|Company Name:||Oak Tree Recruitment|
|Model Policy No.:||PHPOLWEB|
|Model Policy Name:||Wesbite Privacy Statement|
The Company will collect the personal details that you provide to us on our website for the purposes of providing you with services and/or information. In providing such services and/or information to you we will only use your personal data in accordance with the terms of the following statement
This statement sets out below:
Information Collection and Use
The Company collects information from our users at several different points on our website. The Company is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others except when specifically required to do so by law.
We request information from you on our online registration forms. Here you must provide contact information and information regarding the type of work you are seeking and your skills, qualifications and experience. This information is used to enable us to provide you with work-finding services. If we have trouble processing your application, this contact information is used to get in touch with you. The Company does not use this information for any other purpose.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
We use traffic log cookies to identify which pages are being used. This helps us to analyse data about web page traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes, data is then removed from the system.
Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
We may share aggregated demographic information with our clients. This is not linked to any personal information that can identify any individual person.
The Company may transfer the information you provide to countries outside the European Economic Area (“EEA”) that do not have similar protections in place regarding your data and restrictions on its use as set out in this policy. However, we will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. By submitting your information, you consent to these transfers for the purposes specified above.
Sale of business
If the Company’s business is sold or integrated with another business your details may be disclosed to our advisers, and any prospective purchasers and their advisers, and will be passed on to the new owners of the business.
This website contains links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. We encourage you to be aware of this when you leave our site and to read the privacy statements of every website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website.
The Company takes every precaution to protect our users’ information. Details listed below;
Only employees who need the information to perform a specific job (for example, our accounts clerk or a marketing assistant) are granted access to your information.
The Company uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure and for this reason the Company cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.
If you have any questions about the security at our website, you can send an email to the Digital Communications Manager at email@example.com
Correction/Updating Personal Information
If your personally identifiable information changes (such as office address), we will endeavour to provide a way to correct, update or remove the personal data provided to us. This can usually be done by emailing the Digital Communications Manager at firstname.lastname@example.org
Notification of Changes
This policy was last updated 2017.
Complaints or queries
The Company tries to meet the highest standards when collecting and using personal information. We take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you wish to complain about this policy or any of the procedures set out in it please contact:
The Digital Communications Manage , email@example.com
|Comany Name:||Oak Tree Recruitment|
|Model Policy No.:||PHPOLSDP|
|Model Policy Name:||Information Security and Data Protection Policy|
The Data Protection Act 1998
The Company processes personal data in relation to its own staff, work-seekers and individual client contacts - therefore it is a “data controller” for the purposes of the Data Protection Act 1998. The Company has notified the Information Commissioner’s Office – the Company’s data protection registration number is Z3317674.
The Company holds personal data on individuals (“data subjects”) for the following general purposes:
The eight principles of data protection
The Data Protection Act 1998 requires the Company as data controller to process data in accordance with the principles of data protection. These require that personal data shall be:
1. Fairly and lawfully processed.
2. Processed for limited purposes.
3. Adequate, relevant and not excessive.
5. Not kept longer than necessary.
6. Processed in accordance with the data subjects’ rights.
7. Kept securely.
8. Not transferred to countries outside the European Economic Area without adequate protection.
“Personal data” means data, which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of, or is likely to come into possession of the Company.
“Processing” means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organising, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data. It is difficult to envisage any activity involving data, which does not amount to processing. It applies to any processing that is carried out on computer including any type of computer however described, main frame, desktop, laptop, iPad, Blackberry ® or other mobile device.
Personal data should be reviewed on a regular basis to ensure that it is accurate, relevant and up to date and those people listed in the Appendix shall be responsible for doing this.
Personal data may only be processed with the consent of the person whose data is held. Therefore, if they have not consented to their personal details being passed to a third party this may constitute a breach of the Data Protection Act 1998. By instructing the Company to look for work and by providing us with personal data contained in a CV work-seekers will be giving their consent to processing their details for work-finding purposes. If you intend to use their personal data for any other purpose you MUST obtain their specific consent.
Caution should be exercised before forwarding the personal details of any individuals on whom personal data is held, to any third party such as past, current or prospective employers, suppliers, customers and clients, persons making an enquiry or complaint and any other third party.
Sensitive personal data
Personal data in respect of the following is “sensitive personal data” and any information held on any of these matters MUST NOT be passed on to any third party without the express written consent of the individual:
· Any offence committed or alleged to be committed by them.
· Proceedings in relation to any offence and any sentence passed.
· Physical or mental health or condition.
· Racial or ethnic origins.
· Sexual life.
· Political opinions.
· Religious beliefs or beliefs of a similar nature.
· Whether someone is a member of a trade union.
From a security point of view, only those staff listed in the Appendix are permitted to add, amend or delete personal data from the Company’s database(s) (“database” includes paper records or records stored electronically). However, all staff are responsible for notifying those listed where information is known to be old, inaccurate or out of date. In addition, all employees should ensure that adequate security measures are in place. For example:
It should be remembered that the incorrect processing of personal data e.g. sending an individual’s details to the wrong person, allowing unauthorised persons access to personal data, or sending information out for purposes for which the individual did not give their consent, may give rise to a breach of contract and/or negligence leading to a claim against the Company for damages from an employee, work-seeker or client contact. A failure to observe the contents of this policy will be treated as a disciplinary offence.
Subject access requests
Data subjects are entitled to obtain access to their data on request and after payment of a fee. All requests to access personal data by data subjects should be referred to the Compliance Officer whose details are listed in the Appendix to this policy.
Any requests for access to a reference given by a third party must be referred to your Manager and should be treated with caution even if the reference was given in relation to the individual making the request. This is because the person writing the reference also has a right to have their personal details handled in accordance with the Data Protection Act 1998, and not disclosed without their consent. Therefore, when taking up references an individual should always be asked to give their consent to the disclosure of the reference to a third party and/or the individual who is the subject of the reference if they make a subject access request. However, if they do not consent then consideration should be given as to whether the details of the individual giving the reference can be deleted so that they cannot be identified from the content of the letter. If so the reference may be disclosed in an anonymised form.
The Human Rights Act 1998
Finally, it should be remembered that all individuals have the following rights under the Human Rights Act 1998 and in dealing with personal data these should be respected at all times:
· Right to respect for private and family life (Article 8).
· Freedom of thought, conscience and religion (Article 9).
· Freedom of expression (Article 10).
· Freedom of assembly and association (Article 11).
· Freedom from discrimination (Article 14).
Those responsible for adding, amending data:
Those responsible for deleting data:
Managers with Administration Rights
Those persons responsible for responding to subject access requests: