Coventry House,
Harry Weston Road,
Binley, Coventry,
West Midlands CV3 2TQ

When we use we, us or our, we mean Coventry Building Society.

Contact us

By Phone -02475 184611

By Email - HR.Operations@thecoventry.co.uk

Who is the data controller?

Coventry Building Society is the data controller for the personal data you share with us. This means that we’re responsible for deciding how we hold and use information about you in the context of your employment with us. We manage your personal data in line with data protection regulation.

Why we need to collect information

To set you up as a candidate on our recruitment system enabling you to register for job alerts, apply for jobs and to offer you employment. If you don’t give us the information we need, or if you don’t allow us to ‘process’ your information, you won’t be able to register for job alerts and we won’t be able to consider you for a job. For what we mean by ‘process’, see 'How we use your information'. We’ll ask you directly for most of the information we need, however we will collect information from third parties such as your referees.

If you give us information about someone else

You might give us information about another person. If you’re offered employment we’ll ask you for contact details of someone you would want us to get in touch with in an emergency situation.

We expect that:

• You have their permission to give us this information
• The other person understands how we’ll use their information
• The other person has no objection to us holding and using their information.

What information we hold about you

We collect your personal and special category data (sensitive personal data) at different stages of the recruitment and onboarding process either directly from you or from third parties such as our background screening provider, recruitment agencies, former employers, official bodies (e.g. regulators) or background check providers. The type of personal and special category data we collect are detailed below.

Personal information

At different points of your candidate experience we’ll need a variety of different personal information.

• your current and any previous names
• title
• telephone numbers
• current and previous addresses
• email address
• National Insurance number
• date of birth
• employment details (past and present)
• electronic signatures
• your next of kin details
• death in service recipient details
• if you were recommended by an existing employee of • ours we will hold their employee number you provided
• information collected during interviews
• CV and covering letter
• desired salary
• job preferences

This list isn't exhaustive and there may be other personal data we use when you register or apply with us and during the recruitment process. We’ll update this Notice when there are any specific changes worth noting.

Special category data

• health and medical details (including disability status, if relevant)
• biometric data for right to work eligibility (e.g. passport)
• psychometric assessment results

If you have provided and given us consent to use it, we’ll hold additional special category data such as:

• ethnicity
• sexual orientation
• religious beliefs

These are optional to provide on our recruitment sites for diversity monitoring purposes. You can contact us at any time if you no longer want us to use this information. For more information refer to the 'How to make a request under any of these rights' section within this Notice.

If you provide us with any information about reasonable adjustments you require such as:

• Disabilities
• Other health information

We collect this information to comply with our legal obligation in accordance with the Equality Act 2010

Criminal Record Data

Given the nature of our business and in order to comply with regulatory requirements we ask candidates to disclose their criminal and fraud record history and we carry out criminal record checks as part of our background vetting process and in compliance with our obligations in connection with employment.

Records of our contact with you

We’ll store notes of our contact with you on our HR systems. We'll also keep other records including emails, CV, covering letter, recruitment interview and assessment documents including psychometric results. If we’ve had any social media interactions with you, these will also be stored on the relevant platforms.

Cookies

Our careers site uses cookies which track your activity. For more information about this, read our Cookie Policy.

We’ll keep your personal data if you…

• Register on our careers site
• Agree to us contacting you about job opportunities
• Sign up to receive job alerts
• Apply for a job vacancy

How long we hold your personal data for

If you’ve provided consent to be contacted by us about other job opportunities or if you’re unsuccessful in your application, we’ll keep your data for up to 12 months. If you’re successful and become an employee we’ll keep information you provided during recruitment, as well as additional information obtained during your employment, for up to seven years, following the end of your employment with us. While we hold your data we’ll keep it safe and secure, and we’ll regularly review the rules around how long we keep it for.

When we no longer need your data we’ll destroy it safely and securely.

We use your information to:

• keep you informed about job opportunities that may interest you
• consider your application for employment with us (including carrying out background and reference checks, where applicable)
• to make reasonable adjustments that you may require
• offer you a contract of employment and benefits
• develop and improve our careers websites and processes
• make sure we comply with the law or regulations which govern our activities

Data protection laws require us to explain what ‘legal grounds’ justify us processing your information, including sharing it with other organisations.

The legal grounds are:

• contract
• legal obligation
• consent
• legitimate interests

Contracts

• to make a decision about your recruitment or appointment
• to complete our pre-employment vetting checks in order to provide you with a contract of employment. Examples are references, credit, fraud and criminal checks
• to determine the terms on which you work for us
• to pay you during employment
• to deduct tax and National Insurance contributions once you’re employed
• to administer the contract we have entered into with you
• to verify who you are and make checks so we can prevent fraud, money laundering and other relevant conduct. We need to do this before we enter into a contract with you.
• to complete our interview and assessment processes
• to assess your fitness to work

Legal Obligation

• to make sure we comply with employment law
• to make reasonable adjustments
• to check you have the correct right to work eligibility
• to check your suitability for certain jobs to comply with our regulatory requirements
• to comply with health and safety obligations
• to prevent fraud, money laundering and other relevant conduct
• to assess if we need to make reasonable adjustments to the recruitment process for candidates with specific needs

With your consent

• To keep you informed about other job vacancies you may be interested in
• To use some of your special category data such as gender and ethnicity to monitor diversity

We ask for your permission to send you SMS text messages, job alerts and to add you to our talent pool which means we can let you know about other job opportunities when you register on our careers site. If you want to stop receiving them, you have the option to unsubscribe from the email received or by updating your preferences in your profile. If you no longer want to be included in our talent pool for other opportunities, you can let us know by updating your preferences.

We collect your equal opportunities special category data with your consent when you register on our careers site and on our onboarding site. If you wish to withdraw your consent for the use of this type of data contact us at HR.Operations@thecoventry.co.uk or call us on 02475 184611.

Our legitimate interests

This means the purpose is essential or relevant to our business. Where we need to process your data and it’s essential and relevant to our business (our legitimate interests), we’ve considered why we’re doing this and if it should take priority over your interests and rights and decided it should. Our legitimate interests, for example, could be:

• to create your employee record and to keep our records up to date
• to develop and improve our careers websites and processes
• to protect our members and staff by recording CCTV footage in our branches and offices
• to hold your next of kin contact details in the event of an emergency
• to provide you with employee benefits such as life assurance, pension, private medical insurance, company car
• to deal with legal disputes involving you

Automated decision making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision making.

We’ll only share your information with other organisations for the reasons detailed in this Notice.

Your personal and special category data is shared with our website and recruitment online system provider, in order for you to register and apply for job vacancies. They will not share your information with any other organisation and can only process your information in the ways we have instructed.

Your data is also shared with our background screening provider who will carry out some pre-employment vetting checks on our behalf.

We and our background screening provider will share your data with third parties as part of the pre-employment checks, including:

• credit reference agencies
• Disclosure Barring Service (DBS)
• Cifas (a fraud prevention agency)

Our background screening provider will ask you for your agreement to the checks. They need to be able to show the third parties above that the checks are carried out with your agreement.

Without your agreement, our Background Screening Provider can’t complete the checks and we can’t offer you employment. Any offer of employment made is subject to satisfactory preemployment checks, including references.

We or our background screening provider will check your details against the Cifas databases established for the purpose of allowing organisations to record and share data on their fraud cases, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct (‘Relevant Conduct’) carried out by their employees and potential employees.

The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and other relevant conduct and to verify your identity.

A record of any fraudulent or other Relevant Conduct by you will be retained by Cifas and may result in others refusing to employ you. If you have any questions about this, please contact us using the details provided.

We, and Cifas, may also enable law enforcement agencies to access and use your personal data to detect, investigate, and prevent crime. Cifas will hold your personal data for up to six years if you are considered to pose a fraud or Relevant Conduct risk. Should our investigations identify fraud or any other Relevant Conduct by you when applying for or during the course of your engagement with us, your new engagement may be refused or your existing engagement may be terminated or other disciplinary action taken (subject to your rights under your existing contract and under employment law generally).

If you apply for an executive or non-executive director position with us, your data will also be shared with a media checking company.

Your personal information may also be shared with our third party assessment provider in order to set you up with online assessments, as part of the selection process for the job.

We’ll share some of your personal information with HMRC for tax and National Insurance purposes once you’re employed.

If you’re eligible for private medical insurance we’ll share your name, date of birth and email address with our private medical insurance provider in order for you to access this benefit.

Your name and email address will be shared with our occupational health provider who’ll email you a medical questionnaire to complete. The information you provide enables them to recommend work place adjustments for any specific needs you may have.

If you’re employed by the Society in a role that is subject to the Senior Manager or Certification regime, then your data will be shared with the Financial Conduct Authority (FCA). If you're employed in a different role, we may also need to share your information with the FCA if they ask for it.

To spell out what we don’t do with your information:

• we’ll never sell your data to anyone else
• we’ll never use your data to send you marketing information selling products or services by other organisations

We can change the companies we use or appoint to provide services. When we appoint a company to provide a service on our behalf, they must meet our strict requirements about the security and privacy of your data. They are only allowed to use the personal data for the purposes stated in this Notice, and not for their own purposes. They’re not allowed to use the data for anything else without our permission.

Transferring personal data outside the EU

Occasionally we, or a supplier, may need to transfer data to countries outside the European Economic Area. Other countries may not have the same standard of data protection regulation as we do here in the UK. In these circumstances, we have safeguards to make sure your data is transferred securely and in line with the UK data protection standards. We’ll conduct international checks if you have lived or worked outside the UK within the last six years for the reasons set out in ‘How we use your information’ above, in particular, making a decision about your recruitment.

Where fraud prevention agencies transfer your personal data outside the European Economic Area they’ll make sure the recipient’s obligations to protect your data and share it securely are outlined in their contracts.

They may also need to sign up to ‘international frameworks’ which will give assurance that data will be shared securely.

By giving us your information, you become a ‘data subject’. Here are the rights you have as a data subject, under data protection laws:

• to be informed about how we process your personal information
• to have your personal information corrected or updated if it’s inaccurate or incomplete
• to object to us processing your personal information
• to restrict how we process your personal information
• to have your personal information erased
• to request access to your personal information and details about how we process it
• to move, copy or transfer your personal information (this is called ‘data portability’)

Not all rights apply in all circumstances, the rights you have our linked to the Legal ground used for your processing. For example, if we are legally obliged to process certain information the right of erasure will not apply. We will let you know if you make a request whether we are able to comply or not and the reasons why.

Remember that the majority of the information we hold or share is essential in order to consider you for a job. For example if you're applying for a job vacancy and don't want us to share your details with a credit reference agency, then we can't go ahead with your application.

To ask us about these rights or to make a formal request (which is usually free of charge), get in touch with our HR Operations Team. Our contact details can be found in the ‘Who we are’ section. It’s important that you state you’re making a data subject rights request in your correspondence. We’ll reply to you as soon as we can and within 30 days. If we can’t reply within 30 days, we’ll let you know. For security, you must give us some details before we can disclose our records.

To make a request to a credit reference agency, Cifas or Disclosure Barring Service (DBS), you must contact them directly. The credit reference agencies we normally use are below along with where to find their ‘Credit Reference Agency Information Notice’ (CRAIN).

Equifax Ltd

www.equifax.co.uk/crain
Customer Service Centre
PO Box 10036
Leicester LE3 4FS

Experian

www.experian.co.uk/crain
Consumer Help Service
PO Box 8000
Nottingham NG1 5GX

Callcredit PLC

www.callcredit.co.uk/crain
One Park Lane
Leeds LS3 1EP

You can see the information these agencies hold about you, and read their Privacy Notices, on the websites above. Contact them directly and they’ll explain how to make a request and how much it costs.

If you have any questions or want to complain about how we collect or process your information, get in touch. If the information we hold about you is incorrect, let us know and we’ll investigate and update our records.

You can also find out more about your rights under the data protection regulation on the Information Commissioner’s Office website ICO.org.uk or by writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF

If you’re not happy about something we’re doing, please let us know. We aim to resolve any concerns promptly and fairly. If you have a complaint about data protection or how we use your data, contact our Data Protection Officer at Data.ProtectionOfficer@thecoventry.co.uk. Or you can complain at any time to the Information Commissioner’s Office, an independent government organisation.

Find out more at ICO.org.uk.

Or write to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF

This notice is effective from July 2023. We update our Privacy Notice when anything changes or there’s new information we need to tell you.