- We shall also outline the legal rights that you have and how we have used these to analyse all the data and processes in our business ensuring total transparency and compliance with your data.
Legal Rights for individuals
We feel it is important to outline the main legal rights that we have used as a basis for our compliance checks. Also, this should help you to understand more easily how GDPR and general data protection laws help to protect your data. These list of rights are not exhaustive.
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights in relation to automated processing
- Right to withdraw consent
Our basis for processing data
- Legal Obligation
- Protecting vital interests
- Public interest
- Legitimate interests of the business
Principles under which we hold your data
- Fairness, lawfulness and transparency
- Purpose limitation
- Data minimisation
- Integrity and confidentiality
- Storage limitation
What data do we collect?
At MRK Associates we have always been sensitive to people’s personal data so the introduction of GDPR has simply been an incentive to formalise our processes and improve our internal procedures.
We have only ever looked to collect the minimal amount of data that we need to enable us to offer you employment opportunities which are tailored to your circumstances and your interests. We hold this data on a central cloud based system and only people whom we have spoken to and ‘pre-registered’ properly (hence aware we are processing their data) have their data processed into this system. Many of the types of information we hold are listed below and it is information that has either been sent to us directly or we have found on open online databases where the owner has posted their information previously. This is not an exhaustive list:
- Age/date of birth
- Marital status;
- Contact details
- Education details
- Employment history
- Emergency contacts and details of any dependants
- Referee details
- Immigration status (whether you need a work permit)
- Nationality/citizenship/place of birth
- A copy of your driving licence and/or passport/identity card
- Financial information (where we need to carry out financial background checks)
- Social security number (or equivalent in your country) and any other tax-related information
- Diversity information including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability-related information
- Details of any criminal convictions if this is required for a role that you are interested in applying for
- Details about your current remuneration, pensions and benefits arrangements
- Information on your interests and needs regarding future employment, both collected directly and inferred, for example from jobs viewed or articles read on our website
- Extra information that you choose to tell us
- Extra information that your referees chooses to tell us about you
We record all landline calls in and out of the business for training and quality purposes. These are kept for 7 years for potential future legal referral and to cover individuals that have worked for us either in temporary assignments or in permanent placement.
How do we collect your data?
At MRK Associates we use a number of different methods to find and register individuals who are looking for new employment opportunities in order to offer our clients a choice of the best talent in the market.
Predominantly we receive data sent directly from yourselves but there are situations and procedures within our business where we receive data through other sources that may not be as transparent to you.
Information you send to us:
- Your CV when applying to jobs through online job boards – of which we use many dependant on the division of MRK/ type of job that is being advertised
- Speculatively sending your CV directly to us through completing the “registering CV” box on the MRK website
- Emailing your details directly to an MRK employee
- Completing an application form when meeting an MRK employee for interview
- Giving a hard copy of your CV to an MRK employee at any given opportunity
- Sending communication to us through the various forms of social media that we use
Information that we find about you:
- We subscribe to online CV databases where jobseekers setup their profiles and upload their CVs. This enables us to see your personal data for relevant job vacancies for which we are searching
- We use various forms of social media to search for people for our jobs but this is mainly LinkedIn where individuals create their profiles using terminology relevant to the skills and jobs that they undertake
Information that we receive through third parties:
- Personal details of an individual sent by friends or colleagues who are referring them
- We use an overseas business who work through various online databases to provide us with CVs to review on our instruction for each vacancy we are working.
- Employers pass personal information of direct applicants whom they are needing payrolled temporarily.
What do we use your information for?
By far the most common usage of your data is to assist you in finding employment opportunities either of a permanent or temporary nature. However, there are other ways we may use your data and these reasons are outlined below although not an exhaustive list. Dependant on different laws and requirements, there are different amounts of data that we may need in order to ensure we provide you with the high level of service that is expected.
- Contacting you about our recruitment services and specific vacancies that arise
- Giving you the opportunity to apply for jobs online or through other means
- Analysing your data for shortlisting purposes
- Maintaining your details on our recruitment database to contact you with relevant opportunities
- Assessing data about you against vacancies which we think may be suitable for you
- Sending your information to employers for specific jobs or for future opportunities
- Obtaining checks where appropriate and necessary (references, qualifications, credit, criminal etc.)
- Payrolling and invoicing purposes
- Legal obligations for accounting and tax purposes as well as contractual needs between us
- Contracts between us and other 3rd parties for recruitment purposes.
- Cookies are used to understand your use of our website and to help look at trends of usage etc. to improve future use of the site. Anonymous cookies which do not hold any personal data are used to enable us to monitor site usage statistics through Google Analytics
- Carrying out customer satisfaction surveys
- Keeping you informed of new vacancies as they arise through the website or emails
- Quarterly newsletter with articles about the economy, career advice, job hunting techniques and general market and MRK information
- Details of career events or networking events we are hosting or involved in the surrounding area
- Occasional offers that may come to us and we forward to you. An example of this may be training courses that could enhance your career which we are able to offer at reduced cost through our relationship with a local training provider
- We do not currently monitor diversity information or other such sensitive information but to understand diversity and equal opportunities in our processes this may be something we monitor in the future. Explicit consent will be obtained before any such information is obtained or kept.
- Rarely legal actions are undertaken where information is used as evidence
How do we use your data?
We will only use your data for the purposes that we have received your data for in the first place. Any other use of your data will be for reasons that we will have communicated to you directly and received your “opt-in” consent. The only exception to this will be in situations where legitimate business interests or “soft opt-in” consent are used as a basis to contact you about other related products or services, i.e. applying with your CV to one specific job implies you are looking for employment opportunities generally so we will speak to you about other vacancies and not just limit your search to the one job you have applied to.
We already work to specific processes that ensure we provide our candidates with the best service we can and many of these will now become law under GDPR. To outline some of these (although it is not an exhaustive list):
- When a live vacancy is registered with us, you will be fully briefed about the job before your CV is forwarded to a client
- We will inform you of the name of the company in this briefing. This is imperative for transparency in using your data and the only exception is where a company has expressively requested confidentiality due to internal circumstances. In this situation, we will explain the circumstances to you and why we can’t give you the information
- With your consent, we will forward your CV to an employer as an application to pre-mentioned job.
- Employers do ask us for information such as your current salary, package, notice period, town of residence etc. and we would pass this on assuming legitimate business interest as their desire for this information is valid during a recruitment process.
- Should an employer ask for your phone number or email address during an interview process, we will get your permission before passing this to them. This can happen if phone interviews are being arranged, interviews are off-site, online testing is being conducted.
- At offer stage, employers will need your contact details to send you confirmation of the offer but we will ask for your permission to send these when communicating the offer to you.
- When invoicing an employer your name will be on the invoice for identification purposes only but no other information relating to your remuneration or personal data is present.
- Occasionally, in an attempt to offer you more choice in your job search, we may create a profile about you that we send to a targeted list of employers/ contacts around the area. This profile is anonymous with no mention of name, current company or other identifiable information but helps us to identify other opportunities in the market that may be relevant for you.
- Often large employers use web based portals through which they manage their recruitment processes. This usually requires us to submit information about you, including your email address for identification purposes, so the employer can ensure no duplication of applications has occurred. We obtain the GDPR policies from these clients to ensure they are managing your data appropriately.
- Should we find you temporary employment, no matter whether you are a PAYE, umbrella or limited company worker, your details will be transferred to an external payroll/ invoice factoring provider.
- All PAYE workers will also have their details sent to NOW Pensions who are the auto-enrolment pension providers for all our PAYE temporary workers.
- All Umbrella workers will usually set up and provide their own details to the umbrella company that they choose to use for payrolling purposes. It is possible that we will send some personal data to them to ensure you are paid correctly and on time.
General business operations
We use a host of different systems, software, mechanisms and external suppliers to support us in all our recruitment operations and, whilst some of this is confidential to our business (to ensure we maintain the edge over our competitors) we do want to outline some of the ways in which we use your data with these.
- All job applications from all the online job boards we use come through one central system and are stored on one central cloud based database. We reply to all job applications to acknowledge receipt of your CV – sometimes rejecting the individual for the job, sometimes calling them to discuss their skills further.
- Any applications directly through the MRK Associates website also flow into the central applicant tracking system (above) but data is recorded within the MRK site. A range of type of cookies are used in the site with a cookie pop-up appearing when you enter the site. Some of these cookies are within your control and some aren’t. See cookies section below for an explanation.
- Having spoken to you, if we feel we have the right opportunities to help you find a new job, we will transfer your information to a cloud based recruitment specific CRM system through which we run all future communication – other than some emails that may be sent to you from mobiles or outlook. This CRM holds all candidate, employer, contact and job information for the MRK business.
- We work in as much of a paperless office environment as is possible but a significant part of our job is meeting employers when we are working on their vacancies. Often we do this after we have forwarded CVs to them (with candidates permission obviously). In this case, we will print hardcopy CVs to take to the meeting to discuss them face to face. These are brought back to the office and securely destroyed through a secure shredding company that collects and destroys the paperwork. This happens with all printed paper in the office.
- Often our consultants are speaking to you outside of work hours using their mobile phones. Every consultant has a password on their phone and SIM to ensure security of your data if phones are ever lost or stolen.
How long do we keep your data?
We have set out very strict and exact processes as to how we will look after and keep your data. The timescales of this depend on what we are doing/ have done with your data and how much interaction we have had with you when receiving your data. These are outlined below:
- Legally we are required to keep any data where we have placed people in jobs for 7 years due to HMRC regulations. This includes our accounting system, our CRM system and our temp payrolling providers.
- If we have fully registered you on our recruitment CRM system, under legitimate business interests we will be keeping your data for 5 years. This is because once people have found themselves a new job, they may potentially remain in that job for 3-4 years (maybe longer). We feel there is a value to you in us keeping your details so when a job is registered with us in the future that could act as a great next step in your career, we are able to contact you to discuss it.
- Data kept in our central job application system will be deleted after 2 years as we are either not using this data regularly enough to keep it or we will have transferred it to our recruitment CRM system.
- Data kept in the MRK Associates website from direct applications will also be deleted after 2 years for the same reasons as above.
- Completed application forms will be kept for either 7 years or 5 years dependant on whether we have placed the individual. Any hardcopy data other than this (i.e. printed CVs for meetings) will be deleted immediately after use so won’t be kept for any period that isn’t necessary.
Whilst it would be narrow-minded of us to publish all the protocols that we have taken to ensure your data is secure, we can assure you that we have changed, amended and improved all areas of our business to minimise the likelihood of any unauthorised access to your data or our systems.
We will continue to monitor, assess and improve these into the future.
Definitions and explanations
The cookies we use on our website can be broken down into three categories:
- Necessary: e.g. session cookies enable the website you are visiting to keep track of your movement from page to page so you don’t get asked for the same information you’ve already given to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to login to every different page.
- You can adjust these through the features section of your browser.
- One such piece of information is IP addresses. We anonymise this data collected by Analytics, but the cookie itself is left as per normal
- Our cookie pop-up gives users the option to turn off Analytics, although we do have it set to “on” by default
- Third Party: e.g. Google Maps. These cookies are the ones over which we have no control, because they’re issued by a third party and nothing to do with MRK.
In this policy we have mentioned that some data is processed or kept under the legal basis of legitimate interests. This is where we balance our legitimate interests and the necessity of processing your personal data against your interests, rights and freedoms taking into account the particular circumstances.
We have tried to calculate this by looking at the value that our actions may give you against the how long it has been since we had meaningful contact with you.
In line with your rights in this document, you are welcome to request us to erase or restrict processing of your data or object to our dealings with your data etc.
Consent means offering you genuine choice and control over how we use your data. You are able to give or withdraw your consent whenever you wish without detriment.
We will ensure that it is clear and transparent as to what you are giving your consent for and you must opt-in for ant consent that we are requesting. We will record any consents that you have given to us.
Subject Access Request (SAR)
This is where an individual requests to see the data being held on them. This may incur a £10 Administration charge dependant on the detail of the request. For a subject access request to be valid, it should be made in writing and we will respond asap but at latest 40 days after the request.
You are then entitled to be:
- told whether any personal data is being processed;
- given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
- given a copy of the information comprising the data; and given details of the source of the data (where this is available)
In line with the main objectives of GDPR, and as outlined at the beginning of this document, you maintain various rights with your data after you have submitted it to us. At any time you can contact us to discuss these rights.
We will look to deal with your queries as soon as possible and no longer than one month in line with the legislation in place.
3rd Floor, Imex House,
575-599 Maxted Road
Telephone: 01442 894555