Privacy Notice for Job Applicants 

Last Updated 27th November 2024

Rinri-Therapeutics Ltd is committed to protecting the privacy and security of your personal information. 

This privacy notice explains what personal data (information) we will hold about you, how we collect it, and how we will use and may share information about you during the job application process. We are required to notify you of this information under the UK General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. Please ensure that you read this privacy notice and any other similar notice we may provide to you when we collect or process personal information about you. 

Data Controller and Contact Details 

 In collecting and processing this personal data Rinri-Therapeutics Ltd is the data controller of your personal data in relation to the job application process. When we say “Rinri”, “we”, “us”, “our”, or “the Company”, this is who we are referring to.  

The Company is registered at:  

Innovation Centre 

217 Portobello 

Sheffield S1 4DP, UK 

Tel: +44 [0] 114 222 4330 

Email: enquiries@rinri-therapeutics.com  

About the information we collect and hold  

Rinri collects and processes a range of information about you. This includes: 

  • Name, address, telephone number, email address, other contact information 
  • Gender 
  • Date of birth 
  • Employment history, other relevant experience, achievements, skills and qualifications 
  • Other personal information you have provided in your CV and/or cover letter 
  • Information from your LinkedIn profile (if you make reference to your LinkedIn profile in your CV or application) 
  • The notes and outcome of any interviews or tests which form part of the recruitment process 
  • Employment references and the results of any pre-employment screening 
  • Any other additional information provided by you in the context of the recruitment and Selection process, such as: 
  • information about your nationality and entitlement to work in the UK 
  • reports regarding any pre-employment assessments, where undertaken 
  • Any other correspondence relating to your recruitment  

 

How does the Company obtain and use your information? 

The personal information we hold about you comes from the following places: 

  • Your recruitment application and the supporting information you included with it (either directly or via a recruitment agency) 
  • Pre-employment checks, vetting and references from external parties 
  • Information created by the Company during your recruitment application, such as correspondence with you, interview notes or assessment results  

Rinri and the companies that process recruitment related information on our behalf will use your personal information to: 

  • Evaluate your application and assess your suitability for the role in question 
  • Make a decision about whether you should be selected for interview and appointment 
  • Conduct relevant pre-employment screening 
  • Review and audit the recruitment process and its outcomes 

Your personal information will only be accessed and processed by authorised personnel (i.e. managers and interview panellists) who are involved in the management and administration of the recruitment process and have a legitimate need to access your personal information. 

Why does the Company process personal data? 

Under privacy and data protection legislation, Rinri is only allowed to use personal information if we have a proper reason or ‘legal basis’ to do so. In the case of your recruitment application with Rinri, these ‘legal grounds’ are: 

  • For the performance of a contract, or to take steps at your request, prior to entering into a contract, in this case a contract of employment 
  • For legitimate interest to ensure effective general HR and business administration 
  • To comply with our legal obligations or to respond to and defend legal claims 

Sometimes we also need to collect or store information that is defined as ‘special category personal data’. In the case of your recruitment application this is likely to consist of the following, where you choose to provide it: 

  • race and ethnic origin 
  • religion 
  • health (physical or mental) 
  • sexual orientation 
  • Union membership 

As before, there are a number of ‘legal grounds’ we rely on when handling this kind of information, depending on the circumstances, which are: 

  • Where we have your explicit consent to do so for a particular purpose 
  • Where it’s necessary for carrying out the obligations and exercising specific rights of Rinri or you in the field of employment law  
  • For the establishment, exercise or defence of legal claims 
  • Where’s it’s necessary for equality of opportunity or treatment  
  • Where it’s necessary for the prevention and detection of crime or fraud  

In addition, we rely on processing conditions at Schedule 1 part 1 paragraph 1 of the Data Protection Act (DPA) 2018. These relate to the processing of special category data for employment purposes. 

If you fail to provide personal information 

If you fail to provide certain information when requested, we may not be able to perform the recruitment process relating the role for which you have applied. 

Change of purpose 

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with data processing rules, where this is required or permitted by law. 

Who has access to data? 

The Company takes the privacy of job applicants very seriously and has a range of policies and processes in place to safeguard their personal information. Your information may be shared internally amongst our departments, including with members of HR, management and managers in the business area in which you have applied. Whenever Rinri shares your personal data within the Company, this will be done on a need-to-know basis. 

Access to systems that hold recruitment-related information is restricted to authorised personnel. Your information is stored on systems that are protected by secure network architectures and are backed up on a regular basis for disaster recovery and business continuity purposes; and to avoid the risk of inadvertent erasure or destruction. Anyone with access to personal information held in the Company systems is required to complete privacy and data protection training on a regular basis. 

With whom do we share the information? 

Rinri shares your data with third parties in order to obtain pre-employment references from other employers. The Company also has contracts with third party service providers, who may provide support in respect our recruitment and selection processes e.g. recruitment agencies. These third parties will process applicant information in accordance with our instructions and make decisions regarding the information as part of the delivery of their services; they are also required to put in place appropriate security measures that ensure an adequate level of protection for personal information. In these circumstances the data will be subject to confidentiality arrangements. 

In some circumstances, disclosures of applicant personal information to the police (and other law enforcement agencies) are permitted by the privacy and data protection legislation, if they are necessary for the prevention or detection of crime and/or the apprehension or prosecution of offenders. Each police request to the Company is dealt with on a strictly case by case basis to ensure that any such disclosure is lawful and proportionate. 

Rinri may also disclose your personal information to a third party in the following circumstances: 

  • If it is necessary to do so in order to establish or defend the Company’s legal rights (i.e. in the context of a court case involving Rinri) 
  • In an emergency where the health or personal security of an applicant is at risk 
  • Where the Company is otherwise required or permitted by law 

Transferring information outside the UK 

Rinri and their service providers may process your personal information in countries both within, and outside, the United Kingdom (UK) and the European Economic Area (EEA). Whenever we transfer your personal data out of the UK or the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UU authorities or the European Commission. 
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the UK and Europe. 
  • Where we use providers based in the US, we may transfer data to them if they are part of the Data Privacy Framework (DPF) regime which requires them to provide similar protection to personal data shared between Europe and the US or have appropriate safeguards in place such as Standard Contractual Clauses (SCCs). 

Automated Processing and Profiling 

Under data protection legislation we have to let you know when we use your personal information to do something ‘automatically’ using our computers or other systems or use it to make an automated decision (without human intervention) that significantly affects you. 

Rinri does not make any recruitment related decisions based solely on the use of automated systems, databases or computer applications. 

How does the Company protect data? 

Rinri has internal policies (Information Security Policy and Backup and Disaster Recovery) and controls (such as Role Based Access Control, Auditing, Anti-malware software, Data Encryption, Firewalls, Intrusion Detection Systems, Vulnerability Scanning and Patching, plus others) in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by authorised employees in the performance of their duties. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. 

We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. 

Where the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. 

How long we keep your information 

If your application for employment is successful, the Company will then use your personal information to manage and administer its employment relationship with you. If your application is unsuccessful, Rinri will retain your personal information for 12 months from the date on which the relevant recruitment campaign is closed.  

This is for the following reasons: 

  • To respond to correspondence, concerns or complaints 
  • To maintain records according to rules that apply to us (for example employment law) 
  • To establish and defend any legal rights 

Your rights 

As a data subject you have a number of rights. You can: 

  • Access and obtain a copy of your data on request; 
  • Require the Company to change incorrect or incomplete data; 
  • Require the Company to delete or stop processing your data – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it; 
  • Object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing; 
  • Request a restriction of processing of your personal data; and 
  • In some cases, request the transfer of your personal data. 

If you would like to exercise any of these rights, please contact the DPO. 

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the DPO. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed.  

Your right to complain 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk/make-a-complaint/ or telephone: 03031231113). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance. 

How to contact the Data Protection Officer 

In order to exercise any of the above rights or for any questions regarding this Notice and our privacy practices, you can send an email to us at data.protection@rinri-therapeutics.com or a letter at: Rinri Therapeutics Ltd, Innovation Centre, 217 Portobello, Sheffield S1 4DP, United Kingdom.  

Changes to this notice 

It’s likely that we’ll need to update this notice from time to time, so check back here regularly to find out more. Your continued use of the site will mean that you accept those revisions.