Privacy Policy
1. INTRODUCTION
This Privacy Policy (hereinafter referred to as »Policy«) relates to the collection and use of Personal Data by the Data Privacy Recruitment Ltd, 85 Great Portland Street, First Floor, London, England, W1W 7LT (hereinafter referred to as »DPR«, »we«, »our«).
Our UK ICO registration number is ZA721647.
DPR is a recruitment company, and this Policy describes what we do with the Personal Data we collect and process while providing our Services. This may range from the Personal Data that is collected from the potential Candidates to Personal Data exchanged with our Clients during the whole recruitment process.
2. DEFINITIONS
Capitalized terms and expressions used in this Policy shall have the following meaning:
Candidate is a person potentially suited to a specific position with regards to the provision of Services by DPR on behalf of a Client;
Clients mean organisations or individuals that have a contractual relationship with DPR with regards to provision of Services on their behalf;
Data Subjects means identified or identifiable living individual to whom Personal Data relates;
Personal Data means any information relating to an identified or identifiable natural person;
Services mean whole or partial part of attracting, shortlisting, selecting and appointing suitable candidates for jobs (either permanent or temporary), any related marketing activities;
Suppliers mean a person or company with whom the contract has been concluded for supplying the Services under the contract;
Website User means anyone who visits and browses www.dp-recruitment.com website.
4.COLLECTION AND USE OF PERSONAL DATA
In order to provide our Services in accordance with the highest level of professional standards we need to collect and process personal data. DPR is a small team of recruitment specialists and all of its employees, contractual and other associates are bound by confidentiality agreements, a breach of which may lead to criminal or civil penalty. Below you may find details on how and what kind of Personal Data we collect and process.
4.1.Personal Data about the Candidates
We collect the information about our Candidates either from the Candidates themselves with their consent or from publicly available resources pursuant to our legitimate business interest which is to run our business and be able to manage business relationships with the Candidates and the Candidates’ legitimate interest which is being offered job opportunities that might be of Candidates’ interest and being able to communicate effectively to provide our Services.
We always endeavor to balance our interests and those of our Clients with the interest of the people we contact. We only reach out to Candidates who we believe may be interested in the positions we recruit for, based on our professional experience and manual evaluation of each Candidates professional experience.
We only ask for and collect details that are necessary for provision of our Services, such as name, age, contact details, education details, employment history, financial information (current salary details and expectations), Curriculum Vitae (CV).
In order to offer our Services, we may ask Clients’ contact information, including name of the contact person, job title, work email address, and work phone number.
4.3.Personal Data about the Suppliers
In that scope, we may collect Suppliers’ contact information, including name of the contact person, job title, work email address, and work phone number, and when applicable, we may collect company name, company registration number, address, qualifications, references and work experience.
4.4.Personal Data We Receive From Other Sources
4.5.Personal Data about Website Users
5.LEGAL BASIS
We process Personal Data only in accordance with the law. Below you may find descriptions of which kinds of legal bases for lawful processing of Personal Data we use.
5.2.Consent
Every time we contact a Candidate, we describe the purpose of the intended processing of Personal Data (e.g. to check compatibility of a certain Candidate for a specific role or to forward Candidate’s CV to our Clients, etc.) and bring this Privacy Policy to the attention of the Data Subject. Before we send a resume to a Client, we ask for the individual’s consent to do so.
We also process Personal Data for marketing purposes based on consent (e.g. to send newsletters to our subscribers). Data Subjects may always object to processing of their Personal Data and may withdraw their consent at any time. They may do so by contacting us at hb@dp-recruitment.com. DPR will examine each objection or withdrawal request no later than 30 days after receiving an individual request. Provided we are not under a legal obligation to continue processing, we shall cease processing activities following a successful examination of the request. However, for marketing activities carried by us, we acknowledge that individuals have an absolute right to object to marketing.
5.3.Contractual Obligations
We also process Personal Data based on contracts agreed upon with our Clients, Candidates and/or third parties. We only carry out the processing when it is necessary for the performance of a specific contract to which the Data Subject is a party to or in order to take steps at the request of the Data Subject prior to entering into a contract (e.g. to negotiate a Candidate employment contract).
5.4.Legal Requirements
6.SHARING OF PERSONAL DATA
We may share your Personal Data where appropriate and in accordance with local laws and requirements. We may, thus share Personal Data with past or prospective employers, examining bodies, for tax and audit purposes, and where we believe that law or other regulation requires us to share data (e.g. for litigation purposes).
We may also share Personal Data with third party service providers who perform functions on our behalf, such as software providers, external consultants, business associates and professional advisers such as lawyers, auditors and accountants, IT consultants. All of the third party service providers we collaborate with are trustworthy, maintain a high level of data security and are bound by a non-disclosure agreement. Our service providers have contractually guaranteed their compliance with data protection law and the protection of Personal Data in particular.
7.STORAGE AND RETENTION
We incorporate a range of technical and organisational measures to ensure the security of the Personal Data we store. We take all reasonable and proportionate steps to protect the Personal Data from misuse, loss, or unauthorised access.
In you become aware of any actual or potential data breach concerning your Personal Data processed by us, please contact us immediately at hb@dp-recruitment.com.
We store Personal Data only for as long as necessary to fulfil the purposes for which it was collected (e.g. to fulfil the Client’s recruitment needs) and we delete outdated Personal Data from our systems periodically. Given our long-lasting Client relationships, we may need to store Candidate information after a successful placement. We will not do so without permission.
We may need to retain some Personal Data in accordance with time periods we believe in good faith that the law or relevant regulators require us to preserve such data.
DATA SUBJECT’S RIGHTS
Data Subjects have a number of qualified rights in respect of the Personal Data we process on their behalf. These are described below. In order to exercise these rights please contact us at hb@dp-recruitment.com. We will deal with your request with undue delay and in any case no later than 30 days after we receive it. Please note that we may keep a record of the communications to help us resolve any issues which you raise.
•Right of access: you have the right to access and receive a copy of your Personal Data, and other supplementary information. If there are some exemptions, you may not always receive all the information we process.
•Right to rectification: You have the right to ask us to correct any Personal Data we hold about you and ask us to complete incomplete data held about yourself.
•Right to erasure: You have a right to ask your Personal Data to be erased in certain circumstances.
•Right to restrict processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
•Right to data portability: You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering a contract and the processing is automated.
•Right to object: You have the right to object to the processing of your Personal Data. In particular, you have an unconditional right to object to the processing of your Personal Data for use for direct marketing purposes.
•Right to withdraw consent: If the processing of your Personal Data is based on your consent, you have the right to withdraw your consent at any time.
The Information Commissioners Office
Tel: 0303 123 1113
Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
Website: https://www.ico.org.uk
More information on how to make a complaint to ICO: https://ico.org.uk/make-a-complaint/
CHANGES TO THE POLICY
We may change this Policy from time to time. We will post any Privacy Policy changes on our Website and, if the changes are significant, we will provide a more prominent notice by sending an e-mail.
This Privacy Policy (hereinafter referred to as »Policy«) relates to the collection and use of Personal Data by the Data Privacy Recruitment Ltd, 85 Great Portland Street, First Floor, London, England, W1W 7LT (hereinafter referred to as »DPR«, »we«, »our«).
Our UK ICO registration number is ZA721647.
DPR is a recruitment company, and this Policy describes what we do with the Personal Data we collect and process while providing our Services. This may range from the Personal Data that is collected from the potential Candidates to Personal Data exchanged with our Clients during the whole recruitment process.
We value your privacy, and we are committed to protecting and safeguarding your data privacy rights. We process and store Personal Data in a secure way and we do not share or sell Personal Data to third parties without consent or another legal basis.
Capitalized terms and expressions used in this Policy shall have the following meaning:
Candidate is a person potentially suited to a specific position with regards to the provision of Services by DPR on behalf of a Client;
Clients mean organisations or individuals that have a contractual relationship with DPR with regards to provision of Services on their behalf;
Data Subjects means identified or identifiable living individual to whom Personal Data relates;
Personal Data means any information relating to an identified or identifiable natural person;
Services mean whole or partial part of attracting, shortlisting, selecting and appointing suitable candidates for jobs (either permanent or temporary), any related marketing activities;
Suppliers mean a person or company with whom the contract has been concluded for supplying the Services under the contract;
Website User means anyone who visits and browses www.dp-recruitment.com website.
The terms used in this Policy shall have the meaning as set out by the General Data Protection Regulation.
3.SCOPE
This Policy applies to the Personal Data of our Candidates, Clients, Suppliers, Website Users, and other people whom we may come in contact with during the provision of our Services.We offer our Services worldwide and this Policy applies in all of the relevant countries.
In order to provide our Services in accordance with the highest level of professional standards we need to collect and process personal data. DPR is a small team of recruitment specialists and all of its employees, contractual and other associates are bound by confidentiality agreements, a breach of which may lead to criminal or civil penalty. Below you may find details on how and what kind of Personal Data we collect and process.
Currently, DPR does not sell or share (for the purpose of advertising) any Personal Data to third parties and does not conduct profiling or automated decision making process.
We collect the information about our Candidates either from the Candidates themselves with their consent or from publicly available resources pursuant to our legitimate business interest which is to run our business and be able to manage business relationships with the Candidates and the Candidates’ legitimate interest which is being offered job opportunities that might be of Candidates’ interest and being able to communicate effectively to provide our Services.
As part of our Services, we may examine information that people have made public such as user profiles on LinkedIn or other websites and we consider if this is in individuals’ reasonable expectations. The purpose we use such publicly available information for is to contact people to enquire whether they are interested in being introduced as potential Candidates for job opportunities generated by our Clients.
In order to bring these opportunities to Candidates’ attention, it is necessary to use this information. We will never pass on personal information to a Client without the permission of the person to whom it belongs.
We only ask for and collect details that are necessary for provision of our Services, such as name, age, contact details, education details, employment history, financial information (current salary details and expectations), Curriculum Vitae (CV).
Where appropriate and in accordance with local laws and requirements, we may also collect information related to an individual’s health, diversity information or details of any criminal convictions. In such instances we will notify the Candidates beforehand, unless prohibited to do so by applicable legislation.
4.2.Personal Data about the Clients
During the provision of our Services to our Clients (e.g. Candidate search) we collect and use information about our Clients. This means that we also collect and process data of the individuals working for or in a direct relation to a specific organisation for the purposes of delivering our Services, including finding Candidates for Clients’ businesses, assessing Clients’ recruitment needs, ensuring contracts and agreements are in place and being able to communicate with Clients.In order to offer our Services, we may ask Clients’ contact information, including name of the contact person, job title, work email address, and work phone number.
We may collect Clients’ Personal Data directly from the Client, or from Client’s employer, or public websites, such as Client’s company website.
We process Suppliers’ Personal Data to contact them and their companies regarding their services and to manage our business relationship with them and to support our establishment to run our business.
We may collect Suppliers’ Personal Data directly from them, their employer or public websites such as company website where we have a legitimate interest to do so.
For the provision of our Services we may sometimes receive Personal Data from third parties. We only receive data from trusted and verified sources and in case we process this data we ask the specific Candidate’s consent prior to any further processing, such as sending a CV to a Client. If a Candidate does not wish their Personal Data processed, we shall not do so and we will delete such data.
When a person fills in the Contact form on our website to contact us we will process the provided Personal Data, including name, e-mail address, phone number and the context of the message only in accordance with the purpose for which the Personal Data was provided (e.g. to respond the user’s query). Personal Data collected via the Contact form will not be further processed without consent or another legal basis.
We process Personal Data only in accordance with the law. Below you may find descriptions of which kinds of legal bases for lawful processing of Personal Data we use.
5.1.Legitimate Interests
Our legitimate interests are running our business, being able to manage business relationships with the Candidates, Clients, and Suppliers and being able to communicate effectively to provide our Services within the reasonable expectations of the individuals.Third parties’ legitimate interests include being offered job opportunities that might be of Candidates’ interest, being offered Services which Clients might be keen to purchase.
Every time we contact a Candidate, we describe the purpose of the intended processing of Personal Data (e.g. to check compatibility of a certain Candidate for a specific role or to forward Candidate’s CV to our Clients, etc.) and bring this Privacy Policy to the attention of the Data Subject. Before we send a resume to a Client, we ask for the individual’s consent to do so.
We also process Personal Data for marketing purposes based on consent (e.g. to send newsletters to our subscribers). Data Subjects may always object to processing of their Personal Data and may withdraw their consent at any time. They may do so by contacting us at hb@dp-recruitment.com. DPR will examine each objection or withdrawal request no later than 30 days after receiving an individual request. Provided we are not under a legal obligation to continue processing, we shall cease processing activities following a successful examination of the request. However, for marketing activities carried by us, we acknowledge that individuals have an absolute right to object to marketing.
We also conduct background checks, where required, based on consent as part of the recruitment process.
We also process Personal Data based on contracts agreed upon with our Clients, Candidates and/or third parties. We only carry out the processing when it is necessary for the performance of a specific contract to which the Data Subject is a party to or in order to take steps at the request of the Data Subject prior to entering into a contract (e.g. to negotiate a Candidate employment contract).
Depending on the type of Personal Data in question and the grounds on which we may be processing it, should an individual decline to provide us with such data, we may not be able to fulfil our contractual obligations.
A number of elements of the Personal Data we collect are required to enable us to fulfil our legal requirements and obligations to comply with law, including disclosing information where there is a court or law enforcement order to do so, provide payroll data to the tax authorities, storing Personal Data for a specific time period to comply with laws, processing National Insurance Number where applicable to report on those who are not being paid directly under PAYE.
We may share your Personal Data where appropriate and in accordance with local laws and requirements. We may, thus share Personal Data with past or prospective employers, examining bodies, for tax and audit purposes, and where we believe that law or other regulation requires us to share data (e.g. for litigation purposes).
We may also share Personal Data with third party service providers who perform functions on our behalf, such as software providers, external consultants, business associates and professional advisers such as lawyers, auditors and accountants, IT consultants. All of the third party service providers we collaborate with are trustworthy, maintain a high level of data security and are bound by a non-disclosure agreement. Our service providers have contractually guaranteed their compliance with data protection law and the protection of Personal Data in particular.
We may also share Personal Data with referees and third parties who provide services such as reference, qualification and criminal convictions checks. We do this only with the explicit consent of the Candidate.
If DPR merges with or is acquired by another business or company in the future, we may share Personal Data with the (prospective) new owners of the business or company. We will notify all relevant Data Subjects in such circumstances without undue delay.
Currently, DPR transfers Personal Data, which includes CV information to clients, banking/accounting information, onboarding information and Candidate reference information, to the countries outside of the UK and/or EEA including the US, Malaysia, Singapore, Australia and the UAE. Where the Personal Data is transferred outside of the UK and/or EEA, DPR will rely on Data Subjects’ explicit consent to such transfer or will put appropriate transfer mechanisms in place where applicable.
We incorporate a range of technical and organisational measures to ensure the security of the Personal Data we store. We take all reasonable and proportionate steps to protect the Personal Data from misuse, loss, or unauthorised access.
In you become aware of any actual or potential data breach concerning your Personal Data processed by us, please contact us immediately at hb@dp-recruitment.com.
We store Personal Data only for as long as necessary to fulfil the purposes for which it was collected (e.g. to fulfil the Client’s recruitment needs) and we delete outdated Personal Data from our systems periodically. Given our long-lasting Client relationships, we may need to store Candidate information after a successful placement. We will not do so without permission.
We may need to retain some Personal Data in accordance with time periods we believe in good faith that the law or relevant regulators require us to preserve such data.
The general retention period for data of Candidates based on their consent and for spontaneously received applications / CVs is maximum 3 years before we seek to renew the consent of the individual.
For further information regarding applicable retention periods, please contact us at hb@dp-recruitment.com.
Data Subjects have a number of qualified rights in respect of the Personal Data we process on their behalf. These are described below. In order to exercise these rights please contact us at hb@dp-recruitment.com. We will deal with your request with undue delay and in any case no later than 30 days after we receive it. Please note that we may keep a record of the communications to help us resolve any issues which you raise.
With respect to your personal data processed by DPR, please see below a summary of your rights under data protection law:
•Right to be informed: you have the right to be informed about the collection and use of your Personal Data. This information is provided in this Policy.•Right of access: you have the right to access and receive a copy of your Personal Data, and other supplementary information. If there are some exemptions, you may not always receive all the information we process.
•Right to rectification: You have the right to ask us to correct any Personal Data we hold about you and ask us to complete incomplete data held about yourself.
•Right to erasure: You have a right to ask your Personal Data to be erased in certain circumstances.
•Right to restrict processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
•Right to data portability: You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering a contract and the processing is automated.
•Right to object: You have the right to object to the processing of your Personal Data. In particular, you have an unconditional right to object to the processing of your Personal Data for use for direct marketing purposes.
•Right to withdraw consent: If the processing of your Personal Data is based on your consent, you have the right to withdraw your consent at any time.
•Right to complain to your Data Protection Authority: If you are unhappy with how we have dealt with your request, please contact us. If your complaint has not been resolved, you have the right to complain to your local data protection authority. Please contact us to obtain details of how to contact them. In the UK, the Data Protection Authority is:
Tel: 0303 123 1113
Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
More information on how to make a complaint to ICO: https://ico.org.uk/make-a-complaint/
More information about Data Subject rights: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/
We may change this Policy from time to time. We will post any Privacy Policy changes on our Website and, if the changes are significant, we will provide a more prominent notice by sending an e-mail.
