Privacy Notice
Company Name:
|
Carmichael Site Services Limited t/a CarmichaelUK
Co Reg No: 03335763
the “Company”
|
Company Contact details:
|
The Commercial Director
CarmichaelUK
GDPR Compliance
34 Upper High Street
Thame
Oxfordshire
OX9 2DN
|
Document PD064
|
Privacy Notice (when personal data is obtained directly from the data subject)
|
Topic:
|
Data Protection
|
Date:
|
18/5/18
|
Version:
|
2
|
The Company is a recruitment business (for supply of temporary labour) and a recruitment agency (for introduction of permanent labour) which provides work-finding services to its clients and work-seekers. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.
You may give your personal details to the Company directly, such as on an application or registration form or via our website, or we may collect them from another source such as a jobs board. The Company must have a legal basis for processing your personal data. For the purposes of providing you with work-finding services and/or information relating to roles relevant to you we will only use your personal data in accordance with the terms of the following statement. This statement also provides you with certain information that must be provided by the Company under the General Data Protection Regulation (GDPR).
1. Data Protection Principles
We will comply with data protection laws and principles, which means that your personal data will be:
-
Used lawfully, fairly and in a transparent way.
-
Collected only for valid purposes that are clearly explained to you in this statement and not used in any way that is incompatible with those purposes.
-
Relevant to the purposes we have told you about and limited only to those purposes.
-
Accurate and kept up to date.
-
Kept only as long as necessary for the purposes we have told you about.
-
Kept securely.
2. Collection and Use of Personal Data
a. Purpose of processing and legal basis
The Company will collect your personal data (which may include ”special categories” of more sensitive personal data – see below) and will process your personal data for the purposes of providing you with work-finding services. In particular, the Company will use the personal information we collect about you to:
- Assess your skills, qualifications and suitability for available contracts.
- Communicate with you regarding available placements.
- Keep records relating to placements and feedback.
- Make payments to you, if applicable, deducting tax and national insurance contributions.
- Administer the contract we have entered into with you.
- Deal with any legal disputes involving you, including incidents whilst on placement.
- Comply with our legal, regulatory or contractual obligations.
- To prevent fraud
The Company will be entitled to collect, hold and process this personal data in accordance with one or more of the following lawful grounds:
-
Your Consent has been given.
-
In order for the Company to comply with a Legal or other regulatory obligations.
-
To comply with and perform any Contractual obligations the Company has to you and/or in order to be able to take steps at your request to enter into a contract with the Company.
-
To protect the Company’s legitimate interests including to ensure compliance with the requirement of any trade bodies we are associated with and the provision of data to training providers (e.g. the construction industry training board). The Company is also entitled to hold and process personal data if it becomes aware of a claim or potential claim relating to any particular placement taken up by you or injury suffered by you.
b. “Special Categories” of Sensitive Personal Data
This is data which relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information relating to your physical or mental health, sex life or sexual orientation, genetic and biometric data that uniquely identifies you as an individual.
This information requires a higher level of protection and we need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguard which we are required by law to maintain when processing such data. We may process “special Categories” of sensitive personal data in the following circumstances:
- In limited circumstances, with your explicit consent. The Company would approach you for your written consent providing you at that time with full details of the information we would like and the reason we need it so that you can carefully consider whether you wish to consent.
- Where we need to carry out our legal obligations or exercise rights in connection with your contract with the Company.
- Where it is needed in the public interest, such as for equal opportunities monitoring.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
The Company will use such particularly sensitive personal information in the following ways:
-
We will use information about your physical or mental health, or disability status, to ensure your health and safety, if any reasonable adjustments are required and to assess your fitness for particular placements;
-
We will use information about your race or nationality or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting
c. Criminal Convictions
We will only use information relating to criminal convictions where the law allows us to do so. This is usually where such processing is necessary to carry out our obligations, and which will be done so in line with the Company’s Data Protection Policy.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We will only collect information about criminal convictions if it is appropriate given the nature of any placement and where we are legally able to do so. We will use information about criminal convictions and offences in the following ways:
-
Where our contracts with our clients dictate that such disclosure must be made as part of the Company’s standard processes;
-
Where you are introduced to our clients as part of a formal government led prisoner resettlement programme;
-
Where aggregated responses of candidates criminal activity is required as part of the submission process for tenders.
We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
d. Personal Information We May Collect From You
-
In order to provide the best possible employment opportunities that are tailored to you, we need to process certain information about you. We only ask for details that will genuinely help us to help you, such as your name, age, contact details, education details, employment history, emergency contacts, immigration status, financial information (where we need to carry out financial background checks), and national insurance number (and of course you may choose to share other relevant information with us).
-
Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health including any medical condition, health and sickness records, diversity information or details of any criminal convictions.
-
In order to provide you with suitable employment opportunities safely and securely and to provide for every eventuality for you and our team we need some basic background information for Emergency Contacts and Referees. We only ask for very basic contact details, so that we can get in touch with them either for a reference or because they been listed as an emergency contact for you.
-
When you interact with us via our website we collect a limited amount of data from you which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is most popular.
e. How We Collect Your Personal Data
We collect personal data about you from the following sources:
-
You, the candidate;
-
From third parties (such as Job Boards, Social Media) and other candidates under the Company’s candidate referral scheme (including the following data: name, email address, contact numbers, availability dates).
-
If relevant, the Disclosure and Barring Service in respect of criminal convictions
-
Your named referees, from whom we collect categories of data which may include (subject to responses) Name, Position/s Held, Dates of Employment, Your name, Employer Ratings of Attendance, Technical Knowledge, Quality of Work, Computer Literacy, Communication Skills, Relationship with Colleagues, Flexibility, Timekeeping, Willingness to Re-employ.
To the extent that you access our website or read or click on an email from us, we may also collect certain data automatically or through you providing it to us.
We collect your data automatically via cookies when you visit our website, in line with cookie settings in your browser.
f. Recipient/s of Data
The Company may share your personal data and/or, where appropriate, “special categories” of personal data with the following recipients:
-
Providers of the Company’s core operating applications/systems (CRM, Payroll, Compliance)
-
Providers of services to maintain and secure the Company’s IT infrastructure
-
Providers of services where it is necessary to meet the Company’s obligations under our contract with you
-
Clients where you have consented to your details being shared with them in advance of them being sent, to fulfil our obligations under our contract with you
-
Providers of services where you have consented to them holding your data via your relationship with the Company (e.g. by registering to receive discounted products under the Company’s discounted supplier scheme)
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies on data protection. We do not allow our third party service providers to use your personal information for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
g. If You Fail to Provide Personal Information
If you fail to provide personal information when requested then the Company may not be able to do the following:
- The Company may be unable to fulfil its obligations under our contract with you (such as paying you or providing a benefit)
- The Company may not be able to fulfil statutory and legal obligations which fall due as a result of our contract with you (such as to ensure your health and safety)
- The Company may not be able to fulfil obligations under other statutory and legislative duties.
h. Change of Purpose
We will only use your personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent in compliance with the above rules, where this is required or permitted by law.
3. Automated Decision-Making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making. However, the Company will use your selected Preferences that you have identified in the database to match your suitability to our Client requirements in order to fulfil our contract with you to find work. These details may include the following depending on your responses: Preferred location for work, Salary requirements, Start date, Preferred Job Role, Preferred Company/ies that you would like to work for.
4. Overseas Transfers
The Company may transfer only the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you with work-finding services. Before we do so we will always take steps to ensure adequate protections are in place to ensure the security of your information, and that treatment of that information by third parties is in a way that is consistent with and which respects the EU and UK laws on data protection. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
If you require further information about the protective measures we have put in place to ensure the protection of your personal information please contact:
The Commercial Director
CarmichaelUK
GDPR Compliance
34 Upper High Street
Thame
Oxfordshire
OX9 2DN
5. Data Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and are subject to a duty of confidentiality.
We have put into place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of any suspected breach where we are legally obliged to do so.
6. Data Retention
The Company will retain your personal data only for as long as is necessary to fulfil the purposes we have collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In particular different laws require us to keep different data for different periods of time. Electronic records will be deleted as appropriate and the Company has facilities for the secure disposal of documentation relating to candidates and clients.
In line with the Conduct of Employment Agencies and Employment Businesses Regulations 2003, and other contractual or legislative requirements the Company will store candidate data (both personal and sensitive personal data) for:
-
At least 1 (one) year after creation where specific action has been taken to provide work finding services under our contract with you; and
-
At least 1 (one) year after the date on which services are provided to a client with whom your data has been shared as a result of providing work finding services under our contract with you
We may, however, need to hold both your personal and, where appropriate, “special categories” of sensitive personal data for longer, in some cases significantly longer. This may be because:
-
We are contractually required to do so under contractual obligations with our clients
-
As a result of legislative or regulatory requirements, which may require us to retain your personal data for up to seven years
-
Retention of the information is necessary because of the risk of a negligence or breach of contract claim and which may require us to retain your information until any such claim has either been resolved or has become time barred and can no longer be pursued.
Where such records could be relevant to a claim for personal injury the Company will retain data for a minimum of 21 (twenty one) years from the expiry of our client contract.
Where the Company has obtained your consent to process your personal and/or sensitive personal data, you have the right to withdraw it. Details of how you can do this are given further below at section 8.
We will regularly keep any consent given under review in line with our retention policy (details of which are included at Appendix A to this document). Where the Company considers it appropriate or necessary it will contact you to seek your continued consent to use your personal data.
Where consent is not granted the Company will cease to process your personal and/or sensitive personal data unless a contractual or legislative obligation remains requiring us to do so.
7. Rights of Access, Correction, Erasure, and Restriction
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Under certain circumstances, by law you have the right to:
-
Request access to your personal information (Commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
-
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
-
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
-
Objecting to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
-
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
-
Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the below in writing:
The Commercial Director
CarmichaelUK
GDPR Compliance
34 Upper High Street
Thame
Oxfordshire
OX9 2DN
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
8. Right to Withdraw Consent
Where you have consented to the Company processing your personal and/or special categories of personal data you have the right to withdraw that consent at any time by contacting:
The Commercial Director
CarmichaelUK
GDPR Compliance
34 Upper High Street
Thame
Oxfordshire
OX9 2DN
9. Complaints or Queries
If you wish to complain about this privacy notice or any of the procedures set out in it please contact:
The Commercial Director
CarmichaelUK
GDPR Complaints
34 Upper High Street
THAME
Oxfordshire
OX9 2DN
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at
https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
10. Changes to this Privacy Notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial changes. We will also notify you in other ways from time to time about the processing of your personal information.
Appendix A
Records Retention
Our records management procedure is designed to ensure that each record is managed through its life cycle from creation or receipt through maintenance and use to disposal or deletion. We focus on:
-
Creating appropriate records and maintaining these on our system.
-
Updating the information provided to us accurately.
-
Reviewing the information held on a regular basis.
-
Ensuring records are located correctly to enable ease of access and retrieval.
-
Version control.
-
Controlling the timescale and method for destruction of information.
-
Managing information security to ensure personal, sensitive and confidential data is safe and secure from malicious access.
-
Keeping records only for as long as is necessary depending on the amount, nature and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of information, the purposes for which we hold that information and whether we can achieve those purposes through other means, as well as applicable legal requirements.
We define records as being documents, photographic images, computer files, paper based files, email, diary records, faxes, reports and internet/intranet pages. All records pertaining to our clients, candidates and service are created and stored on our secure cloud based CRM system. This includes email communication, records of telephone conversations, scanned documents and information about candidates, clients, vacancies and search assignments, CV submissions, longlists, shortlists, placements and client/candidate feedback and diaries.
We retain a full inventory of records and communication relating to candidates, search assignments and clients on our system and such records can be viewed, updated, shared and deleted as appropriate by authorised personnel. Each member of our staff has their own individual login to the system and every action is time and date stamped together with the identity of the employee making the change or undertaking the action, giving a full audit trail which can be searched by client, candidate, search assignment or CarmichaelUK employee.
Records can be received in hard copy or electronically and will be scanned and uploaded or saved against the relevant candidate, client or vacancy.
As part of induction, all staff are trained to use our systems and how to create, capture and input relevant information for the records that they have responsibility for to enable client, candidate, assignment and business information to be held in a consistent format and searched easily. They are also trained on how to dispose of paper records (using the confidential shredding facility) and delete electronic records.
Disposal of Records
Electronic records will be deleted as appropriate and CarmichaelUK has facilities for the secure disposal of documentation relating to candidates, employees and clients.
Where to find GDPR info/help:
https://www.jobsatteam.com/g-d-p-r
https://www.rec.uk.com/news-and-policy/policy-and-campaigns/GDPR
https://www.complygdpr.com/