DATA PROTECTION LAWS: EU GENERAL DATA PROTECTION REGULATION
All organisations that process personal data are required to comply with data protection legislation. This includes in particular the Data Protection Act 1998 (or its successor) and the EU General Data Protection Regulation (together the ‘Data Protection Laws’). The Data Protection Laws give individuals (known as ‘data subjects’) certain rights over their personal data whilst imposing certain obligations on the organisations that process their data. As a recruitment business, Link3 Recruitment collects and processes both personal data and sensitive personal data. It is required to do so to comply with other legislation. It is also required to keep this data for different periods depending on the nature of the data. In order for us to provide work finding services, we require consent from yourself as the ‘data subject’ so we can then process your personal and sensitive data.
• Date of birth
• Contact details, including telephone number, email address and postal address
• Experience, training and qualification
• National insurance number
• Include any other relevant personal data
Sensitive personal data
• Disability/health condition relevant to the role
• Criminal conviction
• Include any other relevant sensitive personal data
I consent to Link3 Recruitment processing the above personal data for the following purposes:
• For the Company to provide me with work-finding services.
• For the Company to access and provide employment references.
• For the Company to provide me with payroll services.
• For the Company to process with or transfer my personal data to their client/s in order to provide me with work-finding services.
• For the Company to process my data on a computerised database (RDB ProNet) in order to provide me with work-finding services.
• For the Company to process my data using automated decision-making processes
I also consent to the Company processing my personal data with third parties including, The REC for the purposes of internal audits and investigations carried out on the Company to ensure that the Company is complying with all relevant laws and obligations.
Link3 Recruitment have a legal obligation to keep the following information:
• Terms of engagement (6 years from last date of work, if not worked then 1 year from registration)
• 48 hour opt out notice (2 years from last date of work, if not worked then 1 year from registration)
• Annual Leave record (2 years from last date of work, if not worked then 1 year from registration )
• Pay records (6 years from last date of work)
• Pension auto enrolment (6 years from last date of work)
• Gender pay gap reporting (1 year from last date of work)
• Statutory Maternity, paternity adoption pay records (6 years from last date of work)
• Child Protection Records (normal retirement age or minimum of 10 years if that is longer)
• RTW Right to work Documents (2 years from your last date of work, if not worked 1 year from registration)
I also give consent for Link3 Recruitment to send me the following relevant marketing in relation to offering me work finding services. You hold the right to withdraw this consent at any time.
Your right to object to processing
What if you are unhappy about us collecting, using, storing or disclosing your personal data?
Where we are collecting, using, storing or disclosing (processing) your personal data because we need it to carry out our official work (including if we are profiling your behaviour online or handling your personal data for archiving, historical research or statistical purposes) you may object at any time.
What we must do
If you object, we must stop collecting, using, storing or disclosing your personal data unless the law says that we can carry on. For example, where:
• We can show that there are compelling and lawful reasons for us to carry on which we consider outweigh your right to object or • we need the personal data to establish, exercise or defend a legal claim
Do we have to agree to stop collecting, using, storing or disclosing your personal data?
Sometimes the law allows us to turn down your request to stop processing. For example, where there are reasons of:
• national security • defence • public security • the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties • protecting economic or financial interests, monetary, budgetary and taxation matters, public health and social security • monitoring, inspection or regulatory functions • protecting you or the rights of others • the enforcement of civil claims
Where we are collecting, using, storing or disclosing your personal data for archiving, historical research or statistical purposes, and you object, we may carry on where the handling of your personal data is necessary to allow us to carry out a task for reasons of public interest.
What if your request is turned down?
Where the law allows us to refuse your request to stop processing your personal data, we will tell you and explain why.
How to make a request
If you wish to object to us collecting, using, storing or disclosing your personal data, you should contact:
Data Protection Officer Ryan Miller Link3 Recruitment 8 Pavilion Road West Bridgford Nottingham NG2 5FG firstname.lastname@example.org 0115 6972550
Proof of identity
Before we can deal with your objection to us collecting, using, storing or disclosing your personal data, we may need to ask you for proof of identity. If so, we will ask you for a photocopy of the identity page of a current passport or current photo driving licence and an original, current utility bill (a gas, electricity, water, or telephone bill, or a credit card or bank statement) containing your name and address. We will return the utility bill to you if you ask us to.
Time for response and cost
We must deal with your request free of charge, without undue delay and certainly within a month of receiving your request. But if your request is complex, or if you have made several requests, we may extend this time period by a further two months. Where we extend the time period, we must tell you we are going to do this, and why, within one month of receiving your request. If you make repeated requests, the law allows us to charge you a reasonable fee based on our administrative costs, or to refuse to deal with your requests.
Where you make your request by email, unless you ask us not to, we will respond in an electronic form.
How to complain
If you are unhappy about how we are handling your objection to processing, you may complain to:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow SK9 5AF email@example.com 0303 123 1113
You also have the right to ask a Court to consider whether we have dealt properly with your request.
Link3 Recruitment Ltd understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, www.link3recruitment.co.uk (“Our Site”) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law.
1. Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
“personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and
“We/Us/Our” means Link3 Recruitment Ltd, a Limited Company registered in England under company number 10895686, whose registered address is Unit 2 Charnwood Edge Business Park, Syston Road, Cossington, Leicester, United Kingdom, LE7 4UZ.
2. Information About Us
2.1 Our Site is owned and operated by Link3 Recruitment Ltd a limited company registered in England under company number 10895686, whose registered address is Unit 2 Charnwood Edge Business Park, Syston Road, Cossington, Leicester, United Kingdom, LE7 4UZ.
3. What Does This Policy Cover?
4. Your Rights
4.1 As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
4.1.1 The right to be informed about Our collection and use of personal data;
4.1.2 The right of access to the personal data We hold about you (see section 12);
4.1.3 The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using the details in section 13);
4.1.4 The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in section 6 but if you would like Us to delete it sooner, please contact Us using the details in section 13);
4.1.5 The right to restrict (i.e. prevent) the processing of your personal data;
4.1.6 The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
4.1.7 The right to object to Us using your personal data for particular purposes; and
4.1.8 Rights with respect to automated decision making and profiling.
4.2 If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided in section 13 and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
4.3 For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
5. What Data Do We Collect?
Depending upon your use of Our Site, We may collect some or all of the following personal and non-personal data:
5.3 business/company name
5.4 job title;
5.6 contact information such as email addresses and telephone numbers;
5.7 demographic information such as post code, preferences, and interests;
5.8 financial information such as credit / debit card numbers;
5.9 IP address;
5.10 web browser type and version;
5.11 operating system;
5.12 a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to;
6. How Do We Use Your Data?
6.1 All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the GDPR at all times. For more details on security see section 7, below.
6.2 Our use of your personal data will always have a lawful basis, either because it is necessary for Our performance of a contract with you, because you have consented to Our use of your personal data (e.g. by subscribing to emails), or because it is in Our legitimate interests. Specifically, We may use your data for the following purposes:
6.2.1 Supplying Our products and services to you (please note that We require your personal data in order to enter into a contract with you);
6.2.2 Personalising and tailoring Our products and services for you;
6.2.3 Replying to emails from you;
6.2.4 Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time.
6.3 With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email or telephone or post with information, news, and offers on Our products or services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
6.4 You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.
6.5 We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will therefore be retained for the following periods (or its retention will be determined on the following bases):
6.5.1 Personal data will be retained for up to 3 years to assist in providing support for clients;
7. How and Where Do We Store Your Data?
7.1 We only keep your personal data for as long as We need to in order to use it as described above in section 6, and/or for as long as We have your permission to keep it.
7.2 Your data will only be stored within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein).
7.3 Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure data collected through Our Site.
7.4 Steps We take to secure and protect your data include:
7.4.1 Encrypting your data in our website and restricting access.
8. Do We Share Your Data?
8.1 Subject to section 8.2, We will not share any of your data with any third parties for any purposes.
8.2 In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal obligations, a court order, or a governmental authority.
8.3 We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
8.4 We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
8.5 In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal requirements, a court order, or a governmental authority.
9. What Happens If Our Business Changes Hands?
10. How Can You Control Your Data?
10.1 In addition to your rights under the GDPR, set out in section 4, When you submit personal data via Our Site, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details).
10.2 You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
11. Your Right to Withhold Information
You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
12. How Can You Access Your Data?
You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable and We will provide any and all information in response to your request free of charge. Please contact Us for more details at firstname.lastname@example.org,, or using the contact details below in section 13.
13. Contacting Us