During the course of our activities we, Seven Resourcing Ltd, will process personal data (which may be held on paper, electronically, or otherwise) about the people who use our services and website (you). We recognise that we have obligations under the Data Protection Act 2018 (GDPR) to ensure transparency, security and proper retention of the personal data we collect about you. The purpose of this policy is to make you aware of how we will handle and protect your personal data.
Data protection principles
We will comply with the six data protection principles of the Data Protection Act 2018, which say that personal data must be:
- (a) processed lawfully, fairly and in a transparent manner in relation to the data subject;
- (b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with these purposes;
- (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- (d) accurate, and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are incorrect, having regard to the purposes for which they are processed, are erased or rectified without delay;
- (e) retained only as long as necessary;
- (f) processed in an appropriate way to ensure its security;
“Personal data” means any information we hold about you from which you can be identified. It may include contact details such as name, telephone number, email address, home address plus information about your work history, record of qualification and training or expressions of opinion about you. “Processing” means using the data – such as accessing, disclosing, destroying or storing the data in any way.
Fair and lawful processing
We will usually only process your personal data where you have provided it to us directly, or where you have submitted your data to an online portal that allows for the sharing of your data with us for the purpose of seeking new employment. We use this data to match you to suitable employment positions as advertised by our clients and will use this data to contact you when a match is found. We may also send you emails that advertise available positions in order to invite you to apply. We will not use your data for anything other than these purposes.
We will keep the personal data we store about you accurate and up to date. Data that is inaccurate or out of date will be destroyed. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.
We will not keep your personal data for longer than is necessary for the purpose. This means that data will be destroyed or erased from our systems when it is no longer required and no longer than five years.
Processing in line with your rights
You have the right to:
(g) be informed – by provision of this notice
Issue Date: 07/06/2018 Issue status: 1.0 Owner: Director
- (h) have access – upon request to all of the data we hold about you
- (i) have your data erased – you may make a request to have data erased and where we have no legal basis to retain the data, we will erase and confirm to you within 30days of your request
- (j) Portability – you may have your data delivered to you in a readable, useable format
- (k) Have your data rectified – where you think data is inaccurate, you may make a request to have your data updated or deleted where you think it is wrong
- (l) Object and restrict the use of your data
- (m) Know when automated decision making is taking place with your data, you also have the right to object and ask for human intervention
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to the personal data.
We have in place appropriate technologies and security controls to maintain the security of all personal data from the point of collection to the point of destruction. We will only share personal data with a third party with your consent or where we have a legal obligation to do so.
Maintaining data security means guaranteeing the confidentiality, integrity and availability of the personal data. Seven ensure an appropriate level of security is applied to the data.
Other security controls we apply to personal data are as follows but not limited to:
- Conducting DPIAs and LIAs were appropriate
- Access control, both physical and electronic
- Robust and up to date anti-malware programs
- Employee training and awareness programs
- IPS network protection
- Strict web filtering, blocking and monitoring activities
- Secure data disposal
Providing information to third parties
Seven will not disclose your personal data to a third party without your consent unless where we are satisfied that the requester is legally entitled to the data (such as law enforcement agencies). Seven do not sell or share personal data with marketers or other similar third parties.
Subject access requests – your rights
If you wish to know about the data we hold about you, you may contact us and we will deliver all of the data to you in a readable, useable format.
You may also make a request to object, restrict and delete the data we hold about you by using the contact email below. You can make a complaint to us by using the same email contact. We will ensure we contact you within 30 days of your request to confirm the action we have taken.
You may also contact the Information Commissioners Office (ICO) to complain or to find out more information about your rights at https://ico.org.uk/.