Privacy Notice (Candidates)

GTCO
24.10.24 03:49 PM Comment(s)

PRIVACY NOTICE (CANDIDATES)

 

1 BACKGROUND

 

1.1 This policy tells you how we look after your personal data when you register as a candidate with us in relation to our recruitment services. It sets out what information we collect about you, what we use it for and who we share it with. It also explains your rights and what to do if you have any concerns.

1.2 We may sometimes need to update this notice, to reflect any changes to the way we manage our day-to-day activities or to comply with new legal requirements. Please check back on this notice before you apply for a new role with us.

 

2 WHO WE ARE AND OTHER IMPORTANT INFORMATION

 

2.1 We are GTCO LTD, registered in England and Wales with company number 15276195 with our registered address at Gemini House Hargreaves Road Groundwell Industrial Estate, Swindon, SN25 5AZ (we, us or our).

2.2 We are the controller for your information (which means we decide what information we collect and how it is used).

 

3 CONTACT DETAILS

3.1 If you have any questions about this privacy notice or the way that we use information, please get in touch using the following details:

 

Name: Data Controller

Email address: hello@gtco.io

Phone number: +442036081859

4 THE INFORMATION WE COLLECT ABOUT YOU

4.1 Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we collect and where we receive it from below:

 

Identity Data: name, title, date of birth, job title, gender, emergency contact name and their relationship to you, passport, driving licence.

Contact Data: personal email address, telephone numbers, home address.

Recruitment Data: copies of right to work documents, interview notes, information you provided in your CV or cover letter as part of the registration or wider recruitment process.

Employment and Qualification Data: current and/or previous job titles, work history, working hours, training records, professional memberships.

Feedback: information and responses you provide when completing surveys and questionnaires.

5 HOW WE USE YOUR INFORMATION

5.1 We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:

 

enter into and perform our contract with you (if we provide you with recruitment services);

comply with a legal obligation that we have; pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy);

do something that you have given your consent for.

5.2 Below is set out the lawful basis we rely on when we use your personal data. If we intend to use your personal data for a new reason that is not listed below, we will update our privacy notice and notify you.

5.2.1 Contract

To enter into a contract with you (for example, in relation to the provision of recruitment services to you).

5.2.2 Legal Obligation

Complying with our legal obligations as a recruitment business during the recruitment process.

5.2.3 Legitimate Interests

To review your CV information, and any information you provide during the recruitment process to ascertain your suitability for roles.

-To deal with any disputes that arise.

5.2.4 Consent

Where we ask you to provide diversity information.

Where we have otherwise asked you to provide your consent.

6 WHO WE SHARE YOUR INFORMATION WITH

6.1 We share (or may share) your personal data with:

Our personnel: our employees (or other types of workers) who have contracts containing

confidentiality and data protection obligations.

Potential employers: so that the potential employer can assess your suitability for job roles. We always have a contract in place with other organisations containing confidentiality and data protection obligations.

Regulatory authorities: such as HM Revenue & Customs.

Our professional advisers: such as our accountants or legal advisors where we require specialist advice to help us conduct our business.

 

7 WHERE YOUR INFORMATION IS LOCATED OR TRANSFERRED TO

 

7.1 We store your personal data on our servers in the UK.

7.2 We will only transfer information outside of the UK or EEA where we have a valid legal

mechanism in place (to make sure that your personal data is guaranteed a level of protection,

regardless of where in the world it is located, e.g. by using contracts approved by the ICO).

7.3 If you access our systems whilst abroad then your personal data may be stored on services located in that country.

 

8 HOW WE KEEP YOUR INFORMATION SAFE

8.1 We have implemented security measures to prevent your personal data from being accidentally or

illegally lost, used or accessed by those who do not have permission. These measures include:

 

access controls and user authentication (including multi-factor authentication)

internal IT and network security

regular testing and review of our security measures

staff policies and training

incident and breach reporting processes

business continuity and disaster recovery processes

8.2 If there is an incident which has affected your personal data and we are the controller, we will

 

9.1 Where we are responsible for making decisions about how to collect and use your personal data, we will only keep your personal data for as long as necessary to fulfil the purposes we collected it for or as long as required to fulfil our legal obligations.

9.2 When we consider how long to keep your personal data, we will consider whether it is still necessary to keep it for the purpose which we collected it or whether the same purpose could be achieved by holding less personal data. We will also consider the volume, nature, and sensitivity of the personal data and the potential harm to you if there was an incident affecting your personal data.

9.3 We keep your candidate information for 365 days after our last contact with you.

 

10 YOUR LEGAL RIGHTS

10.1 You have specific legal rights in relation to your personal data. These are as follows:

Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.

 

Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We

might need to verify the new information before we make any changes.

 

Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continue holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.

 

Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g. whilst we check that the personal data we hold for you is correct).

 

Objection: You can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing communications. In other cases, if we think there is a good reason for us to keep using the information, we will let you know and explain our decision.

Portability: You can ask us to send you or another organisation an electronic copy of your personal data.

 

Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the ICO or another relevant supervisory body, but we hope that we can respond to your concerns before it reaches that stage. You should speak to Data Controller at GTCO Ltd by calling +442036081859 in the first instance.

10.2 If you would like to exercise any of your legal rights, please contact: hello@gtco.io