In the UK, as custodian of personal data for customers, suppliers, business partners, staff and service users, Serco has put into place a data protection framework, which is integrated into our management system, alongside our customer requirements. We have data protection policies, standards and processes to strengthen our operating culture, and continuously improve our business in a compliant, ethical and responsible way.
Please see the contents on our privacy page for information about how we collect, handle, share and protect your information when you use our website, services and goods.
For region or service specific privacy notices, please select the relevant link provided on the righthand side panel.
To make the contents easily accessible and digestible, we have broken the details into different sections. For website and job applicant specific privacy notice, please see below.
2 Principles of Data Protection
To help you understand how we handle your personal information more clearly, below is a summary of the data protection principles which guide how we use your personal information. These principles provide that personal data should be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about; and
- Kept securely.
Our site may provide links to third party websites. Serco is not responsible for the conduct of non-Serco companies linked to the site and you should refer to the privacy notices of these third parties as to how they may handle your personal information.
3 Sources of Personal Data
We may collect personal data about you when:
- The personal data is provided by you (e.g. when you apply for a role and register with us, including additional communications via email, telephone or Skype);
- The personal data is collected in the normal course of our relationship with you (e.g. in an interview);
- The personal data in recorded in a video assessment as part of a Serco recruitment programme;
- The personal data is collected from your named referees;
- The personal data has been made public by you (e.g. contacting Serco via a social media platform about future career opportunities);
- The personal data is received by us from third parties, including to verify information you have provided (e.g. recruitment agencies, your former employer, law enforcement agencies, disclosure and barring service checks);
- The personal data is received from our business partners and suppliers (e.g. marketing partners, IT support services, careers portal operator);
- The personal data is collected when you visit our website or use any features or resources available on or through the website (including the careers portal, subscribing to marketing), some of which may be personal data; or
- The personal data may be created by us, such as records of your communications with us or reports from your job interviews.
5 Personal Data Collected
The following sets out the types of personal data we collect on our website/careers portal:
- Personal Details: title, full name, data of birth, age, gender, address, telephone numbers, email address, visa and immigration status, nationality, language and dialect spoken, preferences, subscriptions and pastimes,
- Images and recordings: your photograph, film/video footage and recordings of you (which may include your voice).
- Family and Friends Information: name and contact details of family members, dependents and emergency contact details.
- Career History: business activities, work history, employment roles, experience and referees, work address, work telephone number, former and current names and contact details of employees, work-related social media profile details.
- Qualification, Training and Education History: schools and universities attended, qualifications obtained, additional training obtained.
- Consents: consents, permissions, or preferences that you have specified, such as whether you wish to receive direct marketing by subscribing to receive Serco news and media alerts, Serco regulatory news alerts, Serco job alerts, or when you agree to the terms and conditions for submitting your application for employment.
- Interview Details: interview responses, opinions of interviewers.
- Special Category Personal Data: health and medical information, political opinions or memberships, trade union membership, ethnicity, religion and sexual orientation.
- Criminal Convictions Data: information about criminal convictions and offences, including civil offer barring information.
- Website Access Details: your computers unique identifier (e.g. IP Address), the date and time you accessed the website, passwords to access alerts preferences.
- Security Information: security clearances and vetting information.
- Correspondence: responses, comments, views and opinions when you communicate to us with us for instance when making a complaint and record a video interview.
6 Purposes and Use of Personal Data
The main purpose for using your personal information is to:
- Support and progress your applications for employment with Serco;
- Improve and monitor the operation of our website and the careers portal; and
- Deliver any requested services, such as job alerts.
We use information held about you in the following ways: -
- To assess your application and determine whether a certain job/contract/role is suitable for you;
- To contact you, for instance, to arrange an interview or to discuss a particular role/contract;
- To inform you of employment opportunities which may arise at Serco, including via “job match” emails (please see section 11 below for more information)
- To obtain references from your referees;
- To verify details you have provided to us;
- To contact you with relevant marketing communications (please refer to section 11 below);
- To administer our website and for internal operational purposes to make user experience more efficient (including troubleshooting) and to analyse how the systems are used;
- To enable you to participate in interactive features within our website;
- To prevent unauthorised access and modifications to systems;
- To ensure business policies are adhered to e.g. Policies covering recruitment practices, vetting etc; and
- To carry out vetting.
7 Legal basis for using your Personal Information
Data protection and privacy laws requires us to have a “legal basis” or “lawful ground” to collect and use your personal information. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may include:
- We have obtained your prior consent, for instance when you sign up to receive job alerts.
- We need to use your personal information in connection with the performance of a contract with you or to take steps at your request prior to entering into a contract with us.
- We need to use your personal information to comply with a relevant legal or regulatory obligation that we have.
- Where it is necessary for our legitimate interests (or those of a third party) as a commercial organisation
(to the extent that your interests and fundamental rights do not override those interests), such as:
- Maintaining adequate applicant records;
- To assess suitability for a role including contacting references for verification purposes;
- Vetting candidates for relevant roles;
- To detect and protect against fraud;
- To contact you about other employment opportunities at Serco;
- To make sure we are following our own internal procedures so we can deliver a quality service;
- Establishing, exercising or defending our legal rights in the event of a claim;
- Monitoring managing and operating our website IT systems and ensuring security of those systems; and/or
- In connection with compliance, regulatory and investigative purposes as necessary.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
If you have any queries about our legal basis for using your personal information, please contact the DPO via the details set out below.
How do we justify our legitimate interests?
We carry out balancing tests for the data we processed based on our legitimate interests. You can obtain information about these balancing tests by contacting the DPO on the details below.
8 When is special category and criminal offence personal data collected and used?
Special categories of personal data are particularly sensitive and require higher levels of protection. They include information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers and trade union membership.
We need to have further justification for collecting, storing and using this type of personal information, in addition to having one of the general bases set out in Section 7 above. Where required by applicable laws, we will take steps to have in place an appropriate policy document and safeguards relating to the processing of such personal information.
We may from time to time request that you provide special category information in relation to a job application, such as medical information or personal attributes such as nationality, religion and sexual orientation. Where we do collect and handle special category personal information, we will only handle that information in accordance with applicable law, including where:
- Where we have your explicit consent;
- Where we need to carry out our legal obligations or exercise rights in connection with your employment;
- The processing is necessary for establishment, exercise or defence of legal claims;
- Where it is needed for a substantial public interest, such as for equal opportunities monitoring.
We will consider that you have given us your consent to hold your special category data where you have voluntarily provided such information in your communications with us or provided information we have marked as optional. For the avoidance of doubt, Serco will only use the information for the purpose for which it was received unless otherwise required by applicable law.
Less commonly, we may process this type of information where it is needed in relation to legal claims, legal obligations or where it is needed to protect your vital interests (or someone else's vital interests) and you are not capable of giving your consent, or where you have already made the information public.
Equality and Diversity
We may collect special categories of information (such as your ethnicity, religious beliefs, sexual orientation and your health as regards any disability) to promote diversity and monitor equal opportunities within Serco’s workforce. However, these questions are not mandatory and will not affect your application if you choose not to provide this information.
9 Information about Criminal Convictions
We may be required to carry out vetting if you apply for a designated role which is conditional on such checks. This might involve the collection and use of sensitive information obtained from criminal records checks such as offences or alleged offence including any past or ongoing criminal proceedings. We carry out criminal records checks for the following purposes:
- To comply with our legal obligation to ensure an individual is eligible to work in the UK; and
- For our legitimate interest or that of a third party and as necessary to exercise our rights as an employer to carry out pre-employment screening including a full background and criminal records check, depending on the role: (i) to establish whether an applicant has committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct; or (ii) to comply with government and public sector clearance requirements.
We have in place appropriate policy documents and safeguards which we are required by law to maintain when processing such data.
10 Automated Decision-Making
If you apply to Serco as part of our graduate recruitment programme, your application will go through certain automated decision-making processes: an eligibility to work check and two online assessments (switchChallenge Assessment and Situational Judgement Questionnaire).
These checks and assessments will involve solely automated decision-making, meaning there is no human involvement in making the decision, and are used to determine whether Serco rejects your application for employment at that stage of the recruitment process or refers your application to the next stage.
Serco carries out this automated decision-making as it is necessary for entering into an employment contract with you, and it is a legal requirement that Serco confirm all employees are eligible to live and work in the United Kingdom.
These automated processes support Serco to maintain an objective, consistent and fair candidate selection process and manage the high volumes of candidates applying for our graduate roles, allowing for more applications to be reviewed and quicker hiring decisions to be made than if the reviews were completed manually. They assist Serco to streamline the selection process, assessing candidate against baseline criteria and qualities which Serco has identified as important for successful employment in one of our graduate roles or is required by law to be verified by Serco.
Please note, you will not be able to proceed with your application if you do not complete all the required fields.
How the automated processes make decisions
- Eligibility to Work: You will be asked to select whether you are eligible to live and work in the United Kingdom. This will be a basic ‘Yes’ or ‘No’ selection. If you select “No”, you will receive a message on your screen at the time you are completing the application that your application will not be progressed further. If your application is successful, you may be asked to provide evidence to support that you are eligible to live and work in the United Kingdom.
- Online Assessments: There are three online assessments in part two of the graduate recruitment process. The first assessment is a Work-related Behaviour questionnaire which does not involve automated decision-making. The following two assessments in part two, the switchChallenge Assessment and the Situational Judgement Questionnaire, both involve automated decision-making.
- The switchChallenge Assessment features non-verbal content, requiring you to interpret and manipulate shapes, codes and patterns, to measure your logical problem-solving skills.
- The Situational Judgment Questionnaire requires you to select from a series of multiple-choice options on different scenarios, demonstrating how you would handle and respond to a work-related situation.
Both assessments have predefined correct and incorrect answers, and these assessments will be automatically scored based on your responses using a computer algorithm. Your application will be automatically referred to the next stage if your score is above the minimum result required by Serco for a graduate application to progress.
Generally, within 30 days of completion of the online assessments, you will receive an automated email stating whether your application has progressed or if on this occasion, you have not met our requirements and your application will not be progressed further.
These assessments are necessary to assist Serco with selection of candidates that best meet the requirements of a specific graduate role based on job analysis data and Serco’s experience in the relevant sector.
Reviewing the automated decision
Where automated decision making prevents you continuing with your application you may request a review of the decision in accordance with your statutory rights under the relevant data protection legislation by emailing [email protected]. We request that you do this before the specified closing date for the applications. If you could please include your name and contact details in your email to us, and any other relevant details about your application.
11 Direct Marketing
We may use your personal information to contact you if you subscribed and consented to receive Serco news and media alerts, Serco regulatory news alerts or job alerts about future employment opportunities with Serco.
You can manage your mailing preferences or tell us that you no longer wish to be receive these communications from us by:
- Using the unsubscribe option included on email correspondence;
- Logging into your online account, such as your careers account or news alert account, and changing your preferences or deleting the account; or
- Sending us an email to [email protected].
If you have any other questions or concerns, please contact our DPO using the details below.
Job Match Emails
If you are a job applicant, we would like to send you "job match" emails to inform you about other employment opportunities at Serco which we think you would be suitable for you. Job match emails are different to job alerts, which you voluntarily set up to alert you of any future opportunities which we post online.
If you do NOT want to receive job match emails, please tick the opt out box when making your job application. Every job match email will also contain an option to unsubscribe from future job match emails. We will never send you job match emails when you have informed us that you do not wish to receive them, and they will not contain any marketing or promotional material other than Serco branding.
Unless you unsubscribe earlier, we will send you job match emails for a period of 12 months from the date you last logged into the Serco careers portal, after which your details shall be deleted from our records.
12 Sharing Your Personal Information With Others
We will only disclose personal information to a third party in very limited circumstances, or where we are permitted to do so by law. The third parties to whom we provide your personal data include:
- Other organisations within the Serco Group of companies, where such disclosure is necessary to provide you with our services or to manage our business (e.g. the purposes of recruitment).
- Customers where required for specific business purposes, such as additional vetting procedures.
- Banks and payment providers to authorise and complete payments.
- Credit reference agencies and organisations working to prevent fraud in financial services.
- Serco’s third-party providers including information technology suppliers and infrastructure support services, law firms and other third party suppliers/partner organisations.
- Service providers which assist in sending drafting and sending requested news and job alerts.
- Third parties which perform the pre-employment checks, including relevant vetting services.
- Professional advisors (e.g. legal advisors, insurance organisations and auditors).
- Government, regulatory and law enforcement bodies where we are required in order:
- To comply with our legal obligations;
- To exercise our legal rights (e.g. pursue or defend a claim); and
- For the prevention, detection and investigation of crime.
Serco will only share your personal data with our contracted service providers when we have established they have adequate and sufficient data protection controls and security controls in place. We also implement contractual obligations on these third parties to ensure they can only use your data to provide services to Serco for the purposes listed above. The third parties cannot pass your details onto any other parties unless instructed to by Serco.
13 Transferring Your Personal Information Globally
We operate on a global basis. Accordingly, your personal data may be transferred and stored in countries outside the European Economic Area (EEA), including the Middle East, America and Asia-Pacific, which are subject to different standards of data protection.
We will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests. To achieve this, transfers are limited to countries which are recognised as providing an adequate level of legal protection or where we are satisfied that alternative arrangements are in place to protect your privacy rights. To this end, we will:
- Ensure transfers within Serco Group are covered by an intra-group data sharing agreement entered into by all relevant entities within Serco Group, which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection.
- When transferring personal data to third parties outside the EEA:
- Put in place binding corporate agreements, which will include the standard contractual clauses approved by the European Commission for transferring personal data outside the EEA, to ensure that your information is safeguarded; or
- Ensure that the country in which your personal data will be handled has been deemed "adequate" by the European Commission or the company is registered and compliant with a European Commission approved privacy shield scheme.
- Carefully validate any requests for information from law enforcement or regulators before disclosing the information.
We will co-operate with any regulators as required by law to ensure that we remain transparent about the way we handle your personal information.
14 Security of Your Personal Information
Serco takes precautions including administrative, technical and physical measures to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, modification, disclosure, alteration and destruction. We protect electronic data using a variety of security measures including (but not limited to):
- Password access;
- Data back-up;
- Placing confidentiality requirements on employees and service providers and providing training to ensure that your personal data is handled correctly; and
- Destroying or permanently anonymising personal information if it is no longer needed for the purposes it was collected.
15 How long do we keep your personal information?
- Serco careers portal: We will retain your information on our Serco careers portal and may send you job match emails (please refer to section 11 above) for a period of 12 months from when you last logged into the system. We may contact you via email prior to deleting or anonymising your information to ask whether you wish for us to retain these details.
- Graduate Programme: We will generally retain a candidate’s personal information on our graduate programme systems for a period of 12 months following notification of the outcome of their application, including the results of any automated decisions. If your application is successful, your information will be transferred to our other systems and retained separately.
- Unsuccessful applications: subject to the above, we will generally retain other information about an unsuccessful applicant in relation to a specific job application or interview e.g. notes of interview responses, hard copies of CVs, for a period of 6 months from the date the position was filled.
- Direct marketing and subscribed mailings: When you register to receive Serco news and media alerts, Serco regulatory news alerts or job alerts about future employment opportunities, we will retain these details until you notify us that you no longer wish to receive such communications (e.g. unsubscribing) (please refer to section 11 above).
In some circumstances we may store your personal information for longer periods of time where we are required to do so in accordance with legal or regulatory requirements or so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
16 Your Legal Rights
You have legal rights in connection with personal information. Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (commonly known as the "right to be forgotten"). This enables you to ask us to delete or remove personal information in limited circumstances, where: (i) it is no longer needed for the purposes for which it was collected; (ii) you have withdrawn your consent (where the data processing was based on consent); (iii) following a successful right to object (see Object to processing); (iv) it has been processed unlawfully; or (v) to comply with a legal obligation to which Serco is subject.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for a number of reasons, including: (i) for compliance with a legal obligation; or (ii) for the establishment, exercise or defence of legal claims.
- Object to processing of your personal information by us or on our behalf which has our legitimate interests as its legal basis for that processing, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
You can also object at any time to your personal information being processed for direct marketing, profiling or automated decision-making.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, but only where: (i) its accuracy is contested, to allow us to verify its accuracy; (ii) the processing is unlawful, but you do not want it erased; (iii) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or (iv) you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where: (i) we have your consent; (ii) to establish, exercise or defend legal claims; or (iii) to protect the rights of another natural or legal person.
- Request the transfer of your personal information. You can ask us to provide your personal information to you in a structured, commonly used, machine‑readable format, or you can ask to have it transferred directly to another data controller, but in each case only where: (i) the processing is based on your consent or on the performance of a contract with you; and (ii) the processing is carried out by automated means.
- Obtain a copy, or reference to, the personal data safeguards used for transfers outside the European Union. We may redact data transfer agreements to protect commercial terms.
- Withdraw consent to processing where the legal basis for processing is solely justified on the grounds of consent (please refer to section 11 for details about withdrawing consent to receiving news and alerts).
If you want to exercise any of these rights, please submit your requests in writing to the DPO via the contact details set out in section 17 below. Please note, to ensure security of personal information, we may ask you to verify your identity before proceeding with any such request.
We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
17 Data Protection Contacts
Data Protection Officer
11 Bartley Wood Business Park
Alternatively, please email [email protected] or call +44 (0)1256 745900.