What is this notice for?
This notice explains what we do with your personal data and the steps we take to keep it secure. It explains when and how we collect personal data, who we share it with, how we process it and what your rights are in respect of the personal data processing we carry out.
Who is Greene King Services Limited?
You are being considered as a candidate by the Greene King group. As the country's leading pub retailer and brewer, we have over 3,000 pubs, restaurants and hotels across the UK and brew a range of award winning beers.
When we say 'we', 'us' or 'our' in this notice, we are referring to Greene King Services Limited. We are the data controller in respect of the data we hold about you as our candidate. Our ICO registration number is Z9231233.
When do we use your personal data?
To process your job application we need to process some of your personal data.
We don't keep your personal data for any longer than we need it. See our retention periods below for more details.
How do we use your personal data?
You will be asked to supply information that allows us to assess you as a candidate. This includes your contact details, work experience, qualifications and salary information. We use this information so that we can get in touch with you and to complete initial screening. We may also ask for your gender, ethnicity and whether you consider yourself to have a disability according to the definition in the Equality Act 2010. We use this information for monitoring purposes only to support our equal opportunities efforts.
When we shortlist you as a candidate including testing
Each vacancy has a set of defined role requirements to allow us to ensure we recruit people with the right skills and experience. We will compare the information provided in each application against these requirements so that we can shortlist the people we consider to be most suitable.
For some positions there are numerical or verbal standards we think necessary and as such may ask you to complete tests to check you meet the criteria. The outcomes of these are kept with your application and may be shared back with you. For other roles we have more in-depth personality or skill profiling to ensure the specific needs of the role can be met. Your results will impact our decision to progress you as a candidate.
When we meet you at interview
We will use this opportunity to learn more about your suitability for the vacancy as well as providing you with information so that you too can determine if it's right for you. The hiring manager will ask a series of competency or other questions based on the information you have provided to assess your suitability for the role and record your responses in our talent management tool. The answers you give to these questions will be referred to when making decision to progress you or not a candidate.
For some roles we may have additional interview stages as there may be need to involve others in the selection decision.
We will normally ask you if you have previously worked for Greene King and, if so, when, so that we can take this experience into consideration. We will also take into account your reason for leaving so that we can determine whether we ask you to provide additional information relating to your new application.
When we request a reference
We may ask you for a suitable referee to contact in the event that we want to verify some of the information that you have provided. If we do, we may also state that any offer of employment is subject to the reference being considered by us as satisfactory.
If you are successful at interview
If you are successful we will ask you for any additional information that we need to complete that stage. This will allow us to issue a contract of employment with any associated information or other terms according to the role. Such additional information may include the title you use, full name, National Insurance number, full address and phone numbers, date of birth and availability to start so that we can make plans for your arrival.
If you are unsuccessful as a candidate
If you are unsuccessful we will let you know and record the outcome with the other information that we collected during the application process.
If you withdraw your application at any time we will also record this with the application.
If you register for job alerts
If you register on our website to receive our job alerts emails, you will be notified by email of the vacancies that match your preferences so that you can decide if you want to apply.
How long do we keep your personal data for?
|Information about||Is kept until|
|When you apply for a vacancy||12 months from the date the vacancy is closed.
However, if you decide to receive notifications about other vacancies this period is extended to 2 years.
|If we request a reference||Whilst you remain an employee and for 7 years thereafter.
If you do not become an employee this will be kept with the other application details.
|If you register for job alerts||Until you update your preferences or unsubscribe for job alerts by logging into your account..|
Who do we share your personal data with?
Other Greene King companies
Any of the information we collect from you may be shared with other companies within the Greene King group:
|Greene King plc||This is the holding company in the Greene King group||Westgate Brewery, Bury St Edmunds, Suffolk IP33 1QT|
|- Greene King Retailing Limited
- Spirit Pub Company (Managed) Limited
- Spirit Pub Company (Trent) Limited
|These are operating companies that own pubs within the group|
|- Greene King Services Limited
- Greene King Retail Services Limited
|These are the companies that employ the group’s employees|
Each of these companies is bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.
Organisations who help us to provide our products and services
We work with a number of third-party suppliers and service providers.
|Organisation||Contact Details||Data shared||Reason for sharing|
|Cornerstone On Demand, Inc.||
4 Coleman Street,
|Name, Date of birth, address, postcode, email address, employee ID number, work location, registered interest in job roles, job title||Provision of talent management tool/software (TAP)|
|Human Factors (UK) Ltd||
16 Connaught Place
London, W2 2ES
|Name, email address and gender||Provision of recruitment assessment tools|
|Cut-e UK Ltd||
|Name and email address||Provision of talent measurement and psychometric assessment services|
|Associates in Advertising Limited (AIA Worldwide)||
|Email address||Provision of talent measurement and psychometric assessment services|
The Engine House
Wharfebank Business Centre
|Name, address, email, phone, CV Responses to questions about preferences and other info supplied for consideration||Candidate registration/recruitment software|
|Lifetime Training Limited||
|Name, email, date of birth, address, phone and phone number||Apprentice application processing|
These organisations are bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.
International data transfers
Cornerstone on Demand has operations in countries outside of the European Union or the European Economic Area. Before your personal data is transferred outside of these regions, we implement at least one of the following safeguards:
- We check whether the personal data is being transferred to a country that has been deemed to provide an adequate level of protection by the European Commission. You can see the list of adequate countries here.
- Where we use third parties based in the United States, we check if they have signed up to the Privacy Shield framework. This framework requires signatories to provide a similar level of protection to personal data as would be the case if the personal data remained within the European Union or European Economic Area.
- We may use specific contracts approved by the European Commission (standard contractual clauses) which give personal data the same protection as it has in the European Union and European Economic Area.
- If we are unable to apply any of the first three safeguards, we will try to contact you to ask for your consent before we transfer your personal data.
Other situations that may require us to share your personal data
We will share your personal data if we are required to do so by law or by a regulatory authority. For example, we may have to share your personal data for the detection or prevention of crime, fraud or money laundering, or to allow a regulator or ombudsman to investigate a complaint you have submitted to them.
We will share your personal data if we need to do so to protect our business interests, such as to enforce the terms of a contract, pursue an overdue debt or defend our legal rights.
As we develop our business, we might sell or buy group companies or other businesses. This might involve transferring customer information to the person buying the businesses. If this happens, the new owner will be bound by the terms of this privacy notice.
Occasionally, we may need to share your data to protect the rights of other organisations or people. In these cases, we will try to contact you to seek your consent first but this may not be possible, especially in the event of a medical or other emergency.
How do we comply with data protection law?
We have adopted the measures that we believe are necessary to comply with the Data Protection Act 2018 (which replaced the Data Protection Act 1998), which fully embeds the General Data Protection Regulation into UK law.
We have also adopted the measures that we believe are necessary to comply with the Privacy and Electronic Communications Regulations 2003. These Regulations set out an additional set of rules that we must follow whenever we communicate with you via any of our websites and apps, or by telephone, fax, email or text message.
Protecting your data
We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our customers, candidates and employees. These protective measures include:
- Not collecting personal data that we don't really need
- Destroying or anonymising personal data securely when we don't need it any more
- Only allowing our staff and our suppliers to process the personal data they need to carry out their duties
- Encrypting personal data to render it useless to anyone who is not authorised to access it
- Making sure that staff are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities and are bound by appropriate obligations of confidentiality
- Binding our suppliers and partners to the same standards and duties of care that we hold ourselves to
- Protecting our websites, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware
- Making periodic checks that all of these measures are working well and making improvements to them when we think we can do better
Being accountable for what we do
As well as the security measures mentioned above, we have a team of people whose job it is to make sure that Greene King does the right thing the right way whenever we're processing personal data. This team includes a Data Protection Officer, who can be contacted using these contact details.
There are a set of checks we apply to make sure we process personal data fairly and transparently. These include:
- Providing you with clear and accurate information about why we need your personal data, what we do with it and how long we keep it for
- Checking that our business interests don't unfairly or unreasonably impact upon you or your rights
- Identifying personal data processing risks and reducing them to an acceptable level
- Responding honestly, clearly and promptly to enquiries we receive from you or from the Information Commissioner's Office (ICO)
Making sure our processing respects the law
The ICO have published a helpful guide to lawful bases for the general public which you can find here. The lawful bases we rely on for the processing we do are shown in bold typeface in this table:
|When you apply to work at Greene King||We process this data because it is in our legitimate interests to provide candidates with information about ways to apply for Greene King vacancies and in order to assess suitability for the role.
We provide candidates with options in TAP so that they can opt in to receive notification about other vacancies should their first application be unsuccessful.
We know finding the right candidate for some roles can take time so we have a legitimate interest to build a talent pool from which we can approach people who have indicated their interest in being contacted.
|When we screen and assess you as a candidate||We process this personal data because it is in our legitimate interests to select the right candidate for each role. This may include details of your previous Greene King employment.|
|When we verify your eligibility to work in the UK||We process this data to satisfy our legal obligation to only employ people who have the right to work in the UK.|
|If we ask for a reference||We request and process this personal data because it is in our legitimate interests to validate your previous employment or experience.|
|When you register to receive job alerts||You have consented for this information to be shared with you|
Data protection laws give you certain rights and as a responsible data controller, we are committed to uphold these for you:
|Name of right||Description||How to make a request|
|Information||You have the right to know what we want your personal data for, what we will do with it, who we share it with and how long we keep it for. This is the primary reason for publishing this notice.||Send any questions you have about our privacy notices to email@example.com|
|Access||You have the right to be sent information about the personal data we have about you and a description of what we are using it for. This is also known as a ‘subject access request’, ‘SAR’ or ‘DSAR’.||Send your request to firstname.lastname@example.org|
|Rectification||You have the right to ask us not to process inaccurate personal data or to ask us to correct it.||Send your request to email@example.com
Some conditions and limits apply to these rights: you can find out more about these on the ICO website
|Erasure (‘right to be forgotten’)||You have a right in certain situations to ask us to delete your personal data.|
|Restrict processing||You have a right in certain situations to ask us not to process your personal data.|
|Object to processing||You have the right in certain circumstances to object to the fact that we are processing some of your personal data.|
|Portability||You have the right in certain circumstances to ask us to pass some of your personal data to another data controller on your behalf.|
|Complain||You have a right to lodge a complaint with the UK Information Commissioner’s Office or in some situations, another European Union data protection authority.||Send your complaint to the ICO
You can find a list of all European Union data protection authorities here
|Withdraw consent||Most of the personal data processing we do does not rely on your consent to make it lawful but any consent that we are relying on can be withdrawn by you if you decide you wish to do so.||Follow the unsubscribe instructions in any of the marketing messages we have sent you or send your request to firstname.lastname@example.org|
Detailed information about all of these rights can be found on the ICO website.
Responding to your questions
When you notify us that you want to exercise any of your rights, we will acknowledge your request as soon as possible and ask for any information we may need to verify your identify: if we don't already know who you are, we will ask you to send us a copy of your passport or photo-card driving licence, so that we can check your name, address and signature.
Once we have confirmed your identity, we will validate your request then gather together the information we need to be able to respond fully to it.
Whilst we always try to carry out this work as quickly as possible, it may take us up to 30 days to respond to you in full. If your request is particularly difficult to respond to, we may ask you for any further information that will help us respond more quickly, or ask you if there is some information that you want particularly urgently. We may also respond to your request in phases, as relevant information becomes available.
If we cannot satisfy your request within 30 days, we will write to you to tell you why, and when we expect to be able to provide you with a full response. If for any reason we decide that we should not respond in the way you have asked us to, we will provide you with our decision and our reasons for reaching it within 30 days.
Changes to this privacy notice