Job Applicant – Privacy Notice
Purpose & Scope
This Privacy notice provides information in respect of the way in which Ovarro Limited and its
affiliated companies and subsidiaries (together, “The Company”, “Ovarro”, “we”, “our” or “us”),
collect and process personal data of job applicants (“you”, “your”).
Ovarro is aware of its obligations under applicable data protection legislation and is committed to
processing your data securely and transparently. This privacy notice sets out, in line with data
protection obligations, the types of data that we collect and hold on you as a job applicant. It also
sets out how we use that information, how long we keep it for and other relevant information about
your data.
Who Are We?
Data Controller:
Ovarro Group Ltd
Rotherside Road, Eckington, Sheffield, South Yorkshire, United Kingdom, S21 4HL
GDPR@Ovarro.com
Data Protection Principles
In relation to your personal data, we will:
• Process it fairly, lawfully and in a clear, transparent way
• Collect your data only for reasons that we find proper for the course of your employment in
ways that have been explained to you
• Only use it in the way that we have told you about
• Ensure it is correct and up to date
• Keep your data for only as long as we need it
• Process it in a way that ensures it will not be used for anything that you are not aware of or
have consented to (as appropriate), lost or destroyed
Types of Data Processed
Depending on your location and in respect of local legal obligations, we may hold varying types of
data about you, including:
• Your personal details including your name, address, date of birth, email address, phone
numbers
• Your photograph
• Gender
• Marital status
• Whether or not you have a disability
• Information included on your CV including references, education history and employment
history
• Documentation relating to your right to work in the UK or other appropriate location
• Driving licence
• Enhanced background checks or criminal record checks
• Medical information
• All other information presented on a CV
Data Collection Methods
We collect data about via the information you would normally include in a CV or a job application
cover letter, or notes made by our interviewers during a recruitment interview. Further information
will be collected directly from you when you complete forms at the start of your employment, for
example, your bank details and next of kin details. Other details may be collected directly from you
in the form of official documentation such as your driving licence, passport or other right to work
evidence.
In some cases, we will collect data about you from third parties, such as employment agencies,
former employers when gathering references or credit reference agencies.
Personal data is kept securely within Ovarro’s People and Culture and IT systems.
Processing Rationale
Data protection legislation allows Ovarro to process your data for specific purposes, including:
• To perform the employment contract that we are party to
• To carry out legally required duties
• To carry out our legitimate interests
• To protect your interests
All the processing carried out by Ovarro falls into one (or more) of the permitted reasons. Generally,
we will rely on the first three reasons set out above to process your data.
We need to collect your data to ensure we are complying with legal requirements such as:
• Carrying out checks in relation to your right to work in the location you are based
• Carrying out background/ hiring/ reference checks as necessary to complete the hiring
process
• Making reasonable adjustments (where appropriate)
We also collect data so that we can carry out activities which are in the legitimate interests of
Ovarro. Examples include:
• Making decisions about who to offer employment to
• Making decisions about salary and other benefits
• Assessing training needs
• Dealing with legal claims made against us
If you are unsuccessful in obtaining employment, we will retain your data in case other suitable job
vacancies arise within Ovarro for which we think you may wish to apply for not longer than 6
months. You are free to withdraw your consent to this and there will be no consequences for
withdrawing consent. To exercise this right, please contact gdpr@ovarro.com.
Special Category Data Processing
Special category data includes:
• Health
• Sex
• Sexual orientation
• Race
• Ethnic origin
• Political opinion
• Religion
• Trade union membership and
• Genetic and biometric data.
Ovarro commits to processing special category data in alignment with all appropriate data
protection legislation, including only when necessary. Most commonly, we will process special
categories of data when the following applies:
• You have given explicit consent to the processing
• We must process the data to carry out our legal obligations
• You have already made the data public.
We will use your special category data:
• For the purposes of equal opportunities monitoring
• We may also use this data for the purpose of making decisions regarding reasonable
adjustments
We do not need your consent if we use special category data to carry out our legal obligations or
exercise specific rights under national employment law. However, we may ask for your consent to
allow us to process certain particularly sensitive data. If this occurs, you will be made fully aware of
the reasons for the processing. You will have full control over your decision to give or withhold
consent and there will be no consequences where consent is withheld. Consent may be withdrawn
at any time. There will be no consequences where consent is withdrawn. To withdraw consent,
please contact gdpr@ovarro.com.
Criminal Conviction Data
We will only process criminal conviction data where it is appropriate given the nature of your role
and where the law permits us. This data will usually be collected at the recruitment stage, however,
may also be collected during your employment. We use criminal conviction data to confirm or
sustain an offer of employment, where it is a legal or contractual requirement for the role to be
undertaken.
We process this data because of our legal obligation to meet the contractual requirements of a
client to undertake the specified work.
Non-provision of Personal Data
One of the reasons for processing your data is to allow us to carry out an effective recruitment
process. Whilst you are under no obligation to provide us with your data, we may not be able to
process, or continue with (as appropriate), your application.
Data Sharing
Your data will be shared with colleagues within the group where it is necessary for them to
undertake their duties with regards to recruitment. This includes, for example, the People and
Culture department, those involved in the recruitment process, and the IT department where you
require access to our systems to undertake any assessments requiring IT equipment.
Your data will be shared with third parties if you are successful in your job application. In these
circumstances, we will share your data to process pension plans, and for employee benefits.
We may share your name and email address with third party screening company who will support
Ovarro in completing reference checks, right to work checks, DBS checks, and any other ad-hoc
hiring checks needed for the recruitment process or if an additional background check is needed to
support a specific project, this includes where existing employees may apply for and be promoted
into a new position that requires additional checks.
Data Retention
In line with data protection principles, we only keep your data for as long as we need it for, and this
will depend on whether you are successful in obtaining employment with us.
If your application is not successful, you will be informed of your rights via email. Unless you express
these rights by contacting Ovarro, we will keep your data for 6 months once the recruitment
process completes. At the end of this period, we will delete or destroy your data, unless you have
already withdrawn your consent to our processing of your data in which case it will be deleted or
destroyed upon your withdrawal of consent.
If your application is successful, your data will be kept and transferred to the systems we administer
for employees. We have a separate privacy notice for employees, which will be provided to you.
Automated Decision Making
No decision will be made about you solely based on automated decision making (where a decision is
taken about you using an electronic system without human involvement) which has a significant
impact on you.
Data Subject Rights
You have the following rights:
• Right of access – obtain a copy of your data
• Right to rectification – correct inaccurate information
• Right to erasure – request deletion where applicable
• Right to restrict processing
• Right to data portability
• Right to object to certain processing
• Right not to be subject to automated decision‑making
To exercise your rights, contact: gdpr@ovarro.com
Security Measures
We implement technical and organisational measures including:
• Encryption in transit and at rest
• Multi‑factor authentication
• Role‑based access controls
• Secure development practices
• Continuous monitoring and logging
Complaint Handling
Ovarro’s ensures all complaints are handled with the upmost care and attention whilst aligning to all
national and international legislation.
a. How to Submit a Complaint
• You may submit a complaint about how your personal data has been processed via:
• Email: GDPR@ovarro.com
• Postal address: Rotherside Road, Eckington, Sheffield, South Yorkshire, United Kingdom,
S21 4HL
b. Acknowledgement of Complaints
We will:
• Acknowledge receipt within 30 days
• Explain the next steps and expected timelines
c. Investigation Process
We will:
• Conduct a fair and impartial investigation
• Review relevant logs, records, and system activity
• Contact you if further information is required
• Provide a written outcome
d. Response Timeframes
After the initial acknowledgement within 30 days of receipt, Ovarro will resolve all complaints
without undue delay.
e. Escalation Options
If you are dissatisfied with our response, you may escalate to:
• Your employer’s data protection representative (if applicable)
• The Information Commissioner’s Office (ICO) if UK-based, or other national supervisory
authority.
• We will provide details of escalation routes in our written response.
Changes To This Policy
We may update this Privacy Notice to reflect changes in law or platform functionality. Significant
changes will be communicated to users directly.
Contact Us
For questions about this Privacy Policy or your data rights:
Data Protection Committee
GDPR@ovarro.com
Rotherside Road, Eckington, Sheffield, South Yorkshire, United Kingdom, S21 4HL