Privacy notice - job applicants

Personal information about unsuccessful candidates will be held for 18 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with us we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with Merlin has ended, we will retain the file in accordance with the requirements of our Data & Document Retention Policy and then delete it.

CCTV

We operate CCTV systems at our offices and in public areas at some of our properties. Wherever CCTV systems are operating we will place a notice showing that the scheme is in operation and controlled by Merlin.
Our CCTV systems deter crime and promote public safety by helping to identify and prosecute criminal offenders. These systems operate continuously and recordings are held for one month.

You can ask for a copy of any CCTV images taken of yourself by making a 'subject access request'. See Your Data, Your Rights.pdf [pdf] 592KB

We carry out an impact assessment for all locations where we user CCTV. This helps ensure that our use of CCTV is appropriate and proportionate to issues of crime and public safety we are seeking to address and minimises intrusion into individual rights to privacy.

How we use personal information and the lawful basis for processing

Contractual Necessity

Most of the information we collect from our staff is required as part of your contract of employment or other contract between you and us.
Please read your employment contract for specific details as ‘performance of a contract’ is usually the lawful basis for processing your information as set out in data protection law.
The processing we conduct can be summarised as:

  • managing the employer – employee relationship
  • arranging to pay your salary, wages, pensions or other benefits
  • complying with relevant legislation and regulation

Legitimate interests

The other lawful basis for processing your data, as defined in data protection law, that we regularly rely on is ‘legitimate interest’ (processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject).

Our legitimate interests may include the need to:

  • eliminate discrimination or advance equality of opportunity
  • prevent and detect crime
  • conduct research and statistical analysis to help improve our business
  • evaluate our performance against other benchmarks.

Where you believe that our legitimate interests are overridden by your interests, rights or freedoms as the data subject you have the right to object. Find out more about your right to object: Your Data, Your Rights.pdf [pdf] 592KB

Consent

We also seek your consent to collect some ‘special category’ information from you. This includes information relating to your health, religious beliefs, ethnicity and sexual orientation.

We will always give you a ‘prefer not to answer’ option when we ask for this information.

Other lawful bases

In exceptional circumstances there may be another lawful basis for processing your data for example ‘compliance with a legal obligation’ or to ‘protect the vital interests of a data subject or another person.'

Data matching and analytics

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information.

Computerised data matching allows employee and benefit fraud to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation.

No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the National Fraud Initiative (NFI) data matching exercise carried out by the Cabinet Office. Our participation in NFI will assist in the prevention and detection of fraud against Merlin and other organisations within the private and public sector.

We participate on a voluntary basis and provide the Cabinet Office with particular sets of data for matching as set out in the Cabinet Office’s guidance.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority. It does not require the consent of the individuals concerned under Data Protection law.

Data matching by the Cabinet Office is subject to a Code of data Matching Practice. Find out more about the Cabinet Office’s legal powers and the reasons why it matches particular information.