top of page

APPLICANT PRIVACY NOTICE

1 BACKGROUND

Last updated: 15th February 2025.

1.1 This policy tells you how we look after your personal data when you apply for a job with us and take part in our recruitment process. It sets out what information we collect about you, what we use it for and who we share it with. It also explains your rights and what to do if you have any concerns.

1.2 We may sometimes need to update this notice, to reflect any changes to the way we manage our day-to-day activities or to comply with new legal requirements. Please check back on this notice before you apply for a new role with us.

2 WHO WE ARE AND OTHER IMPORTANT INFORMATION

2.1 We are PIANOMATCH LTD, registered in England and Wales with company number 14868781 with our registered address at The Harley Building, 77 New Cavendish Street, London, W1W 6XB ( we, us or our).

2.2 We are the controller for your information (which means we decide what information we collect and how it is used).

2.3 We are registered as a controller with the Information Commissioner's Office (ICO) under registered number ZB702393.

2.4 Where we have received your application through a recruitment agency or another company (e.g. a recruitment firm) we act as independent controllers for your information (which means both we and the other company separately decide how your information is used and use it for different reasons).

3 CONTACT DETAILS

3.1 If you have any questions about this privacy notice or the way that we use information, please get in touch using the following details:

Data Protection Officer

  • -  Name: Daniel Peattie

  • -  Email address: dataprotection@pianomatch.com

  • -  Phone number: 020 7870 1682

    4 THE INFORMATION WE COLLECT ABOUT YOU

    4.1 Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we collect and where we receive it from below:

Page 1 (5)

  • -  Identity Data: name, title, date of birth, job title, gender, emergency contact name and their relationship to you, passport, driving licence, etc.

  • -  Contact Data: personal email address, telephone numbers, home address, etc.

  • -  Recruitment Data: copies of right to work documents, interview notes, information you provided

    in your CV or cover letter as part of the application process, result of due diligence checks, etc.

  • -  Employment and Qualification Data: current and/or previous job titles, work history, working

    hours, training records, professional memberships, etc.

  • -  Feedback: information and responses you provide when completing surveys and questionnaires.

  • -  Photo and Image Data: profile picture, images, videos and audio (e.g. video calls), CCTV

    footage, etc.

  • -  Special Category Data: information about your racial or ethnic origin, political opinions,

    religious or philosophical beliefs, sex life or sexual orientation, trade union membership and/or information about criminal convictions and offences, which you may choose to provide to us, or information you choose to provide as part of our diversity or other questionnaires/surveys.

  • -  Technical and Usage Data: internet protocol (IP) address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating system and platform on the devices you use to access our systems, etc. Information about how you use our systems (such as our recruitment platform).

    4.2 We may anonymise the personal data we collect (so it can no longer identify you as an individual) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends. Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.

    5 HOW WE USE YOUR INFORMATION

    5.1 We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:

  • -  enter into and perform our contract with you (if we offer you a job with us);

  • -  pursue our legitimate interests (our justifiable business aims) but only if those interests are not

    outweighed by your other rights and freedoms (e.g. your right to privacy);

  • -  (in very rare circumstances) to protect yours or another person's vital interests (e.g. disclose medical information to an attending paramedic, inform your nominated emergency contact);

  • -  do something that you have given your consent for.

    5.2 Below is set out the lawful basis we rely on when we use your personal data. If we intend to use your personal data for a new reason that is not listed below, we will update our privacy notice and notify you.

    5.2.1 Contract

- To enter into a contract with you (for example, including your address in a draft contract and

contacting you by email to inform you about the outcome of your interview). 5.2.2 Legitimate Interests

  • -  To review your CV information, and any information you provide during your interview to ascertain your suitability for the role you have applied for.

  • -  To operate CCTV or other security systems at our premises to ensure the security of our staff and property.

  • -  To deal with any disputes that arise.

Page 2 (5)

5.2.3 Vital Interests
- To use your personal data in an emergency to ensure your wellbeing or the wellbeing of another

person. 5.2.4 Consent

  • -  Where we ask you to provide diversity information.

  • -  Where we have otherwise asked you to provide your consent.

    5.3 Where we use personal data about you that is very sensitive (Special Category Data), we may require a second legal reason to use your personal data. This is most likely to occur where:

    a) you have provided your express consent for us to do so; or

    b) the processing is justified under UK law and the law allows us to use your data for a particular purpose.

    5.4 Explicit consent will be required as a second lawful basis to process your Special Category Data for one or more specific purposes. Explicit consent must be given in a clear oral or written statement signifying agreement to us processing your Special Category Data.

    6 WHO WE SHARE YOUR INFORMATION WITH

    6.1 We share (or may share) your personal data with:

  • -  Our personnel: our employees (or other types of workers) who have contracts containing confidentiality and data protection obligations.

  • -  Your recruitment agency: where we receive an application from a recruitment agency on your behalf. We always have a contract in place with other organisations containing confidentiality and data protection obligations.

  • -  Our suppliers: other organisations help us manage our infrastructure. We ensure these organisations only have access to the information required to provide the support we use them and have a contract with them that contains confidentiality and data protection obligations.

  • -  Regulatory authorities: such as HM Revenue & Customs.

  • -  Our professional advisers: such as our accountants or legal advisors where we require specialist

    advice to help us conduct our business.

  • -  Any actual or potential buyer of the business.

    7 WHERE YOUR INFORMATION IS LOCATED OR TRANSFERRED TO

    7.1 We store your personal data on our servers in the UK.

    7.2 We will only transfer information outside of the UK or EEA where we have a valid legal mechanism in place (to make sure that your personal data is guaranteed a level of protection, regardless of where in the world it is located, e.g. by using contracts approved by the European Commission or UK Secretary of State).

    7.3 If you access our systems whilst abroad then your personal data may be stored on services located in that country.

Page 3 (5)

8 HOW WE KEEP YOUR INFORMATION SAFE

8.1 We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used, or accessed by those who do not have permission. These measures include:

  • -  access controls and user authentication (including multi-factor authentication)

  • -  internal IT and network security

  • -  regular testing and review of our security measures

  • -  staff policies and training

  • -  incident and breach reporting processes

  • -  business continuity and disaster recovery processes

    8.2 If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law).

    9 HOW LONG WE KEEP YOUR INFORMATION

    9.1 Where we are responsible for making decisions about how to collect and use your personal data, we will only keep your personal data for as long as necessary to fulfil the purposes we collected it for or as long as required to fulfil our legal obligations.

    9.2 When we consider how long to keep your personal data, we will consider whether it is still necessary to keep it for the purpose which we collected it or whether the same purpose could be achieved by holding less personal data. We will also consider the volume, nature, and sensitivity of the personal data and the potential harm to you if there was an incident affecting your personal data.

    9.3 Where you are unsuccessful in obtaining a role with us, we keep your application information for 1 year after our last contact with you.

    9.4 If you enter a contract with us, we may keep Identity Data, Contact Data, and certain other data (specifically, any exchanges between us by email or any other means) for up to 7 years after the end of our contractual relationship with you.

    10 YOUR LEGAL RIGHTS

    10.1 You have specific legal rights in relation to your personal data. These are as follows:

  • -  Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.

  • -  Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.

  • -  Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continue holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.

  • -  Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g. whilst we check that the personal data we hold for you is correct).

  • -  Objection: You can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing communications. In other cases, if we think there is a good reason for us to keep using the information, we will let you

Page 4 (5)

know and explain our decision.

  • -  Portability: You can ask us to send you or another organisation an electronic copy of your

    personal data.

  • -  Complaints: If you are unhappy with the way we collect and use your personal data, you can

    complain to the ICO or another relevant supervisory body, but we hope that we can respond to your concerns before it reaches that stage. You should speak to our Data Protection Officer in the first instance.

    10.2 If you would like to exercise any of your legal rights, please contact: dataprotection@pianomatch.com.

Page 5 (5)

bottom of page