Review Date: Continuous ahead of 25th May 2018
IT Works Health Ltd (”We”) are committed to protecting and respecting your privacy.
This notice sets out the basis on which any personal data will be processed, on reading this document you should understand:
- What we do with your personal data, whether we are in the process of helping you find a job, continuing our relationship with you once we have found you a role, providing you with a service, receiving a service from you, using your data to ask for your assistance in relation to one of our Candidates, or you are visiting our website.
- It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. We understand that your privacy is important to you and we are committed to protecting your privacy
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC) The Regulation aims to standardise data protection legislation across EU member states, increasing privacy rights for individuals and providing a rigorous framework within which commercial organisations can legally operate.
The Government intends for the GDPR to continue in UK law post Brexit and has also introduced a Data Protection Bill to replace the current Data Protection Act in due course. Your new rights under the GDPR are set out in this notice and will only apply once the GDPR becomes law on 25th May 2018.
Please read the following carefully to understand our practices regarding your personal data and what provisions we have in place to protect it.
For the purposes of data protection legislation, the data controllers referred to in this document are IT Works Health Ltd of:
Artis House, Unit 6B
Fairways Business Park,
Who are IT Works Health Ltd and what do we do?
IT Works Health Ltd are a recruitment agency. We collect the personal data of the following types of people to allow us to undertake our business;
- Prospective and placed candidates for permanent, contract, fixed term roles;
- Prospective, established and current client contacts;
- Suppliers that support our services;
- Consultants, Employees, temporary workers;
We collect information about you to carry out our core business and ancillary activities.
What kind of personal data do we collect / you provide?
- To provide the best possible employment opportunities that are tailored to you, we need to collect, store and process certain information about you. We only ask for details that will genuinely help us to help you, such as your name, age, private and corporate e-mail address, phone numbers, address, Curriculum Vitae, professional assessments, employment preferences, emergency contacts, your right to work in the UK, Salary information, payment details, compliance documentation, links to your professional profiles available in the public domain e.g. LinkedIn (and of course you may choose to share other relevant information with us). Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health, ethnicity, diversity or details of any criminal convictions.
- To ensure we keep accurate candidate records and align you with the best suited opportunities for you, our CRM system is integrated with Outlook. Therefore, our CRM retains copies of your email engagement with our consultants.
- We operate call recording software on all inbound and outbound calls. The recordings are stored on an internal server. We review calls for training, monitoring and quality purposes and we alert candidates of this via an auto attendant and through our website. We store calls for up to two years before they are deleted from our software and can no longer be retrieved. Our consultants also take call notes to ensure that they provide you with the most accurate opportunities.
- We collect a limited amount of data from our website users and the data collected would be required to be submitted by the candidate. Name, email address, number, and CV upload can be submitted to our team here via one of our websites.
- If you are a client or a potential client of IT Works Health we need to collect and use information about you, or individuals at your organisation, in the course of providing you services such as: (i) finding Candidates who are the right fit for you or your organisation.
- To ensure we keep accurate candidate records and align you with the best suited opportunities for you, our CRM system is integrated with Outlook. Therefore, our CRM retains copies of your email engagement with our consultants.
- We operate call recording software on all inbound and outbound calls. The recordings are stored on an internal server. We review calls for training, monitoring and quality purposes and we alert client callers of this via an auto attendant and through our website. We store calls for up to two years before they are deleted from our software and can no longer be retrieved. Our consultants also take call notes which help us to provide you with the best suited solutions for your business.
- We need to collect and store a small amount of data on our suppliers to ensure that contractual obligations are met. We collect contact details of relevant individuals at your organisation so that we can communicate effectively with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
How do we collect your personal data?
The two main ways we collect information from you:
- Directly from you
- If we obtain information from you directly over phone or email, we will inform you immediately of what information we have taken, why we have need to take it from you and what we will do with it. We will do this by making you aware of our privacy notice through a link provided by email which will direct you to our website.
- From third parties
- This is information we obtain about you from other sources such as LinkedIn, corporate websites, job boards, Umbrella services, advertising software, websites, online CV libraries, referrals, professional assessments, networking events, online search tools, candidate interviews, business cards, and legitimate conversations. In this case we will inform you, by sending you this privacy notice, within a maximum of 30 days of collecting the data of the fact we hold personal data about you, the source the personal data originates from and whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.
We are working closely with third parties including companies within our Group, business partners, sub-contractors in technical, professional, payment and other services, advertising networks, mass mailing services, frameworks, outsourced research providers, credit reference agencies, professional advisors and our CRM partner, Bullhorn. We may receive information about you from them for the purposes of our recruitment services.
Purposes of the processing and the legal basis for the processing
We use information held about you in the following ways:
- To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation.
- To provide you with information about other goods and services we offer that are similar to those that you have already purchased, been provided with or enquired about.
- The core service we offer to our candidates and clients is the introduction of candidates to our clients for the purpose of temporary or permanent engagement. However, our service expands to supporting individuals and companies throughout their career, supporting businesses’ resourcing needs and strategies.
- Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
- We will rely on contract if we are negotiating or have entered into a placement agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
- We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations.
- You will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce you to a client (if you are a candidate).
Our Legitimate Business Interests
Our legitimate interests in collecting and retaining your personal data is described below:
As a recruitment business we introduce candidates or our consultants to clients for permanent employment, temporary worker placements or independent professional contracts. The exchange of personal data relating to our candidates, consultants and our clients is a fundamental, essential part of this process.
To support our candidates’, or our consultants career aspirations and our clients’ resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.
To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts.
The “legitimate interest” condition will not be met if the processing is unwarranted because of its prejudicial effect on the rights and freedoms, or legitimate interests, of the individual. Our legitimate interests do not need to be in harmony with those of the individual for the condition to be met. However, where there is a serious mismatch between competing interests, we take seriously that the individual’s legitimate interests will be prioritised.
Why we collect personal data about you:
Having collected personal data on our candidates and clients we use this information in several ways to carry out our business functions and fulfil our obligations. Please see a list below of the many ways we use your personal data:
- We connect the right candidates with the right jobs. Therefore, we may use your personal data to determine if you are suitable for a position
- To contact you if a position becomes available that you may be interested in
- Submitting your details to a client for a potential position
- Notifying clients of your skills and availability for any future positions
- We maintain accurate records of our candidates and clients to include records of our conversations and client meetings, so that we can provide you with the best potential job matches or tailored services.
- To ask for your help with connecting other candidates with jobs
- To comply with government legislation (e.g.: we collect your tax file number to comply with taxation and superannuation requirements)
- Administration of payments to you, which may include the processing of sensitive information about you (e.g.: sick leave)
- Facilitating our invoicing processes
- To periodically send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you. For the purposes of marketing we will take your consent as given unless or until you opt out, this is referred to as the soft-opt in.
- Verifying details you have provided, using third party resources (such as psychometric evaluations, criminal record checks, health screening or skills tests), or to request information (such as references, qualifications and potentially any criminal convictions, to the extent that this is appropriate and in accordance with local laws);
- In addition, we may occasionally be required by law to collect, use and disclose your personal information, for example to comply with the requirements of government departments for business data
- In more unusual circumstances, we may use your personal data to help us to establish, exercise or defend legal claims.
- Carrying out customer satisfaction surveys;
We may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this on the following website; https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ .
Nobody's perfect, even though we try to be. We want to let you know that even if you have opted out from our marketing communications through our opt out hyperlink at the end of marketing emails, it is possible that your details may be recaptured through public sources in an unconnected marketing campaign. We will try to make sure this doesn't happen, but if it does, we apologise. We'd just ask that in those circumstances you opt out again or contact us at; GDPR@ITWorksResourceGroup.com.
To deliver our ancillary services we need to use and disclose some of your personal information.
Your personal information may be disclosed to:
- prospective employers or entities seeking to fulfil contract and permanent positions
- your rate if we are operating under a preferred supplier agreement
- staff of the departments responsible for administering the processes described above
- related bodies corporate and third parties for the administration and provision of selected benefits and payroll services
- subsidiaries of IT Works Health Ltd
- our research teams
Your personal information may be transferred overseas, for the purposes and processes described above. We do send information overseas.
Should we want to rely on consent to lawfully process special category data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.
Other Uses we will make of your data:
- Use of our website;
- to notify you about changes to our service;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
We will use this information
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical, survey purposes and competitions;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process.
To access, correct or update your personal information we hold on you to carry out our business functions, we rely on the accuracy of the data you provide. To the extent authorised by the Privacy Act and other applicable laws, you can amend your personal information held by us. If you wish to request access to, find out more about or seek amendment of your personal information held, you should contact us on GDPR@itworksresourcegroup.com.
Disclosure of your information inside and outside of the EEA
For candidates and clients we will share your personal information with any member of our group both in the EEA and outside of the EEA. We also enlist the services of our external research partners based outside of the EEA who will have visibility of your data for the purposes of data cleansing with a view to keeping accurate records within our database. They are committed to ensuring that your data is safeguarded as per the guidance within the GDPR. There are breach notification processes in place with the team.
Selected third parties including
- clients for the purpose of introducing candidates to them;
- candidates for the purpose of arranging interviews and engagements;
- business partners, suppliers, sub-contractors and related business units, for the performance and compliance obligations of any contract we enter into with them or you;
- subcontractors including payment, and financial service providers.
- credit reference agencies, our insurance broker, compliance partners and other sub-contractors for the purpose of assessing your suitability for a role where this is a condition of us entering into a contract with you.
- Outsourced research team for the purpose of data accuracy
We will disclose your personal information to third parties
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If IT Works Health Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
The lawful basis for the third-party processing will include
- Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
- satisfaction of their contractual obligations to us as our data processor;
- for the purpose of a contract in place or in contemplation;
- to fulfil their legal obligations.
Where we store and process your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (”EEA”). It may be transferred to third parties outside of the EEA for the purpose of our recruitment services. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, our recruitment services and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
All information you provide to us is stored on our secure servers.
Where we have given you a password to enable you access to our systems, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Retention of your data
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so.
We will make you aware of our privacy statement where we obtain and store your personal data. If, when we send you our privacy notice to inform you that we have your data, you decide you do not want us to keep a copy of your personal information on our database to carry out our legitimate business interest, you can email us at the following address and we will remove your record from our database: GDPR@itworksresourcegroup.com.
Moving forwards under the GDPR we will archive your personal data from our CRM if we have not made contact with you (or, where appropriate, the company you are working for or with) for 5 years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected. We will review our archived data in line with continued legitimate interest; purpose, necessity, balance.
When we refer to "contact", we mean, for example, communication between us (either verbal or written). We will consider there to be contact with you if; you submit your updated CV onto our website; apply to us via an advertisement; if you communicate with us about potential roles, either by verbal or written communication; You open or read an email; click through from a marketing campaign; replies to marketing or other digital messages from us; If we do not receive a request to opt out of receiving our marketing emails and they continue to be sent; engagement through social media platforms; engagement at events.
We do the following to try to ensure our data is accurate:
- we have a team dedicated to the maintenance of our database. The team are central to our business and our investment in their work is a demonstration of our commitment to ensure accurate data.
- prior to making an introduction we check that we have accurate information about you
- we keep in touch with you so you can let us know of changes to your personal data
The criteria we use to determine whether we should retain your personal data includes:
- the nature of the personal data;
- its perceived accuracy;
- our legal obligations;
- whether an interview or placement has been arranged
- our recruitment expertise and knowledge of the industry by country, sector and job role.
We may archive part or all of your personal data or retain it on our financial systems. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so.
For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
You can exercise your right to accept or prevent such processing by unsubscribing from any marketing you might receive from us that you want to opt out of. You can also exercise the right at any time by contacting us at GDPR@itworksresourcegroup.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The GDPR provides you with the following rights. To:
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
- we can show that we have compelling legitimate grounds for processing which overrides your interests; or
- we are processing your data for the establishment, exercise or defence of a legal claim.
- If your objection relates to direct marketing, we must act on your objection by ceasing this activity.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party in certain formats, if practicable.
- Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/
Access to information
The Data Protection Act 1998 and the GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete.
Your right of access can be exercised in accordance with the Act (and the GDPR once it is in force). Prior to 25th May 2018 any access request under the Data Protection Act will be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
Changes to our privacy notice
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to GDPR@itworksresourcegroup.com.