitive personal information:
- Health information
- Diversity information, such as ethnicity and religion
- Disability information
- Gender identity
- Criminal convictions
How long we keep your personal information for
We review our data retention periods regularly and will only hold your personal data for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Further information can be found in the Company’s Retention Policy.
Disclosing your information: why we collect it and how we use it
We will only use your personal information when the law allows us to.
When you are applying for a position with Arnold Clark, we will use your details for the application and interview process. If you are unsuccessful, your details will no longer be used unless you have opted to receive job alerts. If you are successful, your details will be used in the following ways:
- Where we need to perform the contract we have entered into with you;
- Where we need to comply with a legal obligation; or
- Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.
In particular, the situations in which we may process your personal information are as follows:
- Administering the contract we have entered into with you including checking you are legally entitled to work in the UK, identifying education, training and development requirements;
- Business management and planning, including accounting and auditing; and
- To provide a reference upon request from another employer.
The “special categories” of particularly sensitive personal information listed above require higher levels of protection. We need to have further justification for collecting, storing and using these types of personal information. We may process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent (which you are entitled to withdraw at any time);
- Where we need to carry out our legal obligations;
- Where it is needed in the public interest, such as for equal opportunities monitoring or in relation to our occupational pension scheme; and
- Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We will use your particularly sensitive personal information in the following ways:
- We will use information relating to absence which may include sickness absence or family related leave to comply with employment and other laws.
- We will use information relative to health where appropriate in the context of our provision of private medical cover.
- We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
- We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
Sharing your information
Employees with Arnold Clark we may disclose your personal information to third parties under the following circumstances:
- If we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets.
- If Arnold Clark or substantially all of our assets are acquired by a third party, in which case personal data held by us about our employees will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of the Arnold Clark Group, our customers, or others. This includes exchanging information with governmental agencies, such as HMRC and DVLA, trade unions, local councils, and the police or courts.
- We work with various third party providers to help us fulfil our obligations to you as employees. We will only disclose your information as far as is necessary to complete our obligations. Where we have contracts with third party suppliers we will have completed necessary due diligence and security checks and will include contractual obligations to ensure that your data is kept safe once passed to the third party. All third parties only have the right to use your data to complete the prescribed task, and they are not permitted to use your data for any other purpose.
- Before entering into a contract with us, we will carry out a check on you either through Disclosure Scotland or DBS in England, and your personal information will be provided to these organisations in order to complete these checks.
If you don’t provide information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers). Any failure may result in any contract with you being terminated or the taking of disciplinary action.
Your rights in relation to your information
You may request, at any time, a copy of the personal information the Company holds about you, at no cost. Should you wish to access or update the personal information that we hold, please contact us by sending a written request to The People Team, 454 Hillington Road, Hillington Park, Glasgow, G52 4FH, or email email@example.com
If you wish to have the information the Company holds on you restricted, corrected, transferred or deleted, please request this in writing to The People Team, 454 Hillington Road, Hillington Park, Glasgow, G52 4FH or firstname.lastname@example.orgProvided your information is not pertinent to the completion of a contract or required for any other legal reason, it will be removed.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).
If you are concerned that we are not using your information in accordance with the law, or are not satisfied with our response to a request made above, then you can complain to the Information Commissioner’s Office.Details of how to contact the Information Commissioner are as follows:
Information Commissioner's Office
SK9 5AF 0303 123 1113
Once we have received your information, we will use strict procedures and security features to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees and third parties on a need-to-know basis for business purposes.
Data Storage and Use of Data Outside of the European Economic Area
We store your data on secure servers inside the European Economic Area (EEA).
Some of our third party contractors are based outside of the EEA. However, we have strict control over how and why your data can be accessed. All of the processing is necessary for all the functions detailed above. If we transfer your data outside the EEA we will take steps to ensure that appropriate security measures are put in place with the aim that your rights continue to be protected as set out in this policy.
We are required to notify the ICO in the event of the loss, disclosure or acquisition of, or unauthorised access to the personal information we hold.
As a company, we encourage our employees to align their social media pages with the company. However, staff may not create their own posts concerning deals and competitions. They may only share posts created by the Arnold Clark social media team.
We offer this functionality in order to generate interest in us, the website and our services among the members of your social networks, and to permit you to share and follow opinions, news and recommendations about us with your friends. However, you should be aware that sharing personal or non-personal information with a social network may result in that information being collected by the social network provider or result in that information being made publicly-available, including through internet search engines.
Once employed with us you are responsible for helping the Company to keep your personal data up to date. You should let email@example.com know if personal information you have provided to the organisation changes, for example if you move house or change bank details.
You may have access to the personal information of other individuals, customers and clients in the course of your working relationship with us. Where this is the case, we rely on you to help us meet our data protection obligations to staff, customers and clients.
In particular, if you have access to the personal information of others, you are required:
- To only access personal information that you have authority to access and only for authorised purposes.
- To only disclose personal information to individuals (whether inside or outside the organisation) who have appropriate authorisation.
- To keep such personal information secure (for example by complying with rules on access to premises, computer access, including password protection, and secure file storage and destruction).
- Not to make unnecessary copies of personal data and should keep and dispose of any copies securely.
- Not to remove personal information, or any devices which contain or which can be used to access personal information, from our premises without adopting appropriate security measures (such as encryption or password protection) to secure the information and the device.
- Not to store personal information on local drives or on personal devices that are used for work purposes.
Failure to observe these requirements may amount to a disciplinary offence, which will be dealt with under the Company’s disciplinary procedure.
This policy was last updated: 27 January 2021