This privacy policy sets out how Kingston Barnes Ltd uses and protects your personal data.
Kingston Barnes Ltd is committed to ensuring that your privacy is protected. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
This Privacy Policy applies to the personal data of our Candidates, Clients, Suppliers, Referees, Emergency Contacts and our Website Users.
Kingston Barnes Ltd may change this policy from time to time by updating this page. Please check this page if you would like to keep up to date. This policy is effective from 07th March 2018.
WHAT WE COLLECT
We may collect the following information:
Candidate Data: In order to provide the best possible employment opportunities that are tailored to you, we need to process certain information about you such as:
• Name
• Contact Information
• Employment History
• Date of Birth
• National Insurance Number
• Limited Company Details
• Financial Information
Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health, diversity information or details of any criminal convictions.
Client Data: If you are a Kingston Barnes Ltd customer, we need to collect and use information about you and individuals at your organisation, in the course of providing you with services such as:
• Finding Candidates who are the right fit for you or your organisation
• Notifying you of content published by Kingston Barnes which is likely to be relevant and useful to you (for example our Annual Salary Survey).
Supplier Data: We require a certain amount of information from our Suppliers to ensure that communications run smoothly; such as:
• Contact details of relevant individuals at your organisation
• Financial Details
Referees and Emergency Contacts: In order to provide Candidates with suitable employment opportunities we may have been given your information to act as a reference on a candidate’s behalf. A candidate may have also given your information to act as an Emergency Contact for them. This will involve us having the following information:
• Name
• Contact Details
A number of elements of the personal data we collect from you are required to enable us to fulfil our contractual duties to you or to others.
Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.
There are two main ways that we collect your personal data:
• Directly from you
• From third parties (e.g. our Candidates) and other limited sources (e.g. online and offline media).
WHAT WE DO WITH THE INFORMATION WE GATHER
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
Candidate Data: The main reason for using your personal details is to help you find employment or other work roles that might be suitable for you. The more information we have about you, your skillset and your ambitions, the more bespoke we can make our service. Where appropriate and in accordance with local laws and requirements, we may also use your personal data for things like marketing, profiling and diversity monitoring. Where appropriate, we will seek your consent to undertake some of these activities.
Client Data: The main reason for using information about Clients is to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly. This may involve: identifying Candidates who we think will be the right fit for you or your organisation. From time to time, we may also use your information to contact you for market research purposes; or to update you on our new services.
Supplier Data: The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.
Referees and Emergency Contacts: We use referees’ personal data to help our Candidates to find employment which is suited to them. If we are able to verify their details and qualifications, we can make sure that they are well matched with prospective employers. We may also use referees’ personal data to contact them in relation to recruitment activities that may be of interest to them. We use the personal details of emergency contacts in the case of an accident or emergency affecting that candidate.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Candidate Data: Primarily we will share your information with prospective employers in order to secure you employment. We may share your data with third party companies such as umbrella companies, once receiving your permission to do so. Client Data: We will share your data primarily to ensure that we provide you with a suitable pool of Candidates. Supplier Data: Unless you specify otherwise, we may share your information with any of our group companies and associated third parties such as our service providers and organisations to whom we provide services. Referees and Emergency Contacts: Unless you specify otherwise, we may share your information with prospective employers or emergency personnel.
HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
If we have not had meaningful contact with you (or, where appropriate, the company you are working for or with) for a period of two years, we will Delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation).
Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for profiling your suitability for certain roles), or consent to market to you, you may withdraw your consent at any time.
Data Subject Access Requests (DSAR): Just so it’s clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or Delete such information.
Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will Delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
If your interests or requirements change, you can unsubscribe from part or all of our marketing content (for example job role emails or newsletters) by clicking the unsubscribe link in the email, or by contacting us at office@kingstonbarnes.com
PERSONAL DATA WE RECEIVE FROM OTHER SOURCES
Where appropriate and in accordance with any local laws and requirements, we may seek more information about you or your colleagues from other sources generally by way of due diligence or other market intelligence including:
• From third party market research and by analysing online and offline media (which we may do ourselves, or employ other organisations to do for us);
• From delegate lists at relevant events; and
• From other limited sources and third parties
HOW CAN YOU ACCESS, AMEND OR TAKE BACK THE PERSONAL DATA THAT YOU HAVE GIVEN TO US?
One of the GDPR’s main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
Right to object: this right enables you to object to us processing your personal data where we do so for one of the following four reasons: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; and (iv) for scientific, historical, research, or statistical purposes.
The “legitimate interests” and “direct marketing” categories above are the ones most likely to apply to our Website Users, Candidates, Clients and Suppliers. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
• we can show that we have compelling legitimate grounds for processing which overrides your interests; or
• we are processing your data for the establishment, exercise or defence of a legal claim. If your objection relates to direct marketing, we must act on your objection by ceasing this activity.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for our marketing arrangements or automatic profiling), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.
Data Subject Access Requests (DSAR): You may ask us to confirm what information we hold about you at any time, and request us to modify, update or Delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements regarding data subject access requests and may refuse your request in accordance with such laws. For more information in relation to your jurisdiction, please click here.
Right to erasure: You have the right to request that we erase your personal data in certain circumstances.Normally, the information must meet one of the following criteria:
• the data are no longer necessary for the purpose for which we originally collected and/or processed them;
• where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
• the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
• it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
• if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements regarding data subject right to erasure and may refuse your request in accordance with local laws. For more information in relation to your jurisdiction, please click here.
We would only be entitled to refuse to comply with your request for one of the following reasons:
• to exercise the right of freedom of expression and information;
• to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
• for public health reasons in the public interest;
• for archival, research or statistical purposes; or
• to exercise or defend a legal claim.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to Delete the relevant data.
Right to restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you consent; or (iii) further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest.
The circumstances in which you are entitled to request that we restrict the processing of your personal data are:
• where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
• where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
• where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
• where we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims.
If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right of data portability: If you wish, you have the right to transfer your personal data between data controllers. In effect, this means that you are able to transfer your Hays account details to another online platform. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another online platform. Alternatively, we may directly transfer the data for you. This right of data portability applies to: (i) personal data that we process automatically (i.e. without any human intervention); (ii) personal data provided by you; and (iii) personal data that we process based on your consent or in order to fulfil a contract.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.
OUR LEGAL BASES FOR PROCESSING YOUR DATA
Legitimate Interests – Article 6(1)(f) of the GDPR is the one that is relevant here – it says that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
Candidate Data: We think it’s reasonable to expect that if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and otherwise use your personal data to offer or provide our recruitment services to you, share that information with prospective employers and assess your skills against our bank of vacancies. Once it’s looking like you may get the job, your prospective employer may also want to double check any information you’ve given us (such as the results from psychometric evaluations or skills tests) or to confirm your references, qualifications and criminal record, to the extent that this is appropriate and in accordance with local laws. We need to do these things so that we can function as a profit-making business, and to help you and other Candidates get the jobs you deserve.
We want to provide you with tailored job recommendations and relevant articles to read to help you on your job hunt. We therefore think it’s reasonable for us to process your data to make sure that we send you the most appropriate content.
We have to make sure our business runs smoothly, so that we can carry on providing services to Candidates like you. We therefore also need to use your data for our internal administrative activities, like payroll and invoicing where relevant.
We have our own obligations under the law, which it is a legitimate interest of ours to insist on meeting! If we believe in good faith that it is necessary, we may therefore share your data in connection with crime detection, tax collection or actual or anticipated litigation.
Client Data: To ensure that we provide you with the best service possible, we store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations, meetings, registered jobs and placements. From time to time, we may also ask you to undertake a customer satisfaction survey. We think this is reasonable – we deem these uses of your data to be necessary for our legitimate interests as an organisation providing various recruitment services to you.
Supplier Data: We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our Suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.
Referees and Emergency Contacts: If you have been put down by a Candidate or a prospective member of Staff as one of their referees, we use your personal data in order to contact you for a reference. This is a part of our quality assurance procedure and so we deem this to be necessary for our legitimate interests as an organisation offering recruitment services and employing people ourselves.
If a Candidate or Staff member has given us your details as an emergency contact, we will use these details to contact you in the case of an accident or emergency. We are sure you will agree that this is a vital element of our people-orientated organisation, and so is necessary for our legitimate interests.
CONSENT
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent.
Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” In plain language, this means that:
• you have to give us your consent freely, without us putting you under any type of pressure;
• you have to know what you are consenting to – so we’ll make sure we give you enough information;
• you should have control over which processing activities you consent to and which you don’t. We provide these finer controls within our privacy preference centre; and
• you need to take positive and affirmative action in giving us your consent – we’re likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
We will keep records of the consents that you have given in this way.
We have already mentioned that, in some cases, we will be able to rely on soft opt-in consent.
We are allowed to market products or services to you which are related to the recruitment services we provide as long as you do not actively opt-out from these communications.
ESTABLISHING, EXERCISING OR DEFENDING LEGAL CLAIMS
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
CONTROLLING YOUR PERSONAL INFORMATION
You may choose to restrict the collection or use of your personal information in the following ways:
• whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
• if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at office@kingstonbarnes.com
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the Data Protection Act 1998. If you would like a copy of the information held on you please write to us at contact us.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.