Employee and Recruitment Privacy Policy

This Privacy Notice sets out what information we collect from our prospective employees, how we use the information, how we protect the information and your rights. We are committed to ensuring your privacy is protected in accordance with Data Protection Standards.

We use the following definition for Personal Data:

Personal Data Information relating to identifiable individuals, such as job applicants, current and former employees, agency, contract and other staff, clients, suppliers, and marketing contacts. Personal data we gather may include individuals contact details, educational background, financial/credit worthiness and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title and CV.
Sensitive Personal Data Personal data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings – any use of sensitive personal data will only ever be carried out with express permission of the individual.

We may change this policy from time to time by updating this notice. Any changes to the use of your personal data will be advised to you, prior to that change of use.

What this Privacy Notice relates to

This Privacy Notice relates to our Recruitment and Employment processes.

Who are we?

The Beal Group Ltd.

Contact us

Telephone: 0141 773 2166
Address: 1 Little Drum Road, Westfield, Cumbernauld, G68 9LH
Email: rrae@bealgroup.co.uk

Your rights

You can see your full rights from the Information Commissioners office here:


What Personal Data are we collecting? – Recruitment

To ensure that we can process your application to work with use, we will be processing the following information:

  • Your full name, address and contact details
  • Identification and legal status to work in the UK
  • References and certifications that you have provided us with
  • Any specific health issues that you may be required to disclose depending on the nature of the role you are applying for
  • Any other information that you provide in your CV or written application – that we have no control over

Are we likely to need any Sensitive Personal Data?

Yes. In some cases, you will be required to provide evidence that, depending on any medical condition you disclose to us, you are able to undertake the role we may offer you.

Why we need this information?

We need this information to enable us to assess you against the criteria we set of each other, in order that we can shortlist candidates for final interview.

What Personal Data are we collecting? – Employment

We may have already obtained some personal information as part of the recruitment process, such as on your CV, references, training qualification & certifications, specific health issues concerning your role. We also have other identification data, such as ID documents (Driving License, Passport, Immigration Status) as part of our recruitment process, and you can refer to our Privacy Notice on Recruitment.

To ensure that we can fulfil our contractual and statutory obligations as an employer, the types of information which we hold includes the following:

  • Contract data – Name, email address, phone number, postal address, Next of Kin.
  • Identification and legal status to work in the UK.
  • References and certifications that you have provided us with.
  • Any specific health issues that you may be required to disclose depending on the nature of the role you are applying for.
  • Any other information that you provide in your CV or written application – that we have no control over.
  • Financial Data – bank details, tax, and National Insurance information as we require this to be able to pay under a BACS process.
  • If your role involves travel, we may also need to obtain copies of your driving license and/or passport for us to be able to arrange travel or hire cars.
  • If your role entitles you to private medical or other health insurance, we may at some point be in possession of some of your medical data.
  • Employment data – your contract of employment and any amendments to it; correspondence with or about you, for example letters to you about a pay rise; records of holiday, sickness and other absence, information needed for equal opportunities, monitoring policy, records on your career history, such as training records check, appraisals, other performance measures and, where appropriate, disciplinary and grievance records.
  • Health & sickness information – in addition to health information you may have supplied to us at the start of employment, where necessary, we may keep information about your health, which could include reasons for absence and GP reports and notes, to ensure we comply with our health and safety obligations and whether any adjustments to your job might be appropriate. We may also need this data to administer and manage statutory and company sick pay or any health insurance or life insurance policies we offer as benefit to employees.

You will also be referred to in many company documents and records that are produced by you and your colleagues while carrying out your duties and the business of the company.

Are we likely to need any Sensitive Personal Data?

Yes. During the recruitment process you may have already been required to provide information about any medical conditions which may affect your ability to do the role you have been recruited for. If this medical condition is ongoing, or if you develop a medical condition during your employment which may put you or other employees at risk, there may be instances where we will require further medical reports concerning your health.

Where you voluntarily disclose information about your health, we would consequently be in the position of processing sensitive health data.

Why do we need this information?

We need this information to:

  • Fulfil our contract with you – providing you the payment and benefits outlined in your contract/offer of employment.
  • To comply with the law or industry requirements.
  • To fulfil and meet the requirements of the organisation and its objectives.
  • So that we can ensure that you are fit, well and able to fulfil your role and that we are aware of any issue that may affect you, other staff, our clients, or the organisation.

What is the legal basis of processing? – Recruitment

We will only ask for information relevant to the role we are recruiting for and subsequent processing such as medicals, reference checks, qualification/certification checks will only be carried out where it is appropriate or where we are legal obliged to as part of our industry compliance requirements, unless such activity is part of the general application processing. You will be informed of any processing or sharing of data before it is shared.

The legal basis of processing your Personal Information is consent, which you have the right to withdraw at any time, the link as follows. https;.ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. However, withdrawing consent from processing your personal information may result in us being unable to consider your application any further.

How do I withdraw consent of change my preferences?

You can withdraw your consent at anytime by contact us at the contract details above, letting us know when you would like to change.

Be aware that withdrawing your consent, may mean that your application cannot be processed any further. If we have already shared your data with a third-party, we will make them aware that you have withdrawn your consent.

What is the legal basis of processing? – Employment

If you are employed by us, the legal basis of processing your Personal information as part of your employment is explained below:

<td”>Legal Basis

Explanation Examples
Contractual Obligation Where we have contracted with you to provide you a service or benefit because of your employment. Paying you salary into your bank account required us to process your bank information. Providing your health, pension or other benefit may require us passing your details to a third-party provider – you will be notified before we do this.
Legitimate Interest Where we believe our legitimate interests do not overrise your interests, rights, and freedoms. Requesting you to attend a medical after a period of sickness and obtaining confirmation of your fitness to work or medical conditions that may limit your duties. Undertaking criminal records checks.
Legal Obligation This is where the organisation has a legal obligation to comply with current law, industry compliance requirements, court order etc. Providing HM Revenue and Customers information about your employment, tax, national insurance contributions etc. Compliance with a court order, earnings order, legal case. Providing statistical information for gender and equality compliance. Where we are required to be able to demonstrate skills and competences of our staff to comply with industry or legal requirements
Vital Interest Where the collection or sharing of information is in the vital interest of you or other members of the public, including staff or clients Obtaining your next of kin details.

Sharing appropriate identity information with a medical provider (ambulance, doctor, hospital etc) in the event you are taken ill, OR where the third-party may need to know this to obtain medical care for you in the even you are taken ill e.g. taken ill whilst on a business trip.

Can I withdraw consent or change my preferences?

As set out above, the legal basis on which we collect and process your personal information is not ‘consent’, so n a strict sense you are not able to withdraw your consent.

That said, in a more general sense you have consented to your employment being on these terms. Therefore, you still have the right to object to the processing or sharing of your information. But if you do object, this may result in a benefit being withdrawn or us being unable to comply with the law or our contract with you. Some requests may also require us to reissue your employment contact. You will be informed of how we can or cannot comply with your request if you were to make such a request.

If you object to us processing your data, you can do so at anytime by contacting us at the contact details above, letting us know when you would like to change.

Some examples are:

“Please do not share my details with HMRC.” We would not be able to comply with this request as we are legally obliged to provide this information.
“Please do not share my data with the company Health Insurance Company”. We could comply with this request, but it is likely to result in your company Health insurance being cancelled. Furthermore, it would require a re-issue of your employment contract if this were part of our contract with you.
“I do not want to provide my bank details to you.” In this instance we would be unable to pay your salary. This would mean that we were unable to fulfil our contact with you and as such would be tantamount to a resignation with you.

What decisions are going to be made using my Personal Data?

Each role within the organisation is clearly defined by way of skill, experience, qualification requirements etc. Additionally, some roles may have specific requirements in relation to fitness and health status depending on the nature of the role.

Your Personal Data may be used to make a range of decisions about your employment, for example, about pay, holiday requests, appraisals, and other performance measures and, where appropriate, disciplinary and grievance issues.

In some cases, ongoing training, certification, re-certification, and continuous personal development are either part of the role, your development plan or form part of the requirements for out organisation to comply with general law, industry law, or certifications. In these instances, it may be necessary for us to keep track of where employees are at with their own activities.

Is there any Automated decision-making being applied to my personal data?

There is no automated decision-making being made using your Personal Data.

Will my information be shared with any third parties?

We may share your data with the following third parties:

  • Immigration Services to ensure that you have the right to work in the UK and/or correct visa requirements – this is based on our requirement to comply with the law surrounding recruitment.
  • Police and Criminal Records Bureau e.g. Disclosure and Baring Service check
  • Certification bodies – as listed in your qualifications, we may be required to undertake this in compliance with our legal obligations and in any-case in relation to our legitimate interests.
  • References – as provided by you based on our legitimate interest.
  • Medical Examiner – where we may require you to undertake a medical, hearing test etc. or where your condition may require us to obtain independent medical advice relative to the role you have applied for. This may be both based on our legitimate interest but also, depending on the role, to protect you and/or other members of our staff or our clients.
  • Government Services- HMRC, Pensions & National Insurance, Immigration, Courts, Police – as required by law or order.
  • If you are employed by us, we use an outside company as set out below to process our payroll. We have undertaken checks to ensure that they comply, as a minimum, with the same level of security of processing around Personal Data as we do. Only the limited information necessary for them to undertake payment processing is shared with them. We are processing this information to comply with our contractual obligations with you.

If employed by us, we use several third-parties who act as Data Processors on our behalf to provide us specific services. We may share your data with them to enable us to undertake the activities as set out above. They themselves may then become Data Controllers once your data is shared with them.

Company Name Activity Undertaken Personal Data Shared
Johnston Carmichael Payroll Services ID information, payroll, tax, pension, sickness pay, maternity pay, expenses and any data relating to your pay.
Peoples Pension Pension Services ID information, payroll, tax and pension information.
Various Medical/Occupational Health ID information, sickness records, relevant medical details.

Recruitment – Third-party introductions/Job Sites

Where you have submitted your application through a third-party e.g. Recruitment Agency, job search site etc. you will have provided your Personal Data to those services and you need to ensure you are satisfied with the measures they are taking with your data, as we cannot be held responsible.

In the event we obtain your personal data via one of these sources, we will notify you of this in the initial correspondence with you, to ensure you know from where we obtained your data and confirm your true interest in a role with us. However, you must be aware that those sources may still have your data irrespective of any processing we undertake or the success of your application with us.

What safeguards are in place to protect my Personal Data?

We operate a Security by Design and by Default methodology that means we are continually checking the security, both new and current. This enables us to adhere to the Privacy by Default and by Design principles.

We will not change the use of your Personal Data in respect of this policy or share your data with a third party (other than those outlined above), without obtaining your explicit consent.

Retention Period

If you are successfully appointed, your information will remain as part of your HR file for as long as you are employed by The Beal Group then for 6 years after you have left employment.

If you are not successful in your job application, we will retain your information for a period of 3 months, unless you expressly object to us doing so – if so, we will destroy your data at your request.


We operate a Privacy by Design and by Default policy. This means that before we use your data we have already considered the potential impact on you should your data be lost, stolen, shared or compromised.

We undertake routine reviews of our processes and security policies to ensure that we can take all reasonable precautions in protecting your data.

Where at all possible, we encrypt all information that is either stored or transmitted to third-parties. Where data is stored or transmitted to a Third country (any country outside of the European Economic Area (EEA)) we will ensure appropriate adequacy protection is in place in accordance with Data Protection Legislation.

Consequently, we may also need to sometimes undertake further security and screening questions when undertaking our routine dealings with you. These are there to protect your personal data and security.

Whilst we undertake all reasonable precautions, encryption, software updates and patches, we cannot guarantee the safety of data transmitted over the internet.