This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Your new rights under the GDPR are set out in this notice and were last updated on 10th July 2023.
The information we collect
To carry out our core recruitment activities, we collect information about you which may include: your name, address and postcode; private and corporate e-mail address and phone number; financial information and compliance documentation; references verifying your qualifications and experience and your right to work in the United Kingdom; curriculum vitae and photograph; employment details and preferences; links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, Facebook for Business or corporate website.
How we collect this information
The information we collect about you will be provided by you, either by filling out a form on our website talenttent.co.uk or jobs.talenttent.co.uk or by corresponding with us by phone, e-mail or otherwise. It will also include information you provide when you register to use our website, subscribe to our services, attend our events, participate in discussion boards or other social media functions on our website, enter a competition, promotion or survey, and when you report a problem with our site.
We may also obtain information about you from other sources such as LinkedIn, corporate websites, job board websites, online CV libraries, your business card, personal recommendations, and any relevant social media sites. In this case – and within 30 days of collecting – we will inform you that we hold this personal data, the source the data originated from, whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.
If your company works with us
The Information We Collect
If your company works with us, we may collect certain information about you for the purposes of giving HR advice. This could include: your name, email address, physical address, date of birth, and information relating to HR cases you may be involved with.
If we have been instructed to work with your company by one of our partners, we will share reports of the work that we will be conducting with these companies. Please note, these reports are anonymised and do not include personal data. If there are any exceptions to this or other instances where we may share your information with third parties, we will clearly communicate this with you and obtain your consent where necessary.
Our legal basis for processing data
Our legal basis for the processing of personal data is: legitimate interest, described as legitimate interest and/or consent when processing data for the purposes of recruitment. and/or consent, obtained as follows: application, phone call, in person contact or online.
We also process this information in accordance with Article 6(1)(b) of the GDPR, as it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
Where We Store Your Data
Clients - The information we collect from you is stored on Google Drive, with servers located within the European Union. Google has robust security measures in place to protect your data, which you can learn more about [here] (link to Google's security measures).
Candidates & Job Applicants - All information stored on our recruitment software is secured through the Microsoft Azure Infrastructure and located at two data centres locations within Europe. Our primary centre is located in Microsoft’s Western European centre, and these facilities are secured by a series of measures, including (but not limited to) biometric access, security alarm systems and round-the-clock security staff. Additional security information on Microsoft’s data centres can be found here.
Contact Information for the DPO
Withdrawal of Consent
You have the right to withdraw your consent at any time. To do this, please send an email to firstname.lastname@example.org with 'Withdrawal of Consent' in the subject line and specify what you're withdrawing consent for in the body of the email. We will process your request as soon as possible, but no later than one month from receipt of the request. Following the withdrawal of consent, we will no longer process your personal data for the purposes you have withdrawn consent for, unless we have a separate legal basis for doing so.
Under the General Data Protection Regulation (GDPR), you have a number of important rights that you can exercise free of charge. In summary, these rights are:
Transparency over how we use your personal data (right to be informed).
Request access to your personal data (right of access).
Request correction of incorrect or incomplete data we hold about you (right to rectification).
Request deletion or removal of your personal data where there is no good reason for us continuing to process it (right to erasure, also known as the ‘right to be forgotten’).
Object to processing of your personal data for direct marketing purposes (right to object).
Request to restrict processing of your personal data (right to restriction).
Request the transfer of your personal data to another party (right to data portability).
Rights related to automated decision-making including profiling.
If you want to exercise any of these rights, please contact our Data Protection Officer at email@example.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
How long we keep your data for
We retain different types of data for differing periods of time. The criteria we use to determine whether we should retain your personal data and how long for includes:
The nature of the personal data
Its perceived accuracy of your data
Your engagement levels with our services
Our legal obligations following an offer or when a placement has been made.
Changes to our privacy notice
Any changes we make to our privacy notice in future will be posted on this page and, where appropriate, you will be notified by e-mail. Please check back frequently to view any updates or changes to our privacy notice or for any further information please email firstname.lastname@example.org.