Job Applicant Privacy Notice

Data controller: Quell Tech Ltd


During the recruitment process, Quell Tech Ltd (the Company) collects and processes personal data relating to job applicants.  

The Company is committed to being clear and transparent about how it collects and uses that data and to meeting its data protection obligations.

What information does the Company collect and process?

The Company collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the person can be identified. This includes:

    • Personal contact details, such as your name, title, address and contact details, including email address and telephone number;
    • details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers;
    • information about your remuneration, including entitlement to benefits such as pensions;
    • information about your entitlement to work in the UK; and
    • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.

The Company collects this information in a variety of ways during the application and recruitment process. For example, data may be contained in application forms and CVs, obtained from identity documents, such as your passport and collected through interviews and assessment tests.

In some cases, the Company collects personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks permitted by law.

Data is stored in a range of different places, including in our Applicant Tracking System (Ashby), the Company's HR management systems and in other IT systems (including the Company's email and other communication systems).

Why does the Company process personal data?

The Company needs to process data prior to entering into a contract with you. We also need to process data to enter into an employment contract with you and to meet our obligations under that employment contract.

In addition, the Company needs to process data to ensure that we are complying with our legal obligations. For example, we are required to check an employee's entitlement to work in the UK before employment begins.  

The Company has a legitimate interest in processing personal data during the recruitment process and in keeping records of that process.  Processing such data from job applicants enables the Company to manage the recruitment process, assess the suitability of candidates and make informed decisions as to whom we wish to recruit.  The Company may also have to process data from job applicants in order to defend legal claims. 

The Company processes health information if we need to make reasonable adjustments to the recruitment process for candidates with a disability.   

If you fail to provide personal information 

You are under no obligation to provide the Company with data during the recruitment process.  However, if you do not prove certain information when requested, the Company may not be able to process your application for employment properly or at all. 

You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for you if this information is not provided.

Automated decision-making

Our employment decisions are not based solely on automated decision-making.

For how long do you keep data?

The Company will only hold your personal data for as long as is necessary to fulfil the purposes for which we collected it.  If your application for employment is unsuccessful, the Company will hold your data on file for six months after the end of the recruitment process. At the end of that period, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and we shall issue a new privacy notice which sets down the periods for which your data will be held.


Who has access to data?

Your information will be shared internally for the purposes of the recruitment process, including with members of the People and Talent teams, as well as those involved in the selection process.  

The Company will not share your data with third parties unless we make you an offer of employment.  In those circumstances, the Company shall share your data with third parties where required by law and where it is necessary in order to administer the working relationship with you or where we have another legitimate interest in doing so.  The Company will then share your data with relevant third parties such as former employers to obtain references for you, or with our Employer of Record partners should you be working with Quell outside of the UK.

Your data may be transferred to countries outside the UK in order to process your application. The UK GDPR restricts such transfers in order to ensure that the level of protection given to data subjects is not compromised. It is the Company’s policy that personal data may only be transferred to a country outside the UK if one of the following applies:

  1. The UK has issued regulations confirming that the country in question ensures an adequate level of protection (referred to as ‘adequacy decisions’ or ‘adequacy regulations’). Since 1 January 2021, transfers of personal data from the UK to EEA countries have continued to be permitted. Pre-existing EU Commission adequacy decisions in effect as at 31 December 2020 are also recognised, subject to ongoing review by the UK Government.
  2. Appropriate safeguards are in place including binding corporate rules, standard contractual clauses approved for use in the UK, an approved code of conduct, or an approved certification mechanism. Standard contractual clauses include the International Data Transfer Agreement issued by the Information Commissioner’s Office and the International Data Transfer Addendum to the current EU Commission Standard Contractual Clauses (set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021), issued by the Information Commissioner’s Office. (Contracts entered into on the basis of the old EU Commission Standard Contractual Clauses prior to 21 September 2022 will continue to provide appropriate safeguards until 21 March 2024.)
  3. The transfer is made with the informed and explicit consent of the relevant data subject(s).
  4. The transfer is necessary for one of the other reasons set out in the UK GDPR including the performance of a contract between the data subject and the Company; public interest reasons; for the establishment, exercise, or defence of legal claims; to protect the vital interests of the data subject where the data subject is physically or legally incapable of giving consent; or, in limited circumstances, for the Company’s legitimate interests.

How does the Company protect data?

The Company takes the security of your data seriously. The Company has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Your rights

As a data subject, you have a number of rights. You can:

    • access and obtain a copy of your data on request (known as a “data subject access request”);
    • require the Company to change incorrect or incomplete data;
    • request erasure of your personal information.  This enables you to ask the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
    • object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing; and
    • ask the Company to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it.

If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office.