Aunt Jessica Cares is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have created this privacy statement (together with our Terms & Conditions and any other documents referred to in it) sets out the basis on how we collect, retain and use the information we receive about you. Our goal is to demonstrate and communicate our high ethical standards and how we implement appropriate internal controls. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our website (“our site”) you are accepting and consenting to the practices described in this statement.
WHO WE ARE?
Aunt Jessica Cares is a recruitment agency and recruitment business as defined in the Employment Agencies Act 1973 (our business). We also provide sector specific online training and pre-inductions. We collect the personal data from the following types of people to allow us to undertake our business;
- Prospective and placed candidates for permanent or temporary roles;
- Prospective and live client contacts (including referee contacts provided by candidates);
- Supplier contacts to support our services;
- Employees, consultants, temporary workers and contractors
Aunt Jessica Cares of 1A Cloisters House 8 Battersea Park Road SW8 4BG
For the purpose of the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR), the data controller is Aunt Jessica Cares.
WHAT IS THE PURPOSE OF THIS STATEMENT?
We are committed to protecting the privacy and security of your personal information.
This privacy statement describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) as updated from time to time. It applies to all clients, candidates and contractors. Employees of Aunt Jessica Cares should refer to the Employee Privacy Statement which is available on the intranet.
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
OUR LEGAL BASIS FOR USING YOUR PERSONAL DATA
Under GDPR, the main grounds that we rely upon in order to process personal information of clients and candidates are the following:
(a) Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing a service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;
(b) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;
(c) Necessary for the purposes of legitimate interests - either we, or a third party, will need to process your personal data for the purposes of our (or a third party's) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
(d) Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way.
WHAT PERSONAL DATA WILL WE COLLECT FROM YOU?
We will hold, use and disclose your personal information, for our legitimate business purposes including:
- to provide our services to you;
- to maintain our business relationship, where you are a user of our website, a client or candidate;
- to enable you to submit your CV for general applications, to apply for specific jobs or to subscribe to our job alerts. Please see the separate section on your CV below which outlines additional uses and disclosures;
- to match your details with job vacancies, to assist us in finding a position that is most suitable for you and to send your personal information (including sensitive personal information) to clients in order to apply for jobs;
- to retain your details and notify you about future job opportunities other than the specific role for which you have contacted us;
- to answer your enquiries;
- to direct-market products and services, advise you of news and industry updates, events, promotions and competitions, reports and other information. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;
- to fulfil contractual obligations with our clients;
- to provide further services to you by sharing your personal information with other companies within our Group of companies as well as trusted third parties. Further details about this are set out in the separate section below on Sharing your Personal Information;
- to release personal information to regulatory or law enforcement agencies, if we are required or permitted to do so;
- our website uses a website recording service which can record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Data collected by this service is used to improve our website usability. The information collected is stored and is used for aggregated and statistical reporting, and is not shared with anybody else.
- In order to provide you with personalised content on our website, with more relevant communication in our emails, and with a tailored service from our consultants, we track and record your usage and interaction with our website and emails. We employ a third party service provider to help us record, store and analyse this information to determine how we might best deliver your engagement. We ensure that no personally identifiable attributes are recorded in this database and, other than our chosen service provider, we do not share this information with any other business or affiliate.
- We may process, in accordance with local regulations, certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health, religion or ethnic origin in the CV you send to us. We may also be required to conduct a criminal records check against your details. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.
HOW WE SHARE YOUR PERSONAL INFORMATION
In certain circumstances we will share your personal information with other parties. Details of those parties are set out below along with the reasons for sharing it.
Our Partners within the EEA:
- Reachout Recruit Ltd
Where you are registered as a candidate on our database, we will share your personal information with our Partners of companies in the European Economic Area ("EEA").
We will share your personal information as above for any or all of the following purposes:
To provide you with recruitment services;
- for business development;
- for systems development and testing;
- for development and marketing of other products and services;
- to improve our customer service and to make our services more valuable to you; and/or
- to tailor our website when you log on to make them relevant to you personally.
Our other Partners outside the EEA
In the event you require us to explore job opportunities for you outside the EEA, we will notify you that we intend to pass your personal information to, or allow access to such information by, our other partners worldwide so they can use it for the purposes set out above.
If you would like details of the particular partners which can access your personal information, please contact us using the details in the Contact section.
We apply equal rigour to the security of data held and processed across our company. Each partner outside the EEA with access to data in the UK, enters into a specific data protection agreement with Aunt Jessica Cares thereby undertaking to meet the same standards of data security and to act in accordance with data protection principles applicable under the strict European data protection laws. This agreement is based on the Model Clauses as approved by the EU Commission
We disclose your personal information to clients who have vacancies for jobs in which you are interested.
Trusted Third Parties
We will share your personal information and, where necessary, your sensitive personal information with trusted third parties where we have retained them to provide services that you or our clients have requested, such as:
- employment reference checking;
- qualification checking;
- criminal reference checking (as required);
- verification of details you have provided from third party sources; and/or
- psychometric evaluations or skills tests.
- Online Training
We will also share your personal information with third parties who perform functions on our behalf and provide services to us such as:
- professional advisors;
- Payroll companies;
- data analytics providers;
- IT consultants carrying out testing and development work on our business technology systems;
- research and mailing houses; and/or
- function co-ordinators.
We require minimum standards of confidentiality and data protection from such third parties. To the extent that any personal information is provided to third parties outside the EEA, or who will access the information from outside the EEA, we will ensure that approved safeguards are in place, such as the approved Model Clauses or the EU/US Privacy Shield.
Regulatory and Law Enforcement Agencies
As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
WHERE IS YOUR PERSONAL DATA STORED?
All company storage locations which holds personal information are encrypted to the highest standard. This includes our CRM database; file locations and remote access. All cloud data is secured by Microsoft Azure Active Directory.
We will do our best to protect your personal data, although as the transmission of information via the internet is not completely secure we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, misuse or loss.
If you suspect any unauthorised access to or misuse or loss of your data, please contact us immediately using our contact details within the 'How can you contact us?' section lower down on this web page.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your personal data in accordance with the following data retention periods:
Candidate personal data – 5 years since the last contact with you, where contact means addition of your personal data to our database, placement into a role or there is a record of verbal or written communication with you. Candidates includes applicants for all vacancies we advertise, including permanent, part-time and temporary positions with any of our clients. This also includes individuals put forward by any of our clients.
Contractor financial data – 7 years following the last payment made. Contractors includes any Candidate who we have placed and made a payment to.
We will endeavour to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so. However some of your data may still exist within our systems. For our purposes, this data will be put beyond use, meaning that while it still exists on a system, it cannot be readily accessed by operational systems, processes or staff.
Use of automated profiling tools
We do not carry out any automated profiling in our recruitment process.
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
YOUR RIGHTS ON INFORMATION WE HOLD ABOUT YOU
You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
Right of Access
You have the right at any time to ask us for a copy of the personal information about you that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
Right of Correction or Completion
If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. You can let us know by contacting us using any of the methods in the Contact section below.
Right of Erasure
In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
Right to object to or restrict processing
In certain circumstances, you have the right to object to our processing of your personal information by contacting us using any of the methods in the Contact section.
For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes.
You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
Right of Data Portability
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
You can ask us to transmit that information to you or directly to a third party organisation.
The above right exists only in respect of personal information that:
- you have provided to us previously; and
- is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation's systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of the above rights by contacting us using any of the methods in the Contact section below.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the details in the Contact section below.
If you are dissatisfied about any aspect of the way in which your data is processed you may, in the first instance refer the matter to: email@example.com. This does not affect your right to make a complaint to Aunt Jessica Cares : https://ico.org.uk
To subscribe to job alerts emails, you will be required to provide your name and e-mail address, which will be used for the purpose of keeping you informed, by e-mail, of the latest jobs in your nominated industry and to provide you with industry news and other information related to our services.
Should you decide that you no longer wish to receive this information, unsubscribe links are provided in every job alert email that you receive.
Job alerts emails are sent by Aunt Jessica Cares. Where the sender is based outside the EEA your details will be sent to or accessed by that entity to enable them to issue the relevant job e-mail alert to you.
If you wish to receive a copy of the information we hold about you, write to us:
Aunt Jessica Cares 1A Cloisters House 8 Battersea Park Road SW8 4BG.
IP ADDRESSES AND COOKIES
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
LINKS TO OTHER WEBSITES
Our website is protected with a variety of security measures to ensure that data you provide is not lost, misused, or altered inappropriately.
CONTENT OF THE WEBSITE
All information on the website is for general information purposes only and may be altered at any time by Aunt Jessica Cares without notice.
This website was created in England. Any interpretation of its content, claims or disputes (of whatever nature and not limited to contractual issues) shall be subject to the exclusive jurisdiction of the English Courts under English law.
If you have any enquires you can contact us at firstname.lastname@example.org or by writing to us at:
Aunt Jessica Cares
1A Cloisters House
8 Battersea Park Road