Company Name: Digitech Resourcing Ltd
3rd Party Privacy Privacy Notice
Topic: Data Protection
Digitech Resourcing takes your privacy seriously. Your personal information will not be sold or otherwise distributed to third parties without your consent.
The Company is a recruitment business which provides recruitment services to its clients and work-seekers. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.
You may give your personal details to the Company directly, such as on an application or registration form or via our website, or we may collect them from another source such as a jobs board or social media network. The Company must have a legal basis for processing your personal data. For the purposes of providing you with work-finding services and/or information relating to roles relevant to you we will only use your personal data in accordance with the terms of the following statement.
1. Collection and use of personal data
a. Purpose of processing and legal basis
The Company has collected your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with work-finding services. The legal bases we rely upon to offer these services to you are:
• Legitimate interest
• Legal obligation
• Contractual obligation
The legal circumstances in which we will share your data are as follows:
• We receive a summons, court order or other legal demand for your information
• We believe it is necessary to share information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, or as otherwise required by law.
b. Categories of data
The Company has collected the following personal data on you:
• Name/contact details
• Evidence of right to work in the UK for example copy of passport, proof of address, National Insurance number, Bank details, Limited company details, Limited company bank details, evidence of certifications
• Curriculum Vitae
Sensitive personal data:
• Evidence of Disclosure Scotland,
• Credit and criminal record checks
c. Legitimate interest
Where the Company has relied on a legitimate interest to process your personal data our legitimate interests is/are as follows:
• For the purpose of seeking suitable employment opportunities
d. Recipient/s of data
The Company will process your personal data and/or sensitive personal data with the following recipients:
• IProfile (an external candidate search tool)
• Suitable clients
2. Overseas Transfers
The Company may transfer only the information you provide to us to countries outside the European Economic Area (“EEA”) for the purposes of providing you with work-finding services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
3. Data retention
The Company will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.
We must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
Where the Company has obtained your consent to process your personal and sensitive personal data, we will do so in line with the stated retention policy on the consent form. Upon expiry of that period the Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal data and sensitive personal data
A data protection breach is defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
Breaches will be reported to the Information Commissioner’s Office (ICO) by Sally Field, Data Protection Manager without undue delay and, where feasible, not later than 72 hours after having become aware of the breach, unless Digitech Resourcing is able to demonstrate that the personal data breach is unlikely to result in a risk to the rights and freedoms of data subjects.
The DPO will maintain a central register of the details of any data protection breaches.
Full details of the Digitech Resourcing’s breach reporting policy is available upon request.
5. Your rights
Please be aware that you have the following data protection rights:
• The right to be informed about the personal data the Company processes on you;
• The right of access to the personal data the Company processes on you;
• The right to rectification of your personal data;
• The right to erasure of your personal data in certain circumstances;
• The right to restrict processing of your personal data;
• The right to data portability in certain circumstances;
• The right to object to the processing of your personal data that was based on a public or legitimate interest;
• The right not to be subjected to automated decision making and profiling; and
• The right to withdraw consent at any time.
Where you have consented to the Company processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by contacting:
Sally Field – Data Protection Manager
See opening statement for contact details
6. Source of the personal data
The Company sourced your personal data/sensitive personal data either as a result of a direct personal response, or from a publicly accessible source:
• Job Boards
7. Complaints or queries
If you wish to complain about this privacy notice or any of the procedures set out in it please contact:
Sally Field - Data Protection Manager
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.