Introduction

Here at Admiral Group plc, we are committed to keeping your personal data safe.  This Privacy Notice will help you understand how we collect, use and protect your personal data.

This Privacy Notice applies to applicants who enter into our recruitment process. There is a separate Privacy Notice on the company intranet which explains how your data is processed once you join Admiral Group.

Who We Are

Data We Collect

Screening Checks

Conducting pre-employment screening checks is sometimes referred to as ‘vetting’. The purpose of these checks is to establish eligibility to work within the business and to identify any risk factors which might bring the organisation into disrepute, or cause difficulties with colleagues, managers or customers and to establish that there are no legal issues or other matters that indicate that the Group may be unduly exposed to risk.

Screening checks / vetting is a key part of the overall employee due diligence process.

During the recruitment and application process, you will be asked to provide various information and supporting documents to enable us to complete screening checks both prior to employment and on an ongoing basis during employment.

If you are recruited into what we consider a 'High Risk' role, or transfer into one, during the course of your employment, then you will be subject to an enhanced level of background checking. A high risk user is someone who by nature of their role has a greater potential to inadvertently (accidently or through being manipulated) or maliciously expose Admiral’s customers, staff or business to harm. 

For this reason, we consider these roles to be high risk and they require to have background checking more frequently than a standard role.  You will be notified of any checks that need to be conducted if your role is a high risk role.

The type of checks we undertake which may apply for all prospective applicants and employees include:

• Qualifications and professional membership checks
  
  
• Adverse information check and open source searches (in limited circumstances and only if necessary)\
  
  
• Financial checks. These include bankruptcy and CCJ checks via Experian, a Credit Reference Agency. Experian will supply us with both public information (including the electoral register), and shared credit and fraud prevention information. The agencies will record details of the search but will not make them available for use by lenders to assess your ability to obtain credit. Experian will be data controller in their own right and will process your personal data differently to us. You should contact Experian (www.experian.co.uk/legal/crain/) for any query in relation to how they process/ deal with your personal data.
• Financial sanctions checks. In order to comply with our legal and regulatory obligations in relation to anti-money laundering and financial sanctions restrictions, we will screen your name against global sanctions lists. The screening will simply involve searching our internal and third-party databases to ensure you are not on a sanctioned list.  We are not able to employ anyone on a sanctions list. In addition, in order to comply with our legal obligations relating to anti-bribery and corruption, we will also perform searches and ask questions to assess whether there is a potential bribery or corruption risk to the role based on your personal and political associations. If there is a risk we will look to assess what additional internal controls we need to put in place to reduce that risk.
   
• Criminal background checks. Criminal background checks will be undertaken to assist with the safeguarding of our employees and customers. The checks will be made with the Disclosure and Barring Service (DBS) and these will be undertaken on our behalf by Experian (www.experian.co.uk). All new employees are required as a term of their offer to agree to having criminal background checks.
  
  
• Anti-fraud checks. In order to verify your identity, right to work, prevent and detect unlawful acts (including fraud and dishonest conduct) all new employees are required as a term of their offer to agree to having anti- fraud checks which are completed via Cifas (www.cifas.org.uk).  Admiral are members of Cifas and use anti-fraud databases (Insider Threat Database, formerly Internal Fraud Database, and National Fraud Database) to check if anyone has been filed and reported previously to ensure we protect our employees, customers and business from fraud. 

  We conduct these searches at offer stage, prior to probation completion and then on a re-occurring annual basis throughout your employment with us.  Should anything come to light from these databases, we would talk to you about them. 

   Any matches as a result of the checks will be reviewed by the People Services Department in conjunction with the recruiting manager (for new applicants) or the line manager (for employees). The results will be used to assess potential risk according to the role applied for / being undertaken and could lead to engagement being refused or your existing engagement may be terminated or other disciplinary action taken.

  As members, we also have a duty to file and register people should they commit fraud during our employment or at application stage and once this decision has been made, you can appeal the decision, however if the decision is upheld, a Cifas filing remains on the database for up to six years and can affect future employment. 

  On a periodic basis, Cifas performs reviews of cases that have been filed, and they may approach us as the member to request copies of documentation relating to the filing, to evidence we have met the Standard of Proof to file.  In the event of such a request, we are obliged to provide the requested documentation, which may include copies of your vetting checks (e.g. financial checks, criminal background checks, reference checks) and any other documentation produced in the course of your job application and during the course of your employment.   

  We may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

• Solicitors’ Regulation Authority (SRA) checks.  All employees joining our Law firms or a legal role are required as a term of their offer to agree to being checked against SRA records to ensure that there are no findings against the individual that would prevent them working in a legal environment. A further SRA search will be performed annually against all current employees in one of our Law firms or in a legal role.
  
  
• Reference checks. Reference checks with your past and present employers /your places of work or education will be undertaken by us, or by Experian (www.experian.co.uk) on our behalf. If you are recruited into a non- high risk role, we will require at least 1 year’s satisfactory employment history and a minimum of 2 or more satisfactory references from your most recent employers. If you are recruited into a high risk position, we will require 5 years satisfactory employment history and 2 or more satisfactory employment references.  If you are recruited into a Senior Manager role or equivalent, we will require 6 years satisfactory employment history and 2 or more satisfactory employment references.

Please note that if you or a third party such as a recruitment agency provide details of any previous /current employer, we may contact them as part of this process.

Your Data

When you apply for a job or position with us, you will provide us with most of the data we collect about you. We collect and process data for example when you:

• Visit the www.admiraljobs.co.uk website and start an application, but don’t complete it
• Complete an application form via www.admiraljobs.co.uk
• Create a profile via www.admiraljobs.co.uk
• Contact us via the live chat facility available on our recruitment website ‘www.admiraljobs.co.uk’
• Register for Job or Blog Alerts via www.admiraljobs.co.uk
• Email us using the "send me an email" functionality or email directly via ‘workwithus@admiralgroup.co.uk’
• Use or view our website via your browser’s cookies
• When you visit us at a Career’s fair.

Our company may also receive your personal data (if applicable) from the following sources:

• Third party recruitment websites;
• Responses to social media job advertisements e.g. Facebook;
• Recruitment agencies;
• Careers advisor, work placement schemes;
• We will also collect personal data relating to you as a result of any checks that are carried out. Please refer to the ‘Screening’ section for further details.

The above lists are not exhaustive.

Personal Data

Processing Personal Data

Here are some examples of the type of personal data we may process. There’s a more detailed list in the schedule at the end of this notice.

• Personal contact details such as name, address and contact number;
• Email address;
• Details of qualifications and professional memberships;
• Work history and reference information;
• Results from screening checks;
• Photographs /images from recorded assessments or from on-site CCTV.

The recruitment process may involve:

• Assessing and progressing your application;
• Assessing your suitability (skills, technical ability, strengths, behaviours for the role);
• Activities needed to complete the on-boarding and screening process should your application be successful (e.g. with regard to your qualifications and employment references).

How your personal data may be shared

Your personal data will only be shared if it is necessary for us to do so. We will need to share your personal data internally (in the country where you may work, and also in other countries in which we have central operations where you are applying for a role based outside the UK) and may be required to share it with some external parties or associates of the company, for example our legal advisors.

Your personal data may be shared internally with the following:

• Those employees who would have managerial responsibility for you or are acting on their behalf;
• Employees in People Services / HR who have responsibility for certain HR processes (for example recruitment, assessment, pre-employment screening);
• Employees in Legal, Conduct, Risk, People Services / HR, Regulatory and Fraud with responsibility for investigating issues of non-compliance with laws and regulations, policies and contractual requirements;
• External lawyers in the event of an issue necessitating legal advice;
• Employees in IT and system owners who manage user access;
• Audit and Investigations employees in relation to specific audits/investigations; and
• Security managers and staff for facilities / premises.

We may also need to share your information with certain external third parties including:

• Companies who provide candidate interview and assessment services to us;
• 3D Marcomms who operate our onboarding and applicant tracking system for us;
• Attrax Limited who host our website for us;
• Suppliers who undertake background screening on behalf of us (credit checking agencies, criminal checking bureaus, anti-fraud companies etc.);
• Academic institutions (Universities, colleges, schools, professional membership bodies etc.) in validating information you’ve provided;
• Previous / present employer(s) /place(s) of work where it has been indicated that you have worked;
• Legal advisors.

Please note that these lists are not exhaustive.

We would like to bring to your attention our obligations to disclose data in the following exceptional cases permitted under data protection legislation / law:

• Where we are legally compelled to do so;
• Where there is a permitted exemption under data protection legislation;
• Where there is a duty to the public to disclose;
• Where disclosure is made at your request or with your consent

How we protect your personal data

Our HR and Recruitment systems are protected to ensure that unauthorised or unlawful processing of personal data, accidental loss or destruction of, or damage to, personal data does not occur. This is done in accordance with the Group Security Policy.

Our premises are access controlled, we have secure shredding bins for confidential personal data and operate a clear desk policy. All our employees undertake data protection training.

It may be necessary to transfer your personal data to other Group companies or service providers located outside of the European Economic Area. The data protection and other laws of these countries may not be as comprehensive as those in the UK or the EEA - in these instances we will take steps to ensure that your data is given an equivalent level of protection as it is in the EEA.

How long do we keep your personal data?

We have designated retention periods and we will only keep your personal data as long as necessary. There are different retention periods for various categories of personal data. For example, we may only need to retain some personal data for a limited amount of time whereas other personal data will need to be retained for longer. Application data (e.g. job applications, CVs) are generally for retained for 1 year to enable us to check against repeat applicants and to check that applicants are genuine with regard to the positions they apply for.

If you have signed up for Job Alerts you can unsubscribe yourself from these at any time (or ask us to), otherwise you will be sent job alerts for up to 2 years.  

Please contact us if you would like any further information in this respect.

Our Technology

We collect data about you through the use of technology such as cookies. View our full Cookie Policy here.

Managing, Disabling and Enabling Cookies

You have the ability to accept or decline cookies from any website by modifying the settings in your browser. If you wish to restrict or block the cookies which are set by our website, you can do this through your browser settings. For information about how to manage and disable cookies you can use the 'Help' function within your browser or please visit www.aboutcookies.org or www.allaboutcookies.org. However, please note that by deleting or disabling cookies this could affect the functionality of our website and you may not be able to access certain areas or features of our site.

To opt out of being tracked by Google Analytics across all websites click here..

Monitoring

Email, phone calls and screen capture details may all be recorded and monitored.

CCTV is in operation across all Group sites. It is used for site security, staff monitoring purposes, and may be used in connection with investigation and disciplinary matters.

We may use video conferencing for interviewing. We will always use the most secure method available to us and in consultation with our Information Security department.

What are my rights with regard to Admiral’s processing of my personal data?

Your rights as a data subject (please note that these do not apply in all circumstances), may include:

• The right to be informed about our processing of your personal data;
• The right to obtain a copy of the personal data we hold on you;
• The right to have your personal data corrected if it is inaccurate
• The right to object to the processing of your personal data;
• The right to have your personal data erased (“right to be forgotten”);
• The right to move, copy, or transfer your personal data (“data portability”);
• Rights regarding automated decision making, including profiling.

Obtaining a copy of the personal data we hold about you (Subject Access Request)

If you would like a copy of your personal data that we hold about you, you can make a Subject Access Request. A Subject Access Request can be made in writing or verbally.  Please provide clear details of what personal data you would like and contact us at psprivacyrights@admiralgroup.co.uk

or by writing to:

People Services Privacy Rights Team
Subject Access Request
Tŷ Admiral
David Street
Cardiff
CF10 2EH

Telephone: 02920 43 43 34

Please note that if you are making a request on behalf of someone else we may need identification, as well as a signed letter of authority from them confirming that they are happy for you to act on their behalf and for us to release their personal data to you. We may also need identification from you before we can release your personal data.

Whilst we will always aim to be as transparent as possible, please note you will only be entitled to your own personal data and it may necessary to withhold and/or redact certain information as permissible under the Data Protection Act 2018.

Once we have received your request and confirmed your identity (if applicable), we will have one calendar month to fulfil your request.  In some limited instances we will have an additional 2 months to fulfil your request. Where any such delay is anticipated we will inform of you this, as soon as possible, along with details of when we expect to be able to provide you with the requested personal data.

If you have any questions about this Privacy Notice or would like additional information about how your personal data is handled, please contact psprivacyrights@admiralgroup.co.uk. If you have any queries about your rights, or believe that they have not been met by Admiral Group plc or any of the companies within the group, please contact our Data Protection Officer at:

yourinformationrights@admiralgroup.co.uk

or

Data Protection Officer
Admiral Group plc
Tŷ Admiral
David Street
Cardiff
CF10 2EH

If you have any complaints relating to the processing of your personal data, you also have the right to complain to the relevant Supervisor Authority. In the UK this is the Information Commissioner’s Office (ICO). They can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Schedule 1: List of information we may process

• Name, work and home contact details
• Date and place of birth
• Education and work history
• Individual demographic information in compliance with legal requirements (such as marital status, national identifier, passport/visa information, nationality, citizenship, military service, disability, work permit, date and place of birth or gender)*
• Health issues requiring adaptations to working environment*
• Job title, grade and job history
• Employment contract related information (including compensation, location, hours of work and so on)
• Reporting and managerial relationships
• Leaves of absence (such as maternity leave, sickness absence)
• Photograph(s)
• Disciplinary / grievance records*
• Time and attendance details
• Bank account details for salary payment and fraud prevention purposes, including any payments made by Admiral Group for loans, finance or claims
• Expenses such as travel and expenses claimed from the Group
• Skills and qualifications
• Professional membership
• Training history and plans
• Results of original and ongoing employee screening, where relevant
• Driving licence and history check information (which may include motoring convictions) for company car purposes, where relevant
• Details provided in relation to Conduct policies (such as conflicts of interest, personal account dealing, trade body membership and so on)
• Health & safety incidents, accidents at work and associated records
• Building CCTV images
• Audio recordings of telephone interviews
• Video recordings of interviews
• Notes from face to face interviews
• Psychometric test results and associated reports
• Results from behavioural assessments (e.g. Assessment day exercises)
• Results from technical assessments
• Beneficiary and emergency /next of kin information
• Written /verbal communications about you

* These categories of information might potentially include some special category personal data.