DATA PROTECTION PRINCIPLES
Data Protection Laws require the Company acting as either data controller or data processor to process data in accordance with the principles of data protection. These require that personal data is:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Kept for no longer than is necessary for the purposes for which the personal data are processed;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures; and that
- The data controller shall be responsible for, and be able to demonstrate, compliance with the principles.
DATA YOU MAY PROVIDE TO US OR WE MAY COLLECT
Personal data about you may be received in different ways such as;
- Registering on our website;
- Applying for a job;
- Over the phone;
- Email; or
- Via other sources, such as job boards, who you have registered with and is a publicly accessible source of personal data for recruitment purposes.
At this stage, examples of personal data that may be shared with us include your;
- contact details such as name, addresses, telephone numbers and email addresses;
- CV/work history; and
- Job or work preferences;
Once we make contact with you to discuss opportunities that may lead to an engagement, further personal data may be shared such as:
- Date of Birth;
- ID/RTW documentation;
- National Insurance number;
- The outcome of third party screening; (such as security clearance, criminal record checks); and
- Financial information (including bank details, tax details, pension scheme);
HOW WE USE YOUR DATA
The data we receive directly from you or via another source, such as a job board, is only used for the purposes for which it was provided or received. This is essentially for the purposes of either providing recruitment services to you based on Sitec acting as an agency/employment business or to engage you to work for Sitec directly. The data may be used to;
- match your skills and experience with current available opportunities either with our Clients or directly with Sitec;
- to provide you with information about other opportunities that are similar to those that you have already enquired about;
- to submit your details to our clients or internal departments;
- to ascertain that you have the right to work;
- to carry relevant security and/or criminal record checks as may be required;
- to engage you on a suitable contractual arrangement; and
- to pay you for work carried out.
HOW WE KEEP YOUR PERSONAL DATA SAFE
We take our obligations to keep your personal data safe and secure very seriously. Our website is protected using industry standard Secure Socket Layer (SSL) Encryption Technology. Once we have received your data, we use reasonable organisational, technical and administrative measures and procedures to protect your personal data. We regularly audit our system for vulnerabilities and are continuously working to improve our security practices to prevent unauthorised access, misuse or loss.
WHO WE SHARE YOUR DATA WITH
Your personal data may be shared with or sent to prospective clients or employers for whom you have applied for a job, previous employers for references and/or with internal Sitec departments and Consultants. For the purposes of progressing your application, we may be required to share your data with other trusted parties such as;
- Approved Intermediary/Umbrella companies (who you may be engaged through);
- Government agencies (such as HMRC, UK Border Agency, DBS);
- External screening providers (where personal checks are required to be carried out); and/or
- if we are under a duty to disclose your personal data in order to comply with any legal obligation.
OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
Sitec will only process your personal data where it has a legal basis for doing so. For prospective candidates, candidates and contractors, our legal basis for collecting, storing, using, processing, transferring and disclosing personal data is Legitimate Interest. The Legitimate Interests are as follows;
- Collecting personal data either directly from you or from other sources such as job boards that you have registered with and is a publicly accessible source of personal data for recruitment purposes;
- Managing your application, screening, and selection process for suitable assignments;
- Providing your details to nominated third party agencies or bodies for the purposes of pre-assignment screening;
- Managing any subsequent contract of engagement;
- Contacting you by phone or email about potential future assignments.
Should we at any time be required to collect and hold any special category personal data, we will request your consent prior to any processing of that data.
HOW LONG WE KEEP YOUR PERSONAL DATA
All businesses must keep personnel and financial records in order to run their business efficiently and to comply with statutory and or client requirements. We keep your personal data for no longer than is necessary and will endeavour to erase your personal data at the end of the relevant retention period.
For prospective candidates – up to 5 years since the last contact made with you. Contact means where we have had a verbal or written communication with you or where you have applied for a job directly, via our website or through a third party job board and you have been added to our database.
For engaged workers – up to 7 years following the last payment made to you. Engaged workers means candidates who we have successfully placed into a role either for a client or directly with Sitec.
By law, and under certain circumstances, you have the right to:
Request access to your personal data (‘Subject Access Request’)
Receive details of the personal data we hold about you. In most circumstances, the data requested will be provided free of charge. However, we are permitted to charge a “reasonable fee” when a request is manifestly unfounded, excessive or repetitive.
Request rectification of the personal data we hold
This allows you to advise us of any incomplete or inaccurate data.
Request erasure of the personal data we hold (‘right to be forgotten’)
You may request for us to delete or remove your Personal data where we do not have a valid reason to continue to process it. You also have the right to ask us to delete or remove your Personal data if you have successfully exercised your right to object to processing, where we may have processed your data unlawfully or where we are required to erase your Personal data to comply with local law. However, we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Request the restriction of processing of your personal data
This allows you to request for us to suspend the processing of your Personal data if (a) you want us to establish that the personal data we hold is accurate, (b) where our use of the data is unlawful, (c) where you need us to hold the data even if we no longer require it as you require it to establish, exercise or defend any legal claim/s.
Request the transfer or portability of your personal data
You may request that the personal data we hold of you be transferred directly to you or another Data Controller. However, this right only applies to automated data which you initially provided consent for us to use or where we may have used the Personal data to perform a contract with you.
Object to the processing of your personal data
You can object to us processing your data if you feel it impacts on your fundamental rights and freedoms. This right can only be exercised where we have used Legitimate Interest as our legal basis for processing your data.
Withdraw your consent where consent has been used
If Consent has been used to process your data, you may withdraw that consent at any time. If you withdraw your consent, we may not be able to provide certain services to you.
HOW TO CONTACT US
If you have any queries relating to this Privacy Statement or you wish to make a data protection request, you can contact us in the following ways;
Through our website - If you have registered on our website, you are able to make certain data requests by clicking on the specific link in the Candidate Dashboard.
Alternatively, and for all other queries, requests or feedback, you can contact us via the following means;
By email: firstname.lastname@example.org
By Post: Data Protection Coordinator, Sitec, Church House, Church Road, Filton, Bristol, BS34 7BD
By Phone: 0117 9792996 and ask for the Data Protection Coordinator
You have the right to make a complaint at any time to the UK supervisory authority for data protection issues, the Information Commissioner’s Office (ICO), www.ico.org.uk. However, in all cases, we would request you contact us in the first instance to discuss your concerns or issues.
‘Sitec’ is a trading name of Sitec Engineering Ltd (Reg. No. 06426920) and Sitec Professional Services Ltd (Reg. No.01059352).
Sitec may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25th May 2018.