As a recruitment company Project Recruit processes personal data in relation to its own staff, work-seekers and individual client contacts. Project Recruit comply with the principles of the Data Protection Act 1998 set out below.
Project Recruit holds individuals and personal data for the following general purposes:
- Staff Administration
- Advertising, marketing and public relations
- Accounts and records
- Administration and processing of work-seekers personal data for the purposes of work-finding services
The Data Protection Act 1998 requires Project Recruit as data processor to process data in accordance with the principles of data protection. These required data shall be: -
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Not kept longer than necessary
- Processed in accordance with the data subjects rights
- Kept securely
- Not transferred to countries outside the European Economic Area without adequate protection.
Personal data means data, which relates to a living individual who can be identified from the data or from the data, together with other information, which is in the possession of, or is likely to come into possession of, Project Recruit.
Processing means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organising, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data. Personal data held by Project Recruit will be reviewed on a regular basis to ensure that it is accurate, relevant and up to date and still required. Data will only be processed with the consent of the data subject. By instructing Project Recruit to look for work and providing personal data contained in a CV or otherwise, work-seekers will be deemed to have given their consent to Project Recruit processing their personal data for work-finding purposes.
Data in respect of the following is “sensitive personal data” and any information held on any of these matters will not be passed on to any third party without the express written consent of the individual:
- Any offence committed or alleged to be committed by them
- Proceedings in relation to any offence and any sentence passed
- Physical or mental health or condition
- Racial or ethnic origins
- Sexual life
- Political opinions
- Religious beliefs or beliefs of a similar nature
- Whether someone is a member of a trade union
From a security point of view, only those staff listed in the appendix will be permitted to add, amend or delete data from the database. However all Project Recruit staff are responsible for notifying those listed where information is known to be old, inaccurate or out of date. In addition all employees ensure that adequate security measures are in place. For example:
- Computer screens will not be left open by individuals who have access to personal data
- Passwords will not be disclosed
- Email will be used with care
- Personnel files and other personal data will be stored in a place in which any unauthorised attempts to access them will be noticed. They should not be removed from their usual place of storage without good reason.
- Personnel files will always be locked away when not in use and when in use should not be left unattended
- Any breaches of security will be treated as a disciplinary issue.
- Care will be taken when sending personal data in internal or external mail
- Destroying or disposing of personal data counts as processing. Therefore care will be taken in the disposal of any personal data to ensure that it is appropriate.
Data subjects, i.e. those on whom personal data is held, are entitled to obtain access to their data on request and after payment of a fee. All requests to access data by data subjects i.e. staff, members, customers or clients, suppliers, students etc should be referred to Gerda Varkulyte whose details are also listed on the appendix to this policy.
Any requests for access to a reference given by a third party must be referred to Gerda Varkulyte and will be treated with caution even if the reference was given in relation to the individual making the request. This is because the person writing the reference also has a right to have their personal details handled in accordance with the Data Protection Act 1998, and not disclosed without their consent. Therefore when taking up references an individual will always be asked to give their consent to the disclosure of the reference to a third party and/or the individual who is the subject of the reference if they make a subject access request. However if an individual does not consent then consideration will be given as to whether the details of the individual giving the reference can be deleted so that they cannot be identified from the content of the letter. If so the reference may be disclosed in an anonymised form.
Gerda Varkulyte - Payroll Assistant & Recruitment Administrator