Devonshire Hayes Recruitment Specialists Ltd, Create Hub, 101 – 135 Kings Road, Brentwood, Essex, CM14 4DR, is committed to protecting and respecting your privacy.
This notice sets out the basis on which any personal data we collect from you or retain about you will be used by us.
The General Data Protection Regulation (“GDPR”) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). GDPR aims to unify data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally collect, retain and use personal information.
For the purposes of GDPR, the data controller is Devonshire Hayes Recruitment Specialists Ltd, 101 – 135 Kings Road, Brentwood, Essex, CM14 4DR, with registration number 9411043.
What information we collect
We will be the Data Controller of the personal data you provide to us. We only collect basic personal data about you which enables us to provide our services to you. It does not include any special types of information or location based information. This does however include personal data such as name, address, email, phone number, work history, and where relevant a copy of you CV or Profile.
You could be:
Why we need your information
We need to know your basic personal data in order to provide you with recruitment services in line with this overall contract. We will not collect any personal data from you we do not need in order to provide and oversee this service to you. A fundamental process of our business is to introduce candidates to clients for permanent employment, temporary assignments or professional contracts. Using your information in this way is called our Legitimate Business Interest.
In addition to Legitimate Interest, we may also rely on contractual and legal obligation and consent, for various different business processes. When we enter into a contract with you we need this data to provide the service to you. We also need to retain this data to fulfil our legal obligation to authorities. If we require consent to perform a particular function, we will request this from you.
How we collect your information
We collect personal information about you from a range of sources, including our website when you apply for a job or when you complete an online form. We may also collect your data from third parties we work with such as subscribed or publicly available sources such as directories, job boards, online CV libraries, corporate websites and social media sites, such as LinkedIn.
If we collect information from a public source we will establish contact with you within 5 days, otherwise your information will be deleted. We will tell you what information we hold, where it was sourced and the purposes for which we intend to store and process your information.
In addition to information you may provide to us, we also collect technical information from visitors to our website via cookies. We collect information about your computers IP address, browser type, date and time of your visit and your journey through the site. We only use this information for the purpose of improving our website and this information is never shared or sold to third parties.
What we do with your information
All the personal data we process is processed by our staff in the UK, however for the purposes of IT hosting and maintenance this information is located on servers within the European Union.
In the process of providing recruitment services, we will need to share your data with some third parties, such as introducing a candidate to a client, arranging interviews between candidates and clients, reference agencies and any compliance obligations. We also utilise third party suppliers in supporting our services to you.
There are situations where third parties need to process your information, such as lawfully fulfilling their contractual obligation as our data processor or to fulfil their legal obligation.
We do not utilise automated decision-making or profiling in our systems. We do use our systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.
Unfortunately, the transmission of information via the internet to us is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of information transmitted to us directly and any transmission is at your own risk. Once we have received your information, we use strict security procedures and features to minimise and prevent unauthorised access.
All of the data we capture is stored on a secure server and encrypted. It is only accessible by authorised users and we deploy many security systems to ensure unauthorised access it not permitted. Access to your information is only granted to approved and authorised users. Data transmitted between the internal user and the server is encrypted to ensure it is protected in transit.
How long we keep it
We understand our legal duty to retain accurate information and only retain personal information for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention notice and routinely run reports to identify and remove data that we no longer have a legitimate business interest in maintaining.
Your information will be held under our legitimate interest for 3 years, unless we receive instruction to remove it. If you are submitted to any position with our clients, we are required by The Conduct of Employment Agencies and Employment Businesses (Amendment) Regulations 2016 to retain your data for at least 12 months following the activity. We are also required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years for any contractual arrangement made as a result of a placement, after which time it will be deleted.
Your information we use for marketing purposes will be kept with us until you Opt Out to receive this information, or 4 years if we receive no further instruction.
The criteria we use to determine whether we should retain your personal information includes:
Due to legal obligations, we may archive part or all of your personal information or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudonomise parts of your information, particularly following a request for suppression or erasure of your information. If your information is deleted we will have no record of you remaining, so may re-engage with you if your information is available in a public location.
What are your rights?
Our website and communications may, from time to time, contain links to or from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
You have various rights under the GDPR which include:
Making a complaint. In the first instance we would ask to you to contact our Consultants and register the issue, allowing us to respond within 14 days. If you are not satisfied with the response, we suggest you contact a supervisory body, which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/.
If at any point you would like us to stop processing your data, then you can do so by emailing one of our Consultants, who will action that request.
If at any point you believe the information we process on you is incorrect, you can request to see this information and even have it corrected or deleted.