Where AXA UK plc is your employer or recruiting entity it acts as the Data Controller for employment purposes; where your employer or recruiting entity is another UK AXA entity your employer acts as a Data Controller and AXA UK plc will act as a Processor providing HR Services on behalf of your UK AXA employing or recruiting entity. Health-on-Line is part of the AXA group.
AXA collects and processes your personal data for the purpose of employment with AXA. We are also obliged to process personal data for legal and regulatory purposes, such as for conducting certain background checks. In addition, it is our legitimate interest to collect data via cookies, which are placed on our website to improve its functionality and monitor effectiveness.
2. Personal information that we collect
In order to be considered for employment you will be asked to provide us with personal information. The types of personal information that we may collect and use include:
· Address, and evidence of it
· Contact details
· National Insurance Number
· Business Title/Job Title
· Employment history
· Education history
· Financial information relating to your salary and taxation (such as credit history, reward and overall current and requested salary package)
When providing us with the information, you represent that such information is accurate, complete, up to date and true and is supplied for the sole purpose of seeking job or employment vacancies or positions.
3. Special Categories information that we collect
The types of special categories of personal information that we may collect and use include:
· Nationality (including visa status, the need for sponsorship, current right to work in the UK and full identity verification)
· Ethnicity (language details, education institutions, background information and Equal Opportunities data)
· Picture (copy of your ID)
· CCTV if you enter our premises for an interview
· Employment references
· Background checks, via a third-party specialist provider. Criteria would include right to work in the UK, proof of current address, criminal activity, current and previous employment, academic verification, international sanctions and credit history
· Health data (obtained only at offer stage and through our Occupational Health provider, who will act as a separate data controller for that purpose)
· Health & Safety related information, where relevant.
· Information on your family members (for employees who work outside home / host country, emergency contact details and financial beneficiaries)
AXA is an equal opportunities employer and does not in any way discriminate against any individual who provides information in line with Equal Opportunity categories should you choose to provide this. Information provided is only used for reporting on the diversity of our candidate base across the organisation.
4. Where does your personal information come from?
Most of the personal information that we hold about you is provided by you. In addition, we may collect data from:
· Official authorities (for financial, immigration and criminal history)
· Your previous employers
· Your attended education institutions
· The recruitment agency, if applicable
5. What do we do with your personal information?
Your information is used to assess and administer your application for employment at AXA:
· Contacting you as a potential candidate
· Conducting interviews
· Assessing the suitability of you as a potential candidate
· Doing background checks
· Preparing your employment contract for signature
· Internal procedures to onboard
· Monitor and review AXA’s resourcing practices
6. Legal grounds for processing your personal information
Previous grounds for processing personal data for employment purposes have relied on consent. Under the new data protection laws in force from May 2018 the following legal grounds replace the previous legal grounds for processing:
· Our data processing in resourcing is based initially on our legitimate interest, when we initiate contact with you.
·Limited AXA on-line resourcing systems may seek consent to process your information for recruitment purposes.
· We conduct resourcing from the basis of entering into a contract where we advertise a vacancy, and a job applicant sends us their CV and application to be considered.
· In addition, during the resourcing process when you indicate that you are interested in proceeding, our legal basis for processing your data will change into preparing to enter into a contract with you, and a legal obligation to process certain data, such as for conducting background checks.
· In some circumstances, where we have a legal obligation to process special categories of data we will do so without asking for consent, in other cases we may ask for specific consent for these special categories. This is for example for:
- Completing background checks, such as financial, immigration and criminal history.
- Retaining your CV for future opportunities if you have been unsuccessful with your application.
· When we rely on your consent to process special categories of data, it will be done on a case-by-case basis. In these circumstances, we will explain the purpose and give you the opportunity to decline.
· In exceptional cases, we may process your data for the protection of a vital interest of yourself or another person.
7. Sharing your personal information with other parties
In some cases where third party suppliers provide technical support such as AXA Group HR Strategic Solutions, third party technical support companies may operate in countries outside the EEA, such as India or the United States. In these instances, we ensure those parties have appropriate arrangements in place to allow for international transfer (see section 10).
All disclosures are made following the applicable laws and regulations, and the necessity to disclose data.
Disclosures within our group:
· If you agree for your CV to be retained for possible future vacancies, we may share your data within the AXA group.
· HR, Payroll and Reward teams to administer your employment
Data transfers to third parties and processors:
· Outsourced recruitment organisations (including background checking, psychometric assessments, video interviewing etc.)
· Resourcing team who assess and administer your application for employment at AXA.
· Third party providers who facilitate discussions with current employees to enable you to talk about working for AXA
· Relevant entities to process your financial data (HR, Payroll and Reward teams)
· Insurance and healthcare entities
· Technical support teams
For recruitment purposes, your data may be shared with the Hiring Managers and relevant Senior Members of the hiring team.
8. How long do we keep your personal information for?
9. Your rights on your personal information
Data protection legislation gives individuals the following rights in relation to personal information held about them:
· individuals can ask what personal information is held about them and be provided with a copy;
· if personal information held about an individual is incorrect, he or she can ask for it to be corrected;
· individuals can ask for personal information about them to be deleted or for the processing of their personal information to cease in certain circumstances;
· individuals can request that certain types of personal information held about them is sent to them or another organisation, in a format that is read electronically;
· individuals can withdraw their consent to process their personal information, where that processing is based on their consent;
·individuals can make a request to restrict the processing of their personal information in certain circumstances.
Exercising these rights is subject to certain restrictions under data protection legislation. For further information about these rights, you should write to us using the contact details in section 13.
10. Security measures.
We apply appropriate security measures to protect your privacy and data.
· We ensure that data is transferred and disclosed using secure means.
· All the data transfers are also covered with appropriate legal safeguards, such as Binding Corporate Rules, (“BCR”) which are inter-AXA agreements.
· We also have contractual agreements with third party data processors, who are required to adhere to AXA’s privacy and security standards and policies.
· We maintain your data within the EEA with limited technical support outside the EEA, such as India or the United States. In these instances, we ensure those parties have entered into contractual clauses which ensure a legally compliant level of protection. In some circumstances when transferring data to the US we may rely on the Privacy Shields as an appropriate safeguard.
· Where applicable, we use encryption, anonymization and pseudonymisation.
· We limit the amount of data processed, to what is necessary for the purpose for which we collect the data.
· We follow AXA’s data retention policies
· We follow AXA’s privacy and security policies.
If you are unhappy at any stage with how AXA is using your personal information, you have the right to contact AXA’s Data Protection Officer in the first instance or to lodge a complaint with the Information Commissioner's Office (www.ico.org.uk).
13. Contact us
If you have any questions about how your personal information is used, please feel free to contact us at the following address: The Data Protection Officer of the UK AXA entity responsible for recruitment, or
The Data Protection Officer:
80 Holdenhurst Road
If you are dissatisfied with the way in which AXA has processed your personal data, you can contact:
The Information Commissioner’s Officer direct; please write to the Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.