Privacy Policy

Privacy Policy

Your Privacy and Security

Introduction

Here in the Admiral Group plc, we are totally committed to keeping your personal data safe. We will always treat your personal data with respect. This privacy policy will help you understand how we collect, use and protect your personal data.

You acknowledge that by providing your personal data to us, you consent to its processing in the manners outlined below.

This privacy policy applies to applicants who enter into our recruitment process and those who become employees of EUI Limited, Admiral Law, or BDE Law.

Who we are

Admiral, Diamond, Bell, Elephant, Veygo, and First Car Quote are trading names of the data controller EUI Limited (Registered Number 02686904).

Gladiator and Admiral are trading names of the data controller Able Insurance Services Limited (Registered Number 02890075).

Admiral Law is a trading name of the data controller Admiral Law Limited (Registered Number 08023665).

EUI Law, Diamond Law, and Elephant Law are trading names of the data controller BDE Law Limited (Registered Number 08023674).

Admiral Loans and Admiral Car Finance are trading names of the data controller Admiral Financial Services Limited (Registered Number 10255225)

Confused.com is a trading name of the data controller Inspop.com Limited (Registered Number 03857130).

EUI Limited, Able Insurance Services Limited, Admiral Law Limited, BDE Law Limited, Admiral Financial Services Limited, and Inspop.com Limited, are each part of Admiral Group plc (Registered Number 03849958).

Data we collect

As part of our candidate application and recruitment process we will collect, process and store your personal data.  We process this data for a range of purposes relating to the recruitment process and employment, and this may include your application, assessment, pre-employment screening, and your worker permissions.  This document sets out to explain:

  • Why we collect your personal data;
  • What personal data is collected and;
  • How your personal data is processed within the recruitment process and once you are an employee of the Admiral Group.

Throughout this Privacy Policy we use the term “processing” to cover all activities involving your personal data, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of the information.

Why we collect your personal data

In order to manage your application and employment, we need to process certain personal data about you. We only process your data as necessary for the purposes of progressing your application, employment, or as required by law or regulatory requirements.

We may process your personal data in order to conduct pre-employment screening including: qualifications and professional membership checks, Solicitors Regulation Authority (SRA) checking for those applying for employment in our Law firms or in a legal role, adverse information checks including open source searches, county court judgements, financial checks, anti-fraud checks, financial sanctions checks, criminal background checks, penalties for tax evasion.

Personal data we process

Here are some examples of the type of personal data we may process. There’s a full list in the schedule at the end of this notice.

  • Personal details such as name, address, date and place of birth;
  • National insurance number
  • Employer feedback / references to include regulated references where necessary;
  • Photographs and images from recorded assessments or from on site CCTV;

During the process we also capture some sensitive personal data about you (e.g. disability information). We do this in order to make reasonable adjustments to enable our candidates to apply for jobs with us, to be able to take online/telephone assessments, to attend interviews/assessment days, to prepare for starting with us (if successful) and to ensure that we comply with regulatory obligations placed on us with regard to our hiring. We may also indirectly collect other special category personal data during the course of any fraud investigations

Special category personal data

Examples of special category personal data we may collect include:            

  • Medical history
  • Criminal convictions and CCJs
  • Nationality / visa / right to work permit information; (e.g. passport)

Who we share your personal data with

We will need to share your personal data internally (in the country where you may work, and also in other countries in which we have central operations where you are applying for a role based outside the UK) and may be required to share it with some external parties or associates of the company. Your data will only be shared if it is necessary or required (for example in order to carry out pre-employment screening).

The recruitment process will involve:

  • Assessing and progressing your application,
  • Assessing your suitability (skills, technical ability, strengths, behaviours for the role)
  • Activities needed to complete the on-boarding and screening process should your application be successful.

To enable these processes your personal data may be shared internally, but the data shared is limited to what is required by each individual to perform their role in the recruitment process.

Your personal data may be shared internally with the following people:

  • Those employees who would have managerial responsibility for you or are acting on their behalf;
  • Employees in People Services / HR who have responsibility for certain HR processes (for example recruitment, assessment, pre-employment screening);
  • Employees in Legal, Conduct, Risk, People Services / HR, Regulatory and Fraud with responsibility for investigating issues of non-compliance with laws and regulations, policies and contractual requirements;
  • Employees in IT and system owners who manage user access;
  • Audit and Investigations employees in relation to specific audits/investigations; and
  • Security managers for facilities / premises.

We may also need to share your information with certain external third parties including:

  • Companies who provide candidate interview and assessment services to us;
  • Suppliers who undertake background screening on behalf of us (credit checking agencies, criminal checking bureaus, etc.)
  • Academic institutions (Universities, colleges, professional membership bodies etc.) in validating information you’ve provided
  • Other third-party suppliers (or potential suppliers), who provide services on our behalf.

We would like to bring to your attention our obligations to disclose data in the following four exceptional cases permitted by law:

  • Where we are legally compelled to do so
  • Where there is a duty to the public to disclose
  • Where disclosure is required to protect our interest
  • Where disclosure is made at your request or with your consent

How we protect your personal data

Our HR and Recruitment systems are protected to ensure that unauthorised or unlawful processing of personal data, accidental loss or destruction of, or damage to, personal data does not occur. This is done in accordance with the Group Security Policy.

It may be necessary to transfer your personal data to other Group companies or service providers located outside of the European Economic Area. The data protection and other laws of these countries may not be as comprehensive as those in the UK or the EEA - in these instances we will take steps to ensure that your data is given an equivalent level of protection as it is in the EEA.

Your personal data will be retained in accordance with the Group Records Management Policy.

Our technology

We collect data about you through the use of technology such as cookies and device fingerprinting. View our full Cookie Policy.

Your cookie preferences

Managing, Disabling And Enabling Cookies

You have the ability to accept or decline cookies from any website by modifying the settings in your browser. If you wish to restrict or block the cookies which are set by our website, you can do this through your browser settings. For information about how to manage and disable cookies you can use the 'Help' function within your browser or please visit www.aboutcookies.org or www.allaboutcookies.org. However, please note that by deleting or disabling cookies this could affect the functionality of our website and you may not be able to access certain areas or features of our site.

To opt out of being tracked by Google Analytics across all websites click here.

Data subject rights

You have a number of rights as a data subject. Please note that these rights do not apply in all circumstances.

Request your data

In order to access the data we hold about you, you need to make a ‘Subject Access Request’, or SAR. To make a SAR please email us at:

PSGovernanceteam@admiralgroup.co.uk

or write to us at:

People Services – Governance Team

Subject Access Request
Tŷ Admiral
David Street
Cardiff CF10 2AA

Please note that if your SAR involves the personal data of other people, or you are making a request on behalf of someone else (such as a parent on behalf of their child), we may need identification from these individuals, as well as a signed letter of authority from them confirming that they are happy for you to act on their behalf and for us to release their data to you.

Once we have received your written request and confirmed your identity, we will have 30 calendar days to fulfil your request.  Where for some reason this will not be possible, for instance due to large volumes of data being involved, we are permitted by law to take up to an additional 30 days to fulfil your request. Where any such delay is anticipated we will inform of you this as soon as possible along with details of when we expect to be able to provide you with the requested documentation.

  • Your other rights as a data subject, where applicable, include:
  • The right to be informed about our processing of your personal data
  • The right to have your personal data corrected if it is inaccurate, and to have incomplete personal data completed
  • The right to object to the processing of your personal data
  • The right to have your personal data erased (“right to be forgotten”)
  • The right to move, copy, or transfer your personal data (“data portability”)
  • Rights regarding automated decision making, including profiling

For more details on these rights and how to exercise them, please contact:

PSGovernanceteam@admiralgroup.co.uk If you have any queries about your rights, or believe that they have not been met by Admiral Group plc or any of the companies within the group, please contact our Data Protection Officer at:

yourinformationrights@admiralgroup.co.uk

or by writing to:

Data Protection Officer

Admiral Group plc
Tŷ Admiral
David Street
Cardiff CF10 2AA

If you have any complaints relating to the processing of your personal data, you also have the right to complain to the relevant Supervisor Authority. In the UK this is the Information Commissioner’s Office (ICO). They can be contacted at:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

It is your responsibility to keep your personal data up to date so that accurate application records can be maintained. You can manage all of your applicant data by accessing and updating your profile on the applicant tracking system, Harbour / Onboarding.

Screening checks

As part of the selection process, we perform a number of screening checks on candidates who have been selected for a role. These checks are an important component of the Group’s overall approach to minimising the risk of criminal or terrorist activity and are a requirement under the Insurance Distribution Directive (IDD).  The IDD is EU legislation which sets regulatory requirements for firms designing and selling insurance products. It aims to enhance customer protection when buying insurance. The IDD requires us to check the ‘good repute’ of employees ahead of them becoming involved in insurance distribution. It also states that checks should be undertaken on a periodic basis.  The purpose of vetting is to verify the identity of the worker; to confirm that they have the requisite skills and experience to carry out their roles, and to establish that there are no legal issues or other matters that indicate that the Group may be unduly exposed to risk. 

During the recruitment and application process, you will be asked to provide various information and supporting documents to enable us to complete these checks both prior to employment and on an ongoing basis during employment.
 
If you are recruited into what we consider a 'High Risk' role, or transfer into one during the course of your employment, then you will be subject to an enhanced level of background checking. If a professional qualification or Membership is required for your role this will also be checked.

Criminal record checks

We have legal and regulatory obligations to ensure that the people we employ can be relied upon to undertake their duties and handle information responsibly. We, therefore, ask questions about any prior civil or criminal proceedings you may have been subject to and conduct criminal record checks for all roles. Enhanced checks will be required for those candidates who are appointed to Regulated roles or roles considered by the organisation to be 'High Risk'. 

Credit reference agencies

We will undertake searches about you at credit reference agencies who will supply us with information that we may use in support of our recruitment decision. They supply us with both public information (including the electoral register), and shared credit and fraud prevention information. The agencies will record details of the search but will not make them available for use by lenders to assess your ability to obtain credit.

You can contact the CRAs currently operating in the UK; the information they hold may not be the same so it is worth contacting them all. They will charge you a small statutory fee.

  • Call Credit: Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 060 0550 or log on to www.callcredit.co.uk.
  • Equifax: Credit File Advice Centre, PO Box 1140, Bradford, BD1 5US or call 0844 355 0550 or log on to www.equifax.co.uk.
  • Experian: Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF or call 0844 481 8000 or log on to www.experian.co.uk.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:

www.callcredit.co.uk/crain

www.equifax.co.uk/crain

www.experian.co.uk/crain

Fraud prevention agencies

In order to prevent and detect unlawful acts, fraud cases or dishonest conduct, all new employees are required as a term of their offer to agree to being checked against an anti-fraud database.  This is currently CIFAS. The personal data you have provided / collected from you will be used to prevent fraud and other relevant conduct and to verify your identity. This is in order to protect ourselves, customers and to comply with laws that apply to CIFAS.  

These checks will be carried out against both the Internal Fraud database and the National Fraud Database.  All applicants are checked against these databases upon receipt of a job offer, and the checks are repeated on an annual basis for all employees.  Any matches against the fraud databases will be reviewed by the People Services Department in conjunction with the recruiting manager (for new applicants) or the line manager (for employees) to assess potential risk according to the role applied for / being undertaken and could lead to engagement being refused or your existing engagement may be terminated or other disciplinary action taken.  We may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. CIFAS will hold your personal data for up to six years if you are considered to pose a fraud or relevant conduct risk.

A record of any fraudulent or other relevant conduct by you will be retained by CIFAS and may result in others refusing to employ you.  Should CIFAS decide to transfer your personal data outside of the European Economic Area, they will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area.  They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data, request that your personal data is erased or corrected, and request access to your personal data.  You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.

Financial Sanctions

In order to comply with our legal and regulatory obligations in relation to anti-money laundering and financial sanctions restrictions, we will screen your name against global sanctions lists. The screening will simply involve searching our internal and third party databases to ensure you are not on a sanctioned list.  We are not able to employ anyone on a sanctions list. In addition, in order to comply with our legal obligations relating to anti-bribery and corruption, we will also perform searches and ask questions to assess whether there is a potential bribery or corruption risk to the role based on your personal and political associations. If there is a risk we will look to assess what additional internal controls we need to put in place to reduce that risk.

Solicitors Regulation Authority (SRA) checks

All employees joining our Law firms or a legal role are required as a term of their offer to agree to being checked against SRA records to ensure that there are no findings against the individual that would prevent them working in a legal environment. A further SRA search will be performed annually against all current employees in one of our Law firms or a legal role.

Employee Monitoring

Admiral Group owns and has a right to review all system usage and communications in accordance with compliance regulation and any other relevant legislation.

Email, phone calls and screen capture details may all be recorded, monitored and reviewed for compliance with Group policies. If you use the Group’s systems for personal use we cannot guarantee the privacy of your correspondence as it may be monitored.

CCTV is in operation across all Group sites. It is used for site security, staff monitoring purposes, and may be used in connection with disciplinary matters.

Processing Conditions

The Group’s entitlement to process your personal data is governed by a number of processing conditions. This means that we may rely on more than one of these conditions in order to process elements of your personal data throughout the recruitment process.

  • We will process your personal data in the administration of your application.
  • We will also process your personal data where it is required by law or regulation or it is in the legitimate interests of the applicant or us. This processing will always be fair and lawful and will at all times comply with the principles of applicable privacy laws in the country where you have applied to be employed.
  • During the course of your application it may also be necessary for us or our suppliers to process your sensitive personal data as detailed in the section of this privacy policy headed ‘Why we collect your personal data’. This processing will be carried out as necessary for carrying out our obligations and exercising our specific rights in the field of employment.

Related Policies

There are a number of related policies that should be read alongside this privacy policy. These can be found in the Big Book, which is accessible by all current members of staff, or by using the links below:

Employee Background Checking Policy

Acceptable Use Policy

Convictions Policy

Corporate Film and Photography Policy and Procedure

Sickness and Absence Policy

Phone Calls, Mobile Phones and other Electronic Devices

Social Media Policy

Group Records Management Policy 

Employee Information Guide

Schedule 1: Full list of information we may process

  • Name, work and home contact details
  • Date and place of birth
  • Education and work history
  • Individual demographic information in compliance with legal requirements (such as marital status, national identifier, passport/visa information, nationality, citizenship, military service, disability, work permit, date and place of birth or gender)*
  • Health issues requiring adaptations to working environment*
  • Job title, grade and job history
  • Employment contract related information (including compensation, location, hours of work and so on)
  • Reporting and managerial relationships
  • Leaves of absence (such as maternity leave, sickness absence)
  • Photograph(s)
  • Disciplinary / grievance records*
  • Time and attendance details
  • Bank account details for salary payment purposes
  • Expenses such as travel and expenses claimed from the Group
  • Skills and qualifications
  • Professional membership
  • Training history and plans
  • Results of original and ongoing employee screening, where relevant (see section 6)
  • Details provided in relation to Conduct policies (such as conflicts of interest, personal account dealing, trade body membership and so on)
  • Health & safety incidents, accidents at work and associated records
  • Building CCTV images
  • Audio recordings of telephone interviews
  • Video recordings of interviews
  • Notes from face to face interviews
  • Psychometric test results and associated reports
  • Results from behavioural assessments (e.g. Assessment day exercises)
  • Results from technical assessments

* These categories of information might potentially include some special category personal data.

Changes to this policy

This privacy policy was last updated on 25th May 2018. We reserve the right to make changes to this policy and you will be prompted of any changes when you next visit our website. We may also provide notification of changes on the staff intranet or via internal email.

From time to time we may need to change the way we use your personal data. Where we believe you may not reasonably expect such a change we will inform you of the change(s) being made.