Privacy Policy

CANDIDATE PRIVACY NOTICE

Sodexo Ltd is a “Data Controller”.

Address One Southampton Row, London WC1B 5HA.

This means that we are responsible for deciding how we hold and use personal information about you.

Sodexo is part of the Sodexo Group of companies.  Sodexo was founded in France and has developed into an international company operating in 80 countries worldwide. Sodexo Ltd assists our subsidiary companies ( and on occasion subsidiaries of our parent company) in recruiting staff.

In the UK or Ireland, your personal data may be shared with Sodexo entities within the UK or EEA where joint services are provided, for example, HR, payroll, legal and IT. You can find out more about the Sodexo Group by visiting our website www.sodexo.com and in the sharing section below.

If you have any data protection queries our local contact is dataprotection.ukandie@sodexo.com

Our Group DPO can be contacted on dpo.group@sodexo.com

Or you can write to the address provided above.

1.         DATA PROTECTION PRINCIPLES  

We will comply with data protection law and principles, which means that your data will be:

  • They are used lawfully, fairly and in a transparent way.
  • It is collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

WE HAVE SET OUT BELOW THE KIND OF INFORMATION WE EXPECT TO HOLD AND USE ABOUT YOU AND WHY.

Kind of Data

Why

Lawful Ground

  • The information you have provided to us in your curriculum vitae and covering letter or online registration. This will include name, contact details, employment history and qualifications, ID and right to work.
  • Assess your skills, qualifications, and suitability for the work/ role.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements

 

  • Steps to enter into a contract
  • Legal obligation
  • Legitimate interests to decide whether to recruit
  • Information from the interview, correspondence and communications during the recruitment process and test/assessment centre results
  • Assess your skills, qualifications, and suitability for the role.
  • Communicate with you about the recruitment process.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements

 

  • Steps to enter into a contract
  • Legal obligation
  • Legitimate interests to decide whether to recruit
  • If applicable information from and to agencies involved in your recruitment
  • As above and including communication with the recruitment agency
  • Steps to enter into a contract
  • Legal obligation
  • Legitimate interests to decide whether to recruit
  • Referees and where relevant to the job role, criminal data checks and other background checks
  • Assess your skills, qualifications, and suitability for the work/role
  • Carry out background and reference checks, where applicable.
  • Keep records related to our hiring processes.
  • Comply with the legal or regulatory requirement
  • Steps to enter into a contract
  • Legal obligation
  • Legitimate interests to decide whether to recruit and check suitability, for example if the role is to provide services to the healthcare or education sector or requires a high degree of trust and integrity
  • Information about health conditions that you tell us about

 

 

 

  • Where relevant to the job role or to provide reasonable adjustments
  • Legitimate interest and legal obligation of being able to provide adjustments and employment law purposes
  • Information you have provided to us about ethnicity, disability, age, religious beliefs, gender and sexual orientation/gender assignment.
  • Where it is collected for monitoring, promoting and reporting on equal opportunities and diversity
  • Legitimate interest in reviewing equality and diversity, legal obligation and ensure meaningful equal opportunity monitoring and reporting. You can ask us not to process this information.

 

 

2.         IF YOU FAIL TO PROVIDE INFORMATION

 

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully.

3.         AUTOMATED DECISION-MAKING  

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

4.         DATA SHARING  

We will only share your personal information with third parties to process your application, for example if the role is carried out at one of client's premises or your application was sent by a recruitment agency, or where it is required for further background checks which would be specified to you.

If you are applying on the Sodexo portal for a role with Sodexo Ireland, Sodexo Remote Services Scotland Ltd Centerplate, Heritage Portfolio, a CRC, AIP group companies, Tillery Valley Foods or Good Eating Company (other Sodexo Companies), we assist them with their recruitment process. They can be contacted directly for privacy information.

Otherwise, Personal data may be shared within the Sodexo Group of Companies only where necessary and where joint services are provided. Data is not shared outside of the EEA without an adequacy ground which will usually be the use of EU model contractual clauses

5.         DATA SECURITY  

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.          

6.         HOW LONG DO WE KEEP YOUR PERSONAL DATA?

If you are unsuccessful in your application, the records are kept for up to 12 months.

If you registered with us, then your information on the site will be retained and accessible to you while you are registered. If the registration is inactive for 12 months, we have a closure process.

Where offers of employment are made, contractual information is retained for approximately 6 years after employment ends under statutory limitation periods. We only keep personal data for as long as necessary for the purposes for which it is processed, or if required for legal obligation or legal claims.

7.         YOUR RIGHTS

Sodexo is committed to ensure protection of your rights under applicable laws. You will find below a table summarizing your different rights:

Right of access

Right to be forgotten

Right to restriction of processing

Right to data portability

Right to object to processing, including Direct Marketing **

Withdraw consent to the processing

Right not to be subject to automated decisions *

 

Right to Restriction

Right to Rectification

 

* without human intervention which have significant legal effects, unless this is based on consent or contract.  If Automated decision making is used in the recruitment process, you will be advised and have a right to challenge the decision, make a comment or ask for human intervention.

** You can unsubscribe to marketing emails if you signed up to marketing at any time, by clicking the unsubscribe link or contacting DSAR.UKandIE@sodexo.com

You can use this webform to make a request, please click here :One Trust Form  

This electronic system allows you to log in and see the progress of your request, see and send messages and review your documents securely. This system is called One Trust, and after making the request, you will be sent details about how to log on. Alternatively, you can also send your request by email to DSAR.UKandIE@sodexo.com, in writing to 310 Broadway, Salford, M50 2UE or by calling Sodexo PeopleCentre on 0845 603 3644 and asking for DSAR team. The team will liaise with you about how you to contact you about your request and receive information.

You can also raise queries or complaints to the UK and Ireland Data Protection Special Point of Contact, by email to DataProtection.UKandIE@Sodexo.com or by post to 310 Broadway, Salford, M50 2UE.

Queries and complaints can be escalated to the Group Data Protection Officer, by email to DPO.Group@Sodexo.com.

Right to lodge a complaint to the competent Supervisory Authority

You can choose to lodge a complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages. The Supervisory Authority is the Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, ico.org.uk.

You also have the right to lodge your Complaint before the courts where the Sodexo entity has an establishment or where you have your habitual residence.