Privacy Policy

GDPR Policy Documents

1. Jenny Ward is the appointed Data Protection Officer and is responsible for monitoring GDPR compliance.
2. Stored Data
Candidates
  • On jobs@burtonboltonrose.co.uk
  • On administration@burtonboltonrose.co.uk
  • On candidate databases
  • In current/filed off files
  • On temporary payroll system
Clients
  • On manual client liaison cards
  • On permanent client database
  • On temporary client database
  • In permanent job files
  • In temporary job files
  • On job descriptions on computer system
Staff Data
  • In HR record files
  • On payroll and pension files

Data is stored for two years, manual data is destroyed by shredding, computer data is removed from the system

3. Data Map
Candidate
  • Sends in CV via email to jobs@burtonboltonrose.co.uk / administration@burtonboltonrose.co.uk
  • Candidates visit office and complete registration process
  • Candidate completes equal opportunity form
  • Candidates details are put onto database
  • Candidates manual file is put in to current draw
  • Candidates CV is written and sent to suitable jobs
  • Candidates file put in ‘filed off’ file when no longer seeking employment
  • Card is made up for temporary candidates
  • References are obtained for temporary candidates
  • Payroll records maintained for temporary candidates
Client
  • Client places vacancy (temporary or permanent)
  • Internal job specification is prepared
  • Job vacancy is advertised on social media, Reed and on website
  • Information regarding vacancy given verbally to candidates
  • Candidates CV is submitted to clients via email
  • Client informs us what candidates they wish to interview
  • Interviews arranged and candidate is given full job description and client details
4. Data Security
  • Only staff members are allowed access to
    – Client data
    – Candidate data
  • All staff members are trained on data security and have signed staff policy document 
  • Regular software updates are installed
  • Computer passwords are changed on a regular basis
  • Back-ups are made on computer data on a regular basis
  • The IT system is monitored regularly for unusual activity
  • Candidate contact details are not given to clients prior to interview ie:
    – Address
    – Telephone numbers
    – Email address
  • Client contact details are not given to candidates prior to interview ie:
    – Name of Company
    – Address
    – Telephone number
    – Email address
 5. Privacy Notice – Candidates

We collect your information when you send us your CV, register with us for employment or work for us on a temporary basis. We record all telephone discussions we have with you. The information we hold on you includes you name, address, telephone number, email address and equal opportunities data.

We use your information to assist you with finding employment. We use your information to help us understand trends in the marketplace. We also use your information to send you contact emails containing details of suitable vacancies and interviews. We store your information on our in-house server and in manual files.

We share your information when appropriate with:

a. Potential employers
b. The Inland Revenue
c. Our Pension Providers
d. Credit Check Companies

6. Privacy Notice – Clients

We collect information from you when we contact you to provide information on our services, or when you place a permanent or temporary job with us. We record all telephone discussions we have with you. The information we hold on you includes your Company name, address, telephone number, email address and a record of employees we have placed with you.

We use your information to assist you with the recruitment of staff. We use your information to help us understand trends in the market place. We also use your information to send you marketing emails containing details of the services we provide. We store your information on our in-house server and in manual files.

We share you information when appropriate with:

a. Potential employees
b. Our Accountants
c. Credit Check Companies

7. Staff Policy

We collect data from many sources all of which should be considered confidential. The following is our policy on the management, storage and distribution of data.

  • All candidate and client data should be considered confidential and not discussed with anyone outside the Company
  • Candidate data is maintained manually and on the computer system for two years. Client records and job descriptions are maintained manually and on the computer system for two years
  • Under no circumstances should a candidates or clients name, address, telephone number or email address be revealed prior to an interview being arranged
  • Under no circumstances should vacancies or candidates be discussed with anyone other than the candidate or the client’s nominated representative
  • All staff records and terms of employment are highly confidential and salaries should not be discussed with anyone but your line Manager
  • Any marketing undertaken should represent the Company in a professional manner and should be employment focussed

I agree to abide by the above policy at all times and will request further training should I deem this necessary.

Signed: ……………………………………………………………

Name: ……………………………………………………………

8. Reporting Data Breaches

There is a legal obligation to report significant data breaches to Jenny Ward the Data Protection Officer.

Should there be a data breach the following action should be taken

  • The breach should be assessed to establish whether there is a legal issue
  • We need to draft a candidate or client response in relation to the breach
  • We need to decide whether to notify the regulators of the breach
  • If the breach is caused by an IT issue we need to plan remediation controls to ensure it does not happen again
  • If the breach is caused by an employee we need to take remedial action to ensure it does not happen again
  • Any data breach should be considered highly confidential and not discussed with anyone outside of our Company
9. Data Compliance Record
Data Breaches

All data breaches will be recorded by Jenny Ward the Data Protection Officer. Data breach records should include date data was breached, what the breach was and what action was taken

  • Candidate Notices
    – Candidate are notified of our data protection policy on the date of registration via equal opportunities form and the welcome letter issued. Should candidates request a copy of our GDPR Policy Statement this will be sent within 24 hours.
  • Client Notices
    – Clients are notified of our data protection policy when they place a vacancy with our Company. Should clients request a copy of our GDPR Policy Statement this will be sent within 24 hours.
  • Marketing Notices
    – All marketing material sent out to clients will include details of how to request removal from our mailing list
  • Employee Notices
    – All employees have been issued with a Policy Procedure file which they should follow correctly, any amendment to policy will be issued in writing