Candidate GDPR Policies

Candidate GDPR Policies

Annapurna General Data Protection Regulation

Annapurna Recruitment (Annapurna HR Limited) GDPR Privacy statement for Candidates

Data Privacy Manager (DPM) - gdpr@annapurnarecruitment.com

About GDPR

The General Data Protection Regulation comes into force on 25th May 2018 and supercedes the prior UK Data Protection Act.

The new regulations give customers greater rights with regards to the data they give to businesses they deal with. In order for any business to retain your data, they will have to obtain an “opt-in” notice from you before they can market to you and, in terms of data retention, there may be legitimate business reasons for the retention of your data

In practice, the main areas affecting our candidates are the following:

You can

  1. Ask for a data subject access request – we will provide you with all electronic communications and data we have on you, wherever possible, for free. We will respond within 1 month
  2. You can require us to completely remove all your data from all of our systems (exceptions apply, see below)

 

Your rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect express consent from you if legally required prior to using your personal data for marketing purposes.

You can exercise your right to accept or prevent such processing by checking certain boxes on the form on our website. You can also exercise the right at any time by contacting us at gdpr@annapurnarecruitment.com.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

 

The GDPR provides you with the following rights. To:

  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party in certain formats, if practicable.
  • Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/

We will process your data on the basis of legal requirement, legitimate business interests, vital interests and consent, as applicable. You can request further information on the basis of your data processing as required.

 

How do we store your data?

All of our business uses secure platforms for all candidate and client data processing, and everything is stored in the cloud with providers who meet the necessary standards and criteria set out under GDPR.

We do need to make you aware that we use G-Suite from Google for various business applications and therefore that data is stored in North America, and not in the EU.

Mobile devices have an enforced security policy that means they are locked, and they can be remotely wiped if lost, stolen, or otherwise compromised.

Any system breaches will be reported to the Information Commissioners Office within 72 hours of us becoming aware of the breach.

 

What data do we get from you?

As a recruitment business, it is necessary for us to obtain, at the very least, your CV and contact details, in order to represent you to opportunities that may be of interest to you and to keep a record of any interactions we may have with you.

That’s usually it, but please do take a look at the exceptions section below as well.

 

How do we obtain your data?

  • When you apply for an advertised position
  • We already hold it from an historical application
  • Referrals from friends or colleagues of yours
  • From public social networking sites such as Linkedin or Xing

 

What happens when we obtain your data?

We will hold your data under legitimate business interests. However, you still have control over how we use that data for marketing purposes.

You will receive a communication from us which will require you to opt-in in order for us to send you marketing emails. If you do not opt-in, we will not market pro-actively to you, which could result in you not receiving interesting opportunities and missing out. We are really not a “spam” kind of business, so we hope you won’t worry about this and will, in the first instance at least, choose to opt-in so we can best help you. You can opt out later at any time if you wish.

 

Data retention & deletion – Privacy by design

We will automatically delete all emails that are older than 365 days.

All downloaded CVs, applications and/ or candidate records (whom we have not placed) are held on our database for a maximum of 5 years, unless you request deletion earlier, before then being deleted. Requested deletions will happen within 7 working days wherever possible.

Any data records held on Annapurna Recruitments internal servers will be checked and deleted on a quarterly basis.

 

Exceptions

Data - In general, it is unlikely we will ever need to ask you for anything other than your CV, phone number and email address. However, if we do place you in a permanent position, it may be necessary to obtain documentation as required by either UK/ EU law and/ or our client, to demonstrate your Right To Work in the EU for example, and potentially other means of verifying your identity, such as a utility bill.

If we place you in a contract or interim position, it will be necessary to obtain further information, such as (including but not limited to) your Limited/ Umbrella company information and bank details, as well as proof of right to work and ID etc.

In either of these scenarios, we will hold your basic data (CV, notes, contact information) on our systems indefinitely, for legitimate business interest, as we need to maintain our business records. We can, of course, remove any specific item, such as a copy of a passport, from our systems, once the necessary legal compliance timescales are surpassed (7 years as required by Government legislation in many cases).

Any sensitive data, such as bank details, a copy of passport etc will be encrypted at the database level.

3rd Parties – we will never share your data with 3rd parties outside of Annapurna Recruitment Group (which includes Annapurna HR, Annapurna IT, Annapurna Change, Annapurna GmbH and The BTN), other than with clients and their data processors, without your consent.

 

Marketing Communications

These will take the form of one, or some, of the following

  • General Marketing collateral about our range of services
  • The presentation of good career opportunities we feel you may be interested in, or where you may know friends or colleagues who could be interested in the roles we have
  • Invites and information pertaining to relevant industry events we host 

We hope that you will opt-in to our emails and that you feel that any email you receive from our business is well presented and contains relevant information, even if it is not needed on that particular day.

However, you will, of course, be able to opt out of any such emails at any time in the future.