Last reviewed 25/05/2018
Alan Firmin Ltd is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation (GDPR).
Firmin Recruit (The Company) is a recruitment business that provides work-finding services to its clients and work-seekers. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller. You may give your personal details to the Company directly, such as on an application or registration form or via our website, or we may collect your details from another source such as a jobs board. The Company must have a legal basis for processing your personal data. For the purposes of providing you with work-finding services and/or information relating to roles relevant to you we will only use your personal data in accordance with the terms of the following privacy notice.
2. Data protection principles
Under the GDPR, there are six data protection principles that the Company must comply with. These principles state that the personal information we hold about you must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to those purposes.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits your identification for no longer than is necessary for those purposes.
- Processed in a way that ensures appropriate security of the data.
The Company is responsible for, and must be able to demonstrate compliance with these principles; this is referred to as accountability.
3. The kind of information we hold about you
a) Candidate data
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed. There are also “special categories” of personal information and personal information on criminal convictions and offences, which require a heightened level of protection due to the sensitive nature of the data. The special categories of personal information comprises of information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data.
The Company collects, uses and processes a range of personal information about you during the recruitment process. This includes (as applicable):
- Your contact details (including your name, address, telephone number and personal e-mail address).
- Personal information included in a CV, any application form, cover letter or interview notes.
- Information about your right to work in the UK and copies of proof of right to work documentation.
- Copies of qualification certificates.
- Copies of driving licences.
- Other background-check documentation.
- Details of your skills, qualifications, experience and work history with previous employers.
- Information about your current salary level, including benefits and pension entitlements.
- Your professional memberships.
The Company may also collect, use and process the following special categories of your personal information during the recruitment process (as applicable):
- Whether or not you have a disability for which the Company needs to make reasonable adjustments during the recruitment process.
- Information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation.
- Information about criminal convictions and offences.
b) Client data
If you are a Firmin Recruit client, we need to collect and use information about you or individuals at your organisation in the course of providing you services such as finding Candidates who are the right fit for you or your business.
c) Supplier data
We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals within your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
d) Third parties
In order to provide Candidates with suitable employment opportunities safely and securely and to provide for every eventuality for them and our Staff, we need to acquire some basic background information. We only ask for minimal contact details so that we can get in touch with you either for a reference or because you’ve been listed as an emergency contact for one of our Candidates or Staff members.
A number of elements of personal data that we collect from you are required in order to enable us to fulfil our contractual duties to you and/or to others. Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements and may not be able to continue with our relationship.
4. How is your personal information collected?
We collect personal information about employees, workers and contactors through the application and recruitment process, either directly from candidates or sometimes from a job centre/club or training provider or background check provider. We may sometimes collect additional information from third parties including former employers or other background check agencies.
Additional personal information may be collected throughout the period of you working for us.
We collect candidate and client data in two key ways; from you and from third parties.
We collect the contact details of referees and emergency contacts, only where a Candidate or a member of our Staff puts you down as their emergency contact or where a Candidate gives them to us in order for you to serve as a referee.
We also receive personal data about Candidates from other sources. Depending on the relevant circumstances and applicable local laws and requirements, these may include personal data received in the following situations:
- Your referees may disclose personal information about you;
- Our Clients may share personal information about you with us;
- We may obtain information about you from searching for potential Candidates from third party sources such as LinkedIn and other job sites;
- If you ‘like’ our page on Facebook or ‘follow’ us on Twitter we will receive your personal information from those sites;
5. How we will use information about you?
a) Candidate data
The main reason for using your personal details is to help you find employment that might be suitable for you. The more information we have about you, your skillset and your ambitions, the more bespoke we can make our service. Where appropriate and in accordance with local laws and requirements, we may also use your personal data for things like marketing, profiling and diversity monitoring. Where appropriate, we will seek your consent to undertake some of these activities.
b) Client data
The main reason for using information about Clients is to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly. This will involve identifying Candidates who we think will be the right fit for you or your business. The more information we have, the more bespoke we can make our service.
c) Supplier data
The main reasons for using your personal data are to ensure that the contractual arrangements between us can be appropriately implemented so that the relationship can run smoothly and complies with legal requirements.
d) Third parties
We use referees’ personal data to help our Candidates to find employment which is suited to them. If we are able to verify their details and qualifications we can make sure that they are well matched with prospective employers. We use the personal details of a Candidates or Staff member’s emergency contacts in the case of an accident or emergency affecting that Candidate or member of Staff.
6. If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
7. Change of purpose
We will only use your personal information for the purposes for which we collected it, i.e. for the recruitment exercise for which you have applied. However, if your job application is unsuccessful, the Company may wish to keep your personal information on file in case there are future suitable employment opportunities with us. We will ask for your consent before we keep your personal information on file for this purpose. Your consent can be withdrawn at any time.
8. How we use particularly sensitive personal information
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information.
We will use your particularly sensitive personal information in the following ways:
- We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and assess / take advice on your fitness to work etc.
- We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting (if required by law);
9. Do we need your consent?
We do not need your consent to use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights relating to employment law. In limited circumstances, we may request written consent to allow us to process particularly sensitive data. In such cases we will explain what information we require and why so that you can consider if you wish to consent. It is not a condition of your contract with us that you agree to any request for consent from us.
10. Information about criminal convictions
We may use information relating to criminal convictions where the law allows and less commonly where it is necessary in relation to legal claims or if necessary to protect yours or someone else’s interests; this will usually be where such processing is necessary to carry out our obligations (provided we do so in line with our Privacy & Data Protection Policy (DP001)). We may also process such information about staff or former staff in the course of legitimate business activities with the appropriate safeguards.
Subject to being allowed to do so legally, we may hold information about criminal convictions if appropriate to the nature of the role. Such information will be collected as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. We have an appropriate policy and safeguards in place which are required by law to maintain when processing such data. Please refer to our Privacy & Data Protection Policy (DP001).
11. Who do we share your data with?
a) Candidate data
We may share your personal data with various parties, in various ways and for various reasons. Primarily we will share your information with prospective employers to increase your chances of securing the job you want. Unless you specify otherwise, we may also share your information with any of our group companies and associated third parties such as our service providers where we feel this will help us to provide you with the best possible service.
We think it’s reasonable to expect that if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and otherwise use your personal data to offer or provide our recruitment services to you, share that information with prospective employers and assess your skills against our bank of vacancies.
Once it’s looking like you may get the job, your prospective employer may also want to double check any information you’ve given us or to confirm your references, qualifications and criminal record, to the extent that this is appropriate and in accordance with local laws. We need to do these things so that we can function as a profit-making business, and to help you and other Candidates get the jobs you deserve.
b) Client data
We will share your data primarily to ensure that we provide you with a suitable pool of Candidates.
To ensure that we provide you with the best service possible, we store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations, meetings, registered jobs and placements. From time to time, we may also ask you to undertake a customer satisfaction survey. We think this is reasonable – we deem these uses of your data to be necessary for our legitimate interests as an organisation providing various recruitment services to you.
c) Supplier data
Unless you specify otherwise, we may share your information with associated third parties such as our service providers and organisations to whom we provide services. We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our Suppliers. We also hold your financial details so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.
d) Third parties
Unless you specify otherwise, we may share your information with associated third parties such as our service providers and organisations to whom we provide services.
If you have been put down by a Candidate or a prospective member of Staff as one of their referees, we use your personal data in order to contact you for a reference. This is a part of our quality assurance procedure and so we deem this to be necessary for our legitimate interests as an organisation offering recruitment services and employing people ourselves.
If a Candidate or Staff member has given us your details as an emergency contact, we will use these details to contact you in the case of an accident or emergency. We are sure you will agree that this is a vital element of our people-orientated organisation, and so is necessary for our legitimate interests.
“Third parties” include third-party service providers, including contractors and designated agents. The following activities are carried out by third-party service providers: record keeping, payroll, pension administration, benefits provision and administration, IT services and driving licence checking.
All of our third-party service providers and other entities must take appropriate security measures to protect your personal information. We do not allow third-parties to use your personal data for their own purposes; we only permit them to process your personal data for specified purposes and as instructed.
There may be a requirement where we may need to transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information. We may also share your personal information with other third parties to otherwise comply with the law.
12. Data security
We care about protecting your information; that’s why we put appropriate measures in place that are designed to prevent unauthorised access to, and misuse of, your personal data.
We have put in place measures to protect the security of your information. Details of these measures are available upon request. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent personal information from being lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal information to those employees, contractors or other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
13. Data retention
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed. If your application for employment or engagement is unsuccessful, the Company will generally hold your personal information for six months after the end of the relevant recruitment exercise but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to six years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, County Court or High Court. If you have consented to the Company keeping your personal information on file in case there are future suitable employment opportunities with us, the Company will hold your personal information for a further six months after the end of the relevant recruitment exercise, or until you withdraw your consent (if earlier).
If your application for employment or engagement is successful, personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with the privacy notice for employees, workers and contractors.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable. In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.
14. Rights of access, correction, erasure, and restriction
It is important that the information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us. Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
- Request the transfer of your personal information to another party.
To exercise any of the rights outlined above, please contact Firmin Recruit in writing.
You will not have to pay a fee to access your personal information or to exercise any of the other rights. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
In the limited circumstances where you may have provided your consent to administer and use your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To do this, please contact the Divisional Manager of Firmin Recruit.
If you would like to know more about your rights in respect of the personal data we hold about you, please contact us.
We may obtain data about you from cookies. These are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies also enable us to deliver more personalised content.
Most web browsers allow some control of most cookies through the browser settings.
16. Log Files
We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
17. Contact us
If you have any questions, please refer these to Lindsey Clarke (Head of HR & Communications) who will manage data privacy and oversee compliance with this privacy notice.
You can get in touch with us on 0845 130 5050 (Firmin) or 01795 606100 (Firmin Recruit).
You can email us at firstname.lastname@example.org.
You can write to us at Unit 10, Kemsley Fields Business Park, Sittingbourne, Kent ME10 2FE.
You have the right to make a complaint at any time to the Information Commissioner’s Office (the UK supervisory authority for data protection issues).
18. Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.