Recruitment Privacy Notice

Introduction

For our Splitsville Privacy Policy, please visit Privacy policy :: Splitsville Careers.

Hollywood Bowl Group (referred to as “HWBG”, “Hollywood Bowl”, “We”, “Our” or “Us”), is committed to protecting the privacy and security of your personal information.

You have been directed to, or otherwise sent a copy of this privacy notice because you are applying for work with us (whether as an directly as an employee, or as a contractor or temporary worker through a third party).  This notice makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for.  It provides you with certain information that must be provided under the Data Protection Legislation.

In the UK, Data Protection Legislation means the Data Protection Act 2018 (‘DPA 2018’), United Kingdom General Data Protection Regulation (‘UK GDPR’), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (‘PECR’) and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the General Data Protection Regulation (Regulation (EU) 2016/679) (‘EU GDPR’). This includes any replacement legislation coming into effect from time to time.

Depending on your location, additional legislation might also apply. Unless otherwise stated, Hollywood Bowl will process your Personal Data in accordance with Data Protection Legislation as defined above. For more information on local data protection legislation which may apply in your jurisdiction, please see the Local Data Protection Legislation section below.

If you are successful in your application, you will be provided with a separate privacy notice relating to your employment with us.

Data Controller

Hollywood Bowl Group is the controller for the personal information we process as identified in this privacy notice.

We are registered with the United Kingdom’s Information Commissioner’s Office (ICO) with registration number ZA848152 . For more information on regulators which may apply in your jurisdiction, please see the Local Data Protection Legislation section below.

We have appointed a Data Protection Officer (DPO) to help us monitor internal compliance, inform and advise on data protection obligations, and act as a point of contact for data subjects and the relevant supervisory authority. For further details on how you can contact our DPO please see the contact us section below.

The information we collect and when

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:

·       The information you have provided to us in your resume.

·       Information that you must provide us as part of our application form, including first name, last name, email address, phone number and postal address.

·       Information that is optional for you to provide as part of our application form, including the date you are available, your desired pay and a link to your website/blog/portfolio/LinkedIn.

·       Any information you provide to us during an interview.

·       The results of any tests or assessments as part of our interview process

·       Information generated from background and/or security checks, where necessary, which could include information about criminal convictions and offences.

·       Cookies and IP addresses if you have applied via our wesbite. For more information please see our Cookie Policy on our website.

·       CCTV/BodyCam images if you visit one of our sites.

We may also collect, store and use the following types of more sensitive personal information:

·       Information about your race or ethnicity, religious beliefs, sexual orientation.

·       Information about your health, including any medical condition, health and sickness records.

Please see Special Category Data below for details on why this data is collected.

How we collect and use your information

In most instances we collect personal information directly from you, the candidate, for example through our online application form. In other instances, we may collect personal information from:

·       Recruitment agencies

·       Background and pre-employment check providers

·       Credit reference agencies

·       Your named referees

·       Publicly available sources (such as LinkedIn)

We will use the personal information we collect about you to:

·       Assess your skills, qualifications, and suitability for the role

·       Carry out background and reference checks, where applicable

·       Communicate with you about the recruitment process

·       Keep records related to our hiring processes.

·       Comply with legal or regulatory requirements.

We only process your data when we have a lawful basis to do so:

·       It is in our legitimate interests to decide whether to appoint you as it would be beneficial to our business to appoint someone in the position you have applied for.

·       We also need to process your personal information to decide whether to enter into a contract of employment with you.

·       We may ask for your consent to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that.

If you fail to provide information when requested, which is necessary for us to consider your application, we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

How we use particularly sensitive personal information

Special Category Data

We may use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.

We may use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting in accordance with any governing legislation or such that a regulatory body requires us to do so.

Information about criminal convictions

Depending on the jurisdiction in which you operate and on your specific role, we may collect information about your criminal convictions history if we offer you a position with us and you accept (conditional on checks and any other conditions, such as references, being satisfactory). We do this to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role and as part of our security policy. Our roles require a high degree of trust and integrity and it is therefore best practice to undertake such checks and a pre-requisite in some instances.

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our Data Protection Policy.

Automated decision making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Who we might share your information with

We will only share your personal information with the following third parties for the purposes of processing your application: our internal recruitment team, recruitment agencies and HR (our HR management and recruitment system) and parties involved with pre-employment checks, VISA applications and so on. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers of information

Your Personal Data is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to Devices located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction. Where this occurs, Hollywood Bowl Group will ensure that:

·       the security and confidentiality of your Personal Data is secure at all times;

·       any Data Controller receiving your Personal Data has entered into an agreement with HWBG which contains standard data protection clauses as required by UK and/or EU GDPR or there is an alternative appropriate safeguard in place governing the transfer; and,

·       any Data Processor receiving your Personal Data has entered into an agreement with HWBG which contains the required Data Processor clauses as well as standard data protection clauses as required by UK and/or EU GDPR or there is an alternative appropriate safeguard in place governing the transfer.

Where you are based in the UK or EU and we were required to transfer your Personal Data out of the UK or EU to countries not deemed by the ICO or European Commission (as relevant) to provide an adequate level of Personal Data protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with applicable Data Protection, such as the specific contracts containing standard data protection clauses approved by the ICO or European Commission (as relevant) providing adequate protection of Personal Data.

Your rights over your information

The right to be informed about our collection and use of personal data

You have the right to be informed about the collection and use of your personal data. We ensure we do this through this privacy notice. This is regularly reviewed and updated to ensure it is accurate and reflects our data processing activities.

The right to access your personal information

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed a ‘Data Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within one month from when your identity has been confirmed.

We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

If you would like to exercise this right, please contact us as set out below.

Right to rectify your personal data

If any of the personal information we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct it.

If you would like to exercise this right, please contact us as set out below.

Right to object or restrict your processing of your data

You have the right to object to us processing your personal information for particular purposes or have its processing restricted in certain circumstances.

If you would like to exercise this right, please contact us as set out below.

Erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

If you would like to exercise this right, please contact us as set out below.

Right to portability

The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.

 If you would like to exercise this right, please contact us as set out below.

For more information about your privacy rights

Supervisory authorities regulate data protection and privacy matters in the country in which they operate. You can make a complaint to the relevant supervisory authority (see Local Data Protection Legislation below)) at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first using the contact details above. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

How long we keep your information for

For unsuccessful candidates, we will retain your personal information for no longer than 24 months after we have communicated to you our decision about whether to appoint you. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our Data Retention Policy and in line with current Data Protection Legislation. If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a longer period. If we do not contact you in 24 months, we will delete the data. You have the right to withdraw your consent for processing for this purpose at any time. To withdraw your consent, please contact us as set out below.

Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. If you would like additional assurances regarding how we process data securely, please contact us as set out below.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Changes to our privacy notice

We may change this privacy notice from time to time (for example, if the law changes). We recommend that you check this notice regularly to keep up-to-date.

Local data protection legislation

Unless otherwise stated, UK Data Protection Legislation applies to the processing of your Personal Data. Depending on your location, additional Local Data Protection Legislation might also apply.

Hollywood Bowl Group is regulated by the ICO in the UK. Depending on your location, the regulation of the processing of your Personal Data might also involve one or more of the following supervisory authorities. If you are based in a location not listed below, please consider the supervisory authority relevant to your processing to be the ICO in the UK unless otherwise stated.

Location

Local Data Protection Legislation

Supervisory Authority Contact Details

Argentina

Personal Data Protection Act, Act No. 25.326 of 2000 ('the Argentina Act')

Agency for Access to Public Information (Agencia de Acceso a la Información Pública) (AAPI)

 

http://www.jus.gov.ar/datos-personales.aspx

Chile

Law No. 19.628 on the Protection of Private Life 1999 (‘the Chile Law’)

Chilean Transparency Council (Consejo Para La Transparencia) (CPLT)

 

https://www.consejotransparencia.cl/

Colombia

Statutory Law 1581 of 2012 (October 17) Which Issues General Provisions for the Protection of Personal Data (‘the Colombia Law’)

Decree 1377 of 2013 (June 27) Which Partially Regulates Law 1581 of 2012 (‘the Colombia Decree’)

Colombian Data Protection Authority (Industria y Comercio Superintendencia) (SIC)

https://www.sic.gov.co/manejo-de-informacion-personal

 

Czech Republic

Act No. 110/2019 Coll. on Personal Data Processing ('the Czech Republic Act')

EU GDPR

The Office for Personal Data Protection (Úřad pro ochranu osobních údajů) (UOOU)

https://www.uoou.cz/en/

Poland

Act of 10 May 2018 on the Protection of Personal Data (‘the Poland Act’)

EU GDPR

The Personal Data Protection Office (Urzad Ochrony Danych Osobowych) (UODO)

https://uodo.gov.pl/en

Portugal

Law No. 58/2019, which Ensures the Implementation in the National Legal Order of the General Data Protection Regulation (Regulation (EU) 2016/679) on the Protection of Individuals with Regards the Processing of Personal Data and the Free Movement of Such Data (‘GDPR Implementation Law’)

EU GDPR

National Commission for the Protection of Data (Comissão Nacional de Proteção de Dados) (CNPD)

www.cnpd.pt

 

Spain

Organic Law 3/2018, of 5 December 2018, on the Protection of Personal Data and Guarantee of Digital Rights (‘LOPDGDD’)

EU GDPR

Spanish Data Protection Agency (Agencia Española de Protección de Datos) (AEPD)

https://www.aepd.es/es

UK

DPA 2018

UK GDPR

PECR

Information Commissioner’s Office (ICO)

https://ico.org.uk/global/contact-us/

US

California Consumer Privacy Act of 2018 ('CCPA')

California Online Privacy Protection Act (‘CalOPPA’)

California Invasion of Privacy Act (‘CIoPA’)

California Civil Code Section 1798 (‘Shine the Light law’)

California Business and Professions Code Section 22581 (‘California Privacy Rights for Minor Users’)

Federal Trade Commission (FTC)

www.ftc.gov

 

The California Attorney General (CAG)

http://oag.ca.gov/

Uruguay

Law No. 18.331 on the Protection of Personal Data and the Habeas Data Action 2008 (‘the Uruguay Law’)

Decree No. 414/009 Regulating Law 18.331 Relating to the Protection of Personal Data (‘the Uruguay Decree’)

Decree No. 64/020 on the Regulation of Articles 37-40 of Law No. 19.670 of 15 October 2018 (‘the Uruguay 2020 Decree’)

Uruguayan Data Protection Authority (Unidad Reguladora y de Control de Datos Personales) (URCDP)

https://www.gub.uy/unidad-reguladora-control-datos-personales/

 

How to contact us

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this notice, the way your personal information is processed, please contact our DPO by one of the following means:

By email: [email protected]

By post: Focus 31, West Wing, Cleveland Road, Hemel Hempstead, Herts, HP2 7BW

Website contact form

By phone: 01442 840200

Thank you for taking the time to read our privacy notice.

Revision History

Date of Change

Author

Summary of Change

4 August 2022

DPO Centre

Initial creation