Privacy Policy
Company Name:
Daniel Owen Ltd and all subsidiary companies (‘the Company’)
Company Contact details:
Compliance Team, Hadwyn House, Field Road, Reading, Berks RG1 6AP
Email: compliance@danielowen.co.uk
Tel: 0118 9521070
Version:
005A
Daniel Owen Ltd and its subsidiary companies (‘the Company’) is a recruitment business which provides work-finding services to its clients and work-seekers. The Company must process the personal data (including special categories of personal data) of work-seekers and prospective work-seekers, so that it can provide these services. In doing so, the Company acts as a data controller, which means we determine the purpose and means of the processing of your personal data. ‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. 'Special categories of personal data' include: your biometric data, your health and any disabilities, any criminal convictions. ‘Processing’ means any operation which is performed on personal data such as: collection, recording, organisation, structuring or storage; adaption or alteration; retrieval, consultation or use; disclosure by transmission, dissemination or otherwise making available; alignment or combination; and restriction, destruction or erasure. For the purposes of this policy 'personal information' includes personal data and any data that falls within the special categories of personal data.
This policy explains how the Company will hold and process your personal information, and it also explains your rights as a data subject. This policy does not form part of any contract you may have with the Company and can be amended by the Company at any time. It is intended that this policy is fully compliant with the Data Protection Act 2018 Act (2018 Act) and the EU General Data Protection Regulations (GDPR). If any conflict arises between those laws and this policy, the Company intends to comply with the 2018 Act and the GDPR.
You, as a work-seeker or prospective work-seeker, may give your personal information to the Company directly, such as by telephone, by email, on an application or registration form or via our website, or we may collect them from another source such as a jobs board. The Company must have a legal basis for processing your personal information. For the purposes of providing you with work-finding services and/or information relating to roles relevant to you we will only use your personal data in accordance with the terms of the following statement. The Company may record telephone calls for quality and training purposes and to protect the interest of both parties.
We may amend this Privacy Policy from time to time.
1. Collection and processing of personal information
The Company will collect your personal information and will process your personal information for:
- performing any contract between us (such as terms and conditions of engagement);
- complying with any legal obligations; or
- as necessary for the legitimate interest of providing you with work-finding services and where applicable associated payment.
We can process your personal information for these purposes without your specific consent. We will not use your personal information for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it. We will collect personal information that will help us in such processing, such as your name, location, profession, skills, qualifications, employment history, references, contact details, right to work details, and where appropriate, details relating to health and criminal convictions. We may store further personal information relating to any engagement/potential engagement such as interviews, start and end dates, pay history, third party company details, and bank details.
If you choose not to provide us with certain personal information you should be aware that we may not be able to carry out certain parts of the contract between us, or certain parts of the services we usually provide for work-seekers. For example, if you do not provide us with your bank account details we may not be able to pay you. It might also stop us from complying with certain legal obligations and duties which we have such as to pay the right amount of tax to HMRC or to make reasonable adjustments in relation to any disability you may suffer from.
We have to process your personal information in various situations, such as:
- during your application for a work placement or assignment, and our endeavours to find you a work placement or assignment;
- during any work placement or assignment;
- following the termination of any work placement or assignment.
For example (and see below for the meaning of the asterisks):
- to decide whether to engage you, or agree to seek work placements or assignments for you;
- to check you have the legal right to work in the UK;
- to carry out the contract between us including where relevant, its termination;
- to contact you from time to time to enquire as to whether you (or any of your friends or acquaintances) are seeking a placement / alternative placement, and to contact you by email with newsletters, satisfaction surveys, general marketing emails and the like (you have the right to require us to cease sending these);
- to decide whether and how to manage your performance, absence or conduct*;
- to determine whether we or a hirer need to make reasonable adjustments to your workplace or role because of your disability*;
- to monitor diversity and equal opportunities*;
- to monitor and protect the security (including network security) of the Company, of you, our other staff, work-seekers, hirers, clients and others;
- to monitor and protect the health and safety of you, our other staff, work-seekers, hirers, clients and third parties*;
- to pay you in accordance with the contract between us*;
- paying tax and national insurance;
- monitoring compliance by you, us and others with our policies and our contractual obligations*;
- to comply with employment law, laws relating to employment agencies and employment businesses, immigration law, health and safety law, tax law and other laws which affect us*;
- to answer questions from insurers in respect of any insurance policies which relate to you*;
- running our business and planning for the future;
- the prevention and detection of fraud or other criminal offences;
- to defend the Company in respect of any investigation or litigation and to comply with any court or tribunal orders for disclosure*;
- for any other reason which we may notify you of from time to time.
We might process special categories of your personal data for the purposes in the paragraph above which have an asterisk beside them. In particular, we may use information in relation to:
- your race, ethnic origin, religion, sexual orientation or gender to monitor equal opportunities;
- your sickness absence, health and medical conditions to monitor your absence, assess your fitness for work, to pay you benefits, to comply with our legal obligations under employment law or other applicable laws including to make reasonable adjustments and to look after your health and safety.
We do not take automated decisions about you using your personal information or use profiling in relation to you.
The Company may process your personal information to carry out our contractual obligations or for our legitimate interests. For example, we may share your personal information with potential employers, hiring clients or Managed Service Providers working on behalf of end clients. Your personal information may also be shared confidentially with third party providers used in the operation of our business such as cloud hosted email or database provision. If you undertake temporary assignments through the Company, we may share certain payroll and pension data with our service providers as necessary. We will not share more information than is reasonably necessary or desirable in order to perform these objectives.
We require third parties with whom we share your personal information to keep your personal information confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
We do not send your personal information outside the European Economic Area. If this changes you will be notified of this and the protections which are in place to protect the security of your data will be explained.
If the Company sells or buys any business or assets at any point in the future we may share your personal information with the prospective seller or buyer or such business or assets.
The protection of your personal information and your privacy are important to us. All information that you provide to us is stored within our database on our servers at a secure datacentre. We have a range of suitable electronic and managerial procedures to safeguard that information.
2. Data retention
The Company will retain certain personal information (name, contact telephone, email address, date of birth, trade/profession and, if applicable, the latest version of your CV) to enable us to advise you from time to time of potential job opportunities that may be of interest to you.
Since the purpose for processing this personal information is to provide you with work-finding services potentially for your entire working life, the Company does not propose to put a time limit on the length of time it retains this information referred to above, but you are entitled to require us to delete or rectify/update any such data at any time (please refer to part 5 (your rights) below. Other information (such as bank account details and National Insurance number) will not be retained for more than three years from the date of the end of your last assignment through us.
In addition, we must keep where appropriate your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation. Different laws require us to keep different data for different periods of time.
3. Data breaches
We have robust measures in place to minimise and prevent data breaches from taking place. Should a breach of personal information occur (whether in respect of you or someone else) then we must take notes and keep evidence of that breach. If the breach is likely to result in a risk to the rights and freedoms of individuals then we must also notify the Information Commissioner’s Office within 72 hours.
If you are aware of a data breach you must contact the Company's Compliance Team on the phone number or email address as set out at the top of this policy immediately and keep any evidence you have in relation to the breach.
4. Subject access requests
Data subjects can make a ‘subject access request’ (‘SAR’) to find out the information we hold about them. This request must be made in writing to the Company.
We must respond within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by a further two months.
There is no fee for making a SAR. However, if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.
5. Your rights
You have the following data protection rights:
- The right to be informed about the personal data the Company processes on you;
- The right of access to the personal data the Company processes on you (see 'Subject access requests' above);
- The right to rectification of your personal data;
- The right to the erasure of your personal data where we are not entitled under the law to process it or it is no longer necessary to process it for the purposes it was collected;
- The right to restrict processing of your personal data - while you are requesting that your personal information is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made;
- The right to object if we process your personal information for the purposes of direct marketing;
- The right to receive a copy of your personal information and to transfer your personal information to another data controller. We will not charge for this and will in most cases aim to do this within one month;
- The right to object to the processing of your personal data that was based on a public or legitimate interest;
- The right to be notified of a data security breach concerning your personal information; and
- In most situations, we will not rely on your consent as a lawful basis to process your data. If we do however request your consent to the processing of your personal information for a specific purpose, you have the right not to consent or to withdraw your consent later.
Any requests made by you in respect of your personal information should be made to the Company's Compliance Team at compliance@danielowen.co.uk or on the phone number set out at the top of this policy. We will respond to requests regarding your rights within 30 days. Many of the rights listed above are subject to certain defined circumstances and we may not always be able to comply with your request. We will tell you if this is the case.
6. Complaints or queries
If you have any complaints of queries about this privacy policy or any of the procedures set out in it or our processing of your personal information please contact The Compliance Team at the Reading office (see above).
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.