Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us and that you understand how we use it and who we share it with.
a) sets out the types of Personal Data we collect;
b) explains how and why we use your Personal Data;
c) explains when and why we share your Personal Data within the Tesco Group and other third parties: and
d) explains the rights and choices you have.
Where we refer to “Booker”, “us”, “we” or “our” in this policy, we mean the Booker company which is relevant to you.
Booker is the Data Controller of the Personal Data collected under this policy.
Booker is part of the Tesco Group, If you are applying for a job with any other Tesco company such as Tesco stores limited, then Tesco stores limited will be the data controller for that application process.
3. Categories of personal data we collect.
Personal Data is the term we use to describe your personal information. Personal Data is information that can identify an individual. Personal Data may be available in different formats, for example, electronically, paper form
3.1 Categories of personal data
Categories of Personal Data we may collect, and use include:
Personal Data Sensitive Personal Data
• Identification data - such as your name, age, date of birth, gender
• Contact details - such as home address, personal and home telephone numbers, personal email addresses.
• Current Employment details - such as job title/position, company, work location.
• Family details – marital status
• Communications – copies of communications/correspondence between you and us about this website or job application
• Personal information – information you submit as part of any job application, for example you career history, education, salary, and CV. For certain roles, information connected to criminal background checks (DBS). If applicable to your role drug and alcohol test.
• Right to work information – where required information regarding your right to work in the UK
• CCTV images – your images may be captured on CCTV when attending any face to face interviews. Signage will be on display in locations with CCTV.
• Analytics to help us improve the user experience of the website. Examples of this type of information is the type of internet browser you use, type of operating system you are using and the domain name of the website from which you linked to our site or advertisement.
• Drug and Alcohol testing results – you may be required to undertake tests for certain roles.
• Information you may voluntarily submit as part of any equal opportunity questionnaire including any self-declared disabilities that we would need to make reasonable adjustment for to support your application and any future employment.
• Religion – Northern Ireland only
4. .Policy Requirements
4.1 Why we use your personal data
We collect and use Personal Data about you throughout the employment relationship - from when you join the company, throughout your career with us and after you have left to:
• Review and process your application.
• To keep you up to date on its progress
• For data analytical, assurance and review purposes (for example by analysing your application to improve our recruitment process).
• To resolve grievances and complaints that involve you.
• In relation to self-declared disabilities for us to make a reasonable adjustment to support your application and any possible future employment.
• In relation to any equality questionnaire data, to monitor our equality and composition.
• In relation to any right to work information we collect; we do this to ensure we comply with the law in employing you.
• In relation to any criminal records checks we complete, to ensure we comply with company policy.
• In the event that your application is successful, we may use your data to prepare our systems for your employment, prepare work schedules, to create an email address for you or to authenticate your identity.
• In relation to drug and alcohol testing to ensure you are fit and safe to work.
• To keep you updated on any other suitable vacancies.
4.2 Legal bases for processing personal data
In relation to the Personal Data processed by Booker,
a) Other than as stated in the rest of this section 4.2, Booker relies on its legitimate interests to process your personal data.
Our legitimate interests in processing your Personal Data are:
Legitimate interest Explanation
1. To recruit, promote, develop, and retain our colleagues Checking references/qualifications, carrying out criminal record or other background checks (for certain roles only), ensuring candidates have the right skills and experience.
To recruit and retain the right candidates
2. To perform our role as your employer Processing payroll, administering employee benefits, maintaining colleague personnel files, providing, responding to subject access requests, providing pension schemes, processing joiners.
3. To promote a safe, fair and secure working environment for all colleagues Monitoring compliance with our policies, procedures and practices that apply to you, conducting drugs and alcohol testing where necessary.
Use of CCTV and other technologies to help monitor and maintain a safe and secure environment for our colleagues.
In relation to monitoring workforce equality, diversity, and equal pay.
4. To resolve queries, and complaints that involve you Resolving any complaint in a fair and transparent manner
5. To administer our internal business operations Sharing your basic credentials to get you set up on our systems if you accept an offer of employment.
6. For general research and statistical purposes 5. Producing core business statistics on recruitment to ensure that we have a fair and transparent recruitment process.
b) For the data we process as part of our “right to work” checks (related to your identification, nationality, and immigration status), because we are required by law to do so. If you do not provide us with this information, we will not be able to progress your application.
c) We process pay, benefits and taxation data and share this with HMRC, other government agencies and to comply with, for example, court orders and the Government Pensions Dashboard, because we are required to do so by law.
d) We process your bank details, National Insurance number and salary so that we can pay you as required by our employment contract with you.
e) Please see section 4.3 below for information on why we process certain sensitive personal data (as defined in section 3).
f) If you are requested to complete a drug or alcohol test, we will only do so with your consent.
g) If we need to carry out criminal records checks because of the nature of your role, we process this information in accordance with our rights and obligations in the area of employment law. This processing is also either required by law or necessary for our legitimate interests (as described in section 4.2(a) above.
h) Applicable in Northern Ireland only – we process data about your religion, gender, marital status and any disability as this as required by law (Fair employment legislation) on order to monitor the religious composition of your workforce, applicants, and submitting annual monitoring returns to the Equality Commission Northern Ireland.
4.3 Sensitive Personal Data
We collect and use this personal data about you throughout the employment relationship – from when you join the company, throughout your career with us and after you have left to:
a) To comply with our regulatory and legal obligations (including monitoring compliance, and complying with, equal opportunities and treatment legislation)
b) To protect us against crime (such as by collecting information about your criminal convictions, including “spent” convictions in some cases, or by carrying out criminal record checks on you), on the basis that the processing is required to prevent or detect any unlawful act which you may have committed and comply with our regulatory requirements.
c) In the event of an candidate suffering from an illness, such as epilepsy, it may be necessary for us to disclose this information (without the individual’s permission) to those administering first aid in an emergency, on the basis that the processing would be required to protect your health and vital interests where your permission for data processing cannot be given or you cannot reasonably be expected to obtain it.
d) If you choose to provide any sensitive personal data (as defined in section 3) about yourself as part of your application, we process that information based on your consent to make reasonable adjustment for to support your application and any future employment.
4.4 Sources of personal data
Personal Data we hold about you is either:
• Direct - personal data we receive directly from you, including information provided by you when you fill out forms (both on paper or digitally), apply for roles, provide us with your contact details, provide us with payment details and provide us with any further information in connection with your application, or
• Indirect – personal data we generate about you (such as interview records, we also generate this information through monitoring of systems, such as CCTV.
4.5 Sharing your Personal Data
We may share your Personal Data with the following third parties, these are:
• Service providers and partners who provide services for us or on our behalf. Namely: a) where suppliers provide us with outsourced services (such as website administration, applicant tracking system, administration, facilities management, and IT support); b) where we use professional service companies to give us advice and support (such as law firms, completing right to work checks, criminal background checks and candidate screening and assessment).
• Group companies. For example, sharing information on our recruitment process and plans with another Tesco company (such as Tesco stores limited, Tesco Mobile, Tesco Bank), for the purpose of administering benefits such as Clubcard, providing services such as licensing, conducting group led surveys, provision of pensions, employee share schemes and other admin services such as contract management.
• Government agencies, regulatory bodies, and law enforcement agencies where we are obliged to or permitted to, by law;
• Where we restructure, sell or transfer our business (or a part of it). For example, in connection with a takeover or merger.
You may also share your personal data with third parties directly e.g., third parties who manage our recruitment process, our right to work checks and criminal record checks. When sharing your personal data with third parties you should be mindful that they will have their own privacy policies.
4.6 Transfer of Personal Data outside of the European Economic Area
Your Personal data may be transferred to (or accessed from) outside of the UK, either to companies within the Tesco group or to non-Tesco companies that provide us with services. An example of this is when we share colleague data with Tesco Business Services (based in India) for a few services (to system access, headcount reporting and pensions). We may also transfer your personal data abroad as part of any international secondment you go on.
When transferring your personal data outside the UK we ensure that the destination country has an adequate level of protection for your personal data (like that in the UK), or that the company receiving the personal data has given us appropriate safeguards (most frequently this done by agreeing specific data protection contract clauses).
• Remember your preferences such as language.
• Monitor the general performance of our visitors experience when on the website- this allows us to improve the usability of our website for you and all our other visitors.
• Store essential information to allow you to register and/or login to our site;
• Allow you to share any of the website pages with your social networks – but only if you explicitly choose to do so.
Insert table of cookies
4.8 How we protect your Personal Data
We know how important it is to protect your personal data. This section sets out some of the measures we have in place:
• We apply physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data;
• We protect the security of your information while it is being transmitted by encrypting it;
• We use computer safeguards such as firewalls and data encryption to keep this data safe;
• We only authorise access to employees and trusted partners who need it to carry out their responsibilities.
We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security; Whilst we take appropriate technical and organisational measures to safeguard your personal data, it is important that you keep your login details and devices protected from unauthorised access.
4.9 How long your personal data is retained.
We need to keep personal data for different time periods, depending on what the personal data is and why we need it.
For the data you provide to register on our jobs recruitment we retain this for 12 months, this may be extended if you consent to extend this timeframe.
For unsuccessful candidates we keep information for 6 months after the conclusion of the recruitment process unless you consent to keep your account to be kept informed of any other suitable job opportunities.
If you do not use your account in any way, including reviewing or updating your information, or making a further job application. We will contact you 3 times to ask, after this time, your account will be automatically deleted. This will not prevent you from creating a new account or making future job applications using the same email address.
4.10 Subject Access Right
You have the right to see the Personal Data we hold about you. This is called a Subject Access Request.
If you would like a copy of the Personal Data we hold, please contact DSAR@Booker.co.uk.
Alternatively, you can write to write to:
Data Protection Officer, Booker Ltd, Equity House, Irthlingborough Road, Wellingborough, Northants.NN8 1LT
You can also email DPO@Booker.co.uk
4.11 Other Data Protection Rights
In relation to your Personal Data, you also have the right to:
A. Have inaccurate information corrected:
Summary of the right:
It is important that the personal data we hold about you is accurate and that you notify us of any changes to your personal data, so it can be updated it. This would include data such as:
• Name (we’ll need proof of this such as marriage, civil partnership, or deed poll certificate)
• Emergency Contact
• Bank details etc
• Right to Work details/Visas
B. Object to our use of it:
Summary of the right:
If you object, we will then consider your objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it (see section C below) or delete it (see section D below).
C. Restrict our use of it:
Summary of the right:
There are several situations when you can restrict our use of your personal data, including where;
- You have successfully made an objection (listed in section B above).
- You are challenging the accuracy of the Personal Data we hold.
- We have used your Personal Data unlawfully, but you do not want us to delete it.
D. Have us delete it:
Summary of the right:
There are several situations when you can have us delete your personal data, including where:
- - We no longer need to keep your Personal Data;
- - You have successfully made an objection (listed in section B above).
- - We have unlawfully processed your Personal Data.
E. Have a copy ported:
Summary of the right:
As a colleague, your right to have us “port” your personal data applies in relation to the personal data set out in section 4.2 (d). You can obtain a copy of this data from an online version of your payslip.
4.12 The Data Protection Regulator
Booker would like the chance to resolve any complaints you have; however, you also have the right to complain to the UK data protection regulator (the ICO) about how we have used your personal data. Their website can be found here https://ico.org.uk
Their website also contains useful information about your privacy rights.
5. Roles, Responsibilities and DPO
6. Policy Review and Update
This policy will be reviewed at least annually by the Privacy Team. The latest version can be found on the Policy hub on Our Booker and on the Booker recruitment website.
7. Related Policies, Standards, and Processes
Version No. Date of change Summary of change
1.0 Original version
2.0 Update of existing Policy with the following changes;
• Added in details of sensitive data processed in Northern Ireland only which is required to be reported by law.
• Included CCTV images being captured as part of the recruitment process.
Policy owner: Booker HR People Team/ Booker DPO
This policy and any associated documentation remain the property of Booker.