Candidate data protection statement
This data protection notice sets out the basis on which Revenue will process your personal data in the recruitment process.
Legal basis for processing data
Revenue will carry out all procedures necessary to undertake the recruitment, assessment and selection of suitable candidates for appointment to Revenue. These are in accordance with the Public Services Management (Recruitment and Appointments) Act 2004.
Purposes of processing and categories of data
Your personal data will be used for all stages of the recruitment process. The data is collected by different means throughout the recruitment process such as application form, on-line registration. The information contained on the form will be used:
- to assess eligibility for a specific competition
- to assess suitability for the role
- to determine preferences in relation to the location (if applicable)
- to determine whether the candidate meets the set shortlisting criteria (if applicable)
- to aid the selection board in the assessment or interview situation (should the candidate be called to this stage).
When you begin the recruitment process, Revenue will create a personnel record in your name. This record contains information from your application form, such as contact details, qualifications, ID documents and career history.
Special categories of personal data
Certain special categories of personal data may be processed in the recruitment process. This is to allow us to fulfil our statutory obligations under the Employment Equality Acts 1998-2015 and the Disability Act 2005.
Disclosure of your personal data
We will share your personal data with third parties in the following circumstances:
- where we are obliged to do so to comply with a legal or regulatory obligation
- where the personal data on your application form is being reviewed by selection board members as part of the recruitment process
- where a third-party processor acting on Revenue’s behalf is employed to carry out psychometric tests and surveys as part of the recruitment process.
Any transfers to third countries and the safeguards in place
Under the General Data Protection Regulation (GDPR) your personal data can only be transferred to a third country in certain circumstances. A third country means a country outside of the European Economic Area (EEA). The EEA is made up of 28 EU Member States as well as Norway, Iceland and Liechtenstein. Examples of how personal data can be transferred are:
- if the European Commission considers the third country to have an adequate level of data protection (adequacy decision)
- if the transfer of personal data is required or authorised by law.
As part of Revenue’s record retention policy, details of unsuccessful candidates will be held for 18 months from the establishment of the applicable panel. The details of successful candidates, not assigned, will be held for one year after the panel has expired. Details of candidates who have been assigned will be held for the length of their employment plus seven years.
You can find further information on your rights under the General Data Protection Regulation on the Revenue website.
These rights include the right to make a request to Revenue to access the personal data held about you. Requests for access to your personal data should be made in writing to the Data Protection Unit, Ground Floor, Cross Block, Dublin Castle, Dublin 2 or by email to firstname.lastname@example.org. No fee applies to data access requests.
Next: Assignment data protection statement