The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe. As such, GDPR aims to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy.
What do we do?
Investigo Limited (“Investigo”) provides permanent, temporary and interim recruitment services to clients seeking to recruit professional staff across a range of specialist areas.
What does this policy cover?
Investigo is committed to respecting your right to privacy. As such, this policy:
Who are you?
We collect Personal Data from the following types of people (aka “Data Subjects”) to carry out our business. As such, you are likely to be one of the following:
- A referee or emergency contact provided by our candidates or staff;
- A supplier to our organisation;
- An Investigo employee, a contractor or an interim worker.
Who is the Data Controller?
The Information Commissioner’s Office (ICO) recognises Investigo as a Data Controller i.e. we determine the purposes and means of processing an individual’s Personal Data. Investigo Limited is a company registered in the UK:
What is Personal Data?
Personal Data refers to any data that can identify you as a living individual. This can comprise of generic information which relates to a person who can be identified directly or indirectly (e.g. email and contact details, information held about that individual such as job role, comments and references). It can also include Sensitive Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data concerning an individual’s health, sex life or sexual orientation. Sensitive Personal Data must be protected to a higher standard than generic Personal Data.
What legal basis do we have for using your information?
If you are a candidate, a client, a user of the Investigo website, a referee or emergency contact, a supplier to Investigo or an Investigo employee, contractor or interim worker, the legal basis on which we rely for processing your information will be our legitimate interests.
As a candidate, it may be necessary to process more Personal Data which includes sensitive information such as your health records that is either provided by you or others about you. In that case, we will always ask for your consent before processing such information. Before we process your Personal Data, a “balancing test” is carried out to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests. We maintain a record of these balancing tests and you have a right to find out more about the information in these tests by contacting GDPR@investigo.co.uk. In the majority of cases though, we will be using your personal data to:
- match your skills, experience and education with a potential employer
- source potential opportunities or roles as part of our recruitment services
- collate market information or trends including providing analysis to potential or actual clients
- personalise your experience and our offering with appropriate content, whether via our website or otherwise
- collect further information needed to assess your eligibility through the various stages of recruitment.
For clients and suppliers
We retain records of our dealings and transactions with you and where applicable, we use such records for the purposes of:
- establishing compliance of contractual obligations;
- addressing any query or dispute that may arise (including establishing, exercising or defending any legal claims);
- protecting our reputation;
- maintaining a backup of our systems, with the purpose of being able to restore them to a particular point in the event of a system failure or security breach;
- to provide you with networking opportunities and industry information.
From where do we source this Personal Data?
The following include the different sources from which we may collect your Personal Data: Directly from you. For example:
From an agent/third party acting on your behalf.
Through publicly available sources.
By reference or word of mouth.
For how long do we retain your Personal Data?
We hold your data for a maximum of 2 years. After this period, if no meaningful contact has been made, we will delete your data from our systems. The only exception to this is where we have had meaningful contact with you, if we have placed you in a permanent or interim role, or if we believe (in good faith) that the relevant regulators and/or legal obligations requires us to keep it for longer. Examples of “meaningful contact” includes (but is not necessarily limited to):
- When we obtain your details via a third-party company (such as a CV database), meaningful contact is defined as any verbal or written communication between us and yourself;
- If you are a Candidate who has applied for a job through our website or have submitted your CV to us by any other means, we will consider this to be meaningful contact;
- If there is two-way communication via verbal or written communication or through any of our marketing communications, we will also consider this to be meaningful contact.
Your data can also be removed at any time by request.
Is your personal data sent outside of the EEA?
Your personal data may be shared, stored and processed outside the European Economic Area (EEA). We will however only transfer your data outside the EEA to countries which the European Commission believes offer an adequate level of protection to you or where appropriate safeguards have been put in place to preserve the privacy of your data.
What are your rights?
By law, you have a number of rights when it comes to your Personal Data. Further information and advice about your rights can be obtained from the Information Commissioner’s Office.
What rights do you have in relation to the data we hold on you?
What does this mean?
The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Policy.
The right of access
This is so you are aware and can check that we are using your information in accordance with the GDPR.
The right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete. We will respond to such a request within 1 month.
The right to erasure
This is also known as ‘the right to be forgotten’ and in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
The right to restrict processing
You have the right to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but cannot use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
The right to data portability
You have the right to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT system and theirs safely and securely, without affecting its usability.
The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing (e.g. if you no longer want to be contacted with potential opportunities).
The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal data with the ICO https://ico.org.uk.
The right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
We will continue to contact you regarding recruitment related services which we believe will be of interest to you.
The basis for these communications will be our legitimate interest and/or “soft opt-in” consent.
In the interests of clarity, a “soft opt-in” applies where you have previously either actively engaged with us:
by submitting a job application/CV or
by briefing us on a job vacancy.
We are permitted to market relevant products and services to you unless you inform us of your wish to opt out (which you are entitled to do at any stage).
Please note that should we receive any requests from you to erase data or stop processing your information, we may retain a record of such requests as well as the actions taken by us. This will serve as both evidence of our compliance to your request as well as enable us to take steps to curtail any future processing of your data should it be received again from a third-party source.
It is our usual practice to provide information free of charge. However, we reserve the right to charge a reasonable fee in order to cover our administrative costs of providing the information for:
Please consider your request responsibly before submitting it. We will respond as soon as is practicable. This will be within one month of the date when your request is received; however, in the event that the request is likely to take longer for any reason, we will inform you of the likely timeframe at the time. For any questions surroundings your rights or should you wish to exercise any of these rights, please contact GDPR@investigo.co.uk.
Cookies and IP Address Policy
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and as a consequence of the communications standards on the internet. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
If you are unhappy about any aspect of the way in which your Personal Data is processed by us, in the first instance please contact us at GDPR@investigo.co.uk. This does not affect your right to make a complaint to the Information Commissioner’s Office https://ico.org.uk.
Version 1.01 Dated 24/5/18© Investigo Limited 2018. All Rights Reserved