Smart 1 Recruitment, is committed to protecting the privacy of our visitors.
The following policy outlines our practices and procedures when it comes to the collection, handling, storing and protection of your data.
What data do we collect?
In order to deliver our product/service to our customers, we ask for personal information such as names, addresses, phone numbers, email address, date of birth, bank details and any other relevant information required. We are committed to recording data accurately and securely to ensure all communications are limited to the intended recipient.
Why we collect data
We collect data in order to provide a recruitment service by keeping candidates up to date with new vacancies and jobs we feel they would be suitable for.
We only collect data under the following lawful bases:
(a) Consent: the individual has given us clear consent for us to process their personal data for a specific purpose of the nature of the business.
(b) Contract: the processing is necessary for a contract we have in place with each candidate.
(c) Legal obligation: the processing is necessary for you us to comply with the law with regards to right to work in the UK.
(d) Legitimate interests: the processing is necessary for the legitimate interests of our third party payroll company for processing weekly pay to the candidate.
How it is processed and stored
Third party systems
We use a third party company which use the personal data to provide a payroll service.
How we protect your data
We are committed to keeping your data safe and secure. Above and beyond the practices noted in this policy, we have a dedicated Data Protection Officer(s) to ensure our practices are being upheld and adhered to.
Should any issues be detected in terms of the use or security of our data, our Data Protection Officer will firstly ensure that corrective measures are taken to prevent any further breaches. Once the breach has been contained, the event will be fully documented and we will analyse its severity. If the breach is considered to be of low severity and pose little risk to individuals, we will ensure it is documented and appropriate measures are taken to prevent a repeat occurrence.
If the breach is considered to of high severity and have a risk to individual’s rights and freedoms, we will take all measures noted above in addition to notifying the individuals affected and notify the ICO within 72 hours.
How long we keep your data
We will only keep data for as long as is deemed necessary. As our data is used to provide a recruitment service we will perform yearly data cleanses to assess the relevance and purpose of the data we hold. Any data considered to be no longer relevant will be securely deleted and this process will be documented.
Under GDPR you, as an individual, have the following rights:
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
For more information on your individual rights, please visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
To discuss a subject access request, please contact [email protected]. If the request is fair and appropriate, we will provide the requested information within one month of the request, free of charge. We reserve the right to refuse or charge for requests that are manifestly unfounded or excessive. In both cases we will communicate with the individual(s) to explain the reasoning’s and if a fee is to be charged, the fee will be based on the administrative cost of providing the information requested.
We operate the majority of our business within the EEA and therefore our governing body is the ICO and our data practices have been developed with ICO guidelines and GDPR practices in mind. Should we need to share your data outside of the EEA, we will ensure you are fully consulted.
If you have any queries relating to data or privacy, please contact [email protected]