Skip to Main Content

Nest cookies

We use essential cookies necessary for the operation of our website.

We'd also like to set some additional cookies to understand how you use our website, remember your preferences and improve your experience.

We also use cookies set by other sites to help us deliver content from their services.

You can read more about cookies before you decide.

Member
Employer
Adviser
Menu Menu
Access your mails here
Mailbox
close Close

Your privacy rights when
you’re applying for a job at Nest

The purpose of this notice is to explain how the National Employment Savings Trust Corporation (Nest) collects and uses your personal information and how we comply with data protection law, including the EU General Data Protection Regulation 2016/679 (GDPR). GDPR and the Data Protection Act 2018 or DPA 2018. In legal terms, Nest is a 'data controller' for this information. 

In this notice, we explain some things about the personal information Nest holds, and your rights regarding this information. It's important that you read it carefully, together with any other privacy notices and information that we provide you from time to time. 

What types of personal information we collect, where we obtain it and how we process it

Personal data is any information that relates to an identifiable natural person. Your name, address, contact details, salary details and CV are all examples of your personal data if they identify you. We collect many different types of personal data about you for lots of reasons. We cannot manage our relationship with you without it. Where our collection of your personal data is optional, we will make this clear in any forms collecting details, such as application forms, and these fields can be left blank.

You provide us with personal data throughout the recruitment process with Nest, from when you apply for a job with us to when you complete a new starter form or other correspondence and in the course of Nest onboarding you as an employee. We also obtain some personal data from other sources, explained in the personal data we use section below, and create some personal data ourselves.

We process your personal data for particular purposes in connection with your possible future employment or engagement with us, and the management and administration of our business. We are required by law to have a lawful basis, a reason or justification, for processing your personal data. For some processing activities and depending on the circumstances, we consider that more than one lawful basis may be relevant – depending on the circumstances. 

There are six such permitted lawful bases for processing personal data. These bases may be: 

  • Consent: You have given your consent to the processing.
    Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.
  • Contract: It is necessary to perform your employment contract.
  • Legal obligation: It is necessary for us to comply with a legal obligation.
  • Legitimate interests: It is necessary for our legitimate interests or those of third parties.
  • Vital interests: It is necessary in an emergency to save your life or protect you from serious harm (or to protect someone else); or 
  • Public task/interest: It is necessary to use a public authority to exercise our official authority or to perform a task in the public interest.

Please note that where we have indicated that our processing of your personal data is either:  

  • necessary for us to comply with a legal obligation or  
  • necessary for us to take steps, at your request, to perform our employment contract with you 

and you choose not to provide the relevant personal data to us, we may not be able to continue our contract of employment with you. 

We are required by law to treat certain categories of personal data with even more care than usual. These are special categories of personal data which are thought to be more privacy sensitive. These can be details about your racial or ethnic origin, including your nationality and visa information; political opinions, religious or philosophical beliefs; trade union membership; biometric data, including fingerprints; data about physical or mental health conditions, including any ccupational health requirements; health and safety accident reports; day-to-day health concerns such as diabetes or epilepsy conditions which we should be aware of; dietary requirements; allergies, drug and alcohol test results; reasons for any short-term or long-term absence; sexual orientation; and information relating to actual or suspected criminal convictions and offences. Additional different lawful bases apply to this data. 

The personal data we use section sets out the different purposes for which we process your special category personal data and the relevant lawful basis on which we rely for that processing. We have included criminal-related data in this category.  

  • Explicit consent: You have given your explicit consent to the processing. Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.
  • Employment and social security/protection law: It is necessary for your/our obligations and rights in the field of employment and social security and social protection law; 
  • Vital interests: It is necessary to protect the vital interests of the data subject or another person you or they are physically or legally incapable of giving consent; 
  • Legal claims: It is necessary for our establishment, exercise or defence of legal claims; 
  • Substantial public interest: It is necessary for reasons of substantial public interest; or 
  • Preventative or occupational medicine: It is necessary for preventive or occupational medicine, for the assessment of the working capacity of the employee.

What personal information we use

Recruitment: application screening and references

Personal data we use

Title, full name, personal home address

Personal home phone number, personal mobile phone number, personal email address

Recruitment agent and contact information

Education, including qualifications

Job history and experience

Details of referees: title, name, employer, business, contact details and their opinion of / requested factual details about job applicant

Test taken: Microsoft package test or situational judgment/numerical test, psychometric testing, depending on seniority of individual
Date and time taken
Automated test results: any automated test result filters which knock out candidates are decisions open to challenge under GDPR; candidates must be informed and can challenge and request a 'human' re-run
Marking and comments
Interview notes and selection matrices

Lawful basis

Contract

Public task/interest

Consent to psychometric testing and profiling

Source of information

Your application

Recruitment agencies

Information you provided us

Referees

Our recruitment records

Our IT records

Test providers

Recruitment: compliance with legal obligations

Personal data we use

Disability: discrimination and adjustments

Right to work documentation, for example copy passport, visa

Copies of identification evidence for example a passport, driving licence, national ID Card, including date of birth

DBS Check results, where checks are mandatory by law

Unspent criminal convictions, as permitted by Rehabilitation of Offenders Act 1974, where checks are mandatory by law

Sickness record, statutory sick pay only

Financial information, for example bank statement, proof of income

Lawful basis

Legal obligation 

For special personal data, health data and criminal offence-related data 

Employment legal obligation 

For all personal data

Public Task/Interest

Consent for non-mandatory criminal checks

For special criminal offence related personal data 

Employment legal obligation, duty of care and health and safety obligations

Substantial public interest, where not mandatory for FCA compliance
 

Source of information

Your application 

Information you have provided to us 

DBS search provider

Police Scotland basic check

Onboarding new starters

Personal data we use

Title, full name, personal home address

Education, including qualifications

Job history and experience

CV, application, interview questions, answers and notes

Test results and results of benchmarking

Selection matrices completed during or following interviews

Employment

Contract

Lawful basis

Public task/interest

Source of information

Your application

Recruitment agencies

Publicly available information from professional online resources for example Linked In
 

Ensuring equal opportunities compliance and for diversity monitoring and reporting

Personal data we use

Nationality

Ethnicity

Gender

Religion

Sexual orientation

Disabilities
 

Lawful basis

Public task/interest

For ethnicity personal data, substantial public interest 
 

Source of information

Your application

Information you have provided us with
 

Legal compliance and good governance, including complying with binding requests and cooperating with regulators, police and similar authorities

Personal data we use

Complaints

Requests

Legal claims, orders, warrants, requests

Our records
 

Lawful basis

Legally binding: legal obligation, and for special category data, substantial public interest or legal claims

Not legally binding: public task/interest, and for special category data, substantial public interest or legal claims
 

Source of information

You

Third-party courts, authorities and regulators

Parties to legal proceedings and their advisors 
 

Who we share your personal information with and why

For business functions

We may ask trusted third parties to carry out certain business functions for us on our behalf, such as the administration of our payroll and our IT support. We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to other people, we will make sure that they have appropriate security standards in place to make sure your personal data is protected and we will enter into a written contract imposing appropriate security standards on them. Examples of these third party service providers include service providers and/or sub-contractors, include our outsourced payroll, HR and marketing service providers, and our IT systems software and maintenance, back up, and server hosting providers. 

In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is: 

if our organisation (or part of it) is reorganised or transferred, we may disclose or transfer your personal data as part of that reorganisation or transfer; and 

if we need to disclose your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others. 

We have set out below a list of the categories of recipients with whom we are likely to share your personal data: 

  • banks in relation to payments to you, employment-related benefits providers and other third parties in connection with your benefits (such as pension trustees); 
  • consultants and professional advisors including legal advisors and accountants; 
  • courts, court-appointed persons/entities, receivers and liquidators;  
  • business partners and joint ventures;  
  • trade associations and professional bodies;  
  • insurers; 
  • the Financial Conduct Authority, Pensions Regulators and the Department for Work and Pensions (DWP);  
  • the Financial Conduct Authority, governmental departments, statutory and regulatory bodies including the Information Commissioner’s Office, the police and Her Majesty’s Revenue and Customs. 
  • specifically in relation to employer marketing materials, with your explicit consent, your data may be shared with creative agencies involved in the production of marketing materials and may be published externally, for example on the Nest website and on other social media platforms like LinkedIn. 
For research and analysis

We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand how many of our total workforce number are on secondments at any given time.   

 

For marketing materials

We may produce Nest employer marketing materials, including employee case studies, videos and images for use both internally and externally. It is possible that special category data (sensitive personal data) might be disclosed, as well as personal data in the creation of these materials. In the event that you are invited to contribute to our employer marketing materials, Nest will seek your explicit consent before any materials are published either internally or externally. 

How you can access and correct your personal information

It is your responsibility to make sure the personal data you provide to us is complete and accurate and you must help us to keep it accurate and up to date. If any of the personal information you have given to us changes please inform us without delay by contacting careers@nestcorporation.org.uk  

Transfers outside the United Kingdom (UK)

Some of the organisations that we share your personal information with may process it overseas. If any disclosures of personal data mean that your personal data will be transferred outside the European Economic Area, we will only make that transfer if: 

  • the country to which the personal data is to be transferred ensures an adequate level of protection for personal data; 
  • we have put in place appropriate safeguards to protect your personal data, such issued by the European Commission, along with stringent security measures. issued by the European Commission, along with stringent security measures.as Model Contract Clauses issued by the European Commission along with stringent security measures. Please contact careers@nestcorporation.org.uk if you wish to obtain a copy of these; 
  • the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; or 
  • you consent to the transfer.  

 

Security and safe storage of your personal information

The security of your personal data is very important to us and we take this matter very seriously.  We will take steps to ensure that appropriate security measures are in place to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage. We will ensure that third parties who we disclose your personal data will do so as well. We’ll use appropriate procedures and security features to process and protect your information.  We have in place a robust framework to ensure the security of your data. For more information, please contact our Data Protection Officer at dataprotectionofficer@nestcorporation.org.uk. The information security management systems operated by Nest and our IT managed services provider are all independently certified to the ISO 27001 standard.

How long do we keep your personal data for?

We will keep your personal data during the recruitment process and then, after it ends, for as long as is necessary in connection with both our and your legal rights and obligations. This may mean that we keep some types of personal data for longer than others. This period will also depend on whether or not you become our employee and our employee privacy notice then explains this. 

We will only retain your personal data for a limited period of time. This will depend on: 

  • any laws or regulations that we are required to follow
  • whether we are in a legal or other type of dispute with each other or any third party
  • the type of information that we hold about you
  • whether we are asked by you or a regulatory authority to keep your personal data for a valid reason. 

Generally, your recruitment file will usually be held by us for a period of six months from the end of the process.  

Should you be unsuccessful in your application for the vacancy you have applied for, we may wish to keep your personal details on our records beyond the standard retention period if we think you may be suitable for another position in the future. By submitting a job application you are giving your consent for Nest to retain your personal details for up to eighteen months after the initial recruitment process. Alternatively, if you would prefer that Nest do not retain your personal details beyond the standard retention period please notify us accordingly via email to careers@nestcorporation.org.uk  

Any personal data contained in any work-related correspondence or records may be retained for longer, dependant on the retention period of the record or file that your personal data is held on. 

What are your rights and how can you excercise them?

You have certain legal rights in relation to any personal data about you which we hold. 

Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point. 

Where our processing of your personal data is necessary to perform a task carried out in the public interest or in exercise of official authority vested in Nest you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our legitimate interests in such processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.  

Right of access  

Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a data subject access request. 

If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. 

We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, for example. privacy and confidentiality rights of other staff.
 

Right to data portability

Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format. 

If you exercise this right, where possible you should specify the type of information you would like to receive and where we should send it to ensure that our disclosure is meeting your expectations.

This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means as in not for paper records. It covers only the personal data that has been provided to us by you. 
 

Rights in relation to inaccurate personal or incomplete data

You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date. 

We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details, telephone number, and immigration status. 

Please always check first whether there are any available self-help tools to correct the personal data we process about you.

This right only applies to your own personal data. When exercising this right, please be as specific as possible.
 

Right to object to or restrict our data processing

Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.

As stated above, this right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes. 

Right to erasure

Subject to certain conditions, you are entitled to have your personal data erased, also known as the 'right to be forgotten', for example where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful.

We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims. 

Right to withdrawal of consent

Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time.

If you withdraw your consent, this will only take effect for future processing.

Queries and further information

Further information

We have appointed a Data Protection Officer whose role is to inform and advise us about, and to ensure that we remain compliant with, data protection legislation. The Data Protection Officer should be your first point of contact if you have any queries or concerns about your personal data. Our Data Protection Officer can be contacted at dataprotectionofficer@nestcorporation.org.uk. If you want any more information about this notice and its contents, or wish to discuss it, you can also contact us: 

By email at: careers@nestcorporation.org.uk 

By post at: Nest Corporation, 10 South Colonnade, London, E14 4PU; and  

By telephone at: 0203 056 3743/3786  

The information provided in this privacy notice is in addition to any other privacy information we may give you on this website or via other channels such as paper communication, secure message, webchat, or telephone.

If you want more information about the use of cookies on the Nest website, please view our cookies policy.

Exercising your rights

If you wish to exercise any of your data protection rights please contact our Data Protection Officer at dataprotectionofficer@nestcorporation.org.uk in the first instance.

Raise a complaint with the ICO

If you have any concerns on how we handle your personal data you can raise a complaint with the Information Commissioner’s Office, which is the UK data protection regulator. More information can be found on the Information Commissioner’s Office website at ico.org.uk/concerns