GREYWOOD ASSOCIATES LTD
Table of Contents
2 Who we are and how to contact us
3 The data we collect about you
4 How we collect personal data
5 How and why we use personal data
7 Automated decision-making
8 Change of purpose
9 If you fail to provide personal data
11 Who we disclose personal data to
12 International transfers
13 Data security
14 Data retention
15 Your rights in respect of your personal data
16 Changes to your personal data
We are a “data controller” for the purposes of data protection legislation. This means that we are responsible for deciding how we hold and use personal information about you. We are committed to protecting and respecting your privacy.
By using our site and services, we may collect, use, store and transfer different kinds of personal data about you. In respect of all users of our site, the personal data we may collect includes information you send to us when making an enquiry and electronic data which is processed when accessing or browsing our site. If you are using our site or our services as a job applicant ("applicant"),apply for a job or sign up to receive marketing emails from us, for example. We may also collect your personal data from third party sites when
you respond to a job advertisement we have placed on a third party site or when you upload your details to a third party site to indicate you are looking for work.
Our site is not intended for children and we do not knowingly collect data relating to children.
2. Who we are and how to contact us
We Greywood Associates are a limited company registered in England and Wales under company number 06061746 and have our registered office at Greywood Associates Ltd, 3 Mellor Road, Cheadle Hulme, Cheadle, Cheshire, SK8 5AT
To contact us, please email email@example.com or telephone us on 02837 525 012.
3. The data we collect about you
Personal data, or personal information, means any information relating to an identifiable individual. It does not include any data or information which relates to a person that cannot be identified or where the person's identity has been removed (ie anonymous data). It also does not include information relating solely to a business or other organisation, rather than to a person.
By using our site, we may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
* Identity Data: data which identifies you, such as your first name, last name, username, job title, employer, title, date of birth, marital status, and gender;
* Contact Data: contact details including your personal and/or business email address, postal address and telephone number;
* Profile Data: data we store in connection with your profile when you register on our site, including your username and password (to access your account on our site) and (in the case of applicants) history of job applications and placements made via us, your preferences, interests, feedback and other communications with us and/or our clients;
* CV Data: information submitted as part of a job application and/or the registration process, including qualifications, experience and references and any other information contained on a CV;
* Application Data: applicant's history of responding to job advertisements and the progress of those applications;
* Financial Data: if you are a client representative paying for our services, we may capture your personal data either peripherally or if you use personal payment details;
* Social Media Data: when you connect with us or like or follow our social media accounts we may have access to your personal data through the social media platform, including your social media handle, photograph, date of birth, location, occupation, interests and other information and content you make available via your social media accounts;
* Technical Data: electronic information which is automatically logged/stored by processing equipment, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our site;
* Usage Data: information about how you use our site and our services, including how you navigate our site and if you encounter any problems;
* Marketing and Communications Data: data which we capture when you sign up to our newsletters, including your preferences regarding receiving marketing communications from us.
We do not collect any special categories of personal data about you, without gaining your explicit written consent (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We will only collect information about criminal convictions and offences (including via DBS checks) where such processing is authorised by law and necessary for the role you have applied for. We shall inform you before collecting any such data.
4. How we collect personal data
* Direct interactions
The majority of the personal data we hold about you is collected when you correspond or interact with us directly (via our site, or social media, by post, phone, email, telephone or otherwise).
This includes personal data you provide when you:
o make an enquiry;
o register to access our site;
o subscribe to receive marketing communications;
o connect with us, follow us or 'like' us on social media;
o attend networking events
o submit a job application (including a CV) or job advertisement via job boards on our site.
The categories of personal data we collect in this way include Identity, Contact, Profile, CV, Application, Social Media, Financial, Usage and Marketing and Communications Data.
* Third parties sites
We may also obtain your personal data from third parties, primarily when you respond to an advertisement we have placed on a third party job board or when you have uploaded your CV or other information to a third party site looking for work. From time to time, we may also obtain your information through third party social media platforms, such as LinkedIn, and from other referrers and clients who we work with. .
* Automated technologies or interactions
When you interact with our site, our systems will automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using
cookies server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookies Policy [insert link] and section 10 below for further details.
We also use automated Boolean searching to match applicants with available roles.
* Other third parties and publicly available sources
We may also receive personal data about you from various third parties as set out below:
o Identity, Contact and Financial Data from providers of technical.
o Social Media Data from the operators of social media platforms, including Facebook, Instagram, LinkedIn, Twitter and Google+ who are based inside and outside of the EU.
o Technical Data from the following parties:
* Analytics providers, such as Google (based outside the EU);
* Advertising networks, such as LinkedIn and Facebook;
* Search information providers such as Jobsite, CW Jobs and OpenWeb.
o Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register.
5. How and why we use personal data
We will only collect and process your personal data where we have a legal basis to do so. The legal basis will vary depending on the manner and purpose for which we are collecting your personal information. Most commonly, we will use your personal data in the following circumstances:
* Where we have your consent to do so (further details provided in section 15 below);
* Where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
* Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
* Where it is necessary to comply with a legal or regulatory obligation that we are subject to.
We have set out in the table below a description of the ways we plan to use your personal data, and which of the legal bases we shall rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data on the basis of more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you require further detail about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest To set up, manage access to, and maintain the security of, your online account for our site Identity, Contact, Profile, Technical and Usage Data Necessary for our legitimate interests (to conduct our business and perform our contracts with clients) Consent – given at the time of registering an online account for our Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest site and/or the Portal
To provide recruitment services to clients by displaying job adverts on our site or third party job boards, which may include assisting with the processing of applications (including CVs) submitted by individuals in response to such job adverts Identity, Contact and Profile Data (of client representatives) Necessary for our legitimate interests (to conduct our business and perform our contracts with clients)
To manage our relationship with you
which will include:
To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity, Contact, Usage and Technical Data Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and to prevent fraud) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you based upon your content preferences Identity, Contact, Profile, Usage and Marketing and Communications Data Necessary for our legitimate interests (to develop our services and grow our business)
To use data analytics to improve our website, services, marketing, customer relationships and experiences Identity, Contact Technical and Usage Data Necessary for our legitimate interests (to define types of customers for our services, to keep our business updated and relevant, to develop our business and to inform our marketing strategy)
To deal with and respond to queries submitted to us via our site, social media accounts, by post, email or by telephone Identity, Contact, Social Media, Profile, Application and Marketing and Communications Data Consent – given at the time of contact Our legitimate interests (to conduct our business and correspond with applicants and clients)
Marketing and Recruitment communications from us: We may send you marketing and Recruitment communications if you:
* are an applicant who has applied to one of the roles we have advertised or if we have previously hired you for a contract role;
* are an applicant who has uploaded their CV in response to a third party job board on a third party website, thereby making your CV and contact details public for recruiters and employers to contact you with job opportunities;
* are a client representative whose contact information is displayed upon your company's website or has been provided to us by one of your colleagues;
* have consented to receive marketing and recruitment communications from us.
Third party marketing: We will only share your personal data with another company for marketing purposes if you have expressly consented to us doing so.
Opting out: You can ask us and/or third parties to stop sending you marketing or recruitment communications at any time, by:
* clicking on the unsubscribe button in the footer of any marketing email from us or;
* contacting our Data Compliance Officer at firstname.lastname@example.org
7. Automated decision-making
We do not currently use purely automated decision-making.
8. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
9. If you fail to provide personal data
Where we need to collect personal data from you in order to comply with our legal obligations or to perform a contract we have with you or your employer/hirer and you fail to provide that data when requested, we may not be able to perform the relevant contract (for example, to engage you as a contractor or provide your employer with services). In this case, we may have to cancel the relevant contract.
11. Who we disclose personal data to
We may share personal data with the third parties set out below for the purposes set out in the table above. These third parties process your personal data on our behalf in connection with the performance of certain services for us. :
Name of Service Provider Platform Types of Personal Data
* Loughtec * IT Support Provider * Indentity, Contact, Profile, CV, Application, Financial, Marketing and Communications Data
* Volcanic * Website Host * Identity, Contact, CV, Profile, Application, Technical and Usage Data. This type of personal data is only shared through the website host as a processor if a data subject creates an online account with us
* Broadbean * Data Analytic Software * Identity, Contact, CV and Application Data
* Bond Adapt * Recruitment Software * Indentity, Contact, Profile, CV, Application, Financial, Marketing and Communications Data
* We have entered into a data processing agreements with the service providers listed above.
* Technical and Usage Data may also be disclosed to Google Analytics, our analytics and search engine providers.
* Identity, Contact, CV, and Application Data, including as part of a job application, may be disclosed to the relevant client advertising and/or managing the relevant job advertisement. We will obtain your consent before disclosing your personal data to clients. Our clients will process applicant personal data as a data controller, and should direct applicants to their own privacy policies setting out how they process personal data.
* Identity, Contact, Profile, Usage and Marketing and Communications Data may be disclosed to Active Campaign CRM and similar agencies who provide marketing and recruitment services to us.
* Identity, Contact, CV, Application, Profile and Marketing and Communications Data may be disclosed to professional advisers (acting as processors or joint controllers) including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
* Companies and organisations for the purposes of fraud protection and credit risk reduction, such as Credit Safe.
* HM Revenue & Customs, regulators and other authorities (acting as processors or joint controllers) who require reporting of processing activities in certain circumstances.
We require all our data processors to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions as set out in our data sharing agreements.
12. International transfers
Many of our external third parties are based outside the Economic European Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
* We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries
* Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
* Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the EEA.
13. Data security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
14. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) in order to develop our business methods and strategy or for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you are an applicant, we will retain your personal data for a period of 36 months from the point of last meaningful contact with you with an additional month to process the deletion of data. Meaningful contact includes any email or telephone correspondence with you that has resulted in submission of an updated CV or a change to your personal information. We will keep this under review and may periodically delete some of your personal data which we no longer require for the purposes set out in the table above.
In some circumstances we may be entitled to retain your data for a longer period where we are under a legal obligation to do so, for example in the event of a legal dispute. We will also need to keep a record of your contact details if you have opted-out of receiving marketing communications from us to ensure we do not send these to you in future.
15. Your rights in respect of your personal data
You have the following rights in respect of the personal data that we process about you (where we determine the purpose and means for which that personal data shall be processed):
* the right to request access to your personal data that we hold and to receive certain information relating to that data;
* the right to ask us to rectify inaccurate data or to complete incomplete data;
* a right to receive or ask for your personal data to be transferred to a third party(note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you);
* the right to request the erasure of personal data where there is no good reason for us continuing to process it (note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request);
* the right to object to how we process your personal data where we believe we have a legitimate interest in processing it (as explained above) (note that in some cases we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms);
* the right to restrict processing of your personal data in certain scenarios, for example if you want us to establish the accuracy of the data or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it (note that when processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future; and
* where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If you withdraw your consent, we may not be able to provide certain services to you.
If you wish to exercise any of the rights set out above in respect of your personal data, please contact our Data Compliance Officer at email@example.com .
We may ask you to verify your identity if you make a request to us to exercise any of the rights set out above. We may also contact you to ask you for further information in relation to your request to speed up our response. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance and we shall endeavour to resolve your complaint.
16. Changes to your personal data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data (such as your contact details) changes during your relationship with us.