Insight Recruitment Group (“The Company”) is a recruitment business which provides work-finding services to its clients and work-seekers. The Company must process personal data (including a special category or ‘sensitive’ personal data) so that it can provide these services. In so doing, the Company acts as a data controller.
You may give your personal details to the Company directly, such as on an application or registration form, CV, or via our website, or we may collect them from another source, such as a jobs board. The Company must have a legal basis for processing your personal data. See below for more details. We will only use your personal data in accordance with the terms of this notice and to provide you with work-finding services and/or information relating to roles relevant to you.
This Privacy Notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data. This applies to individuals (candidate/applicant) and Clients wishing to use or using our Recruitment Services or looking for a position.
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, address, National Insurance number but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data that we use is set out in Part 4, below.
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 16.
Your personal data must be kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to complain with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Part 16.
The Company may collect and hold some or all of the following personal data and special category or ‘sensitive’ personal data:
This list is not exhaustive, and you are under no obligation to provide the Company with data. However, if you do not provide certain information, we will not be able to provide work-finding services.
The Company needs to collect and process data in order to offer work-finding services to you.
The Company will process your personal data to provide you with work-finding services. This includes, for example, contacting you about job opportunities, assessing your suitability for those opportunities, updating our databases, putting you forward for job opportunities, arranging payments to you, and developing and managing our services and relationship with you and our clients.
In some cases, the Company may be required to collect and process your data to investigate, report, and detect crime, and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
The legal bases we rely upon to offer our serivces to you are:
The Company will only use your personal data for the purposes for which it was originally collected unless we reasonably believe that another purpose is compatible with those original purposes and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact using the details in Part 16.
We use automated systems/software which may be used for carrying out certain kinds of decision-making and review the personal data of individuals recorded on our database. This software can determine the suitability for a specific position, the software can allow us to identify individuals from our database who have precise skills for a particular position. If at any point you wish to query any action that we take based on this or wish to request ‘human intervention’ (i.e. have someone review the action themselves, rather than relying only on the automated method), the Data Protection Legislation gives you the right to do so. Please contact us to find out more using the details in Part 16.
We believe that it's reasonable to expect that if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and otherwise use your personal data to offer or provide our recruitment services to you and assess your skills against vacancies. You have the right to request that your details are removed at any time by using the details in Part 16.
We, therefore, think it’s reasonable for us to process your data and to contact you to propose relevant roles or available opportunities. We may also need to use your data for our internal administrative activities.
If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purposes for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.
In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
The Company will only hold your personal data for as long as is necessary to fulfil the purposes for which we collected it.
Different laws may also require us to keep data for different periods of time.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003 require us to keep work-seeker records for at least one year from:
The Company must also keep your payroll records, holiday pay, sick pay, and pensions auto-enrolment records. These records are retained for as long as is legally required by HMRC and associated national minimum wage, social security, and tax legislation.
Where the Company has obtained your consent or had meaning full contact to process your personal and sensitive data, we will do so in line with our Data Protection Policy. Upon expiry of the period to which you have consented, the Company will seek further consent from you. Where consent is not granted, we will not continue to process your data.
We will consider there to be meaningful contact with you if you submit your updated CV onto our website, apply for jobs or we receive an updated CV from a job board. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication or engage with any of our marketing communications.
Data is stored in a range of different places, including on your application record, in the Company's candidate management systems and other IT systems (including the Company's email system).
We will only store or transfer your personal data or store or transfer some of your personal data within the UK. This means that it will be fully protected under the Data Protection Legislation. Or we may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein) or EEA. These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation as follows:
Where we share your data with external third parties, as detailed below in Part 8, that are based outside of the EEA. The following safeguards are applied to such transfers:
We will only transfer your personal data to third countries whose levels of data protection are deemed ‘adequate’ by the European Commission. More information is available from the European Commission.
Or Where we transfer your data to a third party based in the US, the data may be protected if they are part of the EU-US Privacy Shield. This requires that third party to provide data protection to standards similar levels of data protection to those in Europe. More information is available from the European Commission.
Please contact us using the details below in Part 16 for further information about the particular data protection mechanisms used by us when transferring your personal data to a third country.
The security of your personal data is essential to us, and to protect your data, we take several important measures, including the following:
The Company will process your personal data and/or sensitive personal data with the following recipients. Individuals, hirers and third parties, necessary for the provision of our Services which can include but not exhaustive:
We will share your personal information and, where necessary, your sensitive personal information with trusted third parties where we have retained them to provide services that you or our clients have requested, such as any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us.
We will also share your personal information with third parties who perform functions on our behalf and provide services:
When your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Part 8.
If any personal data is transferred outside of the EEA, we will take suitable steps to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation, as explained above in Part 8.
If you want to know what personal data we hold about you, you can ask us for details of that personal data and a copy of it. This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 16. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 20 working days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
If the personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. You can let us know by contacting us at firstname.lastname@example.org.
We may obtain data about you from cookies. These are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies also enable us to deliver more personalised content.
Most web browsers allow some control of most cookies through the browser settings. Please note that in a few cases some of our website features may not function if you remove cookies from your browser.
We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
The Company’s website may contain links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. When you leave our site, we encourage you to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website.
From time to time we would like to send you details of reports, promotions, offers, networking and client events and general information about the industry sectors which we think might be of interest to you. If you do not want to continue receiving marketing information, please contact us at email@example.com.
If the Company’s business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available at www.insightrecruitmentgroup.co.uk. This Privacy Notice was last updated on 23/11/2020.