Carestaff Bureau Limited is committed to protecting the privacy and security of those with whom we interact. We recognise the need to respect and protect information that is collected or disclosed to us (called “Personal Information” explained below). Carestaff Bureau Limited is committed to protecting the privacy and security of those with whom we interact. We recognise the need to respect and protect information that is collected or disclosed to us (called “Personal Information” explained below).
This notice is intended to tell you how we use your personal information, and describes how we collect and use your personal information during and after your relationship with us, in accordance with applicable Data Protection Laws.
Please take time to read this privacy notice in full, together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, to ensure that you understand and are happy with how we collect and process your personal data. This privacy notice supplements the other notices and is not intended to override them.
1. WHO ARE WE
This Privacy Notice describes the personal information practices of Carestaff Bureau Limited (company number 10225157 with its registered office at 89 High Street, Hadleigh, Ipswich,Suffolk,United Kingdom,IP7 5EA) where we refer to “we”, “us” or “our” in this privacy notice, we are referring to Carestaff Bureau Limited who are the data controller and processor responsible for your data.
We have appointed Data Protection Managers, who are responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Protection Managers using the details below.
We provide temporary and permanent recruitment services for the commercial, industrial and driving sectors.
We are committed to handling data fairly and lawfully, and take data protection obligations seriously. We ensure that we process Personal Information in compliance with applicable data protection laws, including, without limitation, the General Data Protection Regulation 2016/679 (the ”GDPR”)
2. WHAT IS PERSONAL INFORMATION AND WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?
For the purposes of this Data Protection Notice “Personal Information” consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Information, we treat the combined information as Personal Information.We may collect use, store and transfer different kinds of Personal Information about you which we have grouped together as follows:
Identity Data: including your name, username (or similar unique identification numbers that we may apply to you), email address, marital status, title, date of birth and gender, National Insurance details, driving licence, passport, right to work documents.Contact Data: including your address, email address and telephone number(s), next of kin details.
Financial Data: including bank details, HMRC related data (P45/P60 etc.), salary, pension.
Employment Data: employment/work history including dates and company names start and end dates, qualifications, skills and experience, previous assignments, education, training, professional / trade certificates and memberships, CV/Resume, disciplinary and grievance information, remuneration history and expectations, work requirements, hours worked and any assignment/work/employment related data, referees, timesheets or time and attendance data.
Special Category Data/Sensitive Data: where processing is necessary for the performance of a contract or processing is necessary for compliance with a legal obligation/required by law we may process criminal offence data or any medical information relating to the job function. Where you are applying for a job, we can process your Special Category Data/Sensitive Data because it is necessary for carrying out our obligations and rights related to employment law and your working capacity. We do not routinely collect and process Special Category Data/Sensitive Data in any other situations. If we do, we will obtain your explicit consent.
3. HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We use different methods to collect data from and about you including:
Direct Interactions: You may give us your Identity, Contact, Financial, Employment, Sensitive and Marketing and Communications Data by registering with us or completing an application or submitting to us your CV/Resume. This may be done in person, by post, email, website, social media or otherwise.
Social Media Interactions: Our website and services may allow you to interact with them by using your social media applications. This interaction may result in us collecting some of your social media content (including profile links, posts and comments, pictures and video footage), but only where this content is in the public domain, you have referred us to it and/or where this content has been sent by you to us in a private message via social media; and also your Technical, Profile and Marketing and Communications Data.
Other Third Parties or Publicly Available Sources: Third parties or publicly available sources for example Job Boards, CV Databases, Client referrals, Candidate referrals, Social Media, DVLA, The Nursing and Midwifery Council(NMC), Companies House, the Disclosure and Barring Service (DBS), Technical Data from analytics providers such as Google, advertising networks search information providers.
4. HOW DO WE USE YOUR INFORMATION?
The law allows us to use the Personal Information as set out below on the basis that the processing is necessary for the performance of a contract with you, or we are acting in our “legitimate interests”, for example, for the purposes of effective business management or we have a legal obligation to do so.
We cannot run our business or perform our contract with you without involving other people and businesses. We only share your information in accordance with the laws applicable to us and for the following purposes:
Work-finding services: We may use your Personal Information to pass on to clients for the purposes of providing you with work-finding services. This includes for example, temporary or permanent recruitment services. We may contact you in writing, by email, telephone, SMS or other messaging systems on the basis that such use is necessary for the purposes of the legitimate interests pursued by us or in order for us to perform our contract with you relating to job opportunities, assessing your suitability for those opportunities, updating our databases, putting you forward for job opportunities, arranging payments to you and developing and managing our services and relationship with you and our clients. Appraisals, salary reviews, assessing qualifications, ascertaining fitness for work, education, training any other tasks relating to work finding/recruitment services for work and employment.
Payroll services: We may use your Personal Information to pass on to employers, and 3rd party payroll providers we contract with to provide you with payments for work. These 3rd party payroll providers may contact you by email, in writing, by mail, telephone, SMS on the basis that such use is necessary for the purposes of our legal obligation, the legitimate interests pursued by us or in order for us to perform our contract with you. You may be contacted directly by these companies for the purposes of work-finding services, employment or payroll services.
Crime Prevention: In some cases we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards and the law, monitoring compliance with governing bodies and legislation policies. Audits may be conducted internally and/or by our contracted auditors or governing bodies.
Legal obligations: We may use your data to verify your entitlement to work in the UK, HMRC for tax and NI purposes, pensions, healthcare life assurance where offered.Service improvement/development: training and quality purposes, customer support, service improvement, analysis.
JOB SEEKING COMMUNICATIONS
We may use your Personal Information to provide you with notification by email, in writing, telephone, SMS or other messaging systems on the basis that such use is necessary for the purposes of the legitimate interests pursued by us, or in the case of your email notification subscription, in order for us to perform our contract with you. For further information on this, see the ‘Your Choices’ section of this Data Protection Notice.
COMBINING PERSONAL INFORMATION
We may combine the Personal Information that we collect from you (including information received from our affiliates and clients) to the extent permitted by applicable law. It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.
5. TO WHOM DO WE DISCLOSE YOUR INFORMATION?
We will only use your Personal Information for our internal business purposes, some of which are mentioned above. However, we may disclose your information to the following entities:
The Recruit Venture Group Ltd: Is our ultimate parent company, and provides us with back office support services, such as calculating your payroll, as well as well as hosting systems and CRM data.
Contracted: Clients, employers and payroll providers. Service providers who provide Back Office Processor Services, Payroll, Accounting, Credit Control, Debt Collection, IT, HR, system administration services, email support services. Service providers (mainly acting as processors, but sometimes as controllers) who help us provide our websites, mobile apps, email, SMS and related services to you; for example, information technology companies who design and host our websites and data insight specialists, analytics providers. Our professional advisors (acting as controllers or processors); for example, our lawyers, accountants, insurers and insurance brokers, when they need it to provide advice to us or help us obtain insurances.
Third parties: (acting as processors and controllers) that provide services to you and us such as Employers and Payroll Providers, DVLA, The Nursing and Midwifery Council(NMC), The Disclosure and Barring Service (DBS), Banking Providers where you require to setup a bank account, employment reference requests where consented.
Legally Obligated: The Police, regulators, the Health and Safety Executive, local authorities, Her Majesty’s Revenue and Customs (HMRC), the Courts and any other central or local government bodies (acting as controllers or processors) where we are required to do so to comply with our legal obligations, appointed external auditors or where they request it and we may lawfully disclose it, for example for the prevention and detection of crime or to report serious health and safety incidents. We also may share the information we collect with other third parties where we are legally obliged to do so; for example, to comply with a court order, insurance claim or debt collection.
6. WHAT DO WE DO TO KEEP YOUR INFORMATION SECURE?
We have put in place appropriate physical and technical measures to safeguard the Personal Information we collect in connection with our Services. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality. However, please note that although we take appropriate steps to protect your Personal Information, no website, product, device, online application or transmission of data, computer system wired or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Information.
7. INTERNATIONAL TRANSFER OF DATA
The Personal Information that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside the European Economic Area (“EEA”), including but not limited to USA or in any other country where we or our contracted 3rd parties, affiliates, subsidiaries or service providers maintain facilities.
By using or participating in any Service and/or providing us with your Personal Information, you acknowledge that we will collect, transfer, store and process your information outside of the EEA. We will take all steps reasonably necessary to ensure that your Personal Information is kept secure and treated in accordance with this Data Protection Notice and the requirements of applicable law wherever the data is located. Where we transfer your Personal Information outside the EEA to other countries, we will ensure that appropriate transfer agreements and mechanisms (such as the EU Model Clauses) are in place to help ensure that our third party service providers provide an adequate level of protection to your Personal Information. We will only transfer your Personal Information outside the EEA in accordance with applicable laws or where you have given us your consent to do so.
Where we use third parties based in the USA, we may transfer personal data to them if they are part of the Privacy Shield which requires them to provide similar protection for personal data shared between the EEA and the US.
If you have any questions in relation to this section, please contact us.
8. DATA RETENTION – HOW LONG WE WILL STORE/KEEP YOUR PERSONAL INFORMATION
We retain Personal Information for as long as necessary to fulfil the purposes for which your Personal Information has been collected as outlined in this Data Protection Notice unless a longer retention period is required by law. When your Personal Information is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law.
9. ACCESSING YOUR PERSONAL INFORMATION AND OTHER RIGHTS YOU HAVE
We will collect, store and process your Personal Information in accordance with your rights under any applicable Data Protection Laws. Under certain circumstances, you have the following rights in relation to your Personal Information:
1. Subject Access – you have the right to request details of the Personal Information which we hold about you and copies of such Personal Information.
2. Right to Withdraw Consent – where our use of your Personal Information is based upon your consent, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us using the details provided below.
3. Data Portability – you may, in certain circumstances, request us to port (i.e. transmit) your Personal Information directly to another organisation.
4. Rectification – we want to ensure that the Personal Information about you that we hold is accurate and up to date. If you think that any information we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate Personal Information about you.
5. Erasure (‘right to be forgotten’) – you have the right to have your Personal Information ‘erased’ in certain specified situations.
6. Restriction of processing – you have the right in certain specified situations to require us to stop processing your Personal Information and to only store such Personal Information.
7. Object to processing – You have the right to object to specific types of processing of your Personal Information, such as, where we are processing your Personal Information for the purposes of direct marketing.
8. Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to decisions being taken solely on the basis of automated processing.
10. ENFORCING YOUR RIGHTS
If you wish to enforce any of your rights under applicable Data Protection Laws, then please contact us at The Data Protection Manager, Beechurst, 8 Commercial Road, Dereham, Norfolk, United Kingdom, NR19 1AE. We will respond to your request without undue delay and no later than one month from receipt of any such request, unless a longer period is permitted by applicable Data Protection Laws, and we may charge a reasonable fee for dealing with your request which we will notify to you. Please note that we will only charge a fee where we are permitted to do so by applicable Data Protection Laws.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority for data protection issues in the UK. However, should you have a concern or complaint about the way we are collecting and using your personal data we would appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance so that we might resolve any concerns for you directly. If you are still concerned that we have not complied with your legal rights under applicable Data Protection Laws, you may contact the Information Commissioner’s Office (www.ico.gov.uk) which is the data protection regulator in the UK which is where we are located. Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority.
11. THIRD-PARTY LINKS AND PRODUCTS ON OUR SERVICES
Our websites, applications and products may contain links to other third party websites that are not operated by us, and our websites may contain applications that you can download from third parties. These linked sites and applications are not under our control and as such, we are not responsible for the privacy practices or the content of any linked websites and online applications. If you choose to use any third party websites or applications, any Personal Information collected by the third party’s website or application will be controlled by the Data Protection Notice of that third party. We strongly recommend that you take the time to review the privacy policies of any third parties to which you provide Personal Information.
What are cookies?
Further information on cookies
13. YOUR CHOICES (E.G. JOB SEEKING RELATED EMAILS/SMS OR OTHERWISE)
We may use your Personal Information (such as your contact details (e.g. name, address, email address, telephone number(s)) to send you, job seeking-related correspondence via email or SMS. When we process your Personal Information for job seeking purposes, we do so on the basis that it is in our legitimate interests to do so, or in the case of our email notification service, that it is necessary to perform our contract with you.
We do not share Personal Information with unrelated third parties (i.e. outside of our group of companies) for the third parties’ marketing purposes.We may also use your Personal Information to personalise and to target more effectively our job-seeking communications to ensure, to the extent possible, that any job opportunity-related correspondence is relevant to you.
To opt-out of receiving job opportunity-related correspondence from us, please contact us, click or reply “Unsubscribe” or use the link in the text message (SMS) you receive from us.
14. CHANGES TO THIS DATA PROTECTION NOTICE
It is also important that you check back often for updates to the Data Protection Notice, as we may change this Data Protection Notice from time to time. The “Date last updated” legend at the bottom of this page states when the Data Protection Notice was last updated and any changes will become effective upon our posting of the revised Data Protection Notice. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. We will provide this notice by email or by posting notice of the changes on our website or through any relevant Services.
15. CONTACT US / FURTHER INFORMATION
We have appointed Data Protection Managers who are responsible for overseeing questions in relation to this Data Protection Notice. If you have any questions about this Data Protection Notice, including any requests to exercise your legal rights, please contact the Data Protection Managers using the details set out below.
Our full details are:
Data Protection Manager
Postal address: Carestaff Bureau Limited. Beechurst, 8 Commercial Road, Dereham, Norfolk, United Kingdom, NR19 1AE
Email address: firstname.lastname@example.org
If you have any questions regarding the collection, processing, or use of your Personal Information or if you wish to correct, block, rectify, object, access, revoke your consent to any applicable aspect of this Data Protection Notice or delete any of your Personal Information, please contact us.
Date last updated : 01 May 2018