IDENTIFY HR PRIVACY POLICY

The wording in this policy reflects the requirements of the General Data Protection Regulation (GDPR), which came into effect in the UK on 25 May 2018. This Privacy Policy may be updated from time to time due to further changes in employment law. Any subsequent changes will be published on our web.

INTRODUCTION

The Identify HR privacy policy details what personal data we hold, how we collect it, what we do with your personal data, how we use and process your personal data, and how we comply with GDPR in doing so. Your privacy is of the utmost importance to us and we are committed to protecting your data privacy rights.

We have many sources of data. These include; candidate, client and supplier data. We will cover off more in-depth what we do with data in each category. This policy focuses on candidate data.

CANDIDATES

At Identify HR we treat our candidates as we would expect to be treated, with respect. We want to partner with you to find you your dream job. To help us do this we need to process certain information about you. We will only ever ask for the information we need to do this, this will include:

  • Your name, contact details, education and employment history, nationality, citizenship, immigration status (do you need a work permit?), referee details. A copy of your passport, driver’s license or identity card.

  • Your current and expected salary/rate and benefit package details.

  • Where appropriate and in accordance with legislation, we may also collect information related to your health, diversity information or details of any criminal convictions.

  • You may of course decide to share other information you deem relevant to us.

We will have access to your personal data if you have applied for a role via our website, one of our job adverts or if we have access to a job board that contains your details. We will only ask for details that are required to ensure we have the necessary information to gauge your suitability for a role.

Collecting your personal data

We will either collect your personal data directly from you or via a third party such as an internet job board.

We receive direct personal data from you when:

  • You register on the Identify HR website or if you apply for one of the roles, we have advertised on an internet job board.

  • You email us your CV on a speculative basis.

  • You contact us via one of our social media channels e.g. Twitter, Facebook or Instagram.

We receive your personal data from third parties when:

  • We have searched an internet job board where you have registered your details; or we view your profile on LinkedIn when searching for potential candidates to fit a role (we will never approach you on a speculative basis).

  • We feel it is reasonable to expect that if you have posted your CV on a job board / networking site that you are happy for us to capture this data to contact you to discuss a role we have.

  • We take up a reference from a contact you have provided.

  • If you “follow” Identify HR on Twitter or Instagram or “like” our Facebook page.

How do we use your personal data and who do we share it with?

  • The main reason for using your personal details is to support you in finding your next role. The more information we have on your personal and professional attributes the better placed we are to help.

  • We will store your data on our database, so we can contact you when a suitable role arises.

  • From our database we will send your details on to our clients but only once we have your consent to do so. We will then confirm to you where your details have been sent and for what role.

  • We may contact other organisations or individuals who hold information relating to you if this is applicable to your application (this would include referees).

  • We may share your details with our payroll provider or accountant to ensure our internal processes run smoothly and that we can comply with all legal company legislation/obligations.

How do we safeguard your personal data?

  • We have appropriate systems in place to ensure your personal data is protected from misuse, loss, or unauthorised access.

  • This includes technical safeguards such as firewalls and other security measures.

  • In addition, we have regular staff training, so everyone is fully aware of current and forthcoming legislations.

How long do we keep your personal data for?

  • There is no law that defines exactly what period is reasonable to retain your personal data. We have therefore decided that if we have not “engaged” with or had contact with you for a period of one year, we will delete your personal data from our systems.

  • When we refer to "engaged", we mean, two-way communication (either verbal or written).

How can you access, amend or take back the personal data that you have given to us?

This is an area where the law provides clarity over your rights. Should you wish access to your data, please get in touch with us at theteam@i-dentify-solutions.com. We will respond without delay and will ensure we are compliant with any applicable law in doing so. You have the following rights:

  • The right to be informed; about the collection and use of your personal data. This is a key transparency requirement under the GDPR. We must let you know our purposes for processing your data, our retention periods and who we will share your detail with. This is detailed in this policy.

  • The right of access; Under the right of access, you can ask us to confirm what data we hold on you; you can then ask us to amend, update or delete your information. We will do this without undue delay and free of charge.

  • The right to rectification; Individuals are entitled to have their personal data rectified if inaccurate or incomplete and Identify HR must respond to a rectification request within one month if not deemed complex. Identify HR must inform related third parties where possible if the personal data is disclosed to them also.

  • The right to erasure; also, known as “The right to be forgotten”, means we must have procedures in place for removing or deleting personal data easily and securely where there is no compelling reason for possession and continued processing. Specific circumstances stated by the ICO include:

    • a. Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.

    • b. When the individual withdraws consent.

    • c. When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.

    • d. The personal data was unlawfully processed (i.e. in breach of GDPR).

    • e. The personal data must be erased to comply with a legal obligation.

    • f. The personal data is processed in relation to the offer of information society services to a child.

    • g. Especially for marketing, this right is the main reason why having the appropriate tools and record keeping in place is so important to know why someone’s data is being processed and what it relates to, and if someone has removed their consent to receiving marketing materials and having their data processed. Many investigations will likely arise through people being disgruntled when they have withdrawn their consent from marketing materials, or not given their consent initially for marketing materials, but are still being processed and receiving electronic marketing such as emails for example.

    • i. We will respond to any erasure requests within 30 days and unless there is a valid reason for keeping your details we will delete your data. We would prefer to keep your name on our records to ensure you are not contacted again but will comply with your wishes.

  • The right to restrict processing; Individuals have the right to “block” or restrict processing of personal data, in the following circumstances outlined by the ICO:

    • a. “Where an individual contests the accuracy of the personal data, we should restrict the processing until we have verified the accuracy of the personal data.”

    • b. “Where an individual has objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override those of the individual.”

    • c. “When processing is unlawful, and the individual opposes erasure and requests restriction instead.”

    • d. “If we no longer need the personal data but the individual requires the data to establish, exercise or defend a legal claim.”

    • e. We must inform any third parties that are also involved with the data about the restriction and inform individuals when we remove a restriction on processing.

  • The right to data portability

    • a. The right to data portability allows individuals to obtain and reuse their personal data across different services for their own purposes. The right only applies:

      • i. to personal data an individual has provided to a controller;

      • ii. where the processing is based on the individual’s consent or for the performance of a contract; and

      • iii. when processing is automated.

    • b. The right allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting usability.

    • c. Personal data must be provided in a structured, commonly used and machine-readable format (like CSV files) so other organisations can use it and must be provided free of charge.

  • The right to object; The right to object means individuals have the right to object to direct marketing (including profiling), processing based on legitimate interest, and purposes of scientific/historical research and statistics, in which case we must stop processing personal data immediately and at any time, with no exemptions or grounds to refuse, free of charge.

    • a. Ensure we are informing individuals of their right to object in our privacy notice and “at the point of first communication”. If we process personal data for research purposes, or for the performance of a legal task or our organisation’s legitimate interests, see further details here. If our processing activity is one of the above and carried out online, we must offer the option to object online, e.g. through your website.

  • Rights related to automated decision making and profiling

    • a. If any of our processing operations constitute automated decision making including profiling (such as insurance firms), individuals have the right not to be subject to a decision and must be able to obtain human intervention, express their point of view, and obtain an explanation of the decision and challenge it. The right does not apply if the automated decision is a contractual necessity between us and the person, if it is authorised by law, or if based on explicit consent. Find further details here.

Who is responsible for processing your personal data on the Identify HR website?

Identify HR controls the processing of personal data on its website.

SUMMARY

We will only hold your data if you are working with Identify HR currently or are keen for us to retain your records for when you are looking for a new role. You can have access to your data at any time, just let us know. Any requests should be sent to theteam@i-dentify-solutions.com.

To request to be removed from our database please email removemydetails@i-dentify-solutions.com. We will be sorry to see you go but will carry out this request within 72 hours.