DATA PROTECTION AND CONFIDENTIALITY
As a company providing HR, training and recruitment services, the Dane Partnership Limited (Dane Partnership) is committed to protecting the personal data of clients and candidates in line with the relevant legislation (“Data Protection Law”). The relevant legislation includes the General Data Protection Regulation (EU 2016/679) and the UK Data Protection Act 2018, as well as other potentially supporting legislation.
WHY THIS POLICY IS IMPORTANT
This policy is intended to provide information about how we will use (or “process”) personal data about individuals including our current, past and prospective clients, candidates and other third parties as well as visitors to our website.
This information is provided in accordance with the rights of individuals under Data Protection Law to understand how their data is used.
This Privacy Notice applies alongside any other information the Dane Partnership may provide about a particular use of personal data, for example when collecting data.
RESPONSIBILTY FOR DATA PROTECTION
The Dane Partnership must process personal data to provide the HR, training and recruitment services to its clients and candidates. It is therefore a data controller and has appointed Lorna Dane as Data Protection Manager (DPM) to oversee its compliance with the data protection law and to deal with all requests and enquiries concerning the Dane Partnership’s use of your personal data (see section on Your Rights below).
Lorna Dane may be contacted by:
- e-mail: firstname.lastname@example.org
- telephone: 01276 20444
- post: Camberley House, 1 Portesbery Road, Camberley, Surrey GU15 3SZ
WHY THE DANE PARTNERSHIP NEEDS TO USE PERSONAL DATA
In order to carry out its ordinary duties to clients and candidates the Dane Partnership may need to process a wide range of personal data about current, past and prospective clients and candidates as part of its daily operation.
The Dane Partnership will need to carry out some of this activity in order to fulfil legal rights, duties or obligations – including those under a contract with its clients.
Other uses of personal data will be made in accordance with the Dane Partnership’s legitimate interests, provided that these are not outweighed by the impact on individuals.
The Dane Partnership expects that the following uses may fall within the category of its “legitimate interests”:
- The provision of HR, training and recruitment services;
- Maintaining relationships with clients, candidates and the business community;
- For the purposes of management planning;
- For security purposes; and
- Where otherwise reasonably necessary for the Dane Partnership’s purposes, including to obtain appropriate professional advice and insurance.
TYPES OF PERSONAL DATA OBTAINED BY THE DANE PARTNERSHIP
This will include by way of example:
- names, addresses, telephone numbers, e-mail addresses and other contact details;
- candidates’ CVs and working history;
- candidates’ experience, training and qualifications;
- bank details and other financial information;
HOW THE DANE PARTNERSHIP COLLECTS DATA
Generally, the Dane Partnership receives personal data from the individual directly in the ordinary course of interaction or communication (such as verbally, by e-mail or by written documents).
However in some cases personal data may be supplied by third parties (for example a former employer, either directly or from other organisations working with that individual).
DATA COLLECTED THROUGH THE DANE PARTNERSHIP WEBSITE
The Dane Partnership may collect the following information from visitors to its website:
- IP addresses and information about the location of the visitor
- the way that a visitor uses the website, including the pages viewed, dates, times and duration
- data to show where visitors navigated to or from our website and searches made on our website.
This data is used to enable the Dane Partnership to:
- run the website ensuring that it works properly
- improve the information on the website
- maintain the websites security
WHO HAS ACCESS TO PERSONAL DATA AND WHO THE DANE PARTNERSHIP SHARES IT WITH
To enable the Dane Partnership to provide its recruitment services it will be required to share candidates’ personal data with prospective employers.
Occasionally, the Dane Partnership will also need to share personal information with third parties, such as professional advisers (lawyers and accountants) or relevant authorities.
Apart from this, for the most part, personal data collected or accessed by the Dane Partnership will remain within the company, and will be processed by appropriate individuals only in accordance with access protocols (ie. on a “need to know” basis). The Dane Partnership will where appropriate ensure that their personnel access or Process Personal Data only for the purpose of performing services to clients and
candidates in accordance with instructions given by the clients or candidates to the Dane Partnership from time to time.
In accordance with Data Protection Law, some of the Dane Partnership’s processing activity is carried out on its behalf by third parties, such as cloud services and storage providers.
Whenever personal data is stored with a third party it is always subject to undertakings from such third parties that personal data will be kept securely and only in accordance with the Dane Partnership’s specific direction and of course in compliance with the Data Protection Law.
The Dane Partnership shall not cause or allow Personal Data to be transferred and/or processed in a county or territory which is outside of the European Economic Area without prior written consent.
HOW LONG THE DANE PARTNERSHIP KEEPS PERSONAL DATA
The Dane Partnership will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason.
If you have any specific queries about how this policy is applied, or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the DPM. However, please bear in mind that the Dane Partnership may have lawful and necessary reasons to hold on to some data.
The Dane Partnership has implemented and shall maintain appropriate technical and organisational security measures, processes and controls to safeguard all Personal Data processed by them against unauthorised and unlawful processing and accidental loss, disclosure or destruction.
Individuals have various rights under Data Protection Law to access and understand personal data about them held by the Dane Partnership, and in some cases ask for it to be erased or amended or for the Dane Partnership to stop processing it, but subject to certain exemptions and limitations.
Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, should put their request in writing to the DPM.
The Dane Partnership will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within the statutory time-limits, which is one month in the case of requests for access to information. The Dane Partnership will be better able to respond quickly to smaller, targeted requests for information. If the request is manifestly excessive or similar to previous requests, the Dane Partnership may ask you to reconsider or charge a proportionate fee, but only where Data Protection Law allows it. The Dane Partnership shall also provide its customers with such assistance as the customer reasonably requests in order to comply with its obligations and to fulfil a data subject’s rights.
You should be aware that certain data is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal professional privilege.
Where the Dane Partnership is relying on consent as a means to process personal data, any person may withdraw this consent at any time. Please be aware however that the Dane Partnership may have another lawful reason to process the personal data in question even without your consent. That reason will usually have been asserted under this Data Protection and Confidentiality provision or may otherwise exist under some form of contract or agreement with the individual (for example: an employment contract).
DATA ACCURACY AND SECURITY
The Dane Partnership will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify the DPM of any changes to information held about them.
An individual has the right to request that any inaccurate or out-of-date information about them is erased or corrected (subject to certain exemptions and limitations under Act): please see above.
The Dane Partnership will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to company systems. All staff will be made aware of this policy and their duties under Data Protection Law and receive relevant training.
QUERIES AND COMPLAINTS
Any comments or queries on this policy should be directed to the DPM.
If an individual believes that the Dane Partnership has not complied with this policy or acted otherwise than in accordance with Data Protection Law, they should notify the DPM. An individual can also make a referral to or lodge a complaint with the Information Commissioner’s Office (“ICO”), although the ICO recommends that steps are taken to resolve the matter with the Dane Partnership as the Data Controller or Processor before involving the regulator.