Company Name: | Blue Inn Ltd |
Company Contact details: | The Director |
Date of Issued and Revision: |
21/5/18 & V1.0 |
Blue Inn Ltd (the "Company") is a recruitment business (for supply of temporary or introduction of permanent white and blue collar staff) which provides work-finding services to its clients and work-seekers. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.
You may give your personal details to the Company directly, such as on an application form or via our website, or we may collect your personal details from other sources such as a jobs board. The Company must have a legal basis for processing your personal data. For the purposes of providing you with work-finding services and/or information relating to roles relevant to you we will only use your personal data in accordance with the terms of the following statement. This statement also provides you with certain information that must be provided by the Company under the General Data Protection Regulation (GDPR).
We will comply with data protection laws and principles, which means that your personal data will be:
a. Purpose of processing and legal basis
The Company will collect your personal data (which may include ”special categories” of more sensitive personal data – see below) and will process your personal data for the purposes of providing you with work-finding or work-seking services. In particular, the Company will use the personal information we collect about you to:
The Company will be entitled to collect, hold and process this personal data in accordance with one or more of the following lawful grounds:
b. “Special Categories” of Sensitive Personal Data
This is data which relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information relating to your physical or mental health, sex life or sexual orientation, genetic and biometric data that uniquely identifies you as an individual.
This information requires a higher level of protection and we need to have further justification for collecting, storing and using this type of personal information. We may process “special categories” of sensitive personal data in the following circumstances:
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
The Company will use such particularly sensitive personal information in the following ways:
c. Criminal Convictions
We will only use information relating to criminal convictions where the law allows us to do so. This is usually where such processing is necessary to carry out our obligations, and which will be done so in line with the Company’s Data Protection Policy.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We will only collect information about criminal convictions if it is appropriate given the nature of any placement and where we are legally able to do so. We will use information about criminal convictions and offences in the following ways:
We have in place appropriate safeguards when processing such data.
d. Personal Information We May Collect From You
e. How We Collect Your Personal Data
We collect personal data about you from the following sources:
To the extent that you access our website or read or click on an email from us, we may also collect certain data automatically or through you providing it to us.
We may collect your data automatically via cookies when you visit our website, in line with cookie settings in your browser.
f. Recipient/s of Data
The Company may share your personal data and/or, where appropriate, “special categories” of personal data with the following recipients:
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies on data protection.
g. If You Fail to Provide Personal Information
If you fail to provide personal information when requested then the Company may not be able to do the following:
h. Change of Purpose
We will only use your personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent in compliance with the above rules, where this is required or permitted by law.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making. However, the Company will use your selected Preferences that you have identified in the database to match your suitability to our Client requirements in order to fulfil our contract with you to find work.
The Company may transfer only the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you with work-finding services. Before we do so we will always take steps to ensure adequate protections are in place to ensure the security of your information, and that treatment of that information by third parties is in a way that is consistent with and which respects the EU and UK laws on data protection.
If you require further information about the protective measures we have put in place to ensure the protection of your personal information please contact:
The Data Manager
Blue Inn Ltd
GDPR
Unit 1 First Floor
34-36 High Street
Barkingside
IG6 2DQ
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and are subject to a duty of confidentiality.
We have put into place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of any suspected breach where we are legally obliged to do so.
The Company will retain your personal data only for as long as is necessary to fulfil the purposes we have collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements. In particular different laws require us to keep different data for different periods of time. Electronic records will be deleted as appropriate and the Company has facilities for the secure disposal of documentation relating to candidates and clients.
The Company will store candidate data (both personal and sensitive personal data) for:
We may, however, need to hold both your personal and, where appropriate, “special categories” of sensitive personal data for longer, in some cases significantly longer. This may be because:
Where such records could be relevant to a claim for personal injury the Company will retain data for a minimum of 21 (twenty one) years from the expiry of our client contract.
Where the Company has obtained your consent to process your personal and/or sensitive personal data, you have the right to withdraw it. Details of how you can do this are given further below at section 8.
We will regularly keep any consent given under review in line with our retention policy. Where the Company considers it appropriate or necessary it will contact you to seek your continued consent to use your personal data.
Where consent is not granted the Company will cease to process your personal and/or sensitive personal data unless a contractual or legislative obligation remains requiring us to do so.It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the below in writing:
The Data Manager
Blue Inn Ltd
GDPR
Unit 1 First Floor
34-36 High Street
Barkingside
IG6 2DQ
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Where you have consented to the Company processing your personal and/or special categories of personal data you have the right to withdraw that consent at any time by contacting:
The Data Manager
Blue Inn Ltd
GDPR
Unit 1 First Floor
34-36 High Street
Barkingside
IG6 2DQ
If you wish to complain about this privacy notice or any of the procedures set out in it please contact:
The Data Manager
Blue Inn Ltd
GDPR
Unit 1 First Floor
34-36 High Street
Barkingside
IG6 2DQ
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial changes. We will also notify you in other ways from time to time about the processing of your personal information.