PLEASE NOTE: WE HAVE PROVIDED THIS AGREEMENT AS GUIDANCE ONLY. WE ARE NOT ACTING AS A LEGAL COMPANY AND THEREFORE CAN NOT GUARANTEE THAT THE INFORMATION BELOW IS ENTIRELY GDPR-COMPLIANT.
GDPR Candidate Agreement
This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC) The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Your new rights under the GDPR are set out in this notice, and were last updated on 10th May 2018.
The Information we collect
To carry out our core recruitment activities, we collect information about you which may include: your name, address and post code; private and corporate e-mail address and phone number; financial information and compliance documentation; references verifying your qualifications and experience and your right to work in the United Kingdom; curriculum vitae and photograph; employment details and preferences; links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, Facebook for Business or corporate website.
How we collect this information
The information we collect about you will be provided by you, either by filling out a form on our website [company website] or by corresponding with us by phone, e-mail or otherwise. It will also include information you provide when you register to use our website, subscribe to our services, attend our events, participate in discussion boards or other social media functions on our website, enter a competition, promotion or survey, and when you report a problem with our site.
We may also obtain information about you from other sources such as LinkedIn, corporate websites, job board websites, online CV libraries, your business card, personal recommendations, and any relevant social media sites. In this case – and within 30 days of collecting – we will inform you that we hold this personal data, the source the data originated from, whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.
Our legal basis for processing data
Our legal basis for the processing of personal data is: [insert basis]
[NB: You are likely to have justification for using legitimate interest and/or consent when processing data for the purposes of recruitment.
Contract or legal obligation are likely to be the legal basis to justify keeping placement information on candidates.
We would advise you to refer to the ICO for guidance and detail your scenarios for processing data - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ ]
Where we store your personal data
All information stored on our recruitment software is secured through the Microsoft Azure Infrastructure and located at two data centres locations within Europe. Our primary centre is located in Microsoft’s Western European centre, and these facilities are secured by a series of measures, including (but not limited to) biometric access, security alarm systems and round-the-clock security staff. Additional security information on Microsoft’s data centres can be found here.
How long we keep your data for
We retain different types of data for differing periods of time. The criteria we use to determine whether we should retain your personal data and how long for includes:
- The nature of the personal data
- Its perceived accuracy of your date
- Your engagement levels with our services
- Our legal obligations following an offer or when a placement has been made.
We may archive part or all of your personal data, or retain it on our financial systems but delete all or part of it from our recruitment software system. On removal, we may anonymise parts of your data – particularly following a request for suppression or deletion of your data – to ensure we do not re-enter your personal data to our database, unless you have requested us to do so.
The GDPR provides you with the following rights.:
- The right to be informed about the personal data we process on you
- The right of access to the personal data we process on you
- The right to rectification of your personal data
- The right to erasure of your personal data in certain circumstances
- The right to restrict processing of your personal data
- The right to data portability in certain circumstances
- The right to object to the processing of your personal data
- The right not to be subjected to automated decision-making and profiling.
Therefore, we encourage you to log in to your profile through our website to ensure your data is accurate, complete and up to date at all times.
Changes to our privacy notice
Any changes we make to our privacy notice in future will be posted on this page and, where appropriate, you will be notified by e-mail. Please check back frequently to view any updates or changes to our privacy notice or for any further information please email firstname.lastname@example.org