The Highfield Company Privacy Policy

Privacy Notice (External)

The Highfield Recruitment Company Limited

 

Introduction

This Privacy Notice sets out the basis on
which we use personal data in the course of our business activities.

 

We are The Highfield Recruitment Company
Limited of 29 Carlton Crescent, Southampton, SO15 2EW. We are registered in
England & Wales under company number 07010303.

 

As a business which relies upon having access
to a database of pre-qualified Candidates to meet our Clients’ requirements, data
is essential to our business. Our systems and processes are designed to ensure
that we can provide the best possible service to our clients while operating
within the law at all times and protecting individuals’ data privacy rights.

 

We reserve the right to update this Privacy
Notice from time to time. Where appropriate, we shall contact you to notify you
of any material changes to the Privacy Notice. You should also refer to our
website periodically so that you may access and view our updated Privacy Notice.
This will ensure that you understand (i) how we are using your personal data
and (ii) your legal rights around our usage of such personal data.

 

Who Should Read This Privacy
Notice?

This Privacy Notice applies to any living,
identifiable individuals about whom we may process personal data in the course
of our business activities. You should read this Privacy Notice if you are a:

 

·      
Candidate

 

·      
ClientContact

 

·      
Referee

 

·      
Supplier
Representative

 

If you are an employee, applicant for employment
or in-house temporary worker, you should refer to our internal Privacy Notice
instead. This is available to view at http://www.thehighfieldcompany.com/content/privacy-statement-139.htm.

 

Definitions

This Privacy Notice uses the following
defined terms.

Candidate
means a person who is registered with The Highfield Company as seeking or
potentially seeking new employment or engagement. This includes individuals who
are not actively seeking a new role but who would like to remain in contact
with The Highfield Company about potential opportunities which may be of
interest from time to time.

 

Client
means a business which has engaged The Highfield Company to provide services or
which The Highfield Company has identified as a business for which The
Highfield Company wishes to perform services.

 

Client
Contact
means a person who is employed or engaged by a Client and with whom
The Highfield Company may liaise in respect of any services which The Highfield
Company is providing or wishes to provide to the Client. In some cases, the
Client Contact and the Client may be the same person e.g. where a Client is a
sole trader.

 

Data
Protection Legislation
means (i) unless and until the GDPR is no longer
directly applicable in the UK, the General Data Protection Regulation ((EU)
2016/679) and any national implementing laws, regulations and secondary
legislation, as amended or updated from time to time, in the UK and then (ii)
any successor legislation to the GDPR or the Data Protection Act 1998.

 

Referee
means a person who has provided to The Highfield Company a written or verbal
opinion in respect of the work history, skills, competency and/or experience of
a Candidate;

 

 

Supplier
means a business which provides services to The Highfield Company and which may
process personal data relating to any Candidate, Client Contact or Supplier
Representative in the course of performing such services.

 

Supplier
Representative
means a person
who is employed or engaged by a Supplier and with whom The Highfield Company
may liaise from time to time in respect of the services which are provided by
that Supplier.

 

Third-Party
Services Provider
means any relevant third-party business which provides
services to us, such as our:

 

·      
Professional advisers including accountants, tax
advisors and lawyers;

·      
Insurers;

·      
IT services providers and software providers;

·      
Independent consultants and subcontractors

 

How We Obtain Personal Data

We obtain personal data from a number of
different sources, depending on whether you are a Candidate, a Client Contact or a Supplier Representative.

 

If you are a Candidate, we may obtain personal data
relating to you:

 

·      
Directly if you have:

o  
applied for a Client vacancy through us

o  
uploaded your CV through our website

o  
asked us to provide any work-finding services to
you

o  
engaged with us through any networking
activities or events

o  
had any discussions with us about finding
alternative employment

 

·      
Indirectly from:

o  
online professional networking sites such as
LinkedIn

o  
social networking sites such as Facebook or
Twitter

o  
job boards such as Total Jobs, CV Library,
Jobsite, Career Structure and Gulf Talent

o  
referees who provide information about your
employment experience and their opinion as to your skills and aptitude

o  
your employer’s website and other
industry-related websites

o  
business information directories

o  
online industry databases such as the
Construction Industry Training Board

o  
where appropriate, third-party background
checking services such as the Disclosure & Barring Service

 

If you are a Client Contact or Supplier
Representative
, we may obtain personal data relating to you:

 

·      
Directly in the course of (i) us providing
services to you or (ii) you providing services to us, as applicable; or

 

·      
Indirectly from:

o  
online professional networking sites such as
LinkedIn

o  
your employer’s website and other
industry-related websites

o  
business information directories

o  
other individuals within your organisation in
the course of (i) us providing services to you or (ii) you providing services
to us, as applicable.

 

If you are a Referee, we may obtain personal data relating to you:

 

·      
Directly from you in the course of any
communications between us; or

 

·      
Indirectly from the Candidate who has nominated
you as his or her Referee

 

 

Types of Information We Hold

If you are a Candidate, we may collect, store and process the following types of
personal information about you:

·       Personal
contact details such as name, title, addresses, telephone numbers, and email
addresses;

·       Your
gender, date of birth, nationality and place of residence;

·       Your
professional skills and experience;

·       Your
qualifications, training and certifications;

·       Proof
of your right to work in the United Kingdom such as copies of your passport
and, where applicable, visa, residence permit or similar government documents;

·       Proof
of your identity and address, such as copies of your driving licence, utility
bills or similar documents;

·       Information
about your current or most recent role, including your job title, department,
reporting line, responsibilities, salary, benefits and notice period;

·       Your
motivation and reasons for seeking new employment;

·       Any
information within your CV or any application document which a Client may
require you to complete;

·       Any
background information which you provide to us during the course of your
dealings with us;

·       Details
of any Clients to whom you have been introduced by us;

·       Details
of any interviews which you have attended and our Clients’ feedback on those
interviews;

·       Details
of any position which you take up with a Client, including your role, duties,
remuneration, department and location;

·       Where
you provide any services on a freelance basis:

o  Details
of any limited company through which you contract and the nature of your
relationship with that company;

o  Information
about the days and times which you have worked;

o  Your
bank details, tax code and National Insurance Number; and

o  Information
about any services which you have carried out, including any comments, feedback
and issues relating to such services.

 

We may also ask for your consent
to collect, store and use the following "special categories" of more
sensitive personal information:

·       Information
about your race or ethnicity;

·       Information
about your health, including any medical condition, health and sickness records;
and

·       Information
about criminal convictions and offences.

 

If you are a Client Contact, we will
collect, store, and use the following categories of personal information about
you:

·       Personal
contact details such as name, title, addresses, telephone numbers, and email
addresses;

·       Your
job title and position within the Client organisation; and

·       Any
background information relating to your personal circumstances, your work
history and the role which you perform within the Client which you may provide
to us in the course of your dealings with us.

 

We
do not collect, store or use any “special categories” of sensitive personal
information if you are a
Client Contact.

 

If you are a Referee, we will collect, store, and use the following categories
of personal information about you:

·       Personal
contact details such as name, title, addresses, telephone numbers, and email
addresses;

·       Your
job title and position within your employer; and

·       Any
background information which you may provide to us in the course of your
dealings with us.

 

We
do not collect, store or use any “special categories” of sensitive personal
information if you are a
Referee.

 

If you are a Supplier Representative, we will collect, store, and use the
following categories of personal information about you:

·       Personal
contact details such as name, title, addresses, telephone numbers, and email
addresses;

·       Your
job title and position within the Supplier organisation; and

·       Any
background information relating to the role which you perform within the
Supplier which you may provide to us in the course of your dealings with us.

 

We
do not collect, store or use any “special categories” of sensitive personal
information if you are a
Supplier
Representative
.

 

How We Use Personal Data

If you are a Candidate, we may use your personal data to:

 

·      
Assess and verify your potential suitability for
employment with a Client;

·      
Contact you in relation to any potential
employment opportunities with a Client;

·      
Introduce you to our Clients and potentially
arrange for you to fill a Client vacancy;

·      
Stay in regular contact with you to understand
your current position, career aspirations and motivation for finding new
employment;

·      
Where applicable, make payments to you or
arrange for any third-party company through which you may contract to make
payments to you;

·      
Contact you to ask for a referral;

·      
Produce anonymised statistical data;

·      
Comply with our legal obligations, defend or
bring any legal proceedings and prevent fraud or any other crime; and

·      
Conduct equal opportunities monitoring.

 

If you are a Client Contact, we may use your personal data to:

·      
Contact you to obtain information about our
Client’s requirements;

·      
Liaise with you so that we may effectively perform
the services to our Client;

·      
Obtain a reference for a Candidate;

·      
Contact you for invoicing and credit control
purposes;

·      
Comply with our legal obligations, defend or
bring any legal proceedings and prevent fraud or any other crime.

 

If you are a Referee, we may use your personal data to:

 

·      
Contact you to obtain a reference on a
Candidate;

·      
Provide a copy of the reference to our Client;

·      
Comply with our legal obligations, defend or
bring any legal proceedings and prevent fraud or any other crime.

 

If you are a Supplier Representative, we may use your personal data to:

·      
Liaise with you in respect of the services which
are being provided by the Supplier;

·      
Contact you in relation to billing matters;

·      
Comply with our legal obligations, defend or
bring any legal proceedings and prevent fraud or any other crime.

 

Our Lawful Basis for
Processing Data

We have determined that we have a
legitimate interest to process your personal data where you are:

 

·      
A Candidate,
on the basis that it is necessary for us to maintain a database of individuals
who are (i) actively seeking new employment with a Client or (ii) potentially
suitable for employment with a Client. By processing your personal data and
contacting you from time to time, we are able to gain an understanding of your
current role (where applicable), your skills and experience, and your career
aspirations. Our processing of your personal data is therefore of benefit to:

 

o  
You, as it assists us to identify new employment
opportunities about which you might not otherwise been aware and to give
general advice and guidance in support of your career development;

 

o  
Our Clients, who rely on us to have access to
suitable, pre-qualified candidates who can fill their requirements; and

 

o  
Us, as we are a commercial enterprise which
relies upon being able to introduce Candidates to our Clients

 

If
you are a Candidate, we may also need to process sensitive (special) personal
data relating to you. The type of sensitive personal data which we might
process includes (i) information about any medical conditions or disability
insofar as they are relevant to the type of work which you are proposing to
carry out (ii) information about any unspent criminal convictions and, where
relevant to the type of role which you are carrying out, spent convictions,
police warnings etc and (iii) information about any trade union of which you
are a member (but only insofar as it relates to an employment claim or pay and
working conditions on a client site).

 

We
are acting as an employment agency and/or an employment business in our
dealings with you. In accordance with Article 9 (2)(b) of the GDPR, this
sensitive personal data is necessary for performing our obligations as an
employment agency/employment business and is used solely for this purpose. Any
sensitive personal data shall be deleted in accordance with our policy on data
retention.

 

We
may also process equal opportunities information relating to you, but will be
anonymised and, at that stage, is not personal data.

 

·      
A Client
Contact
, on the basis that we need to be able to contact and interact with
the individuals who are employed or engaged by our Clients. This will allow us
to effectively provide services to them, better understand their requirements
and generate revenue for our business.

 

·      
A Referee,
on the basis that we are generally required to obtain references to comply with
our contractual obligations to third parties and, in some instances, we are
under a legal obligation to do so. It is therefore necessary and reasonable for
us to process personal data relating to you strictly for compliance with these
obligations.

 

·      
A Supplier
Representative
, on the basis that we need to be able to contact and
interact with the individuals who are employed or engaged by our Suppliers.
This will allow us to ensure that our Suppliers provide us with the best
possible service which, in turn, is of direct benefit to both our Candidates
and our Clients.

 

Where We Process Personal
Data

Your personal data is held and processed by
us in the United Kingdom.

 

In addition to our database, we may use
Microsoft OneDrive to store personal data relating to you. We have ascertained
that this data is kept within a data centre within the United Kingdom.

 

We have put in
place appropriate safeguards to ensure that your data is only transferred to
jurisdictions with enforceable data subject rights and effective legal remedies
in respect of data privacy breaches. We will therefore only transfer your personal
data to jurisdictions outside of the EEA where:

 

·      
There are binding corporate rules in place
regarding the transfer of such data within the Group, in accordance with
Article 47 of the GDPR.
This means that
the data transfer is between group companies and those group companies have
agreed to share that data in accordance with the rules specified by the
European Commission.

 

·      
The European Commission has made an adequacy
decision in respect of such jurisdiction.
This
means that the European Commission has pre-approved the data privacy regime in
the relevant non-EEA country. At present, the European Commission-approved
jurisdictions are Andorra, Argentina, Canada (commercial organisations), Faroe
Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland,
Uruguay and the US (limited to the Privacy Shield framework).

 

·      
The transfer of data is subject to the model
contractual clauses adopted by the European Commission.
This means that we have a data-sharing agreement in place which
complies with the requirements set out by the European Commission;
or

 

·      
You have expressly given informed consent to the
transfer of such data.
This
means that you have not only agreed to the transfer but have done so in the
knowledge that your data may be transferred to a jurisdiction which does not
give you the same degree of protection as you have within the EEA.

 

 

Parties with Whom We May
Share Data

If you are a Candidate, we may share your personal data for legitimate purposes with:

 

·      
A Client where you have expressed an interest in
being introduced to such Client or are being supplied to such Client on an
assignment;

·      
Any third-party which is engaged by the Client
to assist them in the recruitment process including a managed service company,
Recruitment Process Outsourcing provider or IT services provider;

·      
A third-party company through which you are
contracting;

·      
A third-party company to which you have
specifically asked to be introduced or referred, such as an insurance company
or intermediary (umbrella) company;

·      
Background checking services such as the Disclosure
& Barring Service;

·      
Industry bodies such as the Construction
Industry Training Board and any similar organisations which are relevant to the
market sector in which you work;

·      
Third-Party Services Providers who in some cases
may use their own subcontractors and sub-processors;

·      
Our bankers and recruitment finance providers;

·      
Governmental departments and agencies where we
are permitted or required by law to do so.

 

We may also share your personal data with
Clients on an anonymised basis where we have agreed to provide general statistical
information to such Clients.

 

If you are a Client Contact, we may share very limited data relating to you with
a Candidate where such sharing is strictly required for the recruitment process
e.g. so that the Candidate may contact you directly. We will also share your
personal data with Third-Party Services Providers for legitimate business purposes.

 

If you are a Referee, we will share with our Clients the details of any
reference which you may give. We will usually provide your name, job title and
employer name when doing so. In some circumstances and only when you have
agreed to such disclosure, we will provide your contact details so that our
Client may verify the reference or ask for further information. We will also
share your personal data with Third-Party Services Providers for legitimate
business purposes.

 

If you are a Supplier Representative, we will share your personal data with
other Third-Party Services Providers for legitimate business purposes.

 

Our Website

If you interact with our website at www.thehighfieldcompany.com, we
may process information relating to your usage of the website. However, unless
you are submitting information through our website as a Candidate or Client
Contact, the information which we process is anonymised and not therefore
personal data within the meaning of the Data Protection Legislation.

 

Automated Decision Making

Automated
decision-making takes place when an electronic system uses personal information
to make a decision without human intervention.

 

All
decisions which are made in the course of our business processes involve human
intervention. We do not therefore expect to make any decisions about you using
automated means, whether you are a
Candidate,
Client Contact, Referee or Supplier Representative.

 

Data Security

We have put in place appropriate security
measures to prevent your personal information from being accidentally lost,
used or accessed in an unauthorised way, altered or disclosed. In addition, we
limit access to your personal information to those employees, agents,
contractors and other third parties who have a business need to know. They will
only process your personal information on our instructions and they are subject
to a duty of confidentiality. Details of these measures may be obtained from
the Operations Director.

 

We have put in place procedures to deal
with any suspected data security breach and will notify you and any applicable
regulator of a suspected breach where we are legally required to do so.

 

Data Retention

We will only retain your personal
information for as long as necessary to fulfil the purposes we collected it for,
including for the purposes of satisfying any legal, accounting, or reporting
requirements. To determine the appropriate retention period for personal data,
we consider the amount, nature, and sensitivity of the personal data, the
potential risk of harm from unauthorised use or disclosure of your personal
data, the purposes for which we process your personal data and whether we can
achieve those purposes through other means, and the applicable legal
requirements.

 

Our standard data retention period is three
years from the last date on which we are in actual contact with you i.e. where
we actually speak with you or exchange correspondence. After this time, we will
usually delete your personal data from our records.

 

Where we are required to keep any information
(i) for auditing or compliance purposes (ii) to comply with our contractual
obligations to third parties or (iii) in respect of any potential or actual
legal proceedings, we shall keep your data for as long as is strictly necessary
for these purposes, which is typically for seven years in respect of audit data
which we may be required to produce for HRMC and/or to prove compliance with
our contractual and legal obligations.

 

In some circumstances we may completely
anonymise your personal information so that it can no longer be associated with
you, in which case we may use such information without further notice to you.

 

Rights of access,
correction, erasure, and restriction

Your
duty to inform us of changes.
It is important that the personal information
we hold about you is accurate and current. Please keep us informed if your
personal information changes during your working relationship with us.

 

Your
rights in connection with personal information.
Under certain
circumstances, you have the right to:

 

·      
Request access
to your personal information (a Subject Access Request). This enables you to
receive a copy of the personal information we hold about you and to check that
we are lawfully processing it. You will not usually have to pay a fee to access
your personal information but we may charge a reasonable fee if your request is
clearly unfounded, repetitive or excessive. Alternatively, we may refuse to
comply with the request in such circumstances.

 

·      
Request correction
of the personal information that we hold about you. This enables you to have
any incomplete or inaccurate information we hold about you corrected.

 

·      
Request erasure
of your personal information. This enables you to ask us to delete or remove
personal information where the personal data is no longer necessary in relation
to the purpose for which it was originally collected/processed or you have
objected to the processing and there is no overriding legitimate interest for
continuing the processing.

 

·      
Object
to processing of your personal information where we are relying on a legitimate
interest and you object on “grounds relating to your particular situation.”

 

·      
Request the restriction
of processing of your personal information. This enables you to ask us to block
or suppress the processing of personal information about you, for example if
you want us to establish its accuracy or the reason for processing it or if you
have also objected to the processing as above.

 

·      
Request the transfer
of your personal information to another party when the processing is based on
consent and carried out by automated means. This right is not applicable to any
data processing carried out by The Highfield Company.

 

If you want to exercise any of the above
rights, please contact the Operations Director in writing. We will consider
your request and confirm the actions which we have taken in response to such
request.

 

We may need to request specific information
from you to help us confirm your identity and ensure your right to access the
information (or to exercise any of your other rights). This is an appropriate
security measure to ensure that personal information is not disclosed to any
person who has no right to receive it.

 

In the limited circumstances where you may
have provided your consent to the collection, processing and transfer of your
personal information for a specific purpose, you have the right to withdraw
your consent for that specific processing at any time. To withdraw your
consent, please contact the Operations Director. Once we have received
notification that you have withdrawn your consent, we will no longer process
your information for the purpose or purposes you originally agreed to, unless
we have another legitimate basis for doing so in law. We will confirm the
actions which we have taken in respect of any such request.

 

If you are unhappy with any aspect of the
manner in which we have processed your personal data or dealt with your
decision to exercise any of the rights set out in this section, you have the
right to complain to the Information Commissioners Office in the United
Kingdom. Their details are:

 

 

Information
Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Tel:
0303 123 1113 (local rate) or 01625 545 745

Email:
casework@ico.org.uk

 

 

Contacting Us

If you have any questions about this
Privacy Notice, you can write to our Operations Director at The Highfield
Company, 29 Carlton Cres, Southampton SO15 2EW. Alternatively, you may
telephone us on 01962 397777 or email us at
customerservice@thehighfieldcompany.com.