Recruitment privacy notice
How the Serious Fraud Office (SFO) uses your personal data when you apply for a job.
Applies to England, Northern Ireland and Wales
Documents
Details
This notice is to inform you how the Serious Fraud Office (SFO) processes your information (‘personal data’) when you apply for a job with the SFO, including the application process and pre-employment checks. The SFO is the data controller for the processing set out in this notice, which means we decide how and why your data is processed, either on our own or jointly with another organisation.
What personal data we process and why:
We process the following information about you in order to conduct recruitment based on merit having assessed candidates through fair and open competition:
-
name and contact details
-
information included in your application, such as your work experience and education history
-
whether you are applying under one of our recruitment schemes, such as the Disability Confident scheme
-
information you have provided in relation to any reasonable adjustments you may need as part of the recruitment process
-
information used to assess your suitability for the position you have applied for, such as interview notes or test results
-
information provided any external recruitment consultants engaged by us
If we make a conditional employment offer which you accept, we will collect the following additional information in order to conduct our pre-employment checks. This information is to confirm your identity and right to work in the United Kingdom, as well as to seek assurance as to your trustworthiness, integrity and reliability:
-
evidence of your identity and right to work in the UK
-
references from your previous employers
-
evidence of your educational attainments
-
evidence of any existing National Security Vetting clearance you hold
-
any information provided to us by UK Security Vetting, with whom the SFO is a joint data controller, in order for us to make a decision about your suitability to hold security clearance at the SFO. SFO and UKSV are Joint Controllers. You can read more about how UKSV and the SFO process personal data for vetting purposes.
-
other information gathered to seek assurance that your appointment will not bring discredit upon or otherwise adversely effect the professional integrity of the SFO, information which may include but is not limited to any examples of: spent or unspent criminal convictions and misconduct in public office
If you pass your pre-employment checks, we will collect the following information about you in order to finalise your contract and create your employee record:
-
date of birth
-
sex
-
national insurance number
-
bank account details
-
emergency contact details
-
next of kin details
We will collect information about your employment history, any relevant benefits or pensions you receive, and any student loans you have, to report this information to His Majesty’s Revenue and Customs per our legal obligations.
We will also collect your marital status, which along with other details will be sent to Capita, administrator of the Civil Service Pension Scheme (of which we are a member organisation) to auto-enrol you in the scheme unless you opt out of it.
Where we collect your personal data from:
We obtain most of the personal data we process directly from you when you complete your application in Civil Service Jobs and afterwards when you complete our pre-employment forms. We may obtain additional personal data from the following sources:
-
Cabinet Office (Civil Service Jobs) with whom we are a joint data controller for some of your personal data. You can read the Civil Service Job’s privacy notice
-
your previous employers and education providers, whom we may ask to provide a reference
-
external recruitment consultants, whom we may engage for some recruitment campaigns
-
sources of information used for our pre-employment checks, including records of criminal offences and intelligence databases
-
UK Security Vetting
Our lawful basis for processing your personal data:
The lawful basis we rely on for most of the processing set out in this privacy notice is article 6(1)(b) of the UK GDPR, which relates to processing necessary to perform a contract with you, or to take steps at your request to enter into a contract with you.
We also rely on article 6(1)(c), which relates to processing we are required to conduct to comply with our legal obligations. For some processing, we rely on article 6(1)(f), which relates to processing necessary for us to fulfil our legitimate interests where those interests are not overridden by your interests or fundamental rights and freedoms as a data subject.If you provide information about your health as part of request for a reasonable adjustment, we process this ‘special category data’ on the basis of article 9(2)(b) of the UK GDPR, which relates to our obligations in employment law, paired with Schedule 1 part 1(1) of the Data Protection Act 2018.
We receive aggregated information from the Cabinet Office (Civil Service Jobs) about the protected characteristics of those who have applied to and/or been appointed to roles within the SFO. This pseudonymised information is not designed to enable identification of individuals but, on some occasions, identification of those appointed to roles within the SFO may still be possible due to low numbers. Where this is the case, our basis for processing special category data is that the processing is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to certain categories of personal data, with a view to enabling such equality to be promoted or maintained (DPA 2018 Schedule 1, Part 2, s8).
As part of our pre-employment and vetting checks, we process information about applicant criminal convictions and offences. We rely on the following conditions under Schedule 1, Part 2 of the Data Protection Act 2018 in order to process this data:
-
statutory and Government purposes (s6); and
-
protecting the public against dishonesty (s11).
Who we share your personal data with:
In the course of the application and assessment stages of our recruitment process, we may share your personal data with:
-
Cabinet Office (Civil Service Jobs), with whom we are a Joint Controller for some of your personal data. You can read the Civil Service Job’s privacy notice
-
any external recruitment consultants engaged by us for the recruitment campaign
-
any external testing provider or interviewer we use for assessment purposes
-
if you attend an in-person interview, staff at Canada House where our offices are located
In the course of our pre-employment checks, we may share some of your identifying personal data with organisations in order to conduct searches of their records. These organisations may include but are not limited to:
-
Cabinet Office (UK Security Vetting, Public Sector Fraud Authority)
-
Home Office
If you accept an offer of employment from us, we will share some of your personal data with:
-
the Crown Prosecution Service, our payroll provider
-
His Majesty’s Revenue and Customs
-
other government departments, as per any reporting requirements
-
Capita, administrator of the Civil Service Pension Scheme (unless you opt out)
Information used to create your employee record will be uploaded to our HR & Finance system, which is supported by Oracle.
We will also share your personal data when there is a legal requirement to do so, for example with the Police or similar organisations for the prevention and detection of crime or security purposes.
How long we retain your personal data for:
Personal data captured in the course of application and assessment processes will be retained for two years after the end of the recruitment process to allow for any recruitment queries or legal challenges.
Personal data captured in the course of our pre-employment checks will be retained for the following periods (starting either from the end of your contract with us or alternatively from when you fail our employment checks):
-
Baseline Personnel Security Standard details: 12 months
-
National Security Vetting details: 5 years
-
Register of interests details: 5 years
Personal data used to create your employee record is subject to retention periods set out in the SFO Staff Privacy Notice.
Your rights as a data subject:
Under data protection law, you have a number of rights in connection with the processing set out in this notice. You have the right to:
-
object to processing of your personal information;
-
request access to your personal data (commonly known as a “data subject access request”);
-
request rectification of the personal data that we hold about you;
-
request erasure of your personal data;
-
request the restriction of processing of your personal data; and
-
request the transfer of your personal information to another party.
To exercise any of your data subject rights, please email information.officer@sfo.gov.uk. Please note that some of the rights listed above are situational and may be restricted in accordance with data protection law.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection. More information about your rights and how to lodge a complaint with the ICO can be found on their website.
Contact us
If you have any questions about the content of this notice or wish to make a complaint about how your personal data has been processed by the SFO, please contact the Data Protection Officer at DataProtectionOfficer@sfo.gov.uk.