Privacy Notice
The Company is a recruitment business which provides work-finding services to its clients and work-seekers. The Company must process personal data (including special categories of personal data) so that it can provide these services – in doing so, the Company acts as a data controller.
You may give your personal details to the Company directly, such as on an application or registration form or via our website, or we may collect them from another source such as a jobs board. The Company must have a legal basis for processing your personal data. For the purposes of providing you with work-finding services and/or information relating to roles relevant to you, we will only use your personal data in accordance with this privacy statement. We will comply with current data protection laws at all times.
1. Collection and use of personal data
- Purpose of processing and legal basis
The Company will collect your personal data (which may include special categories of personal data) and will process your personal data for the purposes of providing you with work-finding services. This includes for example, contacting you about job opportunities, assessing your suitability for those opportunities, updating our databases, putting you forward for job opportunities, arranging payments to you and developing and managing our services and relationship with you and our clients.
On some occasions we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
We must have a legal basis to process your personal data. The legal bases we rely upon to offer our work-finding services to you are:
- Your consent
- Where we have a legitimate interest
- To establish, exercise or defend a legal claim or to carry out our legal obligations
- To fulfil a contractual obligation that we have with you
- To exercise our rights or carry out our employment and social security law obligations
- Legitimate interest
This is where the Company has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us. Where the Company has relied on a legitimate interest to process your personal data our legitimate interests is/are as follows:
- Managing our database and keeping work-seeker records up to date;
- Providing work-finding services to you and our clients;
- Contacting you to seek your consent where we need it;
- Giving you information about similar products or services to those that you will have used from us recently;
- For our internal administrative purposes
- To provide workers and clients with the best possible service
- To provide and make employment references
- For emergency contact (next of kin details) in case of an accident or emergency
- Statutory/contractual requirement
The Company has certain legal and contractual requirements to collect personal data (e.g. to comply with the Conduct of Employment Agencies and Employment Businesses Regulations 2003, immigration and tax legislation, and in some circumstances safeguarding requirements). Our clients may require this personal data, and we may need your data to enter into a contract with you. If you do not give us the personal data we need to collect in order to comply with our statutory and legal requirements, we may not be able to continue to provide work-finding services to you.
- Recipient/s of data
The Company will process your personal data and/or sensitive personal data with the following recipients:
- Clients (who we may introduce or supply you to) and prospective employers when providing references about you.
- Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;
- Tax, audit or other authorities when we believe in good faith that we are required to share this data by law or if it is connection to any anticipated litigation.
- Service providers (whether third parties or our group companies) who perform functions on our behalf (including external consultants, business associates and professional advisers such as solicitors, auditors and accountants, administration functions, technical support functions and IT consultants carrying out testing and development work on our business;
- If our Company merges with or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.
- Any third party in the defence of any legal claim to exercise our rights to any legal claim including debt Collection agencies to recover any monies owed.
- Your former employers who we may seek references from
- Payroll service providers who manage payroll on our behalf or other payment intermediaries who we may introduce you to
- Other recruitment agencies in the supply chain
- Auditors who are assessing the compliance and processes of the business to ensure its adherence to all relevant legislation and good practice guidance
- Master and Neutral Vendors that are involved in the work finding and auditing service
- Appropriate colleagues within our company
- Medical professionals such as your GP or occupational health provider (where required).
2. Information to be provided when data collected not from the data subject
Categories of data: The Company may collect the following personal data on you:
Personal data: [not an exhaustive list]
- Name, address, mobile no., email
- National insurance no.
- Nationality and immigration status (through right to work check)
- Age, date of birth
- Pension and benefits information
- Photograph
- Financial Information
- IP address
- Extra information that your referees choose to tell us
- Extra information that our clients may tell us about you or that we find out from other third party sources such a s job sites.
- CCTV if you attend our premises
Special categories of personal data: [not an exhaustive list]
- Health information including whether you have a disability
- Criminal conviction(s) including DBS checks
- Sex/Gender
Source of the personal data: The Company sourced your personal data/special categories of personal data: [not an exhaustive list]
- From jobs boards, LinkedIn, Indeed, Facebook and other social media platforms
- A former employer
- A referee whose details you previously provided to us
- Software providers who we use to support our services including
- Pension providers and benefits agencies
- Cookies
- Specify any other means by which you obtained the individual’s data
3. Overseas Transfers
The Company will not transfer the information you provide to us to countries outside the UK and/or the European Economic Area (‘EEA’) for the purposes of providing you with work-finding services. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
4. Data retention
The Company will retain your personal data only for as long as is necessary for the purpose we collect it. Different laws may also require us to keep different data for different periods of time. For example, the Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services. We are required to keep your records relating to the right to work in the UK 2 years after employment or the engagement has ended and working time records including your 48 hour opt out notice annual leave/holiday records 2 years from the time they were created.
Additionally, we must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation. This is currently 3 to 6 years.
Where the Company has obtained your consent to process your personal and special categories of personal data, we will do so in line with our retention policy. Upon expiry of that period the Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal data and sensitive personal data.
If you are a Client or a Supplier we will retain your personal data in order to provide you with services or to receive services from you, or to provide you with information about our services that we believe you may be interested in. If you have expressly indicated that you’re not interested in our services, then we will delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation).
As with clients and Suppliers, if you have expressly indicated as a prospective candidate or a candidate that you would rather we didn’t retain your personal data, we will delete it from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our legislative obligations, to tax authorities or in connection with any anticipated litigation.
For those candidates whose services are provided via a third party company or other entity, “meaningful contact” with you means meaningful contact with the Company or entity which supplies your services. Where we are notified by such company or entity that it no longer has that relationship with you, we will retain your data for no longer than two years from that point or, if later, for the period of two years from the point we subsequently have meaningful contact directly with you.
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services.
If you are a prospective candidate, we will consider there to be meaningful contact with you when we first contact you in relation to our services. If you are a candidate we will consider there to be meaningful contact with you if you submit your updated CV to us or take part in registration with us. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication.
If we employ or engage you as a Temporary Worker directly, we will ordinarily process your data throughout the course of your relationship with us and will then retain it for a period after we have parted ways. The precise length of time will depend on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain it for certain minimum periods. For example, we may be required to retain certain data for the purposes of tax reporting or responding to tax queries. We may also retain it if it might be relevant to any potential litigation. We will generally retain personal data relating to you where necessary to enable us to provide you or a future employer with a reference.
In determining the appropriate retention period for different types of personal data, we always consider the amount, nature, and sensitivity of the personal data in question, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition of course to ensuring that we comply with our legal, regulatory and risk-management obligations, as described above). For the avoidance of doubt, if you are a Temporary Worker, we will also continue to process your personal data as a Candidate through the duration of your relationship with us and thereafter.
If you are a website user we will retain your IP address and any other information that is necessary to operate the website or our mobile apps for 1 year. Otherwise, we will retain any other data for as long as it is necessary to achieve the purpose it was collected or processed for.
5. Your rights
Please be aware that you have the following data protection rights:
- The right to be informed about the personal data the Company processes on you;
- The right of access to the personal data the Company processes on you;
- The right to rectification of your personal data;
- The right to erasure of your personal data in certain circumstances;
- The right to restrict processing of your personal data;
- The right to data portability in certain circumstances;
- The right to object to the processing of your personal data that was based on a public or legitimate interest;
- The right not to be subjected to automated decision making and profiling; and
- The right to withdraw consent at any time.
Where you have consented to the Company processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by contacting the Managing Director on 01709 870170. Please note that if you withdraw your consent to further processing that does not affect any processing done prior to the withdrawal of that consent, or which is done according to another legal basis.
There may be circumstances where the Company will still need to process your data for legal or official reasons. Where this is the case, we will tell you and we will restrict the data to only what is necessary for those specific reasons.
If you believe that any of your data that the Company processes is incorrect or incomplete, please contact us using the details above and we will take reasonable steps to check its accuracy and correct it where necessary.
You can also contact us using the above details if you want us to restrict the type or amount of data we process for you, access your personal data or exercise any of the other rights listed above.
6. Automated decision-making
We do not use automated decision-making.
7. Cookies
We may use Cookies in order to track website usage. These cookies do not collect personal information, but records the time of visit, date, referring page and the IP address. This information is used by us to create a better user experience.
A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.
Cookies are used by nearly all websites and do not harm your system. If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings.
We use cookies to do two things:
to track your use of our website. This enables us to understand how you use the site and track any patterns that emerge individually or from larger groups. This helps us to develop and improve our website and services in response to what our visitors want and need; and
to help us advertise jobs to you that we think you’ll be interested in. Hopefully this means less time for you trawling through endless pages and will get you into the employment you want more quickly.
Cookies are either:
Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page but they do not collect any information from your computer; or
Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. We may use persistent cookies for Google Analytics and for personalisation (see below).
Cookies can also be categorised as follows:
Strictly required cookies: These cookies are essential to enable you to use the website effectively, such as when applying for a job, and therefore cannot be turned off. Without these cookies, the services available to you on our website may not be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
Functionality cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular. Furthermore these cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced features. For instance, we may be able to provide you with news or updates relevant to the services you use. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customise. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymised.
8. Login Files
We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
9. Links to external websites
The Company’s website may contain links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. When you leave our site we encourage you to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website.
10. Sale of business
If the Company’s business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business. Where the sale of the business results in the transfer of your details to a different data controller we will notify you of this.
11. Data Security
The Company takes every precaution to protect users’ information.
In addition the Company ensures that adequate security measures are in place to limit the risk of personal data breaches. For example:
- Staff lock their computer screens when they are not in use.
- All devices, whether company or personal devices (including but not limited to computers, mobile phones, other hand-held devices) containing personal data relating to the services of the Company shall be encrypted and password protected.
- Staff do not disclose their passwords to anyone.
- Email is used with care. We ensure that emails are sent only to the intended recipient/s. Where Company staff send an email in error then the email is recalled immediately.
- Personnel files (whether for internal staff or work-seekers) and other personal data is stored securely to prevent unauthorised access. They should are removed from their usual place of storage without good reason.
- Personnel files (whether for internal staff or work-seekers) are always be locked away when not in use and when in use are not left unattended.
- Processing includes the destruction or disposal of personal data. Therefore, the Company takes care to destroy or dispose of personal data safely and securely. Such material is shredded or stored as confidential waste awaiting safe destruction.
- Firewalls, browser certification technology and encryption.
- Only employees who need the information to perform a specific job (for example, consultants, our accounts clerk or a marketing assistant) are granted access to your information.
- The Company uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of email/ the Internet is not entirely secure and for this reason the Company cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/the Internet.
- If you share a device with others, we recommend that you do not select the “remember my details” function when that option is offered.
- If you have any questions about the security at our website, you can email Billy Baker on billy@temploy-connection.co.uk.
12. Changes to this privacy statement
We will update this privacy statement from time to time. If we make any material changes, they will be available on our website or alternatively you can request a copy of our privacy statement at any time by email or by calling our office.
13. Complaints or queries
If you wish to complain about this privacy notice or any of the procedures set out in it please contact the Managing Director at enquiries@temploy-connection.co.uk or by calling us on 01709 870 170.
You also have the right to raise concerns with the Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/make-a-complaint/, or any other relevant authority should your personal data be processed outside of the UK and you believe that your data protection rights have not been adhered to.
Annex A
- The lawfulness of processing conditions for personal data are:
- Consent:the individual has given clear consent for you to process their personal data for a specific purpose.
- Contract: the processing is necessary for the performance of a contract with the data subject or in order to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for compliance with a legal obligation to which the data controller/data processor is subject to.
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for the legitimate interests pursued by the data controller or a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
- The lawfulness of processing conditions for special categories of personal data are:
- The data subject has given explicit consent to the processing of the special categories of personal data for one or more specified purposes, except where the data subject is not permitted or able to give consent.
- Processing is necessary for carrying out obligations and exercising specific rights of the data controller or of the data subject under employment, social security or social protection law, in so far as it is authorised by UK law or a collective agreement, provided for appropriate safeguards for the fundamental rights and interests of the data subject.
- Processing is necessary to protect the vital interests of the data subject or another person where the data subject is physically or legally incapable of giving consent.
- Processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subject(s).
- Processing relates to personal data which manifestly made public by the data subject.
- Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
- Processing is necessary for reasons of substantial public interest on the basis of UK law which is proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject domestic law.
- Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of UK law or a contract with a health professional and subject to relevant conditions and safeguards.
- Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices on the basis of UK law.
- Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject.