Privacy Statement

Applicant Data Privacy Notice

This Privacy Notice explains how and why we collect and use (‘process’) your personal information as an applicant.

M&G plc is the controller of the personal data that you provide during the application and onboarding process. A list of entities forming the M&G plc Group can be found here.

Any personal information we collect from you is processed in line with applicable Data Protection Laws including the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) and this notice. M&G plc is committed to protecting the privacy of our candidates. We will ensure that the information you submit to is only used for the purposes set out in this notice.

 

Contact Us

If you have any questions regarding this notice or how and why we use your personal data, in the first instance please contact

the Data Protection Officer:

By email:  data.privacy@mandg.co.uk:

By post: Data Protection Officer, M&G plc Data Protection Office, 10 Fenchurch Avenue, London EC3M 5AG.

 

How We Collect Data

As an applicant, we collect personal data about you in connection with your job application in the following ways:

  • By submitting your Curriculum Vitae (“CV”) or by filling in application forms and/or completing assessments related to your application;
  • From your interactions with us whether over the phone, in person, in writing, or through our website or emails;
  • Through analysis of your online application and activities with us and other members of M&G plc; and
  • From Recruitment Companies, Head-Hunters, Professional Social Sites, Job Fairs and Recommendations.

 

How the Law Protects You

Data Protection Law says that we are permitted to use personal information only if we have a proper reason to do so. The Law says we must have one of the following reasons:

  • To fulfil a contract of employment we have with you.
  • When it is our legal duty.
  • When it is in our legitimate interest.
  • When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information including but not limited to internal administrative purposes, product development and enhancement, preventing fraud, ensuring network and information security.

 

How We Use Your Personal Data

The ways in which we may use your personal information are to:

  • Enable you to submit your CV for general applications, to apply for specific roles, to subscribe to our job alerts or to register an interest;
  • Match your details with job vacancies, to assist us in finding a position that is most suitable for you and to send your personal information (including sensitive personal information) to our group companies in order to apply for roles;
  • Meet our legal obligations;
  • Respond to your enquiries;
  • Maintain the security of our services, as well as to detect and investigate activities that may be illegal or prohibited; and
  • Meet regulatory and lawful requirements; this is where a lawful request has been made by regulatory or law enforcement agencies to share/disclose personal information.

 

Sharing Your Personal Information

We share your personal information with:

  • Other members or businesses within the M&G plc Group;
  • Trusted third parties where we have retained them to provide services, such as psychometric evaluations or skills tests. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality as M&G plc; and/or
  • Regulators, Government Bodies, Courts, Dispute Resolution Bodies, and Auditors where requested to do so by Law.
  • In the event that M&G plc or its business merges with or is acquired by another business or company and that such an event requires your personal information to be shared with the new owners of the business and their advisors; and

We will do this to:

  • Prevent fraud and other financial crimes;
  • Respond to enquiries and complaints;
  • Enhance recruitment modelling and create applicant groups, statistical and trend analysis internally;
  • Perform Automated Decision Making*; and
  • Comply with Legal Obligations; Court Orders, Laws or Regulations.

 

Transfers of your personal data outside the UK and EEA

Your personal data may be transferred outside of the UK and EEA from time to time to members or businesses within the M&G plc Group, trusted service providers and other third parties. These other countries have different, and sometimes lower, standards of data protection than those in the UK and EEA.

We require third parties to keep your personal data confidential and secure. We will ensure that suitable protection is maintained at all times by ensuring that appropriate safeguards are in place.

 

Retaining Your Personal Information

We will retain your personal information for as long as is necessary for the purposes described above. Typically, we will retain applicant data for a minimum of 18 months and if successful, we retain employee data for a minimum of ten years to: fulfil our business requirements; to comply with Legal and Regulatory requirements; or for any legal matters.

We may keep your data for longer where this is necessary for statistical and historical research purposes. However, we will ensure all personally identifiable information is removed where technically feasible. We will maintain the security and protection of any information we hold.

 

Profiling and Automated Decision Making

To help us make fair, efficient and accurate decisions, we may use automated processes* and profiling to:

  • Support the application process – checks to ensure you meet the conditions needed, this may include checking qualifications, visa status and graduate/internship intake dates.
  • Tailor our recruitment services – We may place you in groups with similar applicants. These are called segments. We use these to learn about our applicants and make decisions on what we learn.
  • Manage MI and to determine suitability for applications and roles

* Automated Decision Making is only applied to Graduate/Internship/Apprentice interests prior to an application being made. Four questions are required to be answered to identify whether an application can be made by the candidate. These questions do not collect your personal information and you can object to having automated decision making being used by contacting using the details above.

See also “Object to Processing (Right to Object)” regarding your rights for this type of use of your personal data.

 

Security

We take all reasonable precautions to keep your personal information secure, including safeguards against unauthorised access, use, or data loss. This includes ensuring our staff, partners and any third parties who perform work on our behalf comply with security standards as part of their contractual obligations.

 

Making a data protection complaint

If you have any concerns about the use of your personal data, or the way we handle your requests relating to your rights, you can raise a complaint directly with us using the contact details above.

If you are not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with the UK Information Commissioner’s Office via the details available on their website: www.ico.org.uk  or to the data protection authority in the EU member state where you live or work or where the alleged data protection breach occurred.

 

Your Data Subject Rights

As well as our obligations and commitment to respect the privacy of your information, you also have certain rights relating to the personal information we hold about you which are outlined below. None of these are absolute and are subject to various exceptions and limitations. You can exercise these rights at any time by contacting us using the contact details above.

You have rights to:

Request access to the personal data we hold about you (Data Subject Access Request)

You may request access to a copy of the personal data we hold about you.

We can refuse to provide personal data where to do so may reveal another person’s personal data or would otherwise negatively impact another person's rights.

Object to Processing (Right to Object)

You may object to us using automated processes, or fully automating decision making, using your personal data.

Request a copy of your personal data (Data Portability)

Where you gave us the personal data directly, and it was processed electronically, you can request the personal data we hold on you in a commonly used machine-readable format.

Request that your personal data is deleted (Right to be Forgotten)

You can ask us to delete the personal data we hold about you when it is no longer required for a legitimate business need, legal or regulatory obligations, where you have withdrawn your consent or is no longer required for the purposes it was collected.

Amend or correct your personal data (Right to Rectification)

If you believe that the personal data we hold about you is inaccurate, incorrect or incomplete, this can be amended by yourself. In the event that this is not possible, please contact us as soon as possible so we can assist with the rectification.

Restrict the processing of your personal data (Right to Restrict)

You may ask us to restrict our processing of your personal data whilst we resolve any complaints you have about the way your personal data is used, require it for a legal claim, believe the personal data is not accurate, we no longer need the personal data, you have objected to the processing of your personal data or if you think our processing is unlawful but you do not want us to delete your personal data.

Rights in relation to consent (Right to Withdraw)

At any time, you may withdraw the consent you granted for your special category personal data to be processed.

When you withdraw your consent, it will not affect the lawfulness of any past activities we have undertaken based on the previous consent.

 

How We Respond to Your Rights

You can exercise these rights at any time by contacting us at: Privacy@MandG.co.uk

  • We will need to validate your identity before we can respond to your request.
  • If we are unable to confirm your identity, or have strong reasons to believe that your request is unreasonably excessive or unfounded, we may deny it.
  • Once we have validated your identity, we aim to respond to your requests within 30 days and no later than three months from receipt of complex requests. We will let you know if we need additional time to complete.
  • We will let you know whether we accept, or refuse, your request.

 

Making a data protection complaint

If you have any concerns about the use of your personal data, or the way we handle your requests relating to your rights, you can raise a complaint directly with us using the contact details above.

If you are not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with the UK Information Commissioner’s Office via the details available on their website: www.ico.org.uk  or to the data protection authority in the EU member state where you live or work or where the alleged data protection breach occurred.

 

This notice was last updated in October 2019