Data Privacy Manager (DPM) - firstname.lastname@example.org
The General Data Protection Regulation comes into force on 25th May 2018 and supercedes the prior UK Data Protection Act.
The new regulations give customers greater rights with regards to the data they give to businesses they deal with. In order for any business to retain your data, they will have to obtain an “opt-in” notice from you before they can market to you and, in terms of data retention, there may be legitimate business reasons for the retention of your data
In practice, the main areas affecting our candidates are the following:
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect express consent from you if legally required prior to using your personal data for marketing purposes.
You can exercise your right to accept or prevent such processing by checking certain boxes on the form on our website. You can also exercise the right at any time by contacting us at email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The GDPR provides you with the following rights. To:
We will process your data on the basis of legal requirement, legitimate business interests, vital interests and consent, as applicable. You can request further information on the basis of your data processing as required.
All of our business uses secure platforms for all candidate and client data processing, and everything is stored in the cloud with providers who meet the necessary standards and criteria set out under GDPR.
We do need to make you aware that we use G-Suite from Google for various business applications and therefore that data is stored in North America, and not in the EU.
Mobile devices have an enforced security policy that means they are locked, and they can be remotely wiped if lost, stolen, or otherwise compromised.
Any system breaches will be reported to the Information Commissioners Office within 72 hours of us becoming aware of the breach.
As a recruitment business, it is necessary for us to obtain, at the very least, your CV and contact details, in order to represent you to opportunities that may be of interest to you and to keep a record of any interactions we may have with you.
That’s usually it, but please do take a look at the exceptions section below as well.
We will hold your data under legitimate business interests. However, you still have control over how we use that data for marketing purposes.
You will receive a communication from us which will require you to opt-in in order for us to send you marketing emails. If you do not opt-in, we will not market pro-actively to you, which could result in you not receiving interesting opportunities and missing out. We are really not a “spam” kind of business, so we hope you won’t worry about this and will, in the first instance at least, choose to opt-in so we can best help you. You can opt out later at any time if you wish.
We will automatically delete all emails that are older than 365 days.
All downloaded CVs, applications and/ or candidate records (whom we have not placed) are held on our database for a maximum of 5 years, unless you request deletion earlier, before then being deleted. Requested deletions will happen within 7 working days wherever possible.
Any data records held on Annapurna Recruitments internal servers will be checked and deleted on a quarterly basis.
Data - In general, it is unlikely we will ever need to ask you for anything other than your CV, phone number and email address. However, if we do place you in a permanent position, it may be necessary to obtain documentation as required by either UK/ EU law and/ or our client, to demonstrate your Right To Work in the EU for example, and potentially other means of verifying your identity, such as a utility bill.
If we place you in a contract or interim position, it will be necessary to obtain further information, such as (including but not limited to) your Limited/ Umbrella company information and bank details, as well as proof of right to work and ID etc.
In either of these scenarios, we will hold your basic data (CV, notes, contact information) on our systems indefinitely, for legitimate business interest, as we need to maintain our business records. We can, of course, remove any specific item, such as a copy of a passport, from our systems, once the necessary legal compliance timescales are surpassed (7 years as required by Government legislation in many cases).
Any sensitive data, such as bank details, a copy of passport etc will be encrypted at the database level.
3rd Parties – we will never share your data with 3rd parties outside of Annapurna Recruitment Group (which includes Annapurna HR, Annapurna IT, Annapurna Change, Annapurna GmbH and The BTN), other than with clients and their data processors, without your consent.
These will take the form of one, or some, of the following
We hope that you will opt-in to our emails and that you feel that any email you receive from our business is well presented and contains relevant information, even if it is not needed on that particular day.
However, you will, of course, be able to opt out of any such emails at any time in the future.