1. Momenta is the “data controller” for contractors and potential contractors who contract through third parties in order to provide services for Momenta’s clients. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
2. We are telling you this because this tells you who is responsible for deciding how we hold and use personal information about you.
Purpose of this document
3. You are being offered a copy of this privacy notice because you are either:
- expressing an interest in a particular role; and/or
- applying to register with us so that you receive notifications of roles you might be interested in;
- on assignment and our software systems are being used to manage your placement and/or process timesheets and payments to you;
- in the process of completing an assignment or otherwise off-boarding from a project.
4. It makes you aware of how and why your personal data will be used, namely for the purposes of the onboarding exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR) and the Data Protection Act 2018.
5. Please read this privacy notice before submitting any application.
Data protection principles
6. We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
The kind of information that we hold on you
7. In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:
- The information you have provided to us in your curriculum vitae.
- The information you have provided on our application form, including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications.
- Any information you provide to us during an interview.
8. We may also collect, store and use the following “special categories” of more sensitive personal information:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
- Information about your health, including any medical condition, health and sickness records.
- Information about criminal convictions and offences.
How is your personal information collected?
9. We collect personal information about candidates from the following sources:
- You, the candidate.
- Recruitment agency, from which we collect categories of data that commonly appear on CVs.
- Disclosure and Barring Service in respect of criminal convictions.
- Experian in respect of financial probity searches.
- Your named referees.
- Data from third parties is from a publicly accessible source such as Linkedin
How we will use information about you
Website usage data
10. We explain this in our master privacy notice, a copy of which is available by clicking on this link.
11. At this stage, you will be asked to input your email address only. This allows our software systems to create an account. You can later delete your account on your private Home Screen, subject to some minor limitations where the vetting and assessment process have been completed. This is described in more detail below.
12. You can edit any information on your CV prior to uploading it. Once your application has been sent, you cannot alter your specific application using our software systems. You do have certain rights to see and correct data, which are explained in more detail below.
13. We will use the personal information we collect about you to:
- Assess your skills, qualifications, and suitability for roles or role.
- Carry out background and reference checks, where applicable.
- Communicate with our client regarding your availability and suitability for the role that they have registered with us.
- Communicate with you about the resourcing or onboarding process.
- Communicate the outcome of any application.
- Keep records related to our processes.
- Comply with legal or regulatory requirements.
- Share data with any umbrella company or private company that you choose to work through.
- Share information about other roles that you might be interested in.
- Assist in the prevention and detection of crime or fraud. This may involve breaches of our internal policies concerning a prohibition on re-registering in the following circumstances.
- Re-registering under a different name for the same or another role. This risks misleading or otherwise making a false statement regarding the candidate’s identity which could encourage, facilitate or otherwise result in fraud or potential fraud.
- Re-registering (whether under a different name or with the same name) to amend their details in order to either improve their chances of succeeding in a role on a second occasion, which risks making a false assertion/representation as to a candidate’s abilities and otherwise falsely misrepresenting their true identity which could encourage, facilitate or otherwise result in fraud or potential fraud.
- A failure to implement and police such a policy could result in unsuitable candidates entering finance roles for which they are not qualified or suited and/or persons with criminal records being put on placement in a finance role which could put customers at risk. Momenta sees to justify its policy on additional grounds to include a right of freedom of information and compliance with a task in the public interest.
- Momenta accepts however that there may be rare circumstances under which re-registration may be appropriate; and will review each circumstance as it arises.
14. Typically the information you volunteer to provide to us includes: full name, date of birth, gender, marital status, national insurance number, email address, passport, telephone number, qualifications, education and employment history and other CV data.
15. It is in our legitimate interests to review your suitability for the role at this stage using this data. You will wish to know whether or not you are potentially suited to the role as soon as possible and neither party should have an interest in putting you forward for a role that you are not otherwise qualified or suited to.
16. At the time of submitting your application, it will be assumed that you wish to hear about other roles that may be of interest. You can de-select this option using the privacy controls set out on your personal home screen.
17. The security of our system is very important to us. We have taken a number of important measures to ensure that your personal data is kept secure. However, please note that no data transmission over the internet is 100% secure.
Personal home screen
18. If you have applied for a specific role or if you have registered so that you can be alerted to roles, a personal home screen will be set up for you. This personal home screen has privacy controls.
Vetting and assessment stage
19. Having received your CV, we will then process that information to decide whether you meet the basic requirements to be put forward for the role through your preferred choice of umbrella company or private company or (where agreed) under a fixed-term employee arrangement.
20. If you do meet these basic requirements, we may then commence a vetting process which involves a criminal records bureau check. This is performed by Momenta through a third party.
21. We have a legitimate interest in implementing such a check. The sectors that Momenta works in are regulated. Being able to confirm that you have passed vetting checks is either essential to your being put forward for a role; or a key selling point with a client.
22. Furthermore, where your placement involves working in the finance or legal sectors, you may have access to sensitive customer/client data to include identity data and bank account details. Processing the outcome of vetting data:
- is necessary for the prevention or detection of an unlawful act (or risk of an unlawful act occurring) to include fraud. This may involve breaches of our internal policies concerning a prohibition on re-registering in the following circumstances.
- Re-registering (whether under a different name or with the same name) in order to attempt to successfully complete an assessment they recently failed before a 6 month period has expired. This risks misleading or otherwise making a false statement regarding the candidate’s identity and/or making a false or misleading assertion/representation as to a candidate’s abilities, which could encourage, facilitate or otherwise result in fraud or potential fraud.
- Re-registering (whether under a different name or with the same name) in order avoid a negative finding with regard to whether the candidate passed a vetting process. This risks a second application being made without the ability to detect the original difficulty with the vetting process. This risks undermining the purpose of the vetting process which could encourage, facilitate or otherwise result in fraud or potential fraud.
- is necessary for reasons of substantial public interest, noting that you may have access to customer/client matters, associated identity data and banking information; and where a criminal record may indicate a risk to the safe management of such data;
- is necessary for carrying out a protective function, to include protecting the public against: (a) actual or potential dishonesty, malpractice or seriously improper conduct; (b) unfitness or incompetence; ( mismanagement in the administration of a body or association; or (d) failures in services provided by a body or association; and/or
- is necessary to aid a client or other organisation to comply with a regulatory requirement or obligation which involves establishing whether a person has committed an unlawful act or dishonesty malpractice or other seriously improper conduct.
23. Momenta may also process additional vetting data which may include personal data:
- concerning your character, obtained through reference checks;
- constituting verification of the information provided in your CV/application;
- obtained from third party references;
- arising from checks regarding your educational and work history.
24. We need to be able to say that we have made appropriate checks on qualifications, education and experience. We therefore believe that we have a legitimate interest in processing your vetting data and that this is in your interest too.
Right to work data
25. We will need to collect and store passport details and visa details in order to satisfy Right to Work regulatory requirements.
26. For many roles, we will also ask you to complete an assessment process. This is necessary in order to assess your aptitude for the role and to offer a form of quality assurance to Momenta’s clients. We have a legitimate business interest in performing these assessments which are in your interests too in order to be put forward for a role through your preferred choice of umbrella company or private company or (where agreed) under a fixed-term employee arrangement.
Retention of vetting and assessment data
27. We operate an absolute prohibition on re-registering under a different name for the same or another role unless exceptional circumstances apply. This is to:
- prevent circumstances which could encourage, facilitate or otherwise result in fraud or potential fraud as outlined in paragraph 13 above;
- prevent any breach of any right to work legislation or other relevant regulations.
28. We therefore reserve the right to retain limited identification data and minimal data concerning the outcome of the vetting / assessment process for a period of 6 years. Upon receiving a right of erasure request which encompasses such data:
- Momenta reserves the right to refuse the request to the extent that it requires deletion of identity data and: (a) data revealing the fact of re-registration; or (b) any other data suggesting that an attempt has been made to do any of the acts identified in clauses 13 and 22 above.
- Momenta will however restrict the use of such data in order to:
- avoid obstructing an official or legal enquiry, investigation or procedure;
- avoid prejudicing the prevention, detection investigation or prosecution of criminal offences or the execution of criminal penalties;
- protect the rights or freedoms of others.
29. You will need to work through an umbrella company or a private company or (where agreed) under a fixed-term employee arrangement. In order to effect payments, details for payment (to include bank account details) will need to be entered in the personal home page screen. Such data may be shared with any umbrella company or a private company that you choose to work with.
Data processed during your placement
30. Personal data may be processed during your placement. This may include:
- identity data associated with submission of timesheets;
- sensitive personal data volunteered by yourself or notified to us by our client, where for example you have a health condition affecting your placement;
- performance data notified to us by our client;
- personal data associated with any request to offboard you from the project.
31. In the case of contractors, relevant personal data associated with any offboarding will be shared with your umbrella company or a private company.
If you fail to provide personal information associated with the above processes
32. If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process any application successfully; or manage your placement properly.
How we use particularly sensitive personal information
33. We will use your particularly sensitive personal information in the following ways:
- We will use information about your disability status to consider whether we need to provide appropriate adjustments during the resourcing process, for example whether adjustments need to be made during a test or interview.
- We may use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
34. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Why might you share my personal information with third parties?
35. We will only share your personal information with the following third parties for the purposes of processing your application:
- Employment agencies, umbrella companies and private companies through which you contract for the purpose of explaining outcomes and/or progressing your application.
- Other group companies if we think that you may wish to know or progress opportunities with them. Momenta’s group of companies include:
- Momenta Customer Services Limited
- Momenta Interim Management Limited
- Momenta Operations Limited
- Momenta Interim Solutions Limited
- Momenta Holdings (PPI) Limited
- Momenta Performance Academy Limited
- Momenta Group Limited
- Momenta People Limited
36. If you are applying for any other role requiring vetting, your personal data may be shared with our client and/or vetting organisations to include CIFAS. This will be necessary in order to progress your application and enter into any contractual arrangement with you.
37. On some occasions, your data may be shared with lawyers and banking institutions.
38. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
39. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer.
40. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you retain my data for?
In the event that you wish to delete your registration
41. We will delete your data within one month of your request, subject to the caveats outlined above.
In the event that you choose to remain registered with us
42. We will periodically review the deletion of your account if it appears that you are no longer expressing an interest in our communications or notices of roles that might be of interest.
Once put on a placement
43. We will retain your personal information for a period of 6 years from the date of your last placement. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have fulfilled our contractual responsibilities and have not breached any regulations whilst managing your placement, discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.
44. If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately.
Your rights in connection with personal information
45. Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
46. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer in writing.
Right to withdraw consent
47. You have the right to withdraw your consent for processing if and where your consent to processing your personal data has been sought. You can do this at any time. To withdraw your consent, please contact our Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our retention policy, we will dispose of your personal data securely.
Data protection officer
48. We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Please contact our DPO if you have any questions or queries.
|Name or title of DPO:||Ben Mabelson|
|Postal address:||Tower 42, 25 Old Broad Street, London, EC2N 1HQ|
|Telephone number:||020 374 6600|
Changes to policy
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information