Castle Hill – GDPR Guidelines
Castle Hill Recruitment Limited (“Castle Hill”) is committed to protecting and respecting our candidate’s privacy and personal data in line with The General Data Protection Policy.
Our Guidelines sets the basis for our Data Protection Policy. It is intended to outline how any personal data collected from our candidates is processed by Castle Hill.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
As of 25th May 2018 the GDPR will be applicable across all EU counties including the UK and the Jurisdiction of Gibraltar. Although the UK and Gibraltar intend to leave the EU in March 2019 (“Brexit”), this document is subject to the provisions of the Data Protection act 1998-2003 in the UK and ROI, the Data Protection Act 2004, GDPR and any post Brexit equivalent.
Castle Hill Recruitment Limited (“Castle Hill”) is a Limited Company registered in Gibraltar (Registration 116859) in accordance with the requirements of the Business Trades and Professions (Registration) Act 1989. The nature of the business is Recruitment within the Industry of Services n.e.c (Inc hairdressers). In order to provide Recruitment Services to our clients we need to collect the personal data of the following types of people to allow us to conduct our business:
- Placed and prospective candidates for permanent or temporary roles
- Contacts of suppliers who support our services
- Permanent Employees, Temporary Workers or Consultants
The reason we need to collect this information concerning individuals is to carry out our core business.
What are rights do Castle Hill have to provide to contacts that have provided personal data under GDPR?
- The right to ask for Castle Hill to remove any / all of any personal data we hold. This will be removed in no more than 14 days.
- The right to request any corrections you wish to be made of Contact details. This can include request changes to details such as Telephone Numbers / Email Addresses, or to enable incomplete / incorrect information to be corrected.
- The right to request the transfer of personal information to another party e.g. a Client of Castle Hill’s.
- The right to request the restriction of processing Personal Information, enabling the option to request suspending the processing of any personal information that we hold.
- The right to request we do not process any or aspects of Personal Information that we hold.
- The right to object where we are processing personal information for direct marketing purposes.
- The right to request the transfer of personal information to another party in different formats.
What personal information is Collected / Used, or stored by Castle Hill?
As typically Castle Hill is using / collecting personal data to use for candidates to apply for Job Opportunities with our clients the Personal Data we collect includes:
- Full Names (including where applicable Middle Names)
- Dates of Birth
- Telephone Numbers
- Curriculum Vitae’s
- Profiles of a Professional Nature available in the Public Domain e.g. LinkedIn, Github Profiles
- Personal Websites e.g. Design Portfolios, Own Company Websites
- Details of current employment including Salary and Package
- Details of Salary Expectations
- Where requested by Client for either Contract or Travel, Passport, ID or Visa Details
- Work References from Previous Employers / Colleagues
How does Castle Hill Collect / process Personal Data?
In order to be able to collect data needed to provide recruitment services for both candidate and clients Castle Hill collects Personal Data through the following channels:
- Sent information through to the firstname.lastname@example.org email address
- Through information eg CV been sent through to a Castle Hill employee with an @castlehillrecruitment.com email domain
- CV’s been uploaded to our Website – www.castlehillrecruitment.com
- Applications through 3rd party Job Boards such as www.reed.co.uk
- CV’s / Personal Data been sent / been given to an employee of Castle Hill following the employee of Castle Hill contacting them e.g. An exchange on a site such as LinkedIn or a Job Board such as Reed.co.uk
- Having met and given Personal Information eg. A CV to a Castle Hill employee with expressed permission for Castle Hill to hold the details.
Having received Personal Data from a third party such as a Business Partner, Client, or Professional Advisors.
When Personal Data is received by Castle Hill in one of the above ways it is then stored on our internal database. The database is password protected and is only accessible by Castle Hill employees.
If unsure of how Castle Hill received Personal Data on request Castle Hill will provide the source of where the Data was received from. Candidates Personal Data is shared with Clients (Employers) but only after a Telephone / Face to Face screening. This is followed up by an email from Castle Hill confirming permission is given to share agreed information eg. CV inc Career History, Contact Details etc. Written agreement is needed for Castle Hill to pass on any form of Personal Data / Information.
Again with permission Castle Hill will pass on personal details such as Telephone Numbers, email Addresses, Passport Details, ID’s, Visa’s, Addresses for the purpose of arranging Interview’s, upon written notice in which one of Castle Hill’s staff members outlines which client(s) Castle Hill will share the details with and the exact data that will be forwarded to this client. Castle Hill employees will only share personal data with our clients if it is explicitly agreed.
When Castle Hill receives Personal Data / Details in one of the above ways the information is saved onto Castle Hill’s internal database. Information and applications our reviewed by Castle Hill employees. The Castle Hill database is password protected and only Castle Hill employees have access to the password and therefore the system. As above individual information is only forwarded in relation to providing Recruitment services with expressed permission.
Castle Hill may furthermore disclose personal information to third parties in the event that we sell or buy any business or assets, in which case we will have to disclose personal data to the prospective seller or buyer of such business or assets. Furthermore, Castle Hill may be under a duty to disclose or share personal data in order to comply with any legal obligation, to defend our business against a legal claim or in order to enforce or apply our standard terms of business or other agreements or to protect the rights, property or safety of Castle Hill, our customers, or other parties.
Why Castle Hill holds Personal Data, and the legal reason for this
Castle Hill collect’s Personal information to carry out our core business and ancillary activities – for the purpose of recruitment services. In particular, Castle Hill will collect and process personal data for the following purposes:
- Introducing candidates to (potential) clients or employers of which the scope will be identified and communicated by one of our members of staff.
- Keeping personal data on file for current and future opportunities that may arise for candidates.
- Evaluating candidates experience with Castle Hill’s recruitment process.
- Castle Hill may ask for copies of candidate’s passports or visa’s etc, Castle Hill does this as we may need to verify candidates identity and / or the right to work.
- Clients may ask Castle Hill to provide them with additional documentation (e.g. candidate’s passport details, Payslips or references). If that happens we will ask for permission to share data with our clients. If candidates have any issues with this, we will act on their advice.
The following legal basis applies for processing your data if we have not been in touch with you within the last three years:
If candidates have not been in touch with us for the last three years, we understand that the data (1) we hold on file may be inaccurate (2) candidates may not be interested in getting contacted by Castle Hill anymore.
Castle Hill will, therefore, process personal data only if consent has been given for us to do so. We will request consent by an online process for the specific activity we require consent for and record your response on the system.
Persons are entitled to withdraw consent or restrict the use of personal information for whatever purpose at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Furthermore, if you previously agreed to us holding or using your personal information, you may change your mind at any time. You can email email@example.com and Castle Hill will process the removal of your personal information within 30 working days.
How long will we store your data?
Personal data will be stored in our systems for three consecutive years. As long as candidates are working with us we will keep data on file to be able to match the latest opportunities and to contact Candidates.
Candidate’s data will be removed from our systems if:
- We have not heard from a candidate during a period of three years, or
- If a candidates requests their data to be removed
Automated decision making, including profiling
Castle Hill will not conduct any forms of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to individuals, in particular, to analyze or predict aspects concerning individual’s personal preferences, job roles interests, reliability, behaviour, location or movements. We will not make decisions that are based solely on automated processing which produces legal effects, or similarly significantly affects an individual as a data subject.
Lodging a complaint
If any individual feels that their rights as a data subject have been breached, you are entitled to lodge a complaint with the national supervisory authority (GRA) or seek a legal remedy. However, we strongly encourage you to contact us via firstname.lastname@example.org
Changes to this Data Processing Notice
Any changes we make to our Data Processing Notice in the future will be posted on our website (www.castlehillrecruitment.com) and where appropriate (if we make any significant changes that may affect your rights as a data subject), notified to you by email. Please check back frequently to see any updates or changes to this Data Processing Notice.
Our nominated Data Protection Officer is Thomas Pearson and can be contacted at email@example.com