At Jo Holdsworth Recruitment we take your privacy seriously and will only use your personal information and data provided during your registration to look for work on your behalf and provide subsequent employment services.
Our aim at Jo Holdsworth Recruitment is to be transparent about our data gathering and storage process and it is important that you understand why we need the information we have requested upon your registration and that we seek the correct and ethical permissions from you in order to share your data with 3rd parties (a 3rd party would be a client we work with where we have been instructed to work on a live vacancy within that organisation).
In line with GDPR regulations we obtain consent at point the point of registration. JHR seek permission to contact all candidates via telephone, email and text message. JHR seek permission to share a candidates CV, employment history and any necessary additional supporting documents with a client of JHR, but only where the vacancy and organization has been discussed with the candidate prior. JHR state that we will hold your details for up to 5 years. All candidates have the right to withdraw consent at any time from any of the above permissions and if at any point want to exercise their right to be forgotten and wish for their details to be permanently removed from the JHR database, they are to contact their consultant. Any requests may take up to 30 working days to process.
We ask candidates to be mindful of the fact that should they exercise their right to be forgotten but subsequently wish that JHR provide employment services again in the future, they will need to re-complete the full registration process.
Every effort has been made to make this policy clear and concise. If anything is unclear, please contact the Data Protection Officer (here on referred to as the DPO) whose details are outlined as follows:
Data Protection Officer
Name: Jo Holdsworth
Email: [email protected]
This applies to anybody whom has personable identifiable data held by Jo Holdsworth Recruitment. Under GDPR regulations and JHR’s own policy you have the following key rights:
- To at any stage request where your data is held and how it is being processed, formally known as a Subject Access Request.
- To request for your information to be forgotten and permanently erased from the company’s records
- To request a copy of information being held and or updated with updated information you supply
- To at any stage change the level of permission you have given to the Company
These are just a few of the key rights under GDPR, others may also exist. As standard any request to the above rights will be fulfilled within 30 days of request.
Jo Holdsworth Recruitment’s Commitment
The Company is committed to fair and clear processing of all data. No engagement is made with third party controllers or processors with the aim of selling or profiting in any way from data held on record.
If a breach of data happens this will be promptly communicated to affected parties within 48 hours by email and for any serious breach that could lead to significant impact on the individual a phone call will be made within 24 hours of the Company being made aware of any breach. A significant impact is defined as data being targeted on a specific and individual basis where the individual has been identified as the sole target of the breach.
How permission is obtained to process and store your details on our database
Permission must be obtained by unambiguous and explicit means. In plain English this means the permission given by the candidate must be specific and not just implied by a lack of action. Alternatively, affirmative action by a Candidate that implies they are looking for employment is taken as legitimate Interest to process their data and contact them. The reason’s we will contact you are listed below;
- When a Candidate applies for a job being advertised, JHR take this to be explicit permission to contact the candidate for the position they have applied for, at this point the candidate may be invited to come complete a formal registration process with JHR where we would seek the relevant permissions as above
- In the event that an initial application does not result in a registration, the Candidates’ details will be deleted from our database within a 30-day period of application, unless agreed otherwise at the time, with transparency on next steps being clearly and concisely communicated
- When a Candidate advertises their CV on a job board website, this is taken to be legitimate interest to contact the Candidate for 3 months from the date the CV is downloaded. If no reciprocal contact is made during this time the data will be erased.
For the avoidance of doubt the Company takes explicit consent to be usually obtained via a written email or verbal permission over the phone.
How Data is Collected
Candidate data is collected from several sources. These include but are not limited to:
- LinkedIn searches
- Receiving applications and database searches from various job board websites
- Recommendations from existing candidates
- Recommendations from clients
How Data is Stored
JHR uses a secure CRM to store and manage all candidate data
Information will only be shared with clients where we have terms of business agreed and after seeking your permission to share your details with a specific client, we will ensure that we take reasonable steps to check that our client has their own GDPR policy and practices in place
After seeking your permission and upon the point of an application being made to our Client, the Client becomes responsible for legal processing and deletion of candidate data they receive via JHR
How Data is Erased
We will periodically contact all candidates on our database to check if they would like to remain on our database, our aim is to ensure that the data we hold is meaningful and serves the purpose of our aim to place candidates in work and to stay in touch for this purpose
Data will also be erased within 30 days when requested by the Candidate or other applicable source. When this happens a 5-stage process takes place, outlined below:
- The Data is archived from the Processors records meaning it cannot be used. Within 30 days all archived data will fully deleted
- Hard copies should not exist but where this has happened the hard copies shall be shredded
- An internal check of all email accounts will identify any mail logs that need to be deleted
- A hard drive check will identify any local machines that need to have the data deleted
- Confirmation of this will be sent to the source of the request upon completion if applicable
The Company has taken and will continue to take all reasonable steps to adhere to GDPR regulations. It is committed to the fair and legal processing of all data and will conduct annual reviews to ensure all staff are fully trained on compliance and that this document is up to date and processes are in place to ensure its full adherence. If you believe you have been the subject of unfair data processing please contact the DPO outline above, alternatively you may also wish to make your complaint to the Information Commissioners Office who can be contacted here: https://ico.org.uk/concerns/
Transferring data to perspective clients
Certain clients Jo Holdsworth Recruitment work with may require specific data in order for them to utilise temporary services or to process a permanent placement. This could include your proof of Right to Work, National Insurance number, contact details including telephone number, email address, home address, next of kin contact details, CV and returned references. In order to introduce you to these firms we require authorisation to supply this information.