The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC) The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Your new rights under the GDPR are set out in this notice, and were last updated on 10th May 2018.
The Information we collect
To carry out our core recruitment activities, we collect information about you which may include: your name, address and post code; private and corporate e-mail address and phone number; financial information and compliance documentation; references verifying your qualifications and experience and your right to work in the United Kingdom; curriculum vitae and photograph; employment details and preferences; links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, Facebook for Business or corporate website.
How we collect this information
The information we collect about you will be provided by you, either by filling out a form on our website [company website] or by corresponding with us by phone, e-mail or otherwise. It will also include information you provide when you register to use our website, subscribe to our services, attend our events, participate in discussion boards or other social media functions on our website, enter a competition, promotion or survey, and when you report a problem with our site.
We may also obtain information about you from other sources such as LinkedIn, corporate websites, job board websites, online CV libraries, your business card, personal recommendations, and any relevant social media sites. In this case – and within 30 days of collecting – we will inform you that we hold this personal data, the source the data originated from, whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.
Our legal basis for processing data
Our legal basis for the processing of personal data is recruitment.
Where we store your personal data
All information stored on our recruitment software is secured through the Microsoft Azure Infrastructure and located at two data centres locations within Europe. Our primary centre is located in Microsoft’s Western European centre, and these facilities are secured by a series of measures, including (but not limited to) biometric access, security alarm systems and round-the-clock security staff. Additional security information on Microsoft’s data centres can be found here.
How long we keep your data for
We retain different types of data for differing periods of time. The criteria we use to determine whether we should retain your personal data and how long for includes:
We may archive part or all of your personal data, or retain it on our financial systems but delete all or part of it from our recruitment software system. On removal, we may anonymise parts of your data – particularly following a request for suppression or deletion of your data – to ensure we do not re-enter your personal data to our database, unless you have requested us to do so.
Our current retention period for data on candidates who have not been placed, or are no longer showing any signs of engagement with our website, is 4 years.
The GDPR provides you with the following rights.:
Therefore, we encourage you to log in to your profile through our website to ensure your data is accurate, complete and up to date at all times.
Changes to our privacy notice
Any changes we make to our privacy notice in future will be posted on this page and, where appropriate, you will be notified by e-mail. Please check back frequently to view any updates or changes to our privacy notice or for any further information please email firstname.lastname@example.org