Skip to main content
Home

Data Protection Privacy Notice (Recruitment)

This notice explains what personal data (information) we will hold about you, how we collect it, and how we will use it. It also explains how we may share data about you during the application process. 

Who collects the data

Scottish Forestry (the ‘Organisation’) is a ‘controller’ of personal data and gathers and uses certain data about you.

This data is also used by certain other organisations, when required, namely:

  • the Scottish Government
  • Forestry and Land Scotland via MidlandHR
  • iTrent (who provide and manage our HR software)
  • Amiqus, our Occupational Health Provider (currently Health Partners)
  • the Keil Centre
  • Disclosure Scotland

And so, in this notice, references to ‘we’ or ‘us’ mean the Organisation and these other organisations.

Data protection principles

We will comply with the data protection principles when gathering and using personal data, as set out in the Data Protection Act 2018 and UK GDPR.

Our recruitment process and data protection principles are compliant with the Civil Service Recruitment Principles ‘Success Profiles’ which can be found here.

Success Profiles (GOV.UK website)

About the data we collect and hold

What data

We may collect the following data throughout the recruitment process and before making a provisional offer of appointment:

  • your name, date of birth, and contact details (ie address, home and personal mobile phone numbers, personal email address)
  • details of your employment history (including job titles, reasons for leaving, company name, employment start/end date and job details)
  • confirmation of your right to work in the UK
  • confirmation of your eligibility to work for the Civil Service
  • equality, Diversity and Inclusion (‘EDI’) information (including marital status, religious or similar beliefs, ethnic origin, nationality, sexual orientation, sexual identification, gender identity)
  • whether you consider that you have a disability and/or any caring responsibilities and, if so, a description of these and any reasonable adjustments which may be required for the recruitment process
  • details of your referees

After an offer of appointment is made (but before any such appointment is confirmed), we will collect the following:

  • data regarding your academic and/or employment history and professional qualifications from references obtained about you from previous employers and/or education providers ☐
  • data regarding your criminal record via a Level 1 Disclosure check ☐
  • data regarding your right to work in the UK (including your nationality and immigration status and data from related documents, such as your passport or other identification and immigration information) ☐
  • a copy of your driving licence, passport, birth certificate and proof of current address (such as bank statements or council tax bills) ☐
  • data relating to your health if required – e.g. via an Occupational Health Referral ☐
  • evidence of how you meet the Civil Service nationality rules and confirmation of your security clearance which may include nationality details and information about any convictions, allegations and offences as part of our Baseline Personnel Security Standard checks ☐

  • information regarding outside interests including any paid outside occupation or work or interests that will be undertaken in addition to your position as a Civil Servant. This is for the purposes of ensuring that any roles or interests you hold do not conflict with or restrict your ability to carry out your duties as a civil servant, and ensuring that we and you comply with the obligations set out under the Official Secrets Act 1989 ☐

    Official Secrets Act 1989 (legislation.gov.uk website)

You are required (by law or in order to enter into your contract of employment) to provide the categories of data marked ‘☐’ above to us to enable us to verify your right to work and suitability for the position.

How we collect the data

We may collect this data from:

  • you
  • your referees (details of whom you will have provided)
  • your education provider
  • the relevant professional bodies
  • Health Partners, the Keil Centre
  • Disclosure Scotland
  • the Home Office

Why we collect the data and how we use it

We will typically collect and use this data for the following purposes (other purposes that may also apply are in line with the Data Protection Act 2018 and UK GDPR):

  • to take steps to enter into a contract
  • for compliance with a legal obligation (including, but not limited to, our statutory duties and reporting obligations in relation to Equality, Diversity and Inclusion)
  • for the performance of a task carried out in the public interest
  • for the purposes of our legitimate interests or those of a relevant third party (such as a benefits provider), but only if these are not overridden by your interests, rights or freedoms
  • because it is necessary for carrying out obligations or exercising rights in employment law
  • for reasons of substantial public interest (i.e. equality of opportunity or treatment, preventing or detecting unlawful acts)
  • for Freedom of Information purposes or other instances where we are required to share by for example, for public interest, by court order, or to prevent fraud or other crime
  • to establish, exercise and/or defend any legal claims that may be brought by or against us in connection with your recruitment 

We seek to ensure that our data collection and processing is always proportionate.

We will notify you of any changes to data we collect or to the purposes for which we collect and process it.

How we may share the data

We may also need to share some or all of the above categories of personal data with other parties such as:

  • Forestry and Land Scotland via iTrent
  • Amiqus
  • the Office of Protective Security
  • Security and Business Continuity
  • the Scottish Government
  • Health Partners
  • the Keil Centre
  • HR consultants and professional advisers

Usually, data will be anonymised but this may not always be possible. 

The recipient of the data will be bound by confidentiality obligations.

We may also be required to share some personal data with our regulators or as required to comply with the law.

Special category data and criminal records data

We handle special category data and data relating to criminal convictions and offences in line with the Data Protection Act and UK GDPR.

Further details are available from our HR team.

Email our HR team

Where data may be held

Data may be held electronically or at our offices, and electronically or at the offices of third party agencies, service providers, representatives and agents as described above.

How long we keep your data

We keep the personal data that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed.

How long we keep your data will depend on whether your application is successful and you become employed by us, the nature of the data concerned and the purposes for which it is processed.

We will keep recruitment data (including interview notes) for no longer than is reasonable, taking into account the limitation periods for potential claims (as extended to take account of early conciliation), after which they will be destroyed.

If there is a clear business reason for keeping recruitment records for longer than the recruitment period, we may do so but will first consider whether the records can be pseudonymised, and the longer period for which they will be kept.

If your application is successful:

  • we will keep only the recruitment data that is necessary in relation to your employment
  • you will receive access to our Employee Privacy Notice which will provide you with further information

FLS and SF employee privacy notice (employee intranet)

If you pass the recruitment Board, however another candidate scores more highly than you, we will automatically place you on a reserve list for a period of 12 months, during which period, your application will be considered by us for future vacant roles which are the same as the role you initially applied for.

You may opt-out of this reserve list by emailing our HR team.

Our approach to data retention and destruction are in line with the Data Protection Act and UK GDPR requirements.

Further details are also available from our HR team.

Email our HR team

Your right to object to us processing your data

Where our processing of your data is based solely on our legitimate interests (or those of a third party), you have the right to object to that processing if you give us specific reasons why you are objecting, which are based on your particular situation.

If you object, we can no longer process your data unless we can demonstrate legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Please contact our Data Protection Officer (DPO) if you wish to object in this way.

Email our Data Protection Officer (DPO)

Your rights to correct and access your data and to ask for it to be erased

Please contact our Data Protection Officer (DPO) (in accordance with applicable law) if you would like to correct or request access (a ‘Subject Access Request’) to data that we hold relating to you or if you have any questions about this notice.

Email our Data Protection Officer (DPO)

If you make a Subject Access Request, you will receive a copy of the personal information we hold about you, so you can check that we are lawfully processing it.

You may also request an electronic copy of any data you have provided in a structured, commonly used and machine-readable format.

You also have the right to ask our Data Protection Officer for some but not all of the data we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances.

Our Data Protection Officer will provide you with further information about the right to be forgotten, if you ask for it.

Keeping your personal data secure

We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way.

We limit access to your personal data to those who have a genuine business need to know it.

Those processing your data will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach.

We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Was this page helpful?

Rate your experience

Your feedback helps us to improve this website. Do not give any personal information because we cannot reply to you directly.

Your feedback helps us to improve this website. Do not give any personal information because we cannot reply to you directly.

Rate your experience

Your feedback helps us to improve this website. Do not give any personal information because we cannot reply to you directly.