Live MapFAQContact

Employee and Candidate Privacy Policy

Version 1.01 December 2023 (latest)

At Ember, we're committed to keeping your information private and secure. This notice sets out the personal data we collect about candidates for jobs and Ember employees and what we will do with it. This applies in addition to our Customer Privacy Policy.

Who are we?

We are Ember Core Ltd (“we”, “our”, “us”), operating under the name Ember. We're registered with the Information Commissioner's Office under number ZA575885.

You can email us at it@ember.to or write to us at Codebase Argyle House, 3 Lady Lawson Street, Edinburgh, EH3 9DR.

What information do we collect?

When someone applies to a job at Ember, they will typically submit some personal data. This includes:

  • Name and contact details (e.g. address, phone number and email address)
  • Work and educational history (usually on your CV)
  • Location and your right to work in the UK (or other geographical region)
  • Answers to application specific questions and other information provided through specific assessment tasks
  • Current and expected salary, compensation and benefits information
  • Current notice period and future availability
  • Information you submit through our website or by any other means – e.g. your email address if you subscribe to a mailing list

At later stages we may also process:

  • Identity documents, proof of address and address history
  • Details of former managers or colleagues who can act as referees
  • Other information provided or observations made during interviews
  • CCTV data if you visit one of our sites or buses outfitted with CCTV cameras

If we want to offer a position at Ember we’ll also collect and process:

  • Results of background checks from third-party providers we work with, including (where relevant) information about criminal convictions and your right to work in the UK
  • References from people we contact to learn about you
  • Records of communications – e.g. call recordings, emails and chat transcripts
  • Bank details and other payroll/tax/pension information to enable us to pay you
  • Any further data you share with us as an employee such as information relating to periods of sickness

How your information is used

The information we collect and process is currently used to:

  • Get in touch with you during the hiring process and schedule calls, meetings, or other interview tasks: Our lawful basis is to enter into a contract with you when enquiring about or making an application for a role
  • Operate our recruitment process (including via related tools for doing so): Our lawful basis is our legitimate interest in being able to coordinate the process with you
  • Consider your suitability for a role you’re applying for: Our lawful basis is contractual duty to ensure you are suitable for the role
  • Carry out background checks: Our lawful basis is contractual duty to ensure you are suitable for the role
  • Ensure you have the right to work in the UK: Our lawful basis for doing this is to comply with the law
  • Run criminal background checks (DBS checks): Our lawful basis for doing this is to comply with the law
  • Pay you, verify leave requests, submit tax information to HMRC and provide a pension: Our lawful basis for doing this is to comply with the law and a legitimate business interest in verifying we are paying the correct amount for work conducted
  • Conduct ongoing performance reviews: Our lawful basis is our legitimate interest in ensuring you are fulfilling your role in line with expectations

Who do we share data with?

As well as people working for us, we may disclose your personal data to:

  • Companies that provide services to us: This includes email, telecommunications and hosting providers like Amazon Web Services, Google Cloud, Notion, Sendgrid and Twilio. We make an effort to minimise the amount of data we share, for instance sharing anonymous IDs rather than names
  • Companies who run background and reference checks on our behalf
  • Recruitment agencies that we engage with during the recruitment process
  • Recruitment software service providers, for the purpose of processing your application, onboarding, or scheduling interviews
  • Insurance companies, in the course of checking suitability for roles or providing ongoing coverage
  • Law enforcement agencies and other third parties, where necessary to meet our legal obligations
  • Anyone you give us permission to share the data with

How long we keep your information

As a candidate, we keep most of your data for at least 6 months in case we face a legal challenge about our decision. If you are unsuccessful, we will then delete some of your information but retain other data we keep for up to 6 years. In some cases, we may keep the data for longer if it's in our legitimate interest (e.g. for fraud detection) or it's required to comply with the law.

As an employee, we keep your information whilst you continue to be employees with us and for up to 6 years following the end of your time working at Ember. In some cases, we may keep the data for longer if it's in our legitimate interest or it's required to comply with the law (e.g. for pensions it may be relevant to keep some data for longer).

Where your data is stored

In some cases, the data we collect from you may be transferred to and stored by countries or organisations outside the European Economic Area (“EEA”). In these cases, we'll make sure that the European Commission says the country or organisation has adequate data protection, or we’ve agreed to standard data protection clauses approved by the European Commission with the organisation. Contact us if you'd like a copy of the relevant data protection clauses.

Your rights

Your personal data is protected by legal rights, including your rights to:

  • Object to, or request a restriction on, our processing of your personal data (for example, you can request that we don’t use your personal data for purposes of direct marketing)
  • Request that your personal data is deleted or corrected, although in certain cases we may not be able to do it for legal reasons
  • Ask us for a copy of your personal data, inluding in a machine-readable format
  • Obtain and reuse certain personal data for your own purposes
  • Withdraw any consent that you've given us

For more information or to exercise your data protection rights, please email it@ember.to.

How to complain

If you have a question or want to complain about how we've used your personal data, email us at it@ember.to. If you're not happy, you also have a right to complain to the data protection supervisory authority in the EU country where you live or work, or where you think a breach happened. The Information Commissioner's Office (ICO) is the UK regulator.

Changes to this notice

We may up date this notice from time to time. Any changes will be posted on this page and, if appropriate, sent to you by email.

NewsCareersChargingPrivacyCookiesConditions of Carriage
Go to the Ember Facebook pageGo to the Ember Twitter pageGo to the Ember LinkedIn page