**Who we are and what we do**
Phoenix Gray Recruitment Ltd are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Business Regulations 2003. We provide additional services of training and consultancy on occasion. We collect the personal data of the following types of people to allow us to undertake our business:
* Prospective and placed candidates for permanent, temporary or contract roles
* Prospective and live client contacts
* Supplier contacts to support our services
* Employees, consultants and temporary workers
**Who controls your data**
The data controller is Phoenix Gray Recruitment Ltd, a company registered in the UK at 158 Marlowes, Hemel Hempstead, Herts. HP1 1BA (registered company number 11664874). Our data protection officer is Ricky Cohen / info@phoenixgrayrec.com / 01708693100. Phoenix Gray Recruitment Ltd are registered with the Information Commissioner’s Office (ICO) under certificate number ZA473563.
**Information we collect**
About you: This is information about you that you give us by filling in application forms, through emails or telephone correspondence, by registering online, entering our database, entering a competition or reporting a problem with our site.
The information may include the below. Please note this list is not exhaustive and may be changed:
* Name and address
* Email address and telephone number
* Financial information
* Right to work information and proof of National Insurance
* Date of birth and emergency contact details
* Job history and qualifications
* Health records and DBS (where applicable)
**Processing your data**
This is how we will use your data once we have obtained it. The below list is not exhaustive and may be changed:
* Collecting and storing your data in both electronic and paper forms
* Using your data to contact you about prospective roles and to send to clients when you have accepted a job
* Using your data to administer payroll
* Assessing and reviewing your data to ensure it is suitable for job roles
* Altering your data when we are informed that it needs changing
* Erasing your data when requested – please note we are legally required to hold certain information (see the section on retention of data)
* Retaining records of our dealings with candidates and clients
* To provide information to regulatory authorities and statutory bodies along with our legal providers and insurers where necessary
* Sending information to third parties where we have/intend to enter in to recruitment relevant arrangements
* Purposes of processing your data
* There are many purposes for why we need to process the data that is held about you. Our legal base for processing personal data is our legitimate business interests which will be described in more detail below but we will also rely on contract, legal obligations and consent for specific uses of data.
**Our Legitimate Business Interests**
As a recruitment agency we introduce candidates to clients for temporary employment. Permanent employment or independent professional contracts. The exchange of personal data of our client contacts and candidates is essential and is a fundamental part of this process. In order to support our candidates career aspirations and our clients resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.
To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts. In order for our business to help candidates progress in their career we need to keep personal data to ensure they are qualified for the role. We need to keep financial information of a candidate to ensure they are paid correctly and we need personal information to add people to our database and to be able to contact both candidates and clients regarding our recruitment arrangements.
**Entering into a Contract**
If we are negotiating, or have entered into a placement agreement with you or your organisation, or if we have any other contract to provide services to you or receive services from you or your organisation, we will process our data on the basis that the processing is necessary for the performance of the contract.
**Compliance with Legal Obligations**
We are legally obliged to retain certain information of yours to fulfil statutory requirements. This includes the Conduct of Employment Agencies and Employment Business Regulations 2003, which require us to (amongst other things):
* Verify your identity
* Assess your suitability for an external job role
* Maintain records for specific periods
**Consent**
We may need to process your data under circumstances where we are relying on your consent to process it. Consent can be taken orally, by email or via an online process and your consent response will be recorded on our system to enable us to ensure our records are accurate.
You may withdraw your consent to our processing of your personal information at any stage. You can do this by emailing info@phoenixgrayrec.com or by writing to us at Data Protection Team, Phoenix Gray Recruitment Ltd, Unit 10, Barleylands Equestrian Centre, Whites Farm, Barleylands Road, Basildon, Essex, SS15 4BG. You can also complete the form on our website and submit it to us. Please note that if consent is withdrawn we may continue to retain your personal information where we have a legal or contractual obligation to do so, or if we need to retains data to abide by statutory retention periods.
**Sensitive Personal Data (SPD)**
Sensitive personal data is completely personal to you and can include things such as your race and ethnicity, health data, political and religious views and sexual orientation. We request that you do not provide us with any sensitive personal data unless it is necessary. For example we may need to ask you for some health data to ensure you are suitable for a specific role i.e. if the role involves heavy lifting we would ask for health data to ensure you are able to lift the objects.
If we are provided with sensitive personal data we will only process it for particular purposes including the below:
We have explicit consent to do so
For assessing your suitability for roles or working capacity
Where processing is necessary for the purpose of obligations or rights under employment, social security or social protection law
To maintain records of our dealings to address any later disputer or to exercise or defend any legal claims
**Retention of data **
If we engage you to work, either as a direct employee or as a temporary worker via a client we understand our legal duty to retain accurate data and only retain personal data for as long as is required for statutory purposes, our legitimate interests and that you are happy for us to do so. In most circumstances your data will not be retained for more than 6 years from the last point at which we provided any services or otherwise engaged with you. The following sets out the lengths of time we are required by law to retain your data or certain elements of your data:
* For 12 months from the date we last provided our recruitment services to you for the purposes of providing evidence of the recruitment services we provided to you (Regulation 29 of the Conduct of Employment Agencies and Employment Businesses Regulations 2003).
* For 2 years from the end of your last period of engagement of employment for the purposes of providing evidence that right to work checks were carried out under The Immigration (Restrictions of Employment) Order 2007.
* For 3 years from the end of the relevant year for the purposes of any parental/adoption leave records or statutory maternity or paternity pay (The Statutory Maternity Pay (General) Regulations 1986 (SI 1986/1960) as amended).
* For 6 years from the end of each tax year for the purposes of retaining payroll records under the Income Tax (Employment and Pensions) Act 2003.
* For 6 years from the end of each tax year for the purposes of keeping VAT records for any VAT registered limited company contractors
* For 3 years for accident books and accident records and reports under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR) and Limitation Act 1980.
* For 6 years for wage and salary records including bonuses, overtime and expenses under the Taxes Management Act 1970.
* For 2 years from the date on which they were made for records relating to Working Time under The Working Time Regulations 1998 (SI1998/1833).
We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal information includes:
* The nature of the personal data
* Its perceived accuracy
* Our legal obligation
* Whether an interview or placement has been arranged
* Our recruitment expertise and knowledge of the industry by country, sector and job role
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) System. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database unless requested to do so. For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers or pseudonyms.
**Other uses of your data**
Other uses of your data may include use of our website, to notify you about changes to our service and to ensure that content from our site is presented in the most effective manner for you and for your computer. We will use this information for the below reasons. Please note this list is not exhaustive and may be changed:
* To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
* To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
* To allow you to participate in interactive features of our service when you choose to do so.
* As part of our efforts to keep our site safe and secure.
* To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
* To make suggestions and recommendations to you and other users of our site about goods or services and may interest you or them.
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.
**Disclosure of your information**
We will share your personal information with a selection of people in order to maintain the running of our recruitment business. We may share your personal information with any member of our group of companies. Our Group means our subsidiaries, our ultimate holding company and its subsidiaries, our associated companies as defined in Section 1159 of the UK Companies Act (2006).
We may also share your personal data with selected third parties including those listed below. Please note this list is not exhaustive and may be paid.
* Clients – for the purpose of introducing candidates to them
* Candidates – for the purpose of arranging interviews and engagements
* Clients, business partners, suppliers and sub-contractors – for the performance and compliance obligations of any contract we enter with them or you
* Subcontractors – including email marketing specialists, event organisers, payment and other financial service providers
* Analytics and search engine providers – to assist us in the improvement of our site
* Credit reference agencies, our insurance broker, compliance partner and other sub-contractors – to help assess your suitability for a role where this is a condition of us entering in to a contract with you
There are certain times and reasons why we would disclose your personal information to a selected third party as per the below list. Please note this list is not exhaustive and may change.
* In the event that we buy or sell any business assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets
* If Phoenix Gray Recruitment Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets
* If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property or safety of Phoenix Gray Recruitment Ltd, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
As with the company directly, there are lawful bases for third party processing of your personal data and these will include:
* Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs
* Satisfaction of their contractual obligations to us as our data processor
* For the purpose of a contract in place or in contemplation
* To fulfil their legal obligations
**Storing your data**
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted (using SSL technology). Where you have chosen (or where we have given you) a password which enables you to access certain parts of our site you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Phoenix Gray Recruitment Ltd will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.