Terms & conditions

Nottingham Trent University Applicant Tracking and Right to Work Privacy Policy

Nottingham Trent University (NTU) is committed to protecting the privacy and security of your personal information, this Privacy Notice provides important information about how NTU and its third party service providers, Jobtrain Solutions and TrustID, protects the privacy of our candidates, employees and users of our applicant tracking system (Jobtrain), and Right to Work checks (TrustID) ensuring a safe and secure user experience.

NTU encourages you to review the privacy statements of any websites you choose to navigate to from our website (or navigate from to our website) or digital services that we provide links to so that you can understand how those websites collect, use and share your information as well. Any third party sites that you can access through the website are not covered by this Privacy Notice and we accept no responsibility or liability for these sites.

In this Privacy Notice “the website” means the NTU website at www.ntu.ac.uk

Who we are

NTU is a “data controller” which means we are responsible for deciding how we hold and use personal information about you.

This website is operated by NTU who are situated at 50 Shakespeare Street, Nottingham, NG1 4FQ. NTU can be contacted by post to this address, via email (DPO@ntu.ac.uk), or you can reach us by telephone at +44 (0)115 941 8418.

Please read this Privacy Notice carefully and contact our Data Protection Officer if you have any questions about our privacy practices or your personal information choices.

Attn: Amanda Neylon Data Protection Officer
Nottingham Trent University
Address: 50 Shakespeare Street, Nottingham, NG1 4FQ
Email: DPO@ntu.ac.uk

We may need to update this Privacy Notice from time to time. If changes made to this Privacy Notice are considered to be material, we will notify you of the changes.

Why We Process Your Data and Legal Bases for doing so

We process personal information (collect, use, disclose, transfer, and store) for provision of application service, in-house and third party right to work checks, and applicant tracking portal to you. We want to be clear about our privacy practices so that you are fully informed and can make choices about the use of your information, and we encourage you to contact us at any time with questions or concerns. DPO@ntu.ac.uk

Contract - for employment and pre-employment check purposes;
Legal Obligation - the law requires us to check that candidates are able to work in the UK.

What information does NTU collect?

The categories of personal information we may collect, store and use about you, include (but are not limited to)

  • Name, Address, email address, telephone number, NI Number;
  • Medical, disability and equality information;
  • Details of your qualifications and employment history (including references).
  • evidence of your right to work in the UK and information relating to immigration status;.
  • the status of your application and updates on how it moves forward;.
  • if you contact us regarding your application, a record of that correspondence.

We may need to process sensitive personal information (special category data). This includes (but is not limited to):

  • Details of any relevant criminal convictions we have asked you to declare;
  • Medical information (for example if you have a disability);

Equality data for equality monitoring purposes.

How we use your informationThe purposes for which we process your data includes:

  • To enable you to apply online for our vacancies through submission of an application;
  • Identifying particular skills and experience to aid in workforce planning and facilitate the recruitment and selection process;
  • To prepare employment contracts;
  • To subscribe you to our job alerts;
  • To get in touch with your and/or respond to your questions and enquiries;
  • To contact you about similar roles that you may be interested in;
  • To share with third parties where we have retained their services that we or you have requested e.g. for the purposes of reference checking and confirmation of right to work in the UK;
  • To ensure that content from our website or Services is presented in the most effective manner for you and for your computer or device by gathering aggregate information about our users, using it to analyse the effectiveness and efficiency of communications;
  • To carry out our obligations arising from any contracts entered into between you and us;
  • To research and undertake statistical analysis of anonymised data (equality and diversity) and for internal reporting through a candidates’ journey;
  • For the purpose of ensuring compliance with the UK Visas and Immigration;
  • To notify you about any changes to our services.

Who we share your data with

We retain the services of third party service providers:

  • Jobtrain, who provide our applicant tracking system;
  • TrustID, a government approved, independent digital identity service provider who undertake online right to work checks on behalf of the University;
  • Acuant, a sub-processor who on behalf of TrustID, use biometric data derived from ‘selfie’ or ‘live capture’ photographs for facial matching with right to work documentation provided in the right to work process;
  • We also share or discloses personal information when necessary to provide services or conduct our business operations. When we share personal information, we do so in accordance with data privacy and security requirements. We may occasionally share non-personal, anonymised, and statistical data with third parties.

We may share your personal information with trusted third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legal requirement or legitimate interest in doing so. 

All third parties will only process your personal data on our instructions and where they have agreed to treat that information confidentially and to keep it secure. The abovementioned third parties are prohibited from processing your information except when providing the agreed services. 

How long we keep your data for

We will not store your personal information for longer than is necessary. NTU will ensure that our trusted partners and selected third parties with whom we share your personal information in accordance with this Privacy Notice will delete your personal information when they no longer require it.

In determining data retention periods, NTU takes into consideration local laws, contractual obligations, and the expectations and requirements of our data subjects. Accounts will be automatically deleted after 2 year period of inactivity. Right to work data of successful applicants is retained by the University for the duration of an individual’s employment at the University, and for six years following their departure from NTU. Please see the University GDPR page for more information on University Records Retention Policies. 

Please note that applicants to the University are able to opt out of third-party right to work checks by attending in-house right to work checks, where their data will be processed and retained solely by the University. If you do not wish to use the third-party right to work checks, please contact resourcing@ntu.ac.uk.

How we keep information secure

We have, and require our third parties to have, appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition we limit access to your personal information to those employees, agents, contractors and other third parties who have a business requirement to know.

NTU takes data security seriously, and we use appropriate technologies and procedures to protect personal information.

For example:

  • Policies and procedures – measures are in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data.
  • Business Continuity and Disaster Recovery strategies that is designed to safeguard the continuity of our service to our clients and to protect our people and assets.
  • Appropriate restrictions on access to personal information.
  • Monitoring and physical measures, to store and transfer data securely.
  • Data Privacy Impact Assessments (DPIA) in accordance with legal requirements and our business policies.
  • Periodic training on privacy, information security, and other related subjects for employees and contractors.
  • Vendor risk management.
  • Contracts and security reviews on third-party vendors and providers of services.

It is important for you to protect against unauthorised access to your password and to your computer. Be sure to log out when using a shared computer and take steps to make sure your personal information has not been stored by that computer or a network connected to it.

How we keep your data secure in other countries

Your personal information may be transferred by us or our trusted partners outside of the European Economic Area (the “EEA”). The trusted partners that may do this are organisations who process data for analysis or marketing purposes, including a marketing automation hub where the email address of recipients will be logged and a record of email delivery, opening, click-through and bounce-backs will be kept. Our partner uses Microsoft’s Windows Azure data centres located in East US (Virginia), West Europe (Netherlands), and Australia East (New South Wales).

NTU has networks, databases, servers, systems, and support located throughout the world. NTU collaborates with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of NTU, workforce, and students. Your personal information may be shared with record matching and customer targeting partners, including Google, Facebook, Snapchat and LinkedIn. Some of these partners process personal data in Canada and the United States of America.

We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within NTU or to third parties in areas outside the UK. The areas in which these recipients are located will vary from time to time, but may include the United States, Europe, Canada, Asia, Australia, India, and other countries.

When we transfer personal information from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection as in the EU, we take measures to provide an appropriate level of data privacy protection.

In other words, your rights and protection remain with your data, i.e. we use approved contractual clauses, multiparty data transfer agreements, and other measures designed to ensure that the recipients of your personal information protect it. If you would like to know more about our data transfer practices, please contact DPO@ntu.ac.uk

How to access your information

We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.

Under certain circumstances, under the Data Processing Legislation you have the right to:

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
  • Request erasure of your personal information in limited circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are processing your personal information on the basis of our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction or suspension of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing.
  • Object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.
  • Request the transfer of your personal information to another party.

How To Contact Us

Please contact our Data Protection Officer with any requests related to your personal information.

If you are not satisfied with how NTU manages your personal data please contact the Data Protection Officer at DPO@ntu.ac.uk. In addition you have the right to make a complaint to a data protection regulator. The ICO contact details are: https://ico.org.uk/global/contact-us/