Your Personal Data and How We Use It
Personal data is any information which can be used to identify you as an individual. It may include details such as your name, address, bank details, National Insurance number, biometrics and photographs/film (this list is not exhaustive).
Data must be processed in accordance with one of the grounds for processing which are laid down in data protection law.
Our lawful basis for processing your data is to prepare and/or fulfil your employment contract.
Special Categories of Personal Data (previously known as Sensitive Personal Data)
Certain data is classified as ‘sensitive personal data’. This will include data about;
- your racial or ethnic origin
- your political opinions
- your religious beliefs or other beliefs of a similar nature
- your membership or non- membership of a Trade Union
- your physical or mental health or condition
- your sexual orientation
- any commission or alleged commission of any offence, or any proceedings for any offence committed or alleged to have been committed by you, the disposal of such proceedings or the sentence of any court in such proceedings
The Data That You Have Provided
As your employment management intermediary we need to hold your personal data to enable us to arrange, prepare and/or fulfil your contract of employment or your contract for services.
In holding your personal data, we will comply with the eight data protection principles which require that your data must be;
- Processed fairly and lawfully.
- Processed for limited purposes and in an appropriate way.
- Adequate, relevant and not excessive for the purpose.
- Not kept longer than necessary for the purpose.
- Processed in line with individuals’ rights.
- Not transferred to people or organisations situated in countries without adequate protection.
You have the right to:
- Request access to any personal data we hold about you.
- Prevent the processing of your data for direct-marketing purposes.
- Ask to have inaccurate data held about you amended.
- Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.
- Object to any decision that significantly affects you being taken solely by a computer or other automated process.
Providing Information to Third Parties
Where we need to share your personal data, we have contracts and data sharing agreements in place with the recipients that require them to treat your information as confidential and ensure the continued protection of your data whilst in their possession.
We will process your personal data with the following recipients:
- Your Agency (named on your Key Information Document);
- Your Employer (named on your Contract of Employment and your Key Information Document);
- Governing bodies and authorities as required by law;
- Individuals and organisations who hold information related to reference contacts you have provided;
- Our software providers;
- Third party suppliers, e.g. business associates and professional advisers, such as external consultants, technical and IT support functions, independent auditors;
- Third party company at your request, e.g. landlord or alternative prospective employer;
- Third party, where necessary to protect your vital interests, e.g. emergency services;
- Pension provider;
- We may transfer your personal information to a third party as part of a TUPE transfer under The Transfer of Undertakings (Protection of Employment) Regulations 2006;
- We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or a part of any business restructuring or reorganisation. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
If there are no grounds in data protection law for us to pass your personal and sensitive data on to a third party,
we must obtain your consent before passing on your details.
We may transfer the information you provide to us to countries outside the European Economic Area (‘EEA’). The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
The most common reason for this is that some of our customer services and processing teams are based in Manila, Philippines. Your data can only be accessed by our overseas teams through our secure, UK based database applications.
Whenever your data is shared, inside or outside of the EEA, we will take every step possible to ensure adequate protections are in place to ensure the security of your information.