1. Context
The General Data Protection Regulation (Regulation (EU) 2016/679), known as the GDPR, is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The GDPR aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. The Government intends for the GDPR to continue in UK law post Brexit and has also introduced a Data Protection Bill to replace the current Data Protection Act in due course.
Your rights under the GDPR are set out in this Privacy Notice but will only apply once the GDPR becomes law on 25th May 2018.
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. If you have any questions about this Privacy Notice or the use of your information by us, please contact us at [email protected]
2. Who are we and what we do
We are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003. We collect the personal data of the following types of people to allow us to undertake our business:
Prospective and placed candidates for permanent or temporary roles;
Prospective and live client contacts;
Supplier contacts to support our services, including agency contacts;
Employees, consultants, temporary workers.
We collect information about you to carry out our core business activities.
3. How we obtain your Personal Data
(a) Information you give us or we may collect from you
We may collect information about you when you fill in forms on our company website or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site or to enter our database.
The information you give us or we collect about you may include:
information contained in your CV or job application such as your name, address, private and corporate e-mail address and phone number;
information contained in any documents that you send to any of us for identity verification purposes such as your passport or driving licence;
financial information, compliance documentation and references verifying your qualifications and experience and your right to work in the United Kingdom;
links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, business Facebook or corporate website;
information that you provide about yourself when negotiating or entering into a contract with us.
(b) Information we collect about you when you visit our website
With regard to each of your visits to our website, we will automatically collect the following information:
information that you provide by filling in forms on our website;
technical information relating to your visits including, but not limited to, traffic data, location data, weblogs, other communication data and the resources that you access;
information when you respond to a survey and/or when you report a problem with one any of our websites.
(c) Information we obtain from other sources
This is information that we obtained about you from other sources such as LinkedIn, corporate websites, job boards, online CV libraries, your business card and personal recommendations. In this case, we will inform you by sending you this Privacy Notice within a maximum of 30 days of collecting the data of the fact that we hold personal data about you, the source of the personal data and whether it comes from publically available sources, and for what purpose we intend to retain and process your personal data.
(d) Special Categories of Data
(i) Diversity
If requested to do so by a client, or it is a requirement of our contract with a client, we may ask you for some ethnicity and diversity information to support the client’s equal opportunities monitoring. This could be information about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs, and/or social-economic background. Any information that is disclosed to the client will be anonymised where relevant.
As this information is ‘sensitive’ personal information we need to obtain your explicit consent before we can use it. We will therefore ask for your consent prior to asking you to complete the questionnaire. Answering the questions is entirely voluntary.
(ii) Criminal Convictions
If a client requests us to obtain a criminal convictions check as part of their pre-employment or pre-engagement screening process, we will contact you first to explain the process and obtain your explicit consent to proceed.
You have the right to withdraw your consent to us using your personal information for these purposes at any time by emailing [email protected]
4. Why we hold your Personal Data and how we use it
Our core service to both candidates and clients is to introduce suitably qualified and experienced candidates to our clients for the purpose of temporary or permanent engagement.
If you are a candidate, we may use information held about you:
to process your application to register with us;
for matching you with any of our clients and placing you with any of our clients for work assignments;
to process payments for or to you;
to engage you or your company for temporary assignment(s);
to carry out credit assessments and identity verification, right to work, criminal record and background reference checks;
to contact you for future work-finding services.
In addition, or if you are a client or other third party, we may use information held about you in the following ways:
to carry out our obligations arising from any contracts entered into between you and us;
to notify you about changes to any of our services;
to ensure that content from our website is presented in the most effective manner for you and for your computer;
to provide you with information or services that you expressly request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
to meet any of our obligations under any applicable laws or regulations;
to help us establish, exercise or defend legal claims.
5. The legal basis for processing your Personal Data
Depending on the purpose that we hold and process your data for, we will rely on one or more of the following legal grounds to process your data:
(a) Legitimate Interests
We will rely on legitimate business interests to process your personal data to carry out work-finding services for you, to introduce candidates to our clients for permanent employment, temporary worker placements or independent professional contracts and to carry out pre-engagement and pre-employment screening services (except where we are required to obtain explicit consent to carry out a check). The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process.
Legitimate Interests means the interests of Talent Zone in conducting and managing our recruitment business. For example, we have an interest in ensuring that the information provided in your CV and/or job application is correct and that you have the necessary skills and experience to meet our client’s requirements.
Legitimate Interests can also apply to the processing of data that is in your interests. For example, we only wish to put you forward for roles that you want to perform and that you have the right skills to deliver so that you have the best chance of your application succeeding.
When we process your personal information, we make sure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
(b) Necessary for the performance of a contract
We will rely on contract if you are appointed to undertake an assignment at a client (whether as a contractor or temporary worker). We will enter into a contract with your limited company (PSC) or umbrella company to engage you for that assignment. Your personal data will be processed as necessary throughout the assignment in order to perform the contract. For example, to ensure your timesheets are authorised, that payments are made to you and that you comply with your obligations under the contract.
We will also rely on contract if we are negotiating or have entered into a contract to provide services to you or receive services from you or your organisation.
(c) Necessary for compliance with a legal obligation
We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations. For example, if you are a limited company contractor engaged on an assignment HMRC requires that we submit regular reports to them detailing the payments which we make to you and other information as set out in The Income Tax (Pay as You Earn)(Amendment No.2) Regulations 2015.
(d) Consent
We will ask for your explicit consent to pass your personal data to a client for consideration for permanent employment or temporary assignment. We will request your consent orally, by email or by an online process. Should we want or need to rely on consent for other processing activities, we will request consent orally, by email or by an online process for the specific activity we require consent for. Your responses will be recorded on our system.
Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular activity at any time by emailing [email protected]
6. Who do we share your Personal Data with?
We may share your personal data with:
clients and/ or their appointed agents in relation to roles you wish to be considered for or assignments you are engaged to perform. We will only ever provide your details to a client / their agent in relation to a potential role if you have consented to us doing so;
third parties to enable the completion of pre-engagement screening checks, for example current, past or prospective employers. We will notify you in advance of the pre-engagement checks we will undertake and seek your permission to us carrying them out;
managed service suppliers if our clients have a managed service programme;
if you are engaged as a contractor your personal information will be provided to HMRC and /or third parties in order to meet our and the third party’s reporting obligations under The Income Tax (Pay as You Earn)(Amendment No.2) Regulations 2015;
if you agree to us sending you documents electronically for signing your email address and a copy of the relevant document will be sent to you via DocuSign, whose servers are located in the US. Once the document has been executed it will be deleted from DocuSign’s servers. An agreement is in place between Talent Zone and DocuSign to cover the transfer of this data.
We may disclose your personal data to third parties:
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce our website terms of use and other agreements, or to protect the rights, property or safety of Talent Zone, our customers, and others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
in the event that we sell or buy any business or assets, in which case each of us may disclose your personal information to the prospective seller or buyer of such business or assets;
in the event that we outsource any of our business functions under which we collect or store your information in which case we will ensure that any such service provider adheres to at least the same obligations of security with regard to your information as undertaken by us;
where we use your information to carry out credit assessments we will need to share your information with credit reference agencies to assess your eligibility to register with us as a candidate and to verify your identity;
we may share your information with our associates, UK and overseas law enforcement agencies or regulatory authorities and other relevant bodies for crime prevention purposes.
The lawful basis for the third party processing will include:
their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
satisfaction of their contractual obligations to us as data controller;
for the purpose of a contract in place or in contemplation;
to fulfil legal obligations.
7. Where do we store your Personal Data?
We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Notice.
All information that you provide to us in physical form such as documents will be stored securely at our offices or at a secure storage facility.
All information you provide to us electronically is stored on our secure servers located in the United Kingdom.
If you agree to us sending you documents electronically for signing your email address and a copy of the relevant document will be sent to you via DocuSign, whose servers are located in the US. Once the document has been executed it will be deleted from DocuSign’s servers. An agreement is in place between TalentZone and DocuSign to cover the transfer of this data.
Unfortunately, sending information to us via post, fax, email or the internet is not completely safe and secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information sent to us by any of these means and any information sent to us in this way is at your own risk.
Once we have received your information, we will each use strict procedures and security features to try to prevent unauthorised access and require our suppliers to do the same.
8. How long will we store your Personal Data for?
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention policy and run data routines to remove data that we no longer have a legitimate business interest in maintaining.
We segregate your data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data includes:
the nature of the personal data;
its perceived accuracy;
our legal obligations;
whether an interview or placement has been arranged;
our recruitment expertise and knowledge of the industry by sector and job role.
As a general rule, if you are a candidate, your information will be held for as long as you are actively engaging with us in order to receive work finding services.
If you cease to actively engage with us:
if you are a candidate seeking a permanent or fixed term engagement we will retain your personal data for a two (2) years after the date we last had meaningful contact with you;
if you are a candidate seeking a temporary assignment or a contracting role we will retain your personal data for two (2) years after date we last had meaningful contact with you (or, where appropriate the company you are working for or with);
if you are a contractor or temporary worker and have performed an assignment we will retain details of your assignment for six (6) years after the end date of your assignment in order to comply with applicable accounting and tax laws and to assist in the event of HMRC raising any queries regarding your tax status.
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services.
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (“CRM”) system.
9. Your Rights
You have the right to ask us not to process your personal information for marketing purposes. We will usually inform you (before collecting your information) if we wish to use your information for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect your express consent from you if legally required prior to using your personal data for marketing purposes. You can exercise your right to accept or prevent such processing at any time by contacting [email protected]
The GDPR provides you with the following rights. To:
Request correction of personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or removed personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restrictions of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party in certain formats, if practicable.
Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted at: https://ico.org.uk/concerns/
If you want to contact us to exercise any of your rights, you can write to us at Talent Zone LTD, The Old School, 23 Eastfield Road, Westbury On Trym, Bristol, BS9 4AE or email us on [email protected] .
10. Subject Access to information
The Data Protection Act 1998 (the “Act”), which is the current UK data protection law until 25th May 2018, and the GDPR, which comes into effect on 25th May 2018, give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete.
Your right of access can be exercised in accordance with the Act (until 25th May 2018) and the GDPR (on and after 25th May 2018). Any access request under the Act may be subject to a fee to meet any of our costs in providing you with details of the information we hold about you. No fee will apply once the GDPR comes into force.
A subject access request should be sent to [email protected] .
11. Cookies
A cookie is a bite-sized piece of data that is stored on your computer’s hard drive. Almost all websites use them and they do not harm your system. We use them to track your activity on our websites and to distinguish you from other users. This helps us to provide you with a good experience when you browse our websites and also allows us to improve functionality, analyse traffic and for advertising purposes.
For more general information about cookies, including how to disable them, see aboutcookies.org
12. Changes to our Privacy Notice
Any changes we may make to our Privacy Notice in the future will be publicised on this page and may be notified by email.
13. Contact
Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed