Privacy Statement

Privacy Statement

1. Introduction
Halfords Group plc ("Halfords") is the UK's leading retailer of car parts, car enhancement, camping and touring equipment and bicycles, and the UK’s largest independent operator in garage servicing and auto repair.

As an essential part of our business, we collect and manage data about our colleagues, as well as about people who wish to join us. In doing so, we observe UK data protection legislation, and are committed to protecting and respecting people’s privacy and rights.

In order that you are reliably informed about how we operate, we have developed this Privacy Statement. Together with any additional Privacy Notices which you may see as you navigate around this website, this Privacy Statement describes the ways in which we collect, manage, process, store and share information about you as a result of you visiting this site.

This Privacy Statement also provides you with information about how you can have control over our use of your data.

Please note that we will be updating this Privacy Statement on a regular basis in order to keep you fully up-to-date with our approach to data protection and privacy. If you have any comments or queries regarding our use of your data, please contact our Data Protection Officer (“DPO”) by email at: dataprotectionofficer@halfords.co.uk or by post at: Data Protection Officer, Halfords Group plc, Icknield Street Drive, Washford West, Redditch, B98 0DE.

2. What Information Do We Collect About You?
If you apply to work for us, we will collect a range of information from you, including for example, your name, home address, date of birth, e-mail address, telephone number, as well as your employment history. This is referred to as your “personal data”.

We will also collect sensitive information about you (known as “special categories of data”) which may include:

• your racial or ethnic origin;
• your religious beliefs;
• your sexual orientation; and/or
• your physical and mental health.

Please be advised that we will treat all special categories of data that we collect about you, with heightened levels of security, ensuring specifically that only authorised individuals are able to access it. This is additional to the technical security measures that we routinely apply to all data, as described in section 9 below.

We will collect this data in a number of ways. For example, you may provide this data to us directly when filling in forms on this website, or when corresponding with us by telephone, e-mail or letter.

Additionally, we may need to contact third parties in order to verify the information that you give to us, as well as to seek references. Again, this is necessary as part of our recruitment process.

Please note that should you be successful in your application, all of the above data may form part of your employment record.

Please also be advised that when you visit this website, and even if you do not make a job application, we may collect technical information about you such as your Internet Protocol (IP) address which connects your computer or mobile device to the internet, your login information, browser type and version, the country and telephone code where your computer is located, and information about your visit including page response times, download errors and length of visits to certain pages.

3. How Will We Use That Information?
Currently, we use your data for the following purposes:

3.1 to process your job application and provide the services to you which are offered by this website: this includes updating you on the progress of any application which you have made via telephone or e-mail, and/or supplying any other information which you may have requested from us;

3.2 to verify the information which you have provided to us (including checking references with third parties whose details you have provided to us);

3.3 to carry out searches about you with credit and fraud prevention agencies;

3.4 to match your details, and contact you via telephone or e-mail, in relation to vacancies which may arise within our Group of companies and which may be of interest to you (NB a full list of Halfords’ companies is available at www.halfordscompany.com);

3.5 to ensure that the information contained within this website is presented in the most effective manner for you and your computer or mobile device. This information allows us to update and improve the contents of our site, and ensure the smooth operation of internal processes, such as troubleshooting, data analysis, testing, research, statistical and survey purposes, and to keep our website as safe and secure as possible. For further information, please refer to our Cookies Policy, which can be found below;

3.6 to comply with any legal or regulatory obligations (including court orders and regulatory requirements) or in order to assist with any legal or regulatory investigations or proceedings in relation to actual or alleged fraudulent, dishonest or other criminal behaviour;

3.7 to report both internally and externally upon the diversity of candidates: however, this reporting uses aggregated data from which individuals cannot be identified. This helps us ensure that we are not discriminating against any individual based upon their protected characteristics.

If you do not want us to process your personal data for any of the reasons set out above, please contact our DPO as described in section 1 above.

4. How Long Will We Keep Your Data?
Unless you ask us otherwise, we will never keep your data for longer than is necessary for us to complete the activity for which your data was collected in the first place. However, sometimes there is a legitimate and/or legal reason that means we need to retain your data beyond the prescribed times.

Notwithstanding, as standard practice, we will keep your data for the following periods:

• if you are successful in your application, and your details are used to inform your employment record as described in section 2 above, then we would retain your data for a maximum of 6 years after your employment with us ceases;

• if you are unsuccessful in your application, we will keep your data for no longer than 6 months following notification.

5. With Whom Do We Share Your Personal Data?
When you apply to Halfords using this website, your information will only be systematically shared with a limited number of third party organisations. These include the following:
• accredited credit and fraud prevention agencies as referenced in section 3.3 above. This is deemed appropriate in order to detect and prevent crime and criminal activity;
• PageUp People Limited, the company which administers our automated online application service. This is necessary in order that we can process your data as described in section 3 above, and is therefore deemed to be a legitimate use of your information. Moreover, please note that:
o PageUp may only use your data in order to fulfil our application process, and not for any other purpose;
o your data will not be transferred outside the European Economic Area (“EEA”);
o PageUp maintains robust technical security controls in accordance with ISO27001 (or equivalent standard) policies, thereby ensuring the optimum protection of your data;

• providers of psychometric testing where such is appropriate and legitimate to your application.

If you object to our data sharing arrangements with either PageUp People Limited and/or our appointed providers of psychometric testing services, then please write to the DPO as described in section 1 above.

6. Automated decision-making
Although our online application service can, if you choose, extract information about you from your CV or other source (including social media), no information will be collected or submitted to Halfords without your prior approval. Also, no automated decisions will be made about you using this service.

7. How Can You Access The Personal Data We Hold?
You have the right to ask us, in writing, for a copy of all the personal data we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost.

We will send you a copy of the information within 30 days of your request.

To make a Subject Access Request, please write to our DPO at the postal address shown in section 1 above.

8. Updating or Amending Your Personal Data
We are reliant upon you to ensure that the information which we collect and hold about you remains true, accurate and complete, and also to inform us if any of this information becomes (or is likely to become) untrue, inaccurate or misleading. You can edit and change the information which we hold about you at any time by logging into this website.

9. Data Privacy and Security
We maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold the personal data of colleagues or applicants. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.

We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this programme helps us to:

• protect against potential breaches of confidentiality;
• ensure all IT facilities are protected against damage, loss or misuse; and
• increase awareness and understanding across our business of the requirements of information security, and the responsibility of colleagues to protect the confidentiality and integrity of the information that they handle.

We recognise that the security of data on this website is of primary importance. We therefore ensure that your information is saved in a secure operating environment which is not accessible to the public. In certain cases, your information is encrypted by Secure Socket Layer technology (SSL) during transmission. This means that an approved encryption procedure is used for communication between your computer and our servers (if your browser supports SSL).

10. Location Tracking Via Our Website
Geo-location tracking, which shows us where you are in the UK, is not used on this website.

11. Disclaimers
Every effort is made to ensure that the information provided on this website, and in this Privacy Statement, is accurate and up-to-date, but no legal responsibility is accepted for any errors or omissions contained herein.

We cannot accept liability for the use made by you of the information on this website or in this Privacy Statement, neither do we warrant that the supply of the information will be uninterrupted. All material accessed or downloaded from this website is obtained at your own risk. It is your responsibility to use appropriate anti-virus software.

This Privacy Statement applies solely to the data collected by us, and therefore does not also apply to data collected by third party websites and services that are not under our control. Furthermore, we cannot be held responsible for the Privacy Statements on third party websites, and we advise users to read these carefully before registering any personal data.

12. Accessibility Statement
We are committed to providing a website in which content is accessible to everyone. We therefore update our website regularly in order to make it as adaptable as possible.

For example, website users can control the text size of each page within their internet browser. On a PC, holding the “Ctrl” key while pressing the “+” (plus) key will increase text size, and holding the “Ctrl” key while pressing the “-“ (minus) key will decrease the text size.

However, should you require a copy of this Privacy Statement in a different form, please contact our DPO as described in section 1 above. We cannot guarantee that we can fulfil all requests, but we will endeavour to help you as much as practical.

13. General
The Data Controller of this website is Halfords Group PLC, Icknield Street Drive, Washford West, Redditch, Worcestershire B98 0DE.

Questions, comments and requests regarding this Privacy Statement are welcomed, and should be sent to our DPO.