Global Employment Bureau Ltd – Data Privacy Statement
REVISION DATE NAME DESCRIPTION
1.0 10/05/2019 Shenda Wilkie GDPR Compliance
Approved by directors: 10/05/2019
The policy became operational on 10/05/2019
Next review date: 10/05/2023
Data Privacy Statement – Introduction
Global Employment Bureau Ltd knows that your privacy is very important to you. When it comes to your information, we follow some straightforward principles. We aim to be clear about the data we collect and why.
Typically, Global Employment Bureau Ltd receives electronic data, in the form of personal information and career history i.e.as a ‘Curriculum Vitae’. All personal data is held electronically on a password protected storage unit.
What personal data do we collect?
It is the nature of the services we provide that requires us to collect and process personal data. This will, at a minimum, include:
– Your name
– Your contact details including phone number(s) and/or email address
– We may need to collect more personal data if it is necessary to deliver the service you have requested. For example, should you wish us to find you employment, we may also require additional personal data along with your working history, qualifications, and a photo of you.
If you don’t provide us with personal data, we’ll try to provide the service but it may be impossible.
(N.B. Please do not provide us with the personal data of anyone else without their permission, unless you have obtained the explicit consent from that person.)
How else we have obtained your personal data?
We advertise our services in a number of locations. We do not purchase lists of names, instead we rely on you to submit your information to us.
How do we use your personal data?
We limit the use of personal data to ensuring we deliver the service you have requested. Furthermore, we retain your personal data only for as long as is necessary to deliver you this service. Under certain circumstances we will retain your personal data longer if it part of an accounting record which we are obliged by law to retain for 7 years. Where this is the case, your personal data will be archived. Records in an archived state means access to them is greatly restricted.
When submitting your data to a prospective employer we will first ask for your permission. The data sent will be password protected. Once sent to a prospective employer we can not take responsibility for the security of your data.
After that, unless we need it for a particular investigation, we securely destroy records your personal data is contained within, in line with our retention schedule. Destruction of paper records is done securely and appropriately. For example, we securely shred
paper records in line with the British Standard for secure destruction of confidential material (BS EN 15713).
To whom we may disclose your personal data?
If another organisation helps us to provide the service, we’ll also make your personal data available to them. If this involves transferring information to a country not recognised by the Information Commissioner’s Office as providing equivalent protection, we’ll use additional safeguards approved by UK or EU regulations.
We shall only disclose your personal data to third parties in circumstances that are necessary for delivering the service agreed with you.
We have never and will never sell your personal data.
If there are attacks on our services, or other criminal activity, we may share information with the police or similar public body.
How do we secure your personal data?
Unfortunately, no data transmission over the internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of your personal data. For example, we encrypt or password protect all personal data disclosed to third parties. Likewise, Group servers and all data stored locally are protected by a hardware firewall that is preventing unauthorised intrusion into the network. Software solutions are also in place which constantly scan for malware and viruses on the network.
All staff are required to ensure that any paper files not in current use are stored in filing cabinets and locked at all times when offices are unoccupied. Any paper documentation containing personal data is shredded once it becomes superfluous.
Access to personal data is restricted to authorised users on a need-to-know basis.
In the event of a data breach involving your personal data which presents a high risk we will contact you immediately.
Inaccuracies and corrections
We would like to keep your personal data accurate and up to date. If you become aware of any errors, noted on our correspondence with you for example, then please let us know by phoning or emailing us.
How to contact us and exercise your rights?
Under the Data Protection Act 1998 you have certain rights over your personal data that we hold:
– To receive a copy of your personal data that we hold;
– To ask us to correct any errors; and
– To delete it once we no longer need it.
To contact us regarding those rights, or anything else in this data privacy statement, please write to our compliance officer, Shenda Wilkie, by email (firstname.lastname@example.org) or at our postal address below:
FAO Shenda Wilkie, Unit 34 Liliput Road, Brackmills Industrial Estate, Northampton, NN4 7DT.
If you don’t feel we’ve dealt with your request appropriately, you have the right to appeal to the Information Commissioner’s Office.