As a recruitment company Entech Technical Solutions processes personal data in relation to its own staff, work-seekers and individual client contacts. Entech Technical Solutions is dedicated to protecting and respecting your privacy whether it is through our online services or through direct contact with our consultants. We ensure that personal data is collected and stored in line with the Data Protection Act 1998 and the new GDPR compliancy standard.
This policy will explain the types of personal information that we collect, how we use the information, how long we will keep your information for, who we will be sharing the information with and the measures we take to protect the security of your information.
Please read the following carefully to understand our views and practices regarding your personal data and how it will be processed. We will endeavour to ensure that the information you submit to us remains private, and is only used for the purposes set out in this policy.
Our contact details
Entech Technical Solutions,Unit 1, Grovelands Business Centre, Hemel Hempstead, Herts, HP2 7TE Telephone number: 01442 898 900
Our Data Protection Officer is Rayah Lindley and she can be emailed at email@example.com
Information we may collect from you
Entech Technical Solutions collects and processes data and personal information through our social platforms, job sites and own website. We also collect data through job applications, recommendations and in connection with our interactions with clients and vendors. Your CV will not be stored on our website, it will be stored on our secure in-house computer network accessible only by Entech recruitment consultants.
Entech Technical Solutions holds data on individuals for the following general purposes:
- Administration and processing of work-seekers personal data for the purposes of work-finding services – this may include your name, address, e-mail address, phone numbers, work and education history, full CV and any other sensitive personal data as defined in the Data Protection Act 1998, plus your nationality which we are required to collect by law.
- If you are successful in a job application, we shall also request and hold copies of documentation showing your legal right to work in the UK (or the country in which you have chosen to work), and financial information such as bank account details. We may undertake credit references, and other lawful checks, where a recruitment client or third party requests such information.
- If you contact us, we may keep a record of that correspondence.
- Details of applications through our official website.
- Details of your visits to our website including, but not limited to, traffic data, communication data and resources that you access. We also collect website information to analyse the demographics to help us gain a better understanding of the users of our site as a group. This, however, does not contain personally identifiable information.
- Staff administration
- Advertising and Marketing via email or phone
By registering your details on our website, you consent to us collecting personal information for the purpose of disclosing this information to potential employers and clients in our recruitment process. Or to contact you with marketing and job opportunities.
Data may only be processed with the consent of the person whose data is held. Therefore if you have not consented to your personal details being passed to a third party, this may constitute a breach of the Data Protection Act 1998. By instructing Entech Technical Solutions to look for work and providing us with personal data contained in a CV, work-seekers will be giving their consent to processing their details for work-finding purposes.
If you have a beneficiary or next of kin, we will collect and process their name, address, phone and DOB. Next of kin will only be contacted in emergency circumstances under legitimate or vital interest.
Lawful basis for processing information
Consent is ‘any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed’.
Consent must be given freely, clearly, specific, informed and unambiguously. There must be no pre-ticked boxes and individuals must be able to withdraw consent easily. It is important to note that consent cannot be inferred from inactivity, silence or pre-ticked boxes anymore.
Under GDPR, the conditions or lawful basis’ that Entech use for processing information are:
Contractual – processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
Legitimate Interest - the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
When processing sensitive personal data, Entech can satisfy the following condition to do so:
Employment, social security or social protection laws – processing is necessary for carrying out obligations under employment
How long we will keep your Data
Entech Technical Solutions will process and store your information for a time period of 5 years only. After this time, you will be contacted to renew consent or you have the right, at any time, for erasure (the right to be forgotten).
We will send you relevant updates and useful information as part of our contractual/legitimate interest service with you.
How we use your Personal Information
Entech will use the information provided to us, for the purpose of assessing your suitability, qualifications and skills, not only for current assignments but also for assignments which we think may be suited to your skills and experience. We will also use your information to keep you informed by email and telephone about future work opportunities.
Your CV will be e-mailed directly to our recruitment consultants who will process your application and with your consent enter your details onto our secure in-house database. This database is only accessible by Entech consultants and is password protected.
Your CV will be sent to prospective employers but only where you give your consent. Such employers may be located both inside and outside the European Economic Area.
If you do not wish to consent to the use of your data for any of these purposes, including if you do not wish to receive direct marketing information from Entech Technical Solutions, or you wish to remove your data from our database, please e-mail firstname.lastname@example.org.
Where your data is stored
Entech Technical Solutions currently use a secure in-house database to store all personal information. By submitting your personal data, you agree to our storing and processing. We will endeavour to ensure that the information you submit to us remains private, and is only used for the purposes set out in this policy.
Do we use any automated decision making?
We do not use any automated decision making.
Do we transfer your personal data outside of the EU or EEA?
We do not transfer any of your personal data outside of the EU.
Sharing your personal Data
Depending on you personal circumstances we may share your personal data with the following recipients:
- HMRC for the purpose of providing your chosen services and responding to requests for information;
- our software, technology applications, database providers (Access RDB (CRM) Database Software, Docusign UK Ltd,) necessary for recording, securing and updating your personal details and administering services internally as well as external communications;
- Various umbrella companies (if applicable) for the purpose of making payments;
- Information Commissioners Office in the event of a request for information or breach;
Data should be reviewed on a regular basis to ensure that it is accurate, relevant and up to date. Please do let us know if you would like your records updated at any point. Our team here at Entech shall be responsible for doing this.
From a security point of view, only those staff listed in the appendix should be permitted to add, amend or delete data from the database. However all staff are responsible for notifying those listed where information is known to be old, inaccurate or out of date. In addition all employees ensure that adequate security measures are in place. For example:
- Computer screens are not left open by individuals who have access to personal data.
- Passwords are never disclosed and are changed regularly.
- Email are used with care.
- Personnel files and other personal data are stored in a place in which any unauthorised attempts to access them will be noticed. They should not be removed from their usual place of storage without good reason.
- Personnel files are always locked away when not in use and when in use are not left unattended.
- Any breaches of security are treated as a disciplinary issue and reported to the ICO as soon as they are realized.
- Care is taken when sending personal data in internal or external mail.
- Destroying or disposing of personal data counts as processing. Therefore care should be taken in the disposal of any personal data to ensure that it is appropriate. For example, it would have been more appropriate to shred sensitive data than merely to dispose of it in the dustbin.
It should be remembered that the incorrect processing of personal data e.g. sending an individual’s details to the wrong person; allowing unauthorised persons access to personal data; or sending information out for purposes for which the individual did not give their consent, may give rise to a breach of contract and/or negligence leading to a claim against Entech Technical Solutions for damages from an employee, work-seeker or client contact. The ICO will be notified within 72 hours of the realization of the data breach should it risk the rights and freedoms of the individual.
Any requests for access to a reference given by a third party must be referred in writing to the Data Controller and should be treated with caution even if the reference was given in relation to the individual making the request. This is because the person writing the reference also has a right to have their personal details handled in accordance with the Data Protection Act 1998, and not disclosed without their consent. Therefore when taking up references an individual should always be asked to give their consent to the disclosure of the reference to a third party and/or the individual who is the subject of the reference if they make a subject access request. However if they do not consent then consideration should be given as to whether the details of the individual giving the reference can be deleted so that they cannot be identified from the content of the letter. If so the reference may be disclosed in an anonymized form.
Entech have implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These measures are as follows:
- pseudonymisation and encryption;
- ensuring confidentiality, integrity, availability and resilience of processing systems and services;
- ability to restore availability and access to personal data in a timely manner in the event of an incident; and
the regular testing and evaluating of technical and organisational measures designed to ensure security of data processing.
It should be remembered that all individuals have the following rights under GDPR and in dealing with personal data these should be respected at all times. They are as follows:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
Article 17 of the GDPR, The Right To Erasure
The right to erasure is also known as ‘the right to be forgotten’.
This right is to enable an individual to request the deletion or removal of personal data that a company or entity holds for them. The right to erasure applies when:
1. The controller doesn’t need the data anymore - personal data is no longer relevant or needed in relation to the purpose for which it was originally collected
2. The subject withdraws consent for the processing with which they previously agreed to (and the controller doesn’t need to legally keep it [N.B. Many will, e.g. banks, for 7 years.])
3. The subject uses their right to object (Article 21) to the data processing
4. The controller and/or its processor is processing the data unlawfully
5. There is a legal requirement for the data to be erased
6. The data subject was a child at the time of collection (See Article 8 for more details on a child’s ability to consent)
There are some instances, however, when an organization doesn’t have to comply with this right, these can be for reasons such as compliance with legal obligations where the data needs to be available for a certain amount of time for the performance of a public interest task or exercise of official authority. This being said, all details of data retention and our legal obligations will be expressed when sending out consent to individuals.
Subject Access Requests
Data subjects, i.e. those on whom personal data is held, are entitled to obtain access to their data on request. To update your preferences, ask us to remove your information from our mailing lists, exercise your rights or submit a request, please contact us. All requests for information or a copy of your personal data should be in writing and addressed to the Data Protection Officer, Entech Technical Solutions, 1st Floor, Hamilton House, 111 Marlowes, Hemel Hempstead, Herts, HP1 1BB. Before receiving your personal data you must submit additional information for identity verification purposes.
You also have the right to request access to the personal information we have stored about you or request that we correct, amend or delete your information by contacting us as indicated above. Where provided by law, you may withdraw any consent you previously provided to us or object at any time on legitimate grounds to the processing of your personal information.