1.1. Allen Associates (Oxford) Limited trading as Allen Associates (“we”, “us”, “our”) take your privacy very seriously and we are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act.
1.3. Allen Associates is a recruitment agency whose registered office is Beaver House, 23-38 Hythe Bridge Street, Oxford OX1 2EP. We provide services ranging from helping people to find a job, recruiting temporary workers and providing temporary staff for our clients and finding our clients a suitable candidate for a specific role.
1.4. This policy applies to information we collect about:
1.4.1. visitors to our website (“people who use our website”);
1.4.2. candidates looking to secure a new job role, register on-line or in person and candidates who we have successfully placed (“candidates”);
1.4.3. people who provide information to us (e.g. referees);
1.4.4. people who do business with us (“clients”).
1.5. The personal data we collect about you depends upon our relationship with you. Where relevant we have set out the information within relevant sub-sections. The main section applies to everyone.
2. INFORMATION WE COLLECT ABOUT YOU
2.1. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identify has been removed (anonymous data).
2.2. If you are a candidate looking to secure a new job role we may collect the following personal information about you:
2.2.2. your personal contact details including your title, postal addresses, email addresses and telephone numbers;
2.2.3. your immigration status and whether you need a work permit;
2.2.4. right to work documentation including a passport, driving licence or permit;
2.2.5. your CV and information included within a CV;
2.2.6. your employment history;
2.2.7. your education history;
2.2.8. details about your skills, professional qualifications and memberships and copies of certificates;
2.2.9. application forms, covering letters and interview notes;
2.2.10. compensation history including details about your current pension and benefit arrangements;
2.2.11. information available about you posted on social media (e.g. LinkedIn) and information available within the public domain;
2.2.12. feedback about you from our staff or clients;
2.2.13. information about your preferences for a new role and your future employment needs;
2.2.14. diversity information including racial or ethnic origin, religious or other similar beliefs, and physical or mental health including disability-related information. If we collect this information, we will do so in accordance with the special category data section of this policy;
2.2.15. details of any criminal convictions if these are required for a role that you are interested in applying for or where you are required to disclose these by law. If we collect this information, we will do so in accordance with the special category data section of this policy;
2.2.16. any additional information which you choose to tell us;
2.2.17. your references and any additional information they choose to tell us;
2.2.19. any other information we collect if you use our website (see “Website user data” below); and
2.2.20. any other information your IT systems keep including:
126.96.36.199. Automated monitoring of our websites and other technical systems such as our computer network and connections, CCTV and access control systems]
2.3. We may also collect information about you from third parties including LinkedIn, JobBoards or our clients which we will add to the information we already hold about you in order to assist us with finding you a role.
2.4. When you do business with us including when we provide you with a service such as providing you with temporary staff or finding a candidate for a permanent role, we collect the following limited information about you:
2.4.1. name and where relevant names of other staff members within your organisation;
2.4.2. your contact details including your postal address, email address and telephone number;
2.4.3. information about your staffing structure and requirements where these are relevant for us to understand your business to provide you with the right candidate;
2.4.4. information about you provided by our candidates; and
2.4.6. any information we collect if you use our website (see website user data);
2.4.7. [any other information your IT systems keep including:
188.8.131.52. automated monitoring of our websites and other technical systems such as our computer network and connections, CCTV and access control systems; and
184.108.40.206. our IT systems used to provide you with an invoice for our services].
2.5. We may also collect information about you from third parties (e.g. our candidates) which we will add to the information we already hold about you in order to assist us with providing the service to you.
Website User Data
2.6. When you visit our website, the information we collect is limited unless you choose to provide us with further information. We may collect the following information about you:
2.6.1. IP address;
2.6.2. any information you choose to provide to us using our “Get in touch” function including your name, email address, telephone number and any other information you provide;
2.6.3. any information you choose to provide to us using out “register with us” and “upload your CV function” including your name, email address, phone number, your CV, your work type preference, the sector of work you are interested in and any other information your provide;
2.6.4. any information you choose to provide to us when registering to receive our monthly email with hints and tips including your name and email address; and
Individuals whose data we receive from candidates and clients
2.7. We need to be able to assess whether candidates are suitable for employment and as a result we require some basic background information such as references. We only ask for very basic contact details including your name, address, telephone number and email address, so that we can get in touch with you either for a reference or because you have been listed as an emergency contact.
2.8. We need information in order to be able to safeguard our candidates in the case that there is an emergency during the recruitment process. For example, if you were to be seriously injured during the recruitment process and we need to contact you next of kin. We only ask for limited information such as contact details including your name, address, telephone number, email address and your relationship to the individual.
3. HOW WE WILL USE THE INFORMATION WE COLLECT ABOUT YOU
3.1. We only collect your data where we have a lawful basis for doing so. The lawful basis for processing your data will be one of the following depending upon our relationship with you:
3.1.1. where you have given us your consent;
3.1.2. to decide whether to enter a contract with you or to perform a contract with you (e.g. to provide you with services and find a suitable candidate for a job role);
3.1.3. to comply with a legal obligation (e.g. a regulatory requirement or legislation);
3.1.4. where processing your data is in your vital interests where we may be required to provide information to protect your life (e.g. to a medical professional if you become seriously unwell or injured); and
3.1.5. where we have a legitimate interest to process your information.
3.2. Some of the grounds of processing will overlap and there may be several grounds which justify our use of your personal information.
3.3. We have provided further information below about how we will use the data we collect about you depending upon our relationship with you.
3.4. We collect your information to enable us to help your find a new role and assess your suitably for roles that we are currently advertising. The relevant information is then used by us to communicate with you regarding potential job opportunities.
3.5. If you agree, we will contact your references to obtain a reference and also send your information to a prospective employer.
3.6. We also collect your information in order to allow us to comply with legal obligations such as complying with the regulatory requirements.
3.7. We will also contact you about other services we think may be of interest including advice emails in respect of the job application process.
3.8. We may also collect information about you if you use our website. For more information, see the “Website User Data” section below.
3.10. We collect your information primarily on the basis of legitimate interests and our legitimate interests are as follows:
3.10.1. We believe if you have applied for a job we are advertising either directly via our website or a job board, signed up to register as a candidate or sent us a copy of your CV that it is reasonable to expect us to collect and keep the information you provide to us in order to assist you finding a new role. We also believe it is reasonable to contact you to discuss your requirements, to send you information about job opportunities you may be interested in, to send you our newsletter and also to information about changes in recruitment and tips about making successful job application;
3.10.2. We also believe it is reasonable that if you are using job related websites or programmes such as LinkedIn that it is reasonable for us to contact you on that platform to see if you are interested in our services or any of the job opportunities we currently have available.
3.10.3. We believe it is also reasonable for us to keep your personal information in order to deal with or defence any dispute or legal proceedings.
3.11. We will collect your information to allow us to decide whether to enter a contract with you and perform that contract with you. We use your information to provide the services requested and any other services you may ask us to provide including providing you with a temporary member of staff. The relevant information is then used by us to communicate with you relating to the instructions you have given us.
3.12. We also collect your information in order to allow us to comply with legal obligations such as complying with the regulatory requirements.
3.13. We will also contact you about other services we think may be of interest to you.
3.14. We may also collect information about you if you use our website. For more information, see the “Website User Data” section below.
3.14.1. We believe it is reasonable for you to expect us to keep your information in order to enable us to deal with and defend any dispute or legal proceedings;
3.14.2. We believe it is reasonable to expect that you may be interested in hearing about other services we could offer you and information about events we are running which may be of interest to you for 2 years after our relationship with you ends.
Website User Data
3.16. We may also use aggregate information and statistics for the purposes of monitoring website usage in order to help us develop our website and our services. We may also provide aggregative information to third parties. These statistics will not include information that can be used to identify you.
Individuals whose data we receive from candidates and clients
3.17. We collect this information in order to enable us to contact you to provide a reference in order to assess whether a candidate is suitable for a potential job role.
4. HOW LONG WE KEEP YOUR INFORMATION FOR
4.1. The lawful basis also determines the period of time for which we will keep your information as follows:
Registered Candidates - For the duration of our relationship and 2 years after your registration date, unless consent is obtained at this stage to retain data.
Candidates who have applied for a job we are advertising but not registered -
For the duration of the application process and for 1 year.
Candidates we have placed with clients - For the duration of our relationship with your and for 6 years after you have successfully been placed. Basic data is kept indefinitely in order to comply with our legal obligations to clients.
Candidates we registered but who we did not place with our clients - For the duration of the application process and for 2 years subsequently.
Clients - 6 years
Referees - For a maximum of 6 years where you have provided a reference for a successful candidate.
5. WHO WE SHARE YOUR INFORMATION WITH
5.1. We may share your personal information with third parties as set out below or where we have another legitimate interest in doing so.
5.2. All of our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
5.3. We routinely share your information with our third party suppliers as follows:
5.3.2. job boards; and
5.3.3. our IT software providers and database management systems.
5.5. We will share your personal information with law enforcement, a regulatory body, auditors or other authorities if required by applicable law.
5.6. We routinely share your information with our third party suppliers as follows:
5.6.1. Syndicut Communications Ltd for marketing purposes;
5.6.2. mailchimp; and
5.6.3. our IT software providers and database management systems.
5.7. We will share your information with our candidates and people interested in applying for a job which we advertise on your behalf in order for them to consider whether they wish to be put forward for a role with your organisation.
5.8. We will share your personal information with law enforcement, a regulatory body, auditors or other authorities if required by applicable law.
Website User Data
5.9. We routinely share your information with our third party suppliers as follows:
5.9.1. our IT software providers and database management systems.
5.10. If you have provided your information to sign up for a client or candidate service, we will share your information in accordance with the client and candidate sections listed above.
5.11. We will share your personal information with law enforcement, a regulatory body or other authorities if required by applicable law.
Individuals whose data we receive from candidates and clients
5.13. We will routinely share your information with our clients if the individual who you have provided a reference for is offered a job role.
5.14. We will share your personal information with law enforcement, a regulatory body or other authorities if required by applicable law.
Client Data and Candidate Data
6.1. We may also wish to provide you with information about future job roles or services we think may be of interest to you. If you would rather not receive this information, please unsubscribe using the link at the foot of our emails or email a request stating “unsubscribe” to firstname.lastname@example.org
6.2. If you have agreed to us providing you with marketing information, you can always opt out at a later date.
Website User Data
6.3. We will only provide you with information about future job roles or services we think may be of interest to you if you have signed up to our mailing list or registered for one of our services using our website.
7. COOKIES AND OTHER INFORMATION GATHERING TECHNOLOGIES
Website User Data
7.1. Our website cookies. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. These cookies allow us to distinguish you from other users of the website which helps us to provide you with a good experience when you browse our website and also allows us to improve our website and also allows us to improve our site.
8. HOW WE PROTECT YOUR INFORMATION
8.1. We have put in place the appropriate security procedures and technical organisational measures to safeguard your personal information. Further details of these measures are available upon request from email@example.com
8.2. We will use all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the interest is not entirely secure and for this reason we cannot guarantee the security or integrity of your personal information which is transferred from you or to you via the internet.
9. HOW WE PROTECT SPECIAL CATEGORY INFORMATION
9.1. “Special Categories” of particularly sensitive personal information require higher levels of protection.
9.2. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
9.2.1. in limited circumstances, with your explicit written consent;
9.2.2. where we need to carry out our legal obligations (including our regulatory requirements);
9.2.3. where it is needed in the public interest, such as for equal opportunities monitoring;
9.2.4. where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards; and
9.2.5. where it is necessary for establishing, exercising or defending legal claims.
9.3. Less commonly, we may process this type of information where it is to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made this information public. For example, if you become seriously unwell or had an accident on our premises we may need to provide a hospital with medical information we are aware of.
9.4. We only envisage collecting special category data in respect of our candidates and will use candidate particularly sensitive personal information in the following ways:
9.4.1. we will use information about your physical or mental health, or disability status, to consider whether we need to provide appropriate adjustments during an interview or an application process. The information may also be required to consider your suitability for a particular job role and whether you would need adjustments in the role you are being considered for;
9.4.2. we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting;
9.4.3. we will obtain your biometric data as part of our relationship with you so that we can ensure that you have the right to work in the UK.
10. RIGHTS OF ACCESS, CORRECTION AND ERASURE, AND RESTRICTION
10.1. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
10.2. Under certain circumstances under data protection legislation, you have the right to:
10.2.1. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
10.2.2. Request correction of the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about your corrected.
10.2.3. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
10.2.4. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information directly for marketing purposes.
10.2.5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
10.2.6. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
10.2.7. Request the transfer of your personal information to another party.
10.2.8. If you want to exercise any of your data protection rights, please contact our Data Protection Lead in writing. You will find their contact details at the end of this policy.
10.2.9. You will not have to pay a fee to access your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Lead in writing. You will find their contact details at the end of this policy.
10.2.10. We may need to request specific information from you to help us confirm your identify and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclose to any person who has no right to receive it.
10.2.11. We want to ensure that your personal information is accurate and up to date. If any of the information your have provided to use changes, for example if you change your email address, name or update any documentation you have provided to us. Please let us know the correct details by contacting our Data Protection Lead whose contact details are at the bottom of this policy.
11. THE TRANSFER OF YOUR INFORMATION OUTSIDE OF THE EEA
11.1. To deliver services to you, it is sometimes necessary for us to share your personal information outside of the European Economic Area (EEA), for example:
11.1.1. with our service providers who are located outside the EEA;
11.1.2. f you are based outside of the EEA.
11.2. These transfers are subject to special rules under European and UK data protection law.
11.3. The following countries to which we may transfer personal information have been assessed by the European Commission as providing an adequate level of protection for personal information:
11.3.1. The United States of America where companies have adopted the EU-US Privacy shield.
11.4. Except for the countries listed above, other non-EEA countries do not have the same data protection laws as the United Kingdom and the EEA. Our standard practice is to use standard data protection contract clauses that have been approved by the European
Commission if we transfer your information outside of the EEA.
11.5. If you would like further information please contact us (see “How to contact us” below).
13. HOW TO CONTACT US