Profitlink Group Ltd, as a data controller, is committed to protecting the data we collect during the recruitment process. We have created this privacy statement to explain how we collect, retain and use the information we receive about you. Our goal is to demonstrate and communicate our high ethical standards and how we implement appropriate internal controls. From the 25th May 2018, we will be processing your data in accordance with the General Data Protection Regulation (GDPR).
Any data we collect and retain will be used solely for the purposes of recruitment. We will collect this data through:
- you sending it to us, via direct application for a vacancy or vacancies, or through interaction with us by phone, email or other contact methods, or
- by sourcing this information from external CV databases/job boards, to which you have signed up, making this information available to their customers. Where data is obtained using this method, we do not share any of this with our clients without first speaking to you, the candidate.
We will retain this information on an ongoing basis, so that we can contact you should a potentially suitable vacancy arise in the future. We have documented cases of candidates with whom we have not interacted for some time but who then respond to an alert about a vacancy and go on to secure that role, or who respond to inform us of changes to their circumstances and in light of this new information are considered for an alternative vacancy. It is important to us that your information is current; we may from time to time contact you to obtain an update. We would be grateful if you would inform us of any changes to your contact details, as and when they occur.
The lawful basis for the processing of your data as set out in the GDPR is Legitimate Interests - Article 6(1)(f). As your data is retained solely for the purposes of recruitment, our legitimate interest is in assisting our clients to find the right employee, and in assisting our candidates to find the right job. In this case then, our interests as a business, and those of our clients, are in alignment with those of our candidates. As we will use your data solely for recruitment purposes, it will not be used in a way that is not anticipated or reasonably expected; we do not pass your data to any third parties for marketing purposes.
We retain as much data as is necessary for the purposes of recruitment, including personal data such as name, address, employment history and contact details such as phone numbers and email addresses, and records of our previous interactions with candidates, among others.
We only pass your personal information to a client who has signed our terms of business which includes a condition that they keep your information confidential. We consider your data to be private and confidential: we hold ourselves, and our clients, to the highest standards of trust in its safekeeping and use.
Please note that by giving us your personal data, you are accepting that it may be accessed by our team and our clients. If there is a client with whom you would not wish us to share your information you must tell us so in writing. For the avoidance of doubt, if we are not notified, we may share your information with our clients for the purposes of recruitment shortlisting.
Our database cannot be accessed by the public as it is on a password protected website. We take care with internet security but you acknowledge that all data is held on a cloud based server and no server is 100% secure. If you do not wish your information to be stored in this way you must notify us. The data can be accessed remotely by the Directors and other senior managers but this remote access is protected with a variety of security measures to ensure that the data you provide is not lost, misused, or altered inappropriately.
The GDPR includes new provisions relating to automated decision making. No decisions are taken by Profitlink Group Ltd. based solely on the results of automated decision making. We reserve the right to make a judgement that a candidate may or may not be suitable for a vacancy based on the data provided to us, with or without input from our client for this vacancy, but all decisions of this nature are made by a human being.
You have a number of rights, under GDPR, concerning your personal data held by us including the right to:
- Request access - you can make a 'subject access request' either verbally or in writing, and we will provide a copy of the information we hold within one month of the date of this request, with no fee payable
- Request correction - you can ask us to correct any incomplete or inaccurate data we hold about you
- Object to processing - you can object to the processing of your data on the grounds of legitimate interests
In practice you can object to processing, or request the erasure of your data, and we will comply with these requests within one month. We may ask you if we would be ok to reduce the data we hold on you to an absolute minimum, still under Legitimate Interests, to ensure that we continue to uphold your rights and freedoms in the future. This is because if we were to erase all of the data we hold on you, but then find your CV on an external CV database/job board, we would then have no record of your request for us not to contact you. If you still decide you want all data erasing, we will be happy to comply, but you should be aware that the eventuality described in the previous sentence is a possibility.
For all requests relating to access, correction and objections/erasure, please contact email@example.com.
If you have any questions about this Privacy and Security Policy statement, the practices of this website or your dealings with our firm, you can contact us through firstname.lastname@example.org. We reserve the right to change this policy at any time by posting a new policy at this location.