Data Protection Policy

Data Protection

At Jo Holdsworth Recruitment we take your privacy seriously and will only use your personal information and data provided during your registration to look for work on your behalf and provide subsequent employment services.

Our  aim  at  Jo  Holdsworth  Recruitment  is  to  be  transparent  about  our  data  gathering  and  storage process and it is important that you understand why we need the information we have requested upon your registration and that we seek the correct and ethical permissions from you in order to share your data with 3rd  parties (a 3rd  party would be a client we work with where we have been instructed to work on a live vacancy within that organisation).

Candidate Permissions

In line with GDPR regulations we obtain consent at point the point of registration. JHR seek permission to contact all candidates via telephone, email and text message. JHR seek permission to share a candidates CV, employment history and any necessary additional supporting documents with a client of JHR, but only where the vacancy and organization has been discussed with the candidate prior. JHR state that we will hold your details for up to 5 years. All candidates have the right to withdraw consent at any time from any of the above permissions and if at any point want to exercise their right to be forgotten and wish for their details to be permanently removed from the JHR database, they are to contact their consultant. Any requests may take up to 30 working days to process.

We ask candidates to be mindful of the fact that should they exercise their right to be forgotten but subsequently wish that JHR provide employment services again in the future, they will need to re-complete the full registration process.

Every effort has been made to make this policy clear and concise. If anything is unclear, please contact the Data Protection Officer (here on referred to as the DPO) whose details are outlined as follows:

Data Protection Officer

Name: Jo Holdsworth

Email: [email protected]

Your Rights

This applies to anybody whom has personable identifiable data held by Jo Holdsworth Recruitment. Under GDPR regulations and JHR’s own policy you have the following key rights:

  1. To at any stage request where your data is held and how it is being processed, formally known as a Subject Access Request.
  2. To request for your information to be forgotten and permanently erased from the company’s records
  1. To request a copy of information being held and or updated with updated information you supply
  2. To at   any   stage   change   the   level   of   permission   you   have   given   to   the   Company

These are just a few of the key rights under GDPR, others may also exist. As standard any request to the above rights will be fulfilled within 30 days of request.

 Jo Holdsworth Recruitment’s Commitment

The Company is committed to fair and clear processing of all data. No engagement is made with third party controllers or processors with the aim of selling or profiting in any way from data held on record.

If a breach of data happens this will be promptly communicated to affected parties within 48 hours by email and for any serious breach that could lead to significant impact on the individual a phone call will be made within 24 hours of the Company being made aware of any breach.  A significant impact is defined as data being targeted on a specific and individual basis where the individual has been identified as the sole target of the breach.

How permission is obtained to process and store your details on our database

Permission must be obtained by unambiguous and explicit means.  In plain English this means the permission given by the candidate must be specific and not just implied by a lack of action. Alternatively, affirmative action by a Candidate that implies they are looking for employment is taken as legitimate Interest to process their data and contact them. The reason’s we will contact you are listed below;

  1. When a Candidate applies for a job being advertised, JHR take this to be explicit permission to contact the candidate for the position they have applied for, at this point the candidate may be invited to  come  complete a formal registration process with JHR  where  we  would  seek  the  relevant permissions as above
  2. In the event that an initial application does not result in a registration, the Candidates’ details will be deleted from our database within a 30-day period of application, unless agreed otherwise at the time, with transparency on next steps being clearly and concisely communicated
  3. When a Candidate advertises their CV on a job board website, this is taken to be legitimate interest to contact the Candidate for  3  months  from  the  date  the  CV  is  downloaded.  If no reciprocal contact is made during this time the data will be erased.

For the avoidance of doubt the Company takes explicit consent to be usually obtained via a written email or verbal permission over the phone.

How Data is Collected

Candidate data is collected from several sources. These include but are not limited to:

  1. LinkedIn searches
  2. Receiving applications and database searches from various job board websites
  3. Recommendations from existing candidates
  4. Recommendations from clients

How Data is Stored

JHR uses a secure CRM to store and manage all candidate data

Information will only be shared with clients where we have terms of business agreed and after seeking your permission to share your details with a specific client, we will ensure that we take reasonable steps to check that our client has their own GDPR policy and practices in place

After seeking your permission and upon the point of an application being made to our Client, the Client becomes responsible for legal processing and deletion of candidate data they receive via JHR

How Data is Erased

We will periodically contact all candidates on our database to check if they would like to remain on our database, our aim is to ensure that the data we hold is meaningful and serves the purpose of our aim to place candidates in work and to stay in touch for this purpose

Data will also be erased within 30 days when requested by the Candidate or other applicable source. When this happens a 5-stage process takes place, outlined below:

  1. The Data is archived from the Processors records meaning it cannot be used. Within 30 days all archived data will fully deleted
  2. Hard copies should not exist but where this has happened the hard copies shall be shredded
  3. An internal check of all email accounts will identify any mail logs that need to be deleted
  4. A hard drive check will identify any local machines that need to have the data deleted
  5. Confirmation of this will be sent to the source of the request upon completion if applicable

Summary

The Company has taken and will continue to take all reasonable steps to adhere to GDPR regulations. It is committed to the fair and legal processing of all data and will conduct annual reviews to ensure all staff are fully trained on compliance and that this document is up to date and processes are in place to ensure its full adherence. If you believe you have been the subject of unfair data processing please contact  the  DPO  outline  above,  alternatively  you  may  also  wish  to  make  your  complaint  to  the Information Commissioners Office who can be contacted here: https://ico.org.uk/concerns/

 

Transferring data to perspective clients

Certain clients Jo Holdsworth Recruitment work with may require specific data in order for them to utilise temporary services or to process a permanent placement.  This could include your proof of Right to Work, National Insurance number, contact details including telephone number, email address, home address, next of kin contact details, CV and returned references.  In order to introduce you to these firms we require authorisation to supply this information.