Hark Recruitment Limited (‘the Company’) is a recruitment business which provides work-finding, recruitment, training and related services to its clients and work-seekers.
The Company must process personal data so that it can provide these services – in doing so, the Company acts as a data controller. We will only use your personal data in accordance with the terms outlined in our contracts and our privacy notice.
1.1 Collection and use of personal data
a) You may give your personal details to the company directly, such as by seeking services from us.
b) In some circumstances, your personal details may have been provided to us by another person in your company in order for us to offer and / or perform a contractual obligation between Hark Recruitment and your company.
c) Your details may have been identified via publicly available sources in relation to your professional history (e.g. LinkedIn or your company website).
In any case the Company must have a legal basis for processing your personal data. We will only use your personal data in accordance with the terms of a contract and our privacy notice.
1.2 Purpose of processing and legal basis
The Company will collect your personal data and process your personal data, which may include sensitive data, for the purposes of providing you with our services. The legal bases we rely upon when providing and/or offering to provide these services to you are:
Legal base Example of purpose
Legal Obligation to comply with law, e.g. HMRC and tax legislation
Contractual Obligation to provide our services including work-finding, recruitment, training and related services; to assist us / you/your company to establish / exercise or defend legal claims.
Legitimate Interest for marketing and public relations in relation to our services; to improve the services we offer including work-finding, recruitment, training and related services
Consent where we have explicitly obtained your consent to share your data with other potential clients e.g. to provide a testimonial and/or reference about our service provision.
Public Interest review If it applies where we supply into public sector.
Vital interest of data subject In the event of an emergency situation, the limited information we hold on you would be provided to emergency services as necessary.
1.3 Recipient/s of data
Where we need to share your personal data, we have contracts and data sharing agreements in place with the recipients that require them to treat your information as confidential and ensure the continued protection of your data whilst in their possession. The Company will process your personal data with the following recipients:
a) Candidates / workers that are introduced to and/or supplied to your company;
b) Governing bodies and authorities as required by law;
c) Our software providers;
d) Third party suppliers, e.g. business associates and professional advisers, such as external consultants, technical and IT support functions, independent auditors and intermediaries;
e) Third party, where necessary to protect your vital interest, e.g emergency services;
f) Marketing technology platforms and suppliers;
g) We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or a part of any business restructuring or reorganisation. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
2. Overseas transfers
The Company will not transfer the information you provide to us to countries outside the European Economic Area (‘EEA’). The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
3. Automated decision making
The company does not use automated decision-making, including profiling. Should the company intend to change this process you will be notified in advance.
4. Data access restriction and retention
The Company will retain your personal only for as long as is necessary. Different laws require us to keep different data for different periods of time.
4.1 Where services have not been provided
If we have not provided you / your company with our services, or we not had valuable contact with you (or, where appropriate, the company you are working for or with) for two consecutive years, your personal data will be deleted from our systems unless where we believe in good faith that the law or other regulation requires us to preserve it.
4.2 Where services have been provided
Your personal details may be included in several documents created during the course of our contract with you/your company. To comply with legal requirements e.g. HMRC, Agency Workers Regulation and tax legislation, your data will be kept by hark recruitment for 7 tax years directly prior to the last date on which services were provided to you/your company.
Where the Company has obtained your consent to process your personal data and sensitive personal data we will do so in line with the relevant schedule detailed above. After expiry of that period your data will no longer be kept by Hark Recruitment.
5. Security precautions in place to protect the loss, misuse or alteration of your information
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, e.g.:
a) encryption of our services and data;
b) review our information collection, storage and processing practices, including physical security measures;
c) restrict access to personal access to personal information;
d) internal policies setting out our data security approach and training for employees, these include measures to deal with any suspected data breach. The two providers with whom where we store most of our data, Microsoft and Firefish (who store their data through Microsoft Azure), both use ISO 27001 accredited processes and follow industry best practice.
6. Your rights
Please be aware that you have the following data protection rights:
a) The right to be informed about the personal data the Company processes on you;
b) The right of access to the personal data the Company processes on you;
c) The right to rectification of your personal data;
d) The right to erasure of your personal data in certain circumstances; e) The right to restrict processing of your personal data;
f) The right to data portability in certain circumstances;
g) The right to object to the processing of your personal data that was based on a public or legitimate interest;
h) The right not to be subjected to automated decision making and profiling; and
i) The right to withdraw consent at any time.
Where you have consented to the Company processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by emailing Data Protection Officer [email protected]
7. Complaints or queries
If you wish to complain about this privacy notice or any of the procedures set out in it please contact our Data Protection Officer by emailing [email protected]. You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/ ,or any other relevant supervisory authority should your personal data be processed outside of the European Union, if you believe that your data protection rights have not been adhered to.
V1 OCTOBER 2021