GDPR  

 

Westbeach Recruitment is a data controller for the purposes of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). We are responsible for ensuring that any processing of your personal information by us is done fairly and lawfully. Processing your personal data includes holding, obtaining, recording, using or sharing it. We take your privacy very seriously and will only process your personal data for the purposes set out in this notice.

Source of your personal data
We obtained the following categories of personal data from Candidates which is not a publicly accessible source:
• Your contact details
• Details of the candidate’s employment with you
• Your approximate location

The purposes for which your personal data will be processed
We will need to process your personal data for the purposes of providing recruitment and related services to our clients, work-finding and related services to candidates, as well as safeguarding children and other vulnerable people in relation to the provision of these services.
The basis for processing your personal data
The legal bases upon which we may rely to process your personal data are:
• Legal obligation
• Legitimate interest
• Consent
We may be required to process certain categories of your personal data in order to comply with our legal obligations under the Conduct of Employment Agencies and Employment Business Regulations 2003 (the Conduct Regulations 2003) and other relevant legislation. You are not under any obligation to provide us with your personal data, but if you do not, we may be unable to meet our legal obligations and so we may not be able to provide work-finding or recruitment services to a particular client or work-seeker.
Our business involves providing work-finding and related services to work-seekers and recruitment and related services to our clients and so we may need to process your personal data in order to pursue our legitimate interests in achieving this. We may also need to retain personal data in case we need to establish or defend a legal claim.
We rely on your consent in certain circumstances, for example to process your data for the purposes of sending you direct marketing by email or SMS (text message), to use cookies when you visit our website, or to process sensitive personal data.

Direct Marketing
We would like to use your contact details to contact you about suitable candidates, news and information which we think may be of interest to you. However, we will not contact you with marketing material unless you expressly and actively consent to our doing so, and you have the right to unsubscribe at any time, by clicking the link which appears in the email footers of marketing emails.

Sensitive personal data
We will only ever process sensitive personal data with your express consent, unless the processing of your sensitive personal data is necessary for other reasons permitted by law. Please do not disclose any sensitive personal data about yourself to us unless we request it or it is essential to do so. Unsolicited personal data will be deleted.

Sharing your personal data
Your personal information will be processed by our staff and our subcontractors (including IT providers) in order to provide our recruitment and work-finding services. We will need to provide them with certain categories of your personal data and they will be under an obligation to process it as instructed by us and in accordance with relevant data protection legislation.
We may be required by law to share certain categories of your personal data with the Employment Agency Standards Inspectorate (EAS) or other government agencies.
We will not share your personal data with any other organisation unless it is necessary and in connection with providing our work-finding and recruitment services.

Overseas transfers
Data will be stored within the EEA on either local or cloud-based servers and will be subject to technical and organisation safeguarding protection measures. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
Some categories of data may be transferred outside the EEA, including consumers who require Domestic, Childcare and Catering & Hospitality staff worldwide. If it is necessary to transfer your data to a country outside the EEA to assist us in providing work-finding and recruitment services, we will take all reasonable steps to ensure that your data is subject to the same protection as that provided by the EU and that it is subject to technical and organisation safeguarding protection measures.

Accuracy of your data
We will endeavour to keep your personal data accurate and up to date and will only process it for the specific purposes notified above. Data that is inaccurate or out of date will be deleted. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.

Retaining your data
Different laws require us to keep different data for different periods of time. The Conduct Regulations require us to keep work-seeker records for at least one year from the date of their creation or the date upon which we last provide a work-seeker with work-finding services.
We may also retain it in order to pursue our legitimate business interests. We will not store your data for any longer than is necessary to comply with our legal obligations or to pursue our legitimate business interests.

Your rights
Whilst we are processing your data, you have the right to:
1. request access to personal data we hold about you;
2. object to the processing of your data;
3. ask to have inaccurate data held about you removed;
4. ask to have inaccurate data held about you or corrected;
5. if the processing of your data is based only on consent, to withdraw that consent;
6. request that your data is shared with a third party.

If for any reason you are dissatisfied with how your personal data has been processed, you can complain to the Information Commissioner’s Office (ICO), the supervisory authority in the UK for data protection on 0303 123 1113 or at https://ico.org.uk/concerns/.

Data security
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and the accidental loss of, or damage to, personal data. We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.

We will only transfer personal data to a third party if they agree to comply with those procedures and policies or put in place adequate measures before receiving it. Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
All enquiries will be responded to as quickly as possible and all data breaches will be taken very seriously.