+44 (0)20 3008 8636
 

Privacy Policy

Company Name: Oak Tree Recruitment
Model Policy No.: PHPOLWEB
Model Policy Name: Wesbite Privacy Statement
Date: September 2017
Version: 1

 

The Company will collect the personal details that you provide to us on our website for the purposes of providing you with services and/or information. In providing such services and/or information to you we will only use your personal data in accordance with the terms of the following statement

This statement sets out below:

  1. How the Company collects your personally identifiable information through the website.
  2. How the Company uses this information.
  3. Who the Company may share the information with and for what purpose(s).
  4. What choices are available to you regarding collection, use and distribution of your information.
  5. The kind of security procedures that are in place to protect the loss, misuse or alteration of information collected through the Company’s website.
  6. How you can correct any inaccuracies in the information collected through the website.

If you feel that this company is not abiding by its posted privacy policy, you should first contact the Digital Communications Manager at info@oaktreerecruitment.com

 
Information Collection and Use

The Company collects information from our users at several different points on our website. The Company is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others except when specifically required to do so by law.   

Registration

We request information from you on our online registration forms. Here you must provide contact information and information regarding the type of work you are seeking and your skills, qualifications and experience. This information is used to enable us to provide you with work-finding services. If we have trouble processing your application, this contact information is used to get in touch with you. The Company does not use this information for any other purpose.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

We use traffic log cookies to identify which pages are being used. This helps us to analyse data about web page traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes, data is then removed from the system.

Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

By using this website, you agree in the use of cookies on this site.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Log Files

We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Sharing

We may share aggregated demographic information with our clients. This is not linked to any personal information that can identify any individual person.

Overseas Transfers

The Company may transfer the information you provide to countries outside the European Economic Area (“EEA”) that do not have similar protections in place regarding your data and restrictions on its use as set out in this policy. However, we will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. By submitting your information, you consent to these transfers for the purposes specified above.

Sale of business

If the Company’s business is sold or integrated with another business your details may be disclosed to our advisers, and any prospective purchasers and their advisers, and will be passed on to the new owners of the business.

Links

This website contains links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. We encourage you to be aware of this when you leave our site and to read the privacy statements of every website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website. 

Security

The Company takes every precaution to protect our users’ information. Details listed below;

  • An antivirus solution is installed as a requirement on all hardware storing sensitive information, including servers.
  • All hardware that links to the internet is protected using business grade firewall systems.
  • Data processing of sensitive information is only shared to the appropriate personnel, sensitive information is stored on secured servers, all of which are in secured locations.
  • All passwords within Pignatelli Holdings are subject to a minimum complexity requirement which include no less than 8 characters and use numerical and symbol values as standard.

 

Only employees who need the information to perform a specific job (for example, our accounts clerk or a marketing assistant) are granted access to your information.

The Company uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure and for this reason the Company cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.

If you have any questions about the security at our website, you can send an email to the Digital Communications Manager at info@oaktreerecruitment.com

 
Correction/Updating Personal Information

If your personally identifiable information changes (such as office address), we will endeavour to provide a way to correct, update or remove the personal data provided to us.  This can usually be done by emailing the Digital Communications Manager at info@oaktreerecruitment.com

Notification of Changes

If we decide to change our privacy policy, we will post those changes on our Homepage so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.  If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email.  Users will have a choice as to whether we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

This policy was last updated 2017.

Complaints or queries

The Company tries to meet the highest standards when collecting and using personal information. We take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

If you wish to complain about this policy or any of the procedures set out in it please contact:

The Digital Communications Manage , info@oaktreerecruitment.com

 

Comany Name: Oak Tree Recruitment
Model Policy No.: PHPOLSDP
Model Policy Name: Information Security and Data Protection Policy
Date: December 2017
Version: 1

The Data Protection Act 1998

The Company processes personal data in relation to its own staff, work-seekers and individual client contacts - therefore it is a “data controller” for the purposes of the Data Protection Act 1998. The Company has notified the Information Commissioner’s Office – the Company’s data protection registration number is Z3317674.

The Company holds personal data on individuals (“data subjects”) for the following general purposes:

  • Staff administration.
  • Advertising, marketing and public relations.
  • Accounts and records.
  • Administration and processing of work-seekers personal data for the purposes of work-finding services.

The eight principles of data protection

The Data Protection Act 1998 requires the Company as data controller to process data in accordance with the principles of data protection. These require that personal data shall be:

1.     Fairly and lawfully processed.

2.     Processed for limited purposes.

3.     Adequate, relevant and not excessive.

4.     Accurate.

5.     Not kept longer than necessary.

6.     Processed in accordance with the data subjects’ rights.

7.     Kept securely.

8.     Not transferred to countries outside the European Economic Area without adequate protection.

Personal data” means data, which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of, or is likely to come into possession of the Company.

Processing” means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organising, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data. It is difficult to envisage any activity involving data, which does not amount to processing. It applies to any processing that is carried out on computer including any type of computer however described, main frame, desktop, laptop, iPad, Blackberry ® or other mobile device.

Personal data should be reviewed on a regular basis to ensure that it is accurate, relevant and up to date and those people listed in the Appendix shall be responsible for doing this.

Personal data may only be processed with the consent of the person whose data is held. Therefore, if they have not consented to their personal details being passed to a third party this may constitute a breach of the Data Protection Act 1998. By instructing the Company to look for work and by providing us with personal data contained in a CV work-seekers will be giving their consent to processing their details for work-finding purposes. If you intend to use their personal data for any other purpose you MUST obtain their specific consent.

Caution should be exercised before forwarding the personal details of any individuals on whom personal data is held, to any third party such as past, current or prospective employers, suppliers, customers and clients, persons making an enquiry or complaint and any other third party.

Sensitive personal data

Personal data in respect of the following is “sensitive personal data” and any information held on any of these matters MUST NOT be passed on to any third party without the express written consent of the individual:

 

·       Any offence committed or alleged to be committed by them.

·       Proceedings in relation to any offence and any sentence passed.

·       Physical or mental health or condition.

·       Racial or ethnic origins.

·       Sexual life.

·       Political opinions.

·       Religious beliefs or beliefs of a similar nature.

·       Whether someone is a member of a trade union.

Information security

From a security point of view, only those staff listed in the Appendix are permitted to add, amend or delete personal data from the Company’s database(s) (“database” includes paper records or records stored electronically). However, all staff are responsible for notifying those listed where information is known to be old, inaccurate or out of date. In addition, all employees should ensure that adequate security measures are in place. For example:

 

  • Computer screens should not be left open by individuals who have access to personal data.
  • Passwords should not be disclosed.
  • Email should be used with care.
  • Personnel files and other personal data should be stored in a place in which any unauthorised attempts to access them will be noticed. They should not be removed from their usual place of storage without good reason.
  • Personnel files should always be locked away when not in use, and when in use should not be left unattended.
  • Any breaches of security should be treated as a disciplinary issue.
  • Care should be taken when sending personal data in internal or external mail.
  • Destroying or disposing of personal data counts as processing. Therefore, care should be taken in the disposal of any personal data to ensure that it is appropriate. Such material should be shredded or stored as confidential waste awaiting safe destruction.

It should be remembered that the incorrect processing of personal data e.g. sending an individual’s details to the wrong person, allowing unauthorised persons access to personal data, or sending information out for purposes for which the individual did not give their consent, may give rise to a breach of contract and/or negligence leading to a claim against the Company for damages from an employee, work-seeker or client contact. A failure to observe the contents of this policy will be treated as a disciplinary offence.

Subject access requests

Data subjects are entitled to obtain access to their data on request and after payment of a fee. All requests to access personal data by data subjects should be referred to the Compliance Officer whose details are listed in the Appendix to this policy.

References

Any requests for access to a reference given by a third party must be referred to your Manager and should be treated with caution even if the reference was given in relation to the individual making the request. This is because the person writing the reference also has a right to have their personal details handled in accordance with the Data Protection Act 1998, and not disclosed without their consent. Therefore, when taking up references an individual should always be asked to give their consent to the disclosure of the reference to a third party and/or the individual who is the subject of the reference if they make a subject access request. However, if they do not consent then consideration should be given as to whether the details of the individual giving the reference can be deleted so that they cannot be identified from the content of the letter. If so the reference may be disclosed in an anonymised form.

The Human Rights Act 1998

Finally, it should be remembered that all individuals have the following rights under the Human Rights Act 1998 and in dealing with personal data these should be respected at all times:

 

·       Right to respect for private and family life (Article 8).

·       Freedom of thought, conscience and religion (Article 9).

·       Freedom of expression (Article 10).

·       Freedom of assembly and association (Article 11).

·       Freedom from discrimination (Article 14).

 

APPENDIX

Those responsible for adding, amending data:

All Consultants

Those responsible for deleting data:

Managers with Administration Rights

Those persons responsible for responding to subject access requests:

Compliance Officer

 

 

 

 
+44 (0) 203 008 8636