as of 25th May 2018 and reviewed annually
This policy outlines our practices and procedures when it comes to the collection, handling, storing and protection of your data, and Agentis Search adheres to the following principles:
- we do not collect more information than is necessary
- we do not use your data for purposes other than for recruitment
- we do not keep your data if it is no longer required
- we delete information immediately, at your request
- we will share your data with relevant clients (hiring organisations) with your prior permission
- we may share your data with third party service providers who process information on our behalf
- we will not sell, trade, or otherwise transfer your data to any third party for marketing purposes
What data do we collect and for what purpose?
In order to deliver our service to our clients (hiring organisations) we collect and store data required to conduct a thorough search and selection process (recruitment), with the purpose of matching a candidate’s profile with a prospective employer. As such, the data we require includes personal information and documentation such as CVs, personal ID, employment references and any data deemed relevant. Where we are required to obtain any sensitive personal data (eg relating to nationality, gender, current compensation, etc) we will only do so after having gained your explicit consent.
How do we collect data?
We collect data through CV submittal, direct communication (electronic/telephonic/face-to-face), social media and other publicly available sources (eg LinkedIn), third party personal recommendations/referrals, and third party agency representations (eg interim management). We are committed to recording such data accurately and securely to ensure all communications are limited to the intended recipient.
What legal basis do we have for processing your data?
Processing of your data is necessary on the basis of our legitimate interests, ensuring we are able to identify suitably qualified and motivated candidates for the appropriate client hiring opportunity. We carry out a ‘balancing test’ to confirm that processing is necessary and that your rights of privacy are not compromised by our legitimate interests. If a candidate is invited to join our client’s (hiring organisation) selection process it may involve the processing of more detailed personal data including sensitive data. In such cases we will ask for your consent before undertaking such processing. For clients, processing may also be necessary under our obligations as set out by the contract.
How do we protect your data?
Your data is held in electronic format within a secure CRM system (Invenias: see www.invenias.com to read their Privacy Notice). We are committed to keeping your data safe and secure. Above and beyond the practices noted in this policy, we have a dedicated Data Protection Representative to ensure our practices are being upheld and adhered to. Should any issues be detected in terms of the use or security of our data, our Data Protection Representative will ensure that corrective measures are taken to prevent any further breaches. Once the breach has been contained, the event will be documented and its severity analysed. If the breach is considered to be of low severity and pose little risk to an individuals’ rights and freedoms, we will ensure it is documented and appropriate measures are taken to prevent a repeat occurrence. If the breach is considered to be of high severity and pose a high risk, we will take all measures noted above in addition to notifying all individuals affected and notifying the ICO within 72 hours. Further information is available under our Data Breach Process.
How long do we keep your data?
We will only keep data for as long as is deemed necessary and we review the necessity by completing a Legitimate Interests Assessment on an annual basis. Our Data Retention policy is to review and refresh personal data on a cycle dependent on the purpose for which it is held, typically for a period of up to four years.
What are your rights under GDPR?
You, as an individual, have the following rights:
1. The right of access
2. The right to rectification*
3. The right to removal*
4. The right to restrict processing
5. The right to data portability
6. The right to object
7. Rights in relation to automated decision making and profiling.
*If you wish us to rectify or remove your data, please use our Data Rectification and Removal Form and we will action immediately.
Subject Access Requests
To discuss a subject access request, please contact our Data Protection Representative. If the request is fair and appropriate, we will provide the requested information within one month of the request, free of charge. We reserve the right to refuse or charge for requests that are manifestly unfounded or excessive. In both cases we will communicate with the individual(s) to explain the reasonings and if a fee is to be charged, the fee will be based on the administrative cost of providing the information requested.
We operate the majority of our business within the EEA and therefore our governing body is the ICO and our data practices have been developed with ICO guidelines and GDPR practices in mind. Should we need to share your data outside of the EEA, we will ensure you are fully consulted.
If you have any queries relating to data or privacy, please contact our Data Protection Representative as outlined below:
Name: Stephan Papantoniou
Address: Minerva Mill, Station Road, Alcester, Warwickshire B49 5ET
Tel: 0121 405 4500 / 07961 071 041