Data Protection Policy
The Company is fully committed to compliance with the requirements of the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force. The Regulation applies to anyone processing personal data and sets out principles which should be followed and gives rights to those whose data is being processed.
To this end, the Company endorses fully and adheres to the Data Protection Principles listed below. When processing data we will ensure that it is:
· processed lawfully, fairly and in a transparent way (‘lawfulness, fairness and transparency’)
· processed no further than the legitimate purposes for which that data was collected (‘purpose limitation’)
· limited to what is necessary in relation to the purpose (‘data minimisation’)
· accurate and kept up to date (‘accuracy’)
· kept in a form which permits identification of the data subject for no longer than is necessary (‘storage limitation’)
· processed in a manner that ensures security of that personal data (‘integrity and confidentiality’)
· processed by a controller who can demonstrate compliance with the principles (‘accountability’)
These rights must be observed at all times when processing or using personal information. Therefore, through appropriate management and strict application of criteria and controls, the Company will:
· observe fully the conditions regarding having a lawful basis to process personal information
· meet its legal obligations to specify the purposes for which information is used
· collect and process appropriate information only to the extent that it is necessary to fulfil operational needs or to comply with any legal requirements
· ensure the information held is accurate and up to date
· ensure that the information is held for no longer than is necessary
· ensure that the rights of people about whom information is held can be fully exercised under the GDPR (i.e. the right to be informed that processing is being undertaken, to access personal information on request; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information)
· take appropriate technical and organisational security measures to safeguard personal information
· ensure that personal information is not transferred outside the EU, to other countries or international organisations without an adequate level of protection
Employees Personal Information
Throughout employment and for as long as is necessary after the termination of employment, the Company will need to process data about you. The kind of data that the Company will process includes:
· any references obtained during recruitment
· details of terms of employment
· payroll details
· tax and national insurance information
· details of job duties
· details of health and sickness absence records
· details of holiday records
· information about performance
· details of any disciplinary and grievance investigations and proceedings
· training records
· contact names and addresses
· correspondence with the Company and other information that you have given the Company
The Company believes that those records used are consistent with the employment relationship between the Company and yourself and with the data protection principles. The data the Company holds will be for management and administrative use only but the Company may, from time to time, need to disclose some data it holds about you to relevant third parties (e.g. where legally obliged to do so by HM Revenue & Customs, where requested to do so by yourself for the purpose of giving a reference or in relation to maintenance support and/or the hosting of data in relation to the provision of insurance).
In some cases the Company may hold sensitive data, which is defined by the legislation as special categories of personal data, about you. For example, this could be information about health, racial or ethnic origin, criminal convictions, trade union membership, or religious beliefs. This information may be processed not only to meet the Company's legal responsibilities but, for example, for purposes of personnel management and administration, suitability for employment, and to comply with equal opportunity legislation. Since this information is considered sensitive, the processing of which may cause concern or distress, you will be asked to give express consent for this information to be processed, unless the Company has a specific legal requirement to process such data.
ACCESS TO DATA
You may, within a period of one month of a written request, inspect and/or have a copy, subject to the requirements of the legislation, of information in your own personnel file and/or other specified personal data and, if necessary, require corrections should such records be faulty. If you wish to do so you must make a written request to your line Manager. The Company is entitled to change the above provisions at any time at its discretion.
Data Security
You are responsible for ensuring that any personal data that you hold and/or process as part of your job role is stored securely.
You must ensure that personal information is not disclosed either orally or in writing, or via web pages, or by any other means, accidentally or otherwise, to any unauthorised third party.
You should note that unauthorised disclosure may result in action under the disciplinary procedure, which may include dismissal for gross misconduct. Personal information should be kept in a locked filing cabinet, drawer, or safe. Electronic data should be coded, encrypted, or password protected both on a local hard drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.
When travelling with a device containing personal data, you must ensure both the device and data is password protected. The device should be kept secure and where possible it should be locked away out of sight i.e. in the boot of a car. You should avoid travelling with hard copies of personal data where there is secure electronic storage available. When it is essential to travel with hard copies of personal data this should be kept securely in a bag and where possible locked away out of sight i.e. in the boot of a car.
Data protection compliance statement – Job Applicants
This document demonstrates our commitment to protect the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in advance of any employment relationship in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.
Pursuant to that legislation, when processing data we will:
· process it fairly, lawfully and in a clear, transparent way
· collect your data only for reasons that we find proper for the course of your employment in ways that have been explained to you
· only use it in the way that we have told you about
· ensure it is correct and up to date
· keep your data for only as long as we need it
· process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate).
Hayley 247 is a "data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
"Personal data”, or "personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There are "special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.
This statement is applicable to job applicants. It is not intended to, neither will it, form part of any contract of employment or contract of services. We reserve the right to make changes to this statement at any time, if you are affected by substantial changes we will make an alternative statement available to you.
Where you are successful in your application and are appointed to a position you will receive details of our data protection compliance statement (privacy notice).
DETAILS OF INFORMATION WE WILL HOLD ABOUT YOU
The list below identifies the kind of data that we will process about you during the application process:
· personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
· date of birth
· gender
· marital status and dependents
· information included on your CV including references, education history and employment history
· documentation relating to your right to work in the UK
· national Insurance number
· copy of driving license
· evidence of qualifications or professional memberships.
The following list identifies the kind of data that we will process and which falls within the scope of "special categories” of more sensitive personal information:
· information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life and political opinions
· information about your health, including any medical conditions and disabilities;
· information about criminal convictions and offences
· genetic information and biometric data.
HOW WE COLLECT YOUR PERSONAL INFORMATION
Your personal information is obtained through the application and recruitment process, this may be directly from candidates, via an employment agency or a third party who undertakes background checks. We may occasionally request further information from third parties including, but not limited to, previous employers, credit reference agencies or other background check agencies and any further personal information that may be collected in the course of job-related activities throughout the period of you working for us in the event you become an employee.
PROCESSING INFORMATION ABOUT YOU
We will only administer personal information in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:
consent: You have given clear consent for us to process your personal data for a specific purpose.
· consent: You have given clear consent for us to process your personal data for a specific purpose.
· contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
· legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
· vital interests: the processing is necessary to protect someone’s life.
· public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
· legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
We consider that the basis for which we will process the data contained in the list above (see section above - details of information we will hold about you) is to enable us to consider whether we may wish to/prepare for entering into a contract or agreement with you and to enable us to comply with our legal obligations. Occasionally, we may process personal information about you to pursue legitimate interests of our own or those of third parties, provided there is no good reason to protect your interests and your fundamental rights do not override those interests.
The circumstances in which we will process your personal information are listed below:
· making a decision about your recruitment or appointment
· making decisions about terms and conditions, salary and other benefits
· checking you are legally entitled to work in the UK
· assessing qualifications for a particular job or task
· education, training and development requirements
· complying with health and safety obligations
· preventing fraud
· in order to fulfill equal opportunity monitoring or reporting obligations
There may be more than one reason to validate the reason for processing your personal information.
LAWFUL BASIS FOR PROCESSING "SPECIAL CATEGORIES” OF SENSITIVE DATA
"Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
· consent: You have given clear consent for us to process your personal data for a specific purpose.
· contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
· legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations) and meets the obligations under our data protection policy.
· vital interests: the processing is necessary to protect someone’s life.
· public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law. and meets the obligations under our data protection policy. (For example in the case of equal opportunities monitoring).
· legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests (For example to assess your capacity to work on the grounds of ill health).
Occasionally, special categories of data may be processed where you are not capable of giving your consent, where you have already made the information public or in the course of legitimate business activities or legal obligations and in line with the appropriate safeguards.
Examples of the circumstances in which we will process special categories of your particularly sensitive personal information are listed below (this list is non-exhaustive):
· in order to protect your health and safety in the workplace
· to assess your physical or emotional fitness to work
· to determine if reasonable adjustments are needed or are in place
· in order to fulfill equal opportunity monitoring or reporting obligations
Where appropriate, we may seek your written authorisation to process special categories of data. Upon such an occasion we will endeavor to provide full and clear reasons at that time in order for you to make an informed decision. In any situation where consent is sought, please be advised that you are under no contractual obligation to comply with a request. Should you decline to consent you will not suffer a detriment.
INFORMATION ABOUT CRIMINAL CONVICTIONS
We will only collect criminal convictions data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your engagement should you be successful.
We may process such information to protect yours, or someone else’s, interests and you are not able to give your consent or we may process such information in cases where you have already made the information public.
We anticipate that we will process information about criminal convictions.
AUTOMATED DECISION-MAKING
We do not anticipate that any of our decisions will occur without human involvement. Should we use any form of automated decision making we will advise you of any change in writing.
SHARING DATA
Your data will be shared with individuals within the Company where it is necessary for them to undertake their duties with regard to recruitment. This includes, for example, the HR department, those in the department where the vacancy is who are responsible for screening your application and interviewing you, the IT department.
It may be necessary for us to share your personal data with a third party or third party service provider (including, but not limited to, contractors, agents or other associated/group companies) within, or outside of, the European Union (EU). Data sharing may arise due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.
The list below identifies which activities are carried out by third parties on our behalf:
· pension providers/administrators
· IT services
· legal advisors
· security
· insurance providers
Data may be shared with 3rd parties in the following circumstances:
· in relation to the maintenance support and/or hosting of data
· to adhere with a legal obligation
· in the process of obtaining advice and help in order to adhere with legal obligations.
If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.
We anticipate that we will transfer data to other countries.
DATA SECURITY
As part of our commitment to protecting the security of any data we process, we have put the measures in place.
In addition, we have put further security measures in place to avoid data from being accessed, damaged, interfered with, lost, damaged, stolen or compromised. In cases of a breach, or suspected breach, of data security you will be informed, as will any appropriate regulator, in accordance with our legal obligations.
Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidance and in accordance with the duty of confidentiality.
DATA RETENTION
We anticipate that we will retain your data as part of the recruitment process for no longer than is necessary for the purpose for which it was collected. We will keep your data for 12 months.
We have given consideration to the following in order to decide the appropriate retention period:
· quantity
· nature
· sensitivity
· risk of harm
· purpose for processing
· legal obligations
If your application is not successful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable job vacancies, we will keep your data for 12 months once the recruitment exercise ends.
If we have sought your consent to keep your data on file for future job vacancies, and you have provided consent, we will keep your data for 3 years once the recruitment exercise ends. At the end of this period, we will delete or destroy your data, unless you have already withdraw your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.
At the end of the retention period, upon conclusion of any contract or agreement we may have with you, or until we are no longer legally required to retain it, it will be reviewed and deleted, unless there is some special reason for keeping it. Occasionally, we may continue to use data without further notice to you. This will only be the case where any such data is anonymised and you cannot be identified as being associated with that data.
If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate data protection compliance statement (privacy notice) for employees, workers and contractors which will be provided to you when applicable.
YOUR RIGHTS IN RELATION TO YOUR DATA
We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.
In some situations, you may have the:
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
Consequences of your failure to provide personal information
If you neglect to provide certain information when requested, it may affect our ability to enter into an employment contract with you, and it may prevent us from complying with our legal obligations.
Change of purpose for processing data
We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.
Important note: We may process your personal information without your knowledge or consent, in compliance with the above rules (see above section - lawful basis for processing your personal information).
In the event that you enter into an employment contract with us, any information already collected may be processed further in accordance with our data protection policy, a copy of which will be provided to you.
QUESTIONS OR COMPLAINTS
Should you have any questions regarding this statement, please contact Ellie Brady on 0845 30 40 247.
Why we collect your data?
By collecting your data, it allows us to understand what your needs and wants are. It also allows us to provide targeted offers and services you may be interested to hear about.
Cookies and IP Addresses
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser, and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies can be used by web servers to identity and track users as they navigate different pages on a website and to identify users returning to a website.
Cookies may be either "persistent" cookies or "session" cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
How to control the use of cookies
You are not obliged to accept cookies and may modify your browser so that it will not accept cookies. The browser you use allows you to see cookies and control their use.
You can control them by allowing them, deleting them individually or deleting all of them. You can also set your browser to not accept cookies altogether. If this option is selected, you should be aware that many websites will not function properly or at all. It may be possible to set your browser to not accept cookies and ask for your consent before each cookie is set on your device. This gives you control over what is set on your device, however has the drawback of slowing down your browsing experience.
There are different levels of control too. You are able to prevent just third party cookies being deployed, effectively opting out of behavioural advertising, and some even allow you to block specific companies you do not wish to deploy a cookie, instead of selecting all companies.
In order to manage your cookies, please select your browser from the list below and follow the instructions:
How To Prevent Online Behavioural Advertising
Further to configuring your browser to control the use of cookies, there are also other ways that you can opt out of online behavioural advertising.
The "Your Online Choices" page provided by the Internet Advertising Bureau (IAB), provides an easy way to opt out of behavioural advertising from each (or all) of the networks represented by the IAB.
Some more useful information about Cookies
More information about cookies can be found at the following websites:
If you have any questions about the use of cookies on our websites, please email: sales@hayley247.co.uk
Marketing consent
If you are an existing customer we will keep you informed of our latest news, products and services.
When you give us your personal information, we will give you an option to receive additional on-going marketing communications from us.
We do not sell our customer data to other companies.
All of our marketing communications will have a method to unsubscribe. You may also exercise your right to opt out for marketing purposes at any time by contacting us by one of the methods explained at the end of this notice.
Disclosure
Your personal information will be disclosed where we are obliged or permitted by law to do so. If you post or send offensive or objectionable content anywhere on or to any of our websites or otherwise engage in any disruptive behaviour on any of our websites, we can use the information that is available to us about you to stop such behaviour. This may involve informing relevant third parties such as your employer and law enforcement agencies about the content and your behaviour.
How to contact us
By email: sales@hayley247.co.uk
By telephone: +44(0) 845 30 40 247
By mail:
Hayley 247 Engineering Services Ltd
Unit 1
Castle Mill Works
Birmingham New Road
Dudley
West Midlands
DY1 4DA
Data Protection Policy
The Company is fully committed to compliance with the requirements of the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force. The Regulation applies to anyone processing personal data and sets out principles which should be followed and gives rights to those whose data is being processed.
To this end, the Company endorses fully and adheres to the Data Protection Principles listed below. When processing data we will ensure that it is:
· processed lawfully, fairly and in a transparent way (‘lawfulness, fairness and transparency’)
· processed no further than the legitimate purposes for which that data was collected (‘purpose limitation’)
· limited to what is necessary in relation to the purpose (‘data minimisation’)
· accurate and kept up to date (‘accuracy’)
· kept in a form which permits identification of the data subject for no longer than is necessary (‘storage limitation’)
· processed in a manner that ensures security of that personal data (‘integrity and confidentiality’)
· processed by a controller who can demonstrate compliance with the principles (‘accountability’)
These rights must be observed at all times when processing or using personal information. Therefore, through appropriate management and strict application of criteria and controls, the Company will:
· observe fully the conditions regarding having a lawful basis to process personal information
· meet its legal obligations to specify the purposes for which information is used
· collect and process appropriate information only to the extent that it is necessary to fulfil operational needs or to comply with any legal requirements
· ensure the information held is accurate and up to date
· ensure that the information is held for no longer than is necessary
· ensure that the rights of people about whom information is held can be fully exercised under the GDPR (i.e. the right to be informed that processing is being undertaken, to access personal information on request; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information)
· take appropriate technical and organisational security measures to safeguard personal information
· ensure that personal information is not transferred outside the EU, to other countries or international organisations without an adequate level of protection
Employees Personal Information
Throughout employment and for as long as is necessary after the termination of employment, the Company will need to process data about you. The kind of data that the Company will process includes:
· any references obtained during recruitment
· details of terms of employment
· payroll details
· tax and national insurance information
· details of job duties
· details of health and sickness absence records
· details of holiday records
· information about performance
· details of any disciplinary and grievance investigations and proceedings
· training records
· contact names and addresses
· correspondence with the Company and other information that you have given the Company
The Company believes that those records used are consistent with the employment relationship between the Company and yourself and with the data protection principles. The data the Company holds will be for management and administrative use only but the Company may, from time to time, need to disclose some data it holds about you to relevant third parties (e.g. where legally obliged to do so by HM Revenue & Customs, where requested to do so by yourself for the purpose of giving a reference or in relation to maintenance support and/or the hosting of data in relation to the provision of insurance).
In some cases the Company may hold sensitive data, which is defined by the legislation as special categories of personal data, about you. For example, this could be information about health, racial or ethnic origin, criminal convictions, trade union membership, or religious beliefs. This information may be processed not only to meet the Company's legal responsibilities but, for example, for purposes of personnel management and administration, suitability for employment, and to comply with equal opportunity legislation. Since this information is considered sensitive, the processing of which may cause concern or distress, you will be asked to give express consent for this information to be processed, unless the Company has a specific legal requirement to process such data.
ACCESS TO DATA
You may, within a period of one month of a written request, inspect and/or have a copy, subject to the requirements of the legislation, of information in your own personnel file and/or other specified personal data and, if necessary, require corrections should such records be faulty. If you wish to do so you must make a written request to your line Manager. The Company is entitled to change the above provisions at any time at its discretion.
Data Security
You are responsible for ensuring that any personal data that you hold and/or process as part of your job role is stored securely.
You must ensure that personal information is not disclosed either orally or in writing, or via web pages, or by any other means, accidentally or otherwise, to any unauthorised third party.
You should note that unauthorised disclosure may result in action under the disciplinary procedure, which may include dismissal for gross misconduct. Personal information should be kept in a locked filing cabinet, drawer, or safe. Electronic data should be coded, encrypted, or password protected both on a local hard drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.
When travelling with a device containing personal data, you must ensure both the device and data is password protected. The device should be kept secure and where possible it should be locked away out of sight i.e. in the boot of a car. You should avoid travelling with hard copies of personal data where there is secure electronic storage available. When it is essential to travel with hard copies of personal data this should be kept securely in a bag and where possible locked away out of sight i.e. in the boot of a car.
Data protection compliance statement – Job Applicants
This document demonstrates our commitment to protect the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in advance of any employment relationship in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.
Pursuant to that legislation, when processing data we will:
· process it fairly, lawfully and in a clear, transparent way
· collect your data only for reasons that we find proper for the course of your employment in ways that have been explained to you
· only use it in the way that we have told you about
· ensure it is correct and up to date
· keep your data for only as long as we need it
· process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate).
Hayley 247 is a "data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
"Personal data”, or "personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There are "special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.
This statement is applicable to job applicants. It is not intended to, neither will it, form part of any contract of employment or contract of services. We reserve the right to make changes to this statement at any time, if you are affected by substantial changes we will make an alternative statement available to you.
Where you are successful in your application and are appointed to a position you will receive details of our data protection compliance statement (privacy notice).
DETAILS OF INFORMATION WE WILL HOLD ABOUT YOU
The list below identifies the kind of data that we will process about you during the application process:
· personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
· date of birth
· gender
· marital status and dependents
· information included on your CV including references, education history and employment history
· documentation relating to your right to work in the UK
· national Insurance number
· copy of driving license
· evidence of qualifications or professional memberships.
The following list identifies the kind of data that we will process and which falls within the scope of "special categories” of more sensitive personal information:
· information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life and political opinions
· information about your health, including any medical conditions and disabilities;
· information about criminal convictions and offences
· genetic information and biometric data.
HOW WE COLLECT YOUR PERSONAL INFORMATION
Your personal information is obtained through the application and recruitment process, this may be directly from candidates, via an employment agency or a third party who undertakes background checks. We may occasionally request further information from third parties including, but not limited to, previous employers, credit reference agencies or other background check agencies and any further personal information that may be collected in the course of job-related activities throughout the period of you working for us in the event you become an employee.
PROCESSING INFORMATION ABOUT YOU
We will only administer personal information in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:
consent: You have given clear consent for us to process your personal data for a specific purpose.
· consent: You have given clear consent for us to process your personal data for a specific purpose.
· contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
· legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
· vital interests: the processing is necessary to protect someone’s life.
· public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
· legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
We consider that the basis for which we will process the data contained in the list above (see section above - details of information we will hold about you) is to enable us to consider whether we may wish to/prepare for entering into a contract or agreement with you and to enable us to comply with our legal obligations. Occasionally, we may process personal information about you to pursue legitimate interests of our own or those of third parties, provided there is no good reason to protect your interests and your fundamental rights do not override those interests.
The circumstances in which we will process your personal information are listed below:
· making a decision about your recruitment or appointment
· making decisions about terms and conditions, salary and other benefits
· checking you are legally entitled to work in the UK
· assessing qualifications for a particular job or task
· education, training and development requirements
· complying with health and safety obligations
· preventing fraud
· in order to fulfill equal opportunity monitoring or reporting obligations
There may be more than one reason to validate the reason for processing your personal information.
LAWFUL BASIS FOR PROCESSING "SPECIAL CATEGORIES” OF SENSITIVE DATA
"Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
· consent: You have given clear consent for us to process your personal data for a specific purpose.
· contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
· legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations) and meets the obligations under our data protection policy.
· vital interests: the processing is necessary to protect someone’s life.
· public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law. and meets the obligations under our data protection policy. (For example in the case of equal opportunities monitoring).
· legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests (For example to assess your capacity to work on the grounds of ill health).
Occasionally, special categories of data may be processed where you are not capable of giving your consent, where you have already made the information public or in the course of legitimate business activities or legal obligations and in line with the appropriate safeguards.
Examples of the circumstances in which we will process special categories of your particularly sensitive personal information are listed below (this list is non-exhaustive):
· in order to protect your health and safety in the workplace
· to assess your physical or emotional fitness to work
· to determine if reasonable adjustments are needed or are in place
· in order to fulfill equal opportunity monitoring or reporting obligations
Where appropriate, we may seek your written authorisation to process special categories of data. Upon such an occasion we will endeavor to provide full and clear reasons at that time in order for you to make an informed decision. In any situation where consent is sought, please be advised that you are under no contractual obligation to comply with a request. Should you decline to consent you will not suffer a detriment.
INFORMATION ABOUT CRIMINAL CONVICTIONS
We will only collect criminal convictions data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your engagement should you be successful.
We may process such information to protect yours, or someone else’s, interests and you are not able to give your consent or we may process such information in cases where you have already made the information public.
We anticipate that we will process information about criminal convictions.
AUTOMATED DECISION-MAKING
We do not anticipate that any of our decisions will occur without human involvement. Should we use any form of automated decision making we will advise you of any change in writing.
SHARING DATA
Your data will be shared with individuals within the Company where it is necessary for them to undertake their duties with regard to recruitment. This includes, for example, the HR department, those in the department where the vacancy is who are responsible for screening your application and interviewing you, the IT department.
It may be necessary for us to share your personal data with a third party or third party service provider (including, but not limited to, contractors, agents or other associated/group companies) within, or outside of, the European Union (EU). Data sharing may arise due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.
The list below identifies which activities are carried out by third parties on our behalf:
· pension providers/administrators
· IT services
· legal advisors
· security
· insurance providers
Data may be shared with 3rd parties in the following circumstances:
· in relation to the maintenance support and/or hosting of data
· to adhere with a legal obligation
· in the process of obtaining advice and help in order to adhere with legal obligations.
If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.
We anticipate that we will transfer data to other countries.
DATA SECURITY
As part of our commitment to protecting the security of any data we process, we have put the measures in place.
In addition, we have put further security measures in place to avoid data from being accessed, damaged, interfered with, lost, damaged, stolen or compromised. In cases of a breach, or suspected breach, of data security you will be informed, as will any appropriate regulator, in accordance with our legal obligations.
Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidance and in accordance with the duty of confidentiality.
DATA RETENTION
We anticipate that we will retain your data as part of the recruitment process for no longer than is necessary for the purpose for which it was collected. We will keep your data for 12 months.
We have given consideration to the following in order to decide the appropriate retention period:
· quantity
· nature
· sensitivity
· risk of harm
· purpose for processing
· legal obligations
If your application is not successful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable job vacancies, we will keep your data for 12 months once the recruitment exercise ends.
If we have sought your consent to keep your data on file for future job vacancies, and you have provided consent, we will keep your data for 3 years once the recruitment exercise ends. At the end of this period, we will delete or destroy your data, unless you have already withdraw your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.
At the end of the retention period, upon conclusion of any contract or agreement we may have with you, or until we are no longer legally required to retain it, it will be reviewed and deleted, unless there is some special reason for keeping it. Occasionally, we may continue to use data without further notice to you. This will only be the case where any such data is anonymised and you cannot be identified as being associated with that data.
If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate data protection compliance statement (privacy notice) for employees, workers and contractors which will be provided to you when applicable.
YOUR RIGHTS IN RELATION TO YOUR DATA
We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.
In some situations, you may have the:
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
Consequences of your failure to provide personal information
If you neglect to provide certain information when requested, it may affect our ability to enter into an employment contract with you, and it may prevent us from complying with our legal obligations.
Change of purpose for processing data
We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.
Important note: We may process your personal information without your knowledge or consent, in compliance with the above rules (see above section - lawful basis for processing your personal information).
In the event that you enter into an employment contract with us, any information already collected may be processed further in accordance with our data protection policy, a copy of which will be provided to you.
QUESTIONS OR COMPLAINTS
Should you have any questions regarding this statement, please contact Ellie Brady on 0845 30 40 247.
Why we collect your data?
By collecting your data, it allows us to understand what your needs and wants are. It also allows us to provide targeted offers and services you may be interested to hear about.
Cookies and IP Addresses
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser, and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies can be used by web servers to identity and track users as they navigate different pages on a website and to identify users returning to a website.
Cookies may be either "persistent" cookies or "session" cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
How to control the use of cookies
You are not obliged to accept cookies and may modify your browser so that it will not accept cookies. The browser you use allows you to see cookies and control their use.
You can control them by allowing them, deleting them individually or deleting all of them. You can also set your browser to not accept cookies altogether. If this option is selected, you should be aware that many websites will not function properly or at all. It may be possible to set your browser to not accept cookies and ask for your consent before each cookie is set on your device. This gives you control over what is set on your device, however has the drawback of slowing down your browsing experience.
There are different levels of control too. You are able to prevent just third party cookies being deployed, effectively opting out of behavioural advertising, and some even allow you to block specific companies you do not wish to deploy a cookie, instead of selecting all companies.
In order to manage your cookies, please select your browser from the list below and follow the instructions:
How To Prevent Online Behavioural Advertising
Further to configuring your browser to control the use of cookies, there are also other ways that you can opt out of online behavioural advertising.
The "Your Online Choices" page provided by the Internet Advertising Bureau (IAB), provides an easy way to opt out of behavioural advertising from each (or all) of the networks represented by the IAB.
Some more useful information about Cookies
More information about cookies can be found at the following websites:
If you have any questions about the use of cookies on our websites, please email: sales@hayley247.co.uk
Marketing consent
If you are an existing customer we will keep you informed of our latest news, products and services.
When you give us your personal information, we will give you an option to receive additional on-going marketing communications from us.
We do not sell our customer data to other companies.
All of our marketing communications will have a method to unsubscribe. You may also exercise your right to opt out for marketing purposes at any time by contacting us by one of the methods explained at the end of this notice.
Disclosure
Your personal information will be disclosed where we are obliged or permitted by law to do so. If you post or send offensive or objectionable content anywhere on or to any of our websites or otherwise engage in any disruptive behaviour on any of our websites, we can use the information that is available to us about you to stop such behaviour. This may involve informing relevant third parties such as your employer and law enforcement agencies about the content and your behaviour.
How to contact us
By email: sales@hayley247.co.uk
By telephone: +44(0) 845 30 40 247
By mail:
Hayley 247 Engineering Services Ltd
Unit 1
Castle Mill Works
Birmingham New Road
Dudley
West Midlands
DY1 4DA
Hayley 247 Engineering Services Ltd
Unit 1
Castle Mill Works
Birmingham New Road
Dudley
West Midlands
DY1 4DA
Registered in England and Wales No. 07553561 | VAT UK 113 0955 45 | © Copyright 2022 Hayley 247 Engineering Services Ltd
By continuing to use the site you agree to our privacy & cookies policy
