The General Data Protection Regulation Regulation (GDPR) is the new regulation which replaced the Data Protection Regulation (Directive 95/46/EC). GDPR aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Please read the following carefully to understand our practices regarding your personal information and how we will treat it. If you have any questions about this Privacy Notice or the use of your information by us, please contact us at email@example.com
2. Who are we and what we do
We are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003. We collect the personal data of the following types of people to allow us to undertake our business:
Prospective and placed candidates for permanent or temporary roles
Prospective and live client contacts
Supplier contacts to support our services, including agency contacts.
Employees, consultants, temporary workers.
We collect information about you to carry out our core business activities.
3. How we obtain your Personal Data
(a) Information you give us or we may collect from you
We may collect information about you when you fill in forms on our company website or by corresponding with us by phone, e-mail or otherwise.
The information you give us or we collect about you may include:
Information contained in your CV or job application such as your name, address, private and corporate e-mail address & phone number.
Information contained in any documents that you send to any of us for identity verification purposes such as your passport or driving licence.
Financial information, compliance documentation and references verifying your qualifications and experience and your right to work in the United Kingdom.
Links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, business Facebook or corporate website.
Information that you provide about yourself when negotiating or entering into a contract with us.
(b) Information we collect about you when you visit our website
With regard to each of your visits to our website, we will automatically collect the following information:
Information that you provide by filling in forms on our website
Technical information relating to your visits including, but not limited to, traffic data, location data, weblogs, other communication data and the resources that you access.
Information when you respond to a survey and/or when you report a problem with our website.
(c) Information we obtain from other sources
This is information that we obtained about you from other sources such as LinkedIn, corporate websites, job boards, online CV libraries, your business card and personal recommendations. In this case, we will inform you by sending you this Privacy Notice within a maximum of 30 days of collecting the data of the fact that we hold personal data about you, the source of the personal data and whether it comes from publicly available sources, and for what purpose we intend to retain and process your personal data.
(d) Special Categories of Data
If requested to do so by a client, or it is a requirement of our contract with a client, we may ask you for some ethnicity and diversity information to support the client’s equal opportunities monitoring. This could be information about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs, and/or social-economic background. Any information that is disclosed to the client will be anonymised where relevant.
As this information is ‘sensitive’ personal information we need to obtain your explicit consent before we can use it. We will therefore ask for your consent prior to asking you to complete the questionnaire. Answering the questions is entirely voluntary.
(ii) Criminal Convictions
If a client requests us to obtain a criminal convictions check as part of their pre-employment or pre-engagement screening process, we will contact you first to explain the process and obtain your explicit consent to proceed.
You have the right to withdraw your consent to us using your personal information for these purposes at any time by emailing firstname.lastname@example.org
4. Why we hold your Personal Data and how we use it
Our core service to both candidates and clients is to introduce qualified and experienced candidates to our clients for the purpose of temporary or permanent engagement.
If you are a candidate, we may use information held about you:
to process your application to register with us
for matching you with any of our clients and placing you with any of our clients for work assignments
o process payments for or to you
to engage you or your company for temporary assignment(s)
to carry out credit assessments and identity verification, right to work, criminal record and background reference checks
to contact you for future work-finding services.
in addition, or if you are a client or other third party, we may use information held about you in the following ways:
to carry out our obligations arising from any contracts entered into between you and us
to notify you about changes to any of our services
to ensure that content from our website is presented in the most effective manner for you and for your computer
to provide you with information or services that you expressly request from us or which we feel may interest you, where you have consented to be contacted for such purposes
to meet any of our obligations under any applicable laws or regulations
to help us establish, exercise or defend legal claims.
5. The legal basis for processing your Personal Data
Depending on the purpose that we hold and process your data for, we will rely on one or more of the following legal grounds to process your data:
(a) Legitimate Interests
We will rely on legitimate business interests to process your personal data, to carry out work-finding services for you, to introduce candidates to our clients for permanent employment, temporary worker placements or independent professional contracts and to carry out pre-engagement and pre-employment screening services (except where we are required to obtain explicit consent to carry out a check). The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process.
Legitimate Interests means the interests of Headhunterz Resourcing in conducting and managing our recruitment business. For example, we have an interest in ensuring that the information provided in your CV and/or job application is correct and that you have the necessary skills and experience to meet our client’s requirements.
Legitimate Interests can also apply to the processing of data that is in your interests. For example, we only wish to put you forward for roles that you want to perform and that you have the right skills to deliver so that you have the best chance of your application succeeding.
When we process your personal information, we make sure we consider and balance any potential impact on you (both positive and negative) and your rights under data protection laws. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
(b) Necessary for the performance of a contract
We will rely on contract if you are appointed to undertake an assignment at a client (whether as a contractor or temporary worker). We will enter into a contract with your limited company (PSC) or umbrella company to engage you for that assignment. Your personal data will be processed as necessary throughout the assignment in order to perform the contract. For example, to ensure your timesheets are authorised, that payments are made to you and that you comply with your obligations under the contract.
We will also rely on contract if we are negotiating or have entered into a contract to provide services to you or receive services from you or your organisation.
(c) Necessary for compliance with a legal obligation
We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations. For example, if you are a limited company contractor engaged on an assignment HMRC requires that we submit regular reports to them detailing the payments which we make to you and other information as set out in The Income Tax (Pay as You Earn)(Amendment No.2) Regulations 2015.
We will ask for your explicit consent to pass your personal data to a client for consideration for permanent employment or temporary assignment. We will request your consent orally, by email or by an online process. Should we want or need to rely on consent for other processing activities, we will request consent orally, by email or by an online process for the specific activity we require consent for. Your responses will be recorded on our system.
Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular activity at any time by emailing email@example.com
6. Who do we share your Personal Data with?
We may share your personal data with:
Clients and/ or their appointed agents in relation to roles you wish to be considered for or assignments you are engaged to perform. We will only ever provide your details to a client / their agent in relation to a potential role if you have consented to us doing so
Third parties to enable the completion of pre-engagement screening checks, for example current, past or prospective employers. We will notify you in advance of the pre-engagement checks we will undertake and seek your permission to us carrying them out
Managed service suppliers if our clients have a managed service programme
If you are engaged as a contractor your personal information will be provided to HMRC and /or third parties in order to meet our and the third party’s reporting obligations under The Income Tax (Pay as You Earn)(Amendment No.2) Regulations 2015;
We may disclose your personal data to third parties:
In the event that we sell or buy any business or assets, in which case each of us may disclose your personal information to the prospective seller or buyer of such business or assets.
In the event that we outsource any of our business functions under which we collect or store your information in which case we will ensure that any such service provider adheres to at least the same obligations of security with regard to your information as undertaken by us.
Where we use your information to carry out credit assessments we will need to share your information with credit reference agencies to assess your eligibility to register with us as a candidate and to verify your identity.
We may share your information with our associates, UK and overseas law enforcement agencies or regulatory authorities and other relevant bodies for crime prevention purposes.
The lawful basis for the third party processing will include:
Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
for satisfaction of their contractual obligations to us as data controller;
for the purpose of a contract in place or in contemplation;
to fulfil legal obligations.
7. Where do we store your Personal Data?
We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Notice.
All information that you provide to us in physical form such as documents will be stored securely at our offices or at a secure storage facility.
All information you provide to us electronically is stored on our secure servers located in the United Kingdom.
8. How long will we store your Personal Data for?
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention policy and run data routines to remove data that we no longer have a legitimate business interest in maintaining.
We segregate your data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data includes:
the nature of the personal data;
its perceived accuracy;
our legal obligations;
whether an interview or placement has been arranged;
our recruitment expertise and knowledge of the industry by sector and job role.
As a general rule, if you are a candidate, your information will be held for as long as you are actively engaging with us in order to receive work finding services.
If you cease to actively engage with us:
if you are a candidate seeking a permanent or fixed term engagement we will retain your personal data for a two (2) years after the date we last had meaningful contact with you;
if you are a candidate seeking a temporary assignment or a contracting role we will retain your personal data for two (2) years after date we last had meaningful contact with you (or, where appropriate the company you are working for or with);
if you are a contractor or temporary worker and have performed an assignment we will retain details of your assignment for six (6) years after the end date of your assignment in order to comply with applicable accounting and tax laws and to assist in the event of HMRC raising any queries regarding your tax status.
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services
9. Your Rights
You have the right to ask us not to process your personal information for marketing purposes. We will usually inform you (before collecting your information) if we wish to use your information for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect your express consent from you if legally required prior to using your personal data for marketing purposes. You can exercise your right to accept or prevent such processing at any time by contacting firstname.lastname@example.org
The GDPR provides you with the following rights. To:
Request correction of personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restrictions of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party in certain formats, if practicable.
Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted at: https://ico.org.uk/concerns/
10. Subject Access to information
GDPR gives you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete.
A subject access request should be sent to email@example.com
11. Changes to our Privacy Notice
Any changes we may make to our Privacy Notice in the future will be published on this page and may be notified by email.