Privacy Policy & Data Protection
This privacy policy explains how Staff Point Services Ltd. uses and safeguards any information that visitors provide us with.
Staff Point Services Ltd. is committed to ensuring that your privacy is protected. In instances where we ask you to provide ‘sensitive’ information by which you can be identified, this privacy statement documents the process for handling such data.
Staff Point Services Ltd. may update and alter this policy periodically, to adhere to data protection laws. If you have used/intend to use our services checking this page ensures that you are aware of these changes and what these mean. The following is active and accurate as of 30th April 2021.
Data we Collect
Staff Point Services Ltd. may collect information inclusive of but not limited to:
- Your name and Job Title
- Contact information including email address(es)
- Location
- Preferences
- Personal Sensitive Information
Why do we collect this?
As a service provider, Staff Point Services Ltd. requires this information to understand the individual needs of our service users, in order to provide them with a better service.
The uses for such data are inclusive of but not limited to:
- Internal record keeping.
- Improving or expanding our services.
- Audit and compliance practices
Security
Staff Point Services Ltd. are committed to safeguarding your information and ensuring that this data is always secure. In order to prevent unauthorised access, we have a combination of physical, electronic and managerial procedures to safeguard and secure any information collected online. In the unlikely event of a breach of data security, Staff Point Services Ltd. would report this to the Information Commissioners Office (ICO) immediately.
Your individual rights
Your rights as a service user/visitor are inclusive of but not limited to:
- Right to be ‘forgotten’/ Right to Erasure
- Right to withdraw from using our services
- Right to complain to the ICO (If you believe we have not protected your data)
- Right to object to data processing
- Right of subject access (there may be a fee associated with receiving this data)
Retention
All data is held for a minimum of 6 years in line with legislative guidance. Except in cases for the defense, establishment, or exercise of legal claims.
Controlling your personal information
Staff Point Services Ltd. will never share personal information to third parties unless: we have your exact permission, it is in the genuine interest of a service user or we are required to by law. Subject access requests can be submitted by contacting info@staff-point.com. This information can be sent to you electronically but please note there may be a nominal fee for this service. If you cannot submit a written request, please get in touch with us in the way that best suits you and in compliance with the Equality Act 2010 we will assist you anyway we can.
How we use cookies
A cookie is a small text file which asks permission to be placed on your computer’s hard drive. Once you give your permission, the file is saved and it helps analyse web traffic and recognises when you visit specific websites. Cookies allow web applications to respond to you as an individual. The web application can tailor the way it works, responding directly to your needs, likes and dislikes. This is done by gathering and remembering information about your preferences and your behaviour when you visit similar websites.
We use traffic log cookies to identify which pages visitors are using. This helps us understand more about our webpage traffic, enabling us to improve our website, tailoring this it to the needs of our service users. This data is stored temporarily for these analytical purposes and then removed from our system after use.
A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Visitors to any website, including ours can opt to accept or decline cookies when given the option. Although some browsers automatically accept cookies, visitors are able to adjust their browser settings to allow/decline cookies at their discretion. Note that declining cookies may prevent you from accessing all elements of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Elements in our website such as blogs or articles may have links to other relevant websites. However, once you have left our website we are no longer in control of your privacy or the data you provide to these websites. Any external websites are not covered by our privacy statement. If you have any concerns about external websites it is best practice to read their personal privacy statement to understand their protocol for data collection and security.
GDPR
Staff Point Services Ltd. is committed to being transparent about how we collect and process the personal data of both our workforce and our service users. Thus adhering to strict data protection obligations. The following policy outlines our commitment to data protection, and your individual rights and obligations in relation to personal data.
Our GDPR policy relates to the personal data of following: job applicants, employees, workers, contractors, volunteers, interns, apprentices and former employees. This policy does not apply to the personal data of clients or other personal data processed for business purposes.
This policy does not form part of an employee’s contract of employment and may be amended at any time without prior notice.
If you have concerns over the use of this policy, you can raise these concerns with your manager.
Definitions
“Personal data” is any sensitive information which relates to an individual whereby they can be identified from the contents of this information.
‘Processing’ is any and all ways this data is handled, inclusive of collecting, storing, amending, disclosing or destroying it.
“Special categories of personal data” relates to the information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and biometric data.
“Criminal records data” means information about an individual’s criminal convictions and offences, and information relating to criminal allegations and proceedings.
Data Protection Principles
The Company processes personal data in accordance with the following data protection principles:
- We process personal data lawfully, fairly and in a transparent manner.
- We collect personal data only for specified, explicit and legitimate purposes.
- We process personal data only where it is adequate, relevant and limited to what is necessary for the purposes of the processing.
- We keep accurate personal data and take all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.
- We keep personal data only for the period necessary for processing.
- We adopt appropriate measures to make sure that personal data is secure and protected against unauthorised or unlawful processing, accidental loss, destruction or damage.
- We inform individuals of the reasons for processing their personal data, how we use such data and the legal basis for processing in the Company’s privacy notices. We will not process personal data of individuals for other reasons.
- We will update personal data promptly if an individual advises that his/her information has changed or is inaccurate.
Personal data gathered during the employment, worker, contractor or volunteer relationship, or apprenticeship or internship, is held in the individual’s personnel file (in hard copy or electronic format, or both), and on HR systems. The periods for which the Company holds personal data are contained in its privacy notices to individuals.
We keep a record of our processing activities in respect of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR).
Individual rights
All Individuals have the right to make a subject access request. Once an individual makes a subject access request, Staff Point Services Ltd. will inform them of:
- whether or not their data is processed and if so why the categories of personal data concerned
- the source of the data if it is not gathered from the individual themselves
- to whom their data is currently disclosed to or may be disclosed to in future, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers;
- for how long their personal data is stored with us (and how this period is determined);
- their right to rectification or erasure of data, or to restrict or object to certain data processing;
- their right to complain to the Information Commissioner if they believe the organisation has failed to comply with their data protection rights
We will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically unless he/she agrees otherwise.
Staff Point Services Ltd. will provide the individual a digital copy of the data currently being used in data processing. If the individual requires additional copies in print formats this may be arranged for an administrative fee.
In some cases, the Company may need to ask for proof of identification before the request can be processed. We will inform the individual if we need to verify their identity and the documents we require.
In order to process a request Staff Point Services Ltd. may request proof of identification before releasing personal data. In this case we will contact the individual of the need for this as well as a list of documents we require.
Staff Point Services Ltd. will endeavour to respond to any requests within a month of receipt. In some cases, such as where we are processing large quantities of the individual’s data, this period may be extended to three months. We will inform the individual of any delays in writing.
If we receive a request that is deemed unfounded or excessive, we will notify the individual that this is the case and advise on whether we intend to progress with this request or not.
Other rights
Individuals have a number of other rights in relation to their personal data. They can require the Company to:
- rectify inaccurate data;
- stop processing or erase data that is no longer necessary for the purposes of the processing;
- stop processing or erase data if the individual’s interests override the organisation’s legitimate grounds for processing data (where the organisation relies on its legitimate interests as a reason for processing data);
- stop processing or erase data if the processing is unlawful; and
- stop processing data for a period if data is inaccurate or if there is a dispute about whether or not the individual’s interests override the organisation’s legitimate grounds for processing data
To ask Staff Point Services Ltd. to take any of these steps, a request should be sent to the relevant Line Manager.
Data Security
We, like most recruitment agencies take the security of personal data incredibly seriously. We have internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.
We have a number of internal policies and protocols in place to ensure personal data is protected against loss, destruction, misuse or disclosure as well as ensuring that data is entirely inaccessible by anyone other than employees who require this access to perform their duties.
In instances where Staff Point Services Ltd. engage with third parties to process personal data on our behalf, this is actioned according to strict instruction. Any third parties are governed under a duty of confidentiality and are obliged to meet GDPR requirements by implementing their own security measures.
Data Breaches
If the we suspect or find that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals stored on our systems, it is our duty to report this Information Commissioner within 72 hours of discovery. Staff Point Services Ltd will record all data breaches regardless of their effect.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform all affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.
International data transfers
In some instances, personal data may be transferred to countries outside the EEA for references purposes. Data is transferred outside the EEA within the governance of this policy and the security this grants individuals.
Individual responsibilities
Individuals are responsible for helping the Company keep their personal data up to date. If there are necessary changes to information given to us the individual should let us know in order for us to update our systems.
Individuals may have access to the personal data of other individuals including customers and clients during the course of their placement.Where this is the case, Staff Point Services Ltd. requires these individuals to comply our data protection obligations to all parties inclusive of staff, customers and clients.
Individuals who have access to personal data are required:
- to access only data which they have authority to access and only for authorised purposes outlined;
- to never disclose data except to individuals (whether inside or outside the organisation) who have appropriate permission
- to maintain the security of data (for example by complying with rules on access to premises, computer access, including password protection, and secure file storage and destruction);
- to not remove personal data, or devices containing or that can be used to access personal data, from the organisation’s premises without adopting appropriate security measures (such as encryption or password protection) to secure the data and the device; and
- to not store personal data on local drives or on personal devices that are used for work purposes.
Failing to observe these requirements may amount to a disciplinary offence, which will be dealt with under our Disciplinary Procedure. Significant or deliberate breaches of this policy, such as intentionally accessing employee or customer data without authorisation or a legitimate reason to do so, may constitute gross misconduct and could lead to summary dismissal.