In this policy the following terms have the following meanings:
‘breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data;
‘consent’ means any freely given, specific, informed and unambiguous indication of an individual’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of persona data relating to him or her;
‘data controller’ means an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘data processor’ means an individual or organisation which processes personal data on behalf of the data controller;
‘personal data’* means any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; *
‘processing’ means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘sensitive personal data’* means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health, an individual’s sex life or sexual orientation and an individual’s criminal convictions; *
*For the purposes of this policy we use the term personal and/or sensitive personal data to include both personal and sensitive data except where we specifically need to refer to sensitive personal data.
‘Supervisory authority’ means an independent public authority which is responsible for monitoring the application of data protection. In the UK the supervisory authority is the Information Commissioner’s Office (ICO).
DBCharles Recruitment Limited (“The Company”). Registered Company No of 10827208. Trading as DB Charles Recruitment of Unit 5a, Brick Knoll Park, Ashley Road, St Albans, Herts, AL1 5UG.
The Company processes personal and/or sensitive personal data in relation to its own staff, work-seekers, individual clients and client contacts and is a data controller for the purposes of the Data Protection Laws. The Company has registered with the ICO and its registration number is ZA263386.
The Company is committed to protecting your privacy. The Company values our visitors and endeavours to create an enjoyable and safe experience when visiting our website. The Company only collects information that we know will be genuinely used and in accordance with the General Data Protection Regulation (GDPR).
This Privacy Notice describes how The Company may use, process, store and process your personal and/or sensitive personal data that we may collect about individuals, including if you register with The Company via our Candidate Registration process, through The Company website or from other sources, such as when you apply for a job through job sites such as Reed and Adzuna or via social media platforms such as LinkedIn, Facebook, Twitter or Instagram.
It is highly important that you read this Notice along with any further Privacy Notices we provide such as and including the Notice and information contained within the candidate registration form. It is important you are fully aware of how and why we are using your personal information.
This website is not intended for children and we do not knowingly collect data relating to children.
If at any time or point you require to ask questions or seek further information on how The Company uses your personal information, please contact:
David Bass, Director on 01727 837989 or [email protected]
The Company is a recruitment business which provides work-finding services to its clients and work-seekers. The Company must process personal and/or sensitive personal data so that it can provide these services – in doing so, The Company acts as a data controller.
You may give your personal details to the Company directly, such as on an application or registration form or via our website, or we may collect them from another source such as a jobs board. The Company must have a legal basis for processing your personal and/or sensitive personal data. For the purposes of providing you with work-finding services and/or information relating to roles relevant to you we will only use your personal and/or sensitive personal data in accordance with the terms of the following statement.
1. Collection and use of personal and/or sensitive personal data
- Purpose of processing and legal basis
The Company has/will collect your personal and/or sensitive personal data and has/will process your personal and/or sensitive personal data for the purposes of providing you with work-finding services and/or introducing clients to work seekers. This includes for example, contacting you about job opportunities, assessing your suitability for those opportunities, updating our databases, putting you forward for job opportunities, arranging payments to you and developing and managing our services and relationship with you and our clients.
In some cases, The Company may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. The Company may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
The legal bases The Company relies upon to offer these services to you are:
- Legitimate Interest;
- Legal obligation;
- Contractual obligation;
- Legitimate Interest
This is where The Company has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.
Article 6(1)(f) of the GDPR is the one that is relevant here, it states that we, The Company, can process your personal and/or sensitive data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
The Company believes that the following activities and interests prejudice you in any way, in fact they aid The Company in providing a better tailored and more efficient service to work-seekers and clients.
Where The Company has relied on a legitimate interest to process your personal and/or sensitive personal data our legitimate interests is/are as follows:
- Providing work finding services to work-seekers and introducing clients to work seekers;
- The Company expects that if you are looking for employment or have posted your professional CV information on a job board, professional networking site or social media platform, you are happy for The Company to collect and otherwise use your personal and/or sensitive personal data to offer or provide our recruitment services to you, share that information with prospective employers and assess your skills against our current vacancy list.
- The Company wants to provide you with tailored job recommendations and relevant articles to read to help you on your job hunt.
- The Company has our own obligations under law, which it is a legitimate interest of ours to insist on adhering to in that if The Company believes in good faith that it is necessary, The Company may therefore share your data in connection with crime detection, tax collection or actual or anticipated litigation.
- When working with Clients, so for The Company to ensure that we provide you with the best service possible, The Company stores your personal and/or sensitive personal data of individual contacts at your organisation as well as keeping records of our conversations, meetings, registered jobs and placements. On occasion, The Company may also ask you to undertake a customer satisfaction survey. The Company believes this is a reasonable request and deems the uses of your data to be necessary for our legitimate interests as an organisation providing various recruitment services to you.
- When working/dealing with Suppliers, The Company will use and store the personal and/or sensitive personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. The Company also holds your financial details, so that The Company can pay you for your services. The Company deems all such activities to be necessary within the range of our legitimate interests as a recipient of your services.
- In relation to references or other similar requests, if a candidate has listed you or a prospective member of staff as one of their referees, The Company uses your personal and/or sensitive personal data in order to contact you for a reference. This is part of The Company quality assurance procedure and thus deemed to be necessary for our legitimate interests as an organisation offering recruitment services and employing people ourselves.
- If a candidate, contact or client has provided The Company with your details as an emergency contact, The Company will use these details to contact you in the case of an accident or emergency. This is necessary for our legitimate interests.
- Data Categories
The company has/will collect the following personal and/or sensitive personal data directly from you and/or from other sources including when you apply for a job directly via The Company website, via a Job Board, via Social Media sites such as LinkedIn, Twitter, Facebook and Instagram or when you provide us with your information at a job fair or networking event.
- The Company generally collects personal and/or sensitive personal data directly:
- from you, normally when you are dealing with The Company in person or via telephone, letter, fax, email, via our website or our other means such as job boards and social media platforms.
- or information and data contained within your CV including Name, Contact Details (home telephone number, mobile number, email address), Address, Postcode and any further information which contributes towards work seeking activity;
- During the recruitment process, in order for it to progress The Company will require the work-seeker to provide ID (proof of right to work such as a Passport or other means in relation to Home Office / UK Law requirements) and completed a registration form;
- If successful as a work-seeker in securing a new position with a client via The Company, The Company will be required to collect further sensitive personal data in order to adhere to specific client recruitment processes, which you will be notified of beforehand with further consent sought.
List of Specific Data Requirements:
- Your Identity (Full Name, Previous Names, Known as Name, Name Change Evidence, Date of Birth, Gender, Martial Status);
- Contact Details (Home Telephone Number, Mobile Number, Email Address, Address, Postcode, Emergency Contact Details);
- Right to Work (Passport Type, Passport, Visa, Proof of NI, Birth Certificate, Driving License and others as specified in relation to Home Office / UK Law requirements);
- Job Search Criteria (Types of roles seeking, Current salary & package, Desired salary & package, Businesses that you desire to or not to work with);
- Qualifications, authorisations, skills and further training;
- Educational history;
- Career history;
- Details of health and disabilities; (where you provide this and it is relevant);
- Unspent Criminal Convictions; (where you provide this and it is relevant);
- Financial Statement; (Bankruptcy, Civil Proceedings, CCJ’s, IVA’s information); (where you provide this and it is relevant);
- Any other information contained in your CV or that you choose to provide to The Company;
Details in relation to Health and Disabilities, Unspent Criminal Convictions & your Financial Statement is only processed if it is relevant and in accordance with the restrictions imposed by law. We may be obliged to disclose information relating to Health and Disabilities, Unspent Criminal Convictions and your Financial Statement to our clients so that they can determine if these are relevant to the suitability for a role with the client’s business.
Personal and/or sensitive personal data about you may also be collected from third parties that The Company contacts for verification or vetting purposes, however The Company will require you to provide signed consent to enable us to obtain personal data from third parties, unless you have indicated to The Company in some other way.
- Clients and Suppliers
If you are a client or supplier of goods and services, we will collect and process information about individuals in your organisation to enable us to communicate with them and to provide our services or receive goods and services. Normally, The Company processes the individuals name and business contact data only.
- Recipient/s of Data
The Company will process your personal data and/or sensitive personal data with the following recipients’ / data processors:
- Recruit So Simple – The Company’s CRM software system where data is held;
- Broadbean – External Job Posting, Hosting & CV search function;
- Prospective employers;
- Candidates – Potential employers and other recruitment agencies/organisations to increase your chances of finding employment;
- Candidates – Third party partners, job boards and job aggregators where we consider this will improve the chances of finding you the right job;
- Clients – Whereby work-seekers may be introduced to fulfil a job requirement or to improve the work-seekers chance of finding employment;
- Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;
- Tax, audit, or other authorities, when we believe in good faith that the law or other regulation requires us to share this data;
- Other – Third party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
Where applicable, The Company will impose appropriate contractual, security and other obligations on to third party service providers The Company have appointed. The Company will only permit them to process your personal information in accordance with the law and our instructions.
Unless required or permitted to do so by law, The Company will not otherwise share, sell or distribute any of your personal and/or sensitive personal data without your consent.
- Statutory/contractual requirement
Your personal and/or sensitive personal data is required by law and/or a contractual requirement (e.g. our client may require this personal and/or sensitive personal data), and/or a requirement necessary to enter into a contract. You are obliged to provide the personal and/or sensitive personal data and if you do not the consequences of failure to provide the data are:
- The Company will be unable to provide you with work finding services and/or introducing work-seekers to clients.
2. Overseas Transfers
The Company may transfer only the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you with work-finding services. The Company will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
3. Data retention
The Company will retain your personal and/or sensitive personal data only for as long as is necessary for the purpose we collect it. Different laws may also require us to keep different data for different periods of time.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records (or, where appropriate, the client / business you are working for or with) for at least one year from (a) the date of their creation or (b) after the date on which The Company last provided you with work-finding services.
However, The Company is required by law to keep basic information about work-seeker, clients and service and good providers (including contracts, evidence of identity, financial and transaction data) for up to seven years from when the relationship ended for compliance, legal and tax reasons.
The Company must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
Where the Company has obtained your consent to process your personal and/or sensitive personal data, The Company will do so in line with our data retention policy, which you can request or download below. Upon expiry of that period The Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal and/or sensitive personal data.
Where there is no retention period stated in law, The Company will determine the appropriate retention period for personal and/or sensitive personal data by considering the amount, nature, sensitivity and risk and harm attached with that information.
In some circumstances The Company may anonymise your personal and/or sensitive personal data, thus it can no longer be associated with you and The Company cannot identify you, for the reasoning of research or statistical analysis.
For candidates whose services are provided via a third party company or other entity, “meaningful contact” with you means meaningful contact with the company or entity which supplies your services. Where The Company are notified by such company or entity that it no longer has that relationship with you, The Company will retain your data for no longer than one year from that point or, if later, for the period of one year from the point we subsequently have meaningful contact directly with you.
When we refer to “meaningful contact”, we mean, communication between The Company and you either verbal or written, or where you are actively engaging with our website, job adverts or other online services. If you are a candidate we will consider there to be meaningful contact with you if you submit your updated CV onto our website or communicate with us about potential roles, either by verbal or written communication.
- Work-seeker and client hirer records: To be kept for at least one year from (a) the date of their creation or (b) after the date on which The Company last provided you with work finding or client hiring services;
- Annual appraisal / assessment records: Under data protection laws The Company is only required to retain for as long as required;
- References; Under data protection laws, reference records only require to be kept for as long as necessary however, the Conduct of Regulations requires The Company to retain references for 1 year following the introduction of a work-seeker to a client;
4. Your rights
Please be aware that you have the following data protection rights:
- The right to be informed about the personal and/or sensitive personal data The Company processes on you;
- The right of access to the personal and/or sensitive personal data The Company processes on you;
- The right to rectification of your personal and/or sensitive personal data;
- The right to erasure of your personal and/or sensitive personal data in certain circumstances;
- The right to restrict processing of your personal and/or sensitive personal data;
- The right to data portability in certain circumstances;
- The right to object to the processing of your personal and/or sensitive personal data that was based on a public or legitimate interest;
- The right not to be subjected to automated decision making and profiling; and
- The right to withdraw consent at any time.
Where you have consented to The Company processing your personal and/or sensitive personal data you have the right to withdraw that consent at any time by contacting David Bass, Director on 01727 837989 or [email protected].
There may be circumstances where The Company will still need to process your data for legal or official reasons. The Company will inform you if this is the case. Where this is the case, The Company will restrict the data to only what is necessary for the purpose of meeting those specific reasons.
If you believe that any of your data that The Company processes is incorrect or incomplete, please contact us using the provided details and we will take reasonable steps to check its accuracy and correct it where necessary.
You can also contact us using the provided details if you want us to restrict the type or amount of data we process for you, access your personal data or exercise any of the other rights listed above.
For more information on your data protection rights, please visit the below link to view the Recruitment & Employment Confederation’s guide for job seekers “Know Your Data Protections Rights.”
5. Source of Personal Data
The Company sourced your personal and/or sensitive personal data by one of the following means:
- Directly from you;
- From your CV either sent directly to The Company, via The Company website or from a job board;
- From a completed registration form;
- From The Company website, dbcharlesrecruitment.com, where you have either applied for a job or registered on the website;
- From a job board whereby The Company have either a job advertising or CV searching license. Currently, these job boards are Reed and Adzuna but these are subject to potential change;
- From Broadbean, that collates the responses to adverts from candidates from the Job Boards and The Company website under one roof;
- From LinkedIn whereby The Company has been able to access your public profile;
- From Facebook where The Company has been able to access your public profile;
- From Twitter where The Company has been able to access your public profile;
- From Instagram where The Company has been able to access your public profile;
Data security is of great importance to The Company and to protect your personal and/or sensitive personal data The Company have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
The Company have put in place procedures to deal with any suspected personal and/or sensitive personal data information breaches and The Company will notify you and the applicable supervisory authority of a breach where The Company are legally required to do so.
The Company take security measures to protect your information including:
- Locks and security systems
- Computer passwords, 2 step verification processes and limited access to shared network drives to authorised staff
- Virus checking
- Auditing procedures
- Data integrity checks
- Limited access to our buildings to those that we believe are entitled to be there
- Implementing access controls to our Information Technology
- Using appropriate procedures and technical security measures to safeguard your information across all our computer systems, networks, websites and offices.
7. Reviews and Sharing Your Thoughts
When using our website, you may be able to share information through social networks like LinkedIn, Facebook, Twitter and Instagram. For example, when you “like,” “share” or review our services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.
8. Additional Information, Response Times & Fees
The Company may need to request specific information from you to help us confirm your identity and ensure your right to access your personal and/or sensitive personal data (or to exercise any of your other rights or when you make an informal request). This is a security measure to ensure that personal and/or sensitive personal data is not disclosed to any person other than the individual who has the right to receive it. The Company may also contact you to ask you for further information in relation to your request to help us locate your data and to speed up our response.
The Company try to respond to all legitimate requests within one month. It may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, The Company will notify you and keep you updated.
The Company will not charge a fee to exercise any of these rights, however, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
9. External Links
The Company website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that The Company does not have any control over that other website. Therefore, The Company cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy notice applicable to the website in question.
- What are Cookies?
Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when a website is loaded within your chosen browser. They are widely used to ‘remember’ you and your preferences, either for a single visit (through a ’session cookie’) or for multiple repeat visits (using a ‘persistent cookie’). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as ‘first party cookies’), or by other websites who serve up content on that site (‘third party cookies’).
- What are ‘Strictly Necessary Cookies’?
These are the cookies that are essential for this website to perform its basic functions. These include those required to allow registered users to authenticate and perform account related functions, as well as to save the contents of virtual ‘carts’ on sites that have an e-commerce functionality.
Strictly Necessary Cookies are highlighted with a double asterisk (**) in the tables below:
|Category||Cookie Name||Cookie Description|
|Cloudflare||_cfduid **||Used by CloudFlare to distinguish users and apply security settings on a per-user basis.|
|Google Analytics||_ga||Used by Google Analytics to distinguish users.|
|_gid||Used by Google Analytics to distinguish users.|
|_gat||Used by Google Analytics to throttle requests to their service.|
|DB Charles Recruitment||wp-settings-*-*||Used by WordPress to customise the back-end interface.|
|wordpress_test_cookie||Used by WordPress to manage logged-in users.|
|wordpress_*||Used by WordPress to manage logged-in users.|
|wordpress_logged_in **||Used by WordPress to manage logged-in users.|
|Vimeo||player||Used by Vimeo to store information relating to their embedded video player.|
- How to change your Cookie preferences
The most popular web browsers typically provide additional tools to users for controlling or restricting cookies on their device. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
11. Complaints or queries
If you wish to complain about this privacy notice or any of the procedures set out in it, please contact:
David Bass, Director on 01727 837989 or [email protected].
You also have the right to raise concerns with the Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
12. Changes to this Privacy Notice
If The Company change this Privacy Notice The Company will post any updates here for your review and The Company will make you aware.
This Privacy Notice was last updated: 22/05/2018
a) The lawfulness of processing conditions for personal data are:
- Consent of the individual for one or more specific purposes.
- Processing is necessary for the performance of a contract with the individual or in order to take steps at the request of the individual to enter into a contract.
- Processing is necessary for compliance with a legal obligation that the controller is subject to.
- Processing is necessary to protect the vital interests of the individual or another person.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
- Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the individual which require protection of personal data, in particular where the individual is a child.
b) The lawfulness of processing conditions for sensitive personal data are:
- Explicit consent of the individual for one or more specified purposes, unless reliance on consent is prohibited by EU or Member State law.
- Processing is necessary for carrying out data controller’s obligations under employment, social security or social protection law, or a collective agreement, providing for appropriate safeguards for the fundamental rights and interests of the individual.
- Processing is necessary to protect the vital interests of the individual or another individual where the individual is physically or legally incapable of giving consent.
- In the course of its legitimate activities, processing is carried out with appropriate safeguards by a foundation, association or any other not-for-profit body, with a political, philosophical, religious or trade union aim and on condition that the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and provided there is no disclosure to a third party without the consent of the individual.
- Processing relates to personal data which are manifestly made public by the individual.
- Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Processing is necessary for reasons of substantial public interest on the basis of EU or Member State law which shall be proportionate to the aim pursued, respects the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the individual.
- Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of EU or Member State law or a contract with a health professional and subject to the necessary conditions and safeguards.
- Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices, on the basis of EU or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the individual, in particular professional secrecy.
- Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard fundamental rights and interests of the individual.