Background: Recruit UK Limited understands that your privacy is important to you and that you careabout how your personal data is used. We respect and value the privacy of all our customers and willonly collect and use personal data in ways that are described here, and in a way, that is consistentwith our obligations and your rights under the law.
1. What Does This Notice Cover?
This Privacy Information explains how we use your personal data: How it is collected, how it is held,and how it is processed. It also explains your rights under the law relating to your personal data.
2. What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the“GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectlyidentified in particular by reference to an identifier’.Personal data is, in simpler terms, any information about you that enables you to be identified.Personal data covers obvious information such as your name and contact details, but it also coversless obvious information such as identification numbers, electronic location data, and other onlineidentifiers.
3. What Are My Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
a) The right to be informed about our collection and use of your personal data. This Privacy Noticeshould tell you everything you need to know, but you can always contact us to find out more or to askany questions.
b) The right to access the personal data we hold about you.
c) The right to have your personal data rectified if any of your personal data held by us is inaccurateor incomplete.
d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of yourpersonal data that we have.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to us using your personal data for a particular purpose or purposes.
g) The right to data portability: This means that if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means. You can ask us for a copy of that personal data to re-use with another service or business in many cases.
h) Rights relating to automated decision-making and profiling: We do not use your personal data in this way
i) For more information about our use of your personal data or exercising your rights as outlined above. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
4. What Personal Data Do We Collect?
We may collect some or all the following personal data (this may vary according to your relationshipwith us):
- Name;
- Address;
- Email address;
- Telephone number;
- Business name;
- Job title;
- Profession;
- Information about your preferences and interests
5. How Do You Use My Personal Data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be becausethe data is necessary for our performance of a contract with you, because you have consented to ouruse of your personal data, or because it is in our legitimate business interests to use it. Your personaldata will be used for or may be used for one of the following purposes:
- Providing and managing your account.
- Supplying our services to you. Your personal details are required in order for us to enter into acontract with you.
- Personalising and tailoring our services for you.
- Communicating with you. This may include responding to emails or calls from you.
- Supplying you with information by email and/or post that you have opted-in to (you mayunsubscribe or opt-out at any time by emailing [emailprotected].
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email and/or telephone and /or text message and/or post with information, news, and offers on our services. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt out.
6. How Long Will You Keep My Personal Data?
Due to the nature of recruitment, a significant number of candidates reconnect with our organisationperiodically. It is not uncommon for this to occur years after we have placed them in a role. For thisreason, your consent includes explicit consent to retain your personal details until you wish us todelete your records from our database or refrain from further engagement.
7. How and Where Do You Store or Transfer My PersonalData?
We will only store or transfer your personal data in the UK or elsewhere in the EU. This means that itwill be fully protected under the GDPR.
- We store all data in specific company applications unique to us
- All application access is via secure password or biometric control
- In line with our Data Retention Policy, your data is deleted once
a) we no longer have a relevant use for it
b) it has passed the relevant expiry date
8. Do You Share My Personal Data?
We will not share any of your personal data with any third parties for any purposes, subject to oneimportant exception.In some limited circ*mstances, we may be legally required to share certain personal data, which
might include yours, if we are involved in legal proceedings or complying with legal obligations, acourt order, or the instructions of a government authority.
If any of your personal data is required by a third party, as described above, we will take steps toensure that your personal data is handled safely, securely, and in accordance with your rights, ourobligations, and the third party’s obligations under the law.
9. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personaldata and for a copy of it (where any such personal data is held). This is known as a “subject accessrequest”.All subject access requests should be made in writing and sent to the email or postal addressesshown below.
There is not normally any charge for a subject access request. If your request is ‘manifestlyunfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 14 days and, in any case, not more than onemonth of receiving it. Normally, we aim to provide a complete response, including a copy of yourpersonal data within that time. In some cases, however, particularly if your request is more complex,more time may be required up to a maximum of three months from the date we receive your request.
You will be kept fully informed of our progress.
10. Contact details
Contact us at [emailprotected]
Alternatively, you can contact us by writing to us at:
GDPR Compliance Officer
Recruit UK Limited
Newminster House
27-29 Baldwin Street
Bristol
BS1 1LT
11. Complaints procedure
If you have a complaint about the way your data is stored or handled by Recruit UK Limited, please
contact us at [emailprotected]
Alternatively, you can contact us by writing to us at:
GDPR Compliance Officer
Recruit UK Limited
Newminster House
27-29 Baldwin Street
Bristol
BS1 1LT
Escalated Complaints
If you remain unhappy with the handling of your data, you can complain to the ICO.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
12. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law
changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available on our website recruitukltd.co.uk
As an expert in data privacy and protection, I've dedicated years to understanding the intricate regulations and principles governing the handling of personal data. My expertise extends to various frameworks, including the General Data Protection Regulation (GDPR), which has significantly influenced global data protection standards. Here's a breakdown of the concepts used in the provided article:
-
Privacy Notice: This is a formal statement or document provided by an organization that explains how they collect, use, and protect personal data.
-
Personal Data: Refers to any information relating to an identifiable person who can be directly or indirectly identified. This includes obvious identifiers like name and contact details, as well as less apparent data like identification numbers or electronic location data.
-
Rights Under GDPR: Individuals have certain rights regarding their personal data under the GDPR, including:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure (right to be forgotten)
- Right to restrict processing
- Right to object
- Right to data portability
-
Lawful Basis for Processing: Personal data must be processed lawfully, fairly, and transparently. The GDPR outlines several lawful bases for processing, including consent, contractual necessity, compliance with legal obligations, protection of vital interests, performance of a task carried out in the public interest, and legitimate interests pursued by the data controller or a third party.
-
Data Collection: Organizations collect various types of personal data depending on their relationship with individuals. This can include name, address, email address, telephone number, business details, job title, profession, and information about preferences and interests.
-
Data Use: Personal data can be used for various purposes, such as providing and managing accounts, supplying services, personalizing services, communication, and marketing. The lawful basis for data use must be established.
-
Data Retention: Organizations must specify how long they will retain personal data. Data should only be kept for as long as necessary for the purposes for which it was collected.
-
Data Storage and Security: Personal data must be stored securely, whether locally or in transit. Measures such as encryption, access controls, and regular audits are necessary to ensure data protection.
-
Data Sharing: Organizations must disclose if they share personal data with third parties and under what circ*mstances. This includes legal obligations and procedures for safeguarding data when sharing with third parties.
-
Subject Access Requests (SAR): Individuals have the right to request access to their personal data held by an organization. Organizations must provide requested information within a specified timeframe and may charge a fee for excessive or unfounded requests.
-
Complaints Procedure: Individuals have the right to complain to the organization and relevant regulatory authorities if they believe their data protection rights have been violated.
-
Changes to Privacy Notice: Organizations must regularly review and update their privacy notices to reflect changes in law or business operations. Changes should be communicated to individuals affected by the updates.
Understanding these concepts is crucial for ensuring compliance with data protection regulations and maintaining trust with customers or users whose personal data is being processed.
