At Futureheads Recruitment your right to privacy and our treatment of your personal data is important. We are a data controller, registered with ICO under registration number Z2016071.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Even though the UK has left the EU, the GDPR is applicable in the UK from 25th May 2018. The Government intends for the GDPR to continue in UK law post Brexit and has also introduced a Data Protection Bill to replace the current Data Protection Act in due course.
Your rights under the GDPR are set out in this notice, please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who we are and what we do
We are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003. We may collect and process information about you for the purposes of our core business of providing recruitment services.
Personal information you give to us, or we may collect from you
We collect personal data from the following people to allow us to undertake our business:
- Prospective and placed candidates for permanent or temporary roles;
- Prospective and live client contacts;
- Supplier contacts to support our services;
- Employees, consultants, temporary workers.
We collect personal information about you in various ways, such as the information you give us over the phone, email and/or social media; through job applications and in-person recruitment; at events; through our website and social media channels; and in connection with our interactions with clients and vendors.
If you are an actual or potential employee or job candidate and you apply for a position, we may collect the following types of personal information (as permitted under local law):
- Contact information (such as name, postal address, email address and telephone number);
- Proof of Right to Work in the UK;
- Employment and education history;
- Information provided by references;
- Information contained in your resume or CV, information you provide regarding your career interests, and other information about your qualifications for employment; language proficiencies and other work-related skills;
- Date of birth;
- Information about other individuals, such as emergency contacts
- Bank account information;
- National Insurance number, national identifier or other government-issued identification number;
- Tax-related information (P45);
- Compliance documentation
- Geolocation data in connection with certain features of our Sites (Please refer to our IP addresses and Cookies section for more information)
Following client specific requests and only after obtaining your explicit consent, we may also collect the following sensitive data:
- Relevant disabilities and health-related information;
- Results of drug tests and criminal and other background checks.
If you are a client contact, we may collect the following data from you:
- Contact information (such as name, postal address, email address and telephone number);
- Relevant information about your job function and your preferred recruitment process in relation to the service you requested;
- Correspondence between us and your organisation, including Contracts, Agreements or Terms of Business entered into.
In addition, we may obtain information about you from other sources, such as LinkedIn, job boards and online CV libraries. In this case, we will inform you by sending you this privacy notice within 30 days of collecting your data, the source where this data originated from, whether it came from publicly accessible sources, and what purpose we intend to use and process your data for.
If you are a supplier or vendor, we may collect the following data from you:
- Contact information (such as name, postal address, email address and telephone number);
- Correspondence between us and your organisation, including Contracts and Agreements entered into.
Purposes and the legal basis for the processing of your Personal Data
The core service we offer to our candidates and clients is the introduction of candidates to our clients for the purpose of temporary or permanent engagement. However, our service expands to supporting individuals throughout their career and to supporting businesses’ ongoing resourcing needs and strategies. We work in long-term partnership with our candidates, clients and other suppliers and partners.
The purposes for processing your personal data are:
- To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation.
- To provide you with information about other services we offer that are similar to those that you have already purchased, been provided with or enquired about.
The legal basis for us processing your data are:
- Our primary legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
- We will rely on Contract to carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation.
- We will rely on Legal Obligation if we are legally required to hold information on you to fulfil our legal obligations (such as HMRC Intermediary reporting).
- We will in some circumstances rely on Consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to collect sensitive personal data (if you are a candidate) in accordance with a client’s Terms of Business.
Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.
Our Legitimate Business Interests
Our legitimate interests in collecting and retaining your personal data is described below:
As a recruitment business and recruitment agency we introduce candidates to clients for permanent employment, temporary worker placements or independent professional contracts. The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process.
In order to support our candidates’ career aspirations and our clients’ resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.
To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts. This helps us to offer a wider range of opportunities and qualified workers to our candidates and clients and to fulfil our service to you.
We publish newsletters, job alerts and other marketing communications in order to give you insight into the activities of our business, including relevant events we are hosting or participating in, and relevant wider market conditions, trends or opportunities. Such communications will be about services which are similar to the services you have asked us to provide or agreed to us providing; you can request to unsubscribe via links provided in our communication to you, as per section “Know Your Rights” below.
We use information held about you in the following ways:
If you are a candidate and you apply for a position, whether for one of our clients or internally, as permitted under local law, we use the information described in this Privacy Notice to:
- Provide you with job opportunities and work;
- Assess your suitability as a job candidate and your qualifications for positions;
- Facilitate introductions and conversations which may lead to future opportunities;
- Provide HR and financial services to you, including administration of payroll and benefits.
If you are a client contact, as permitted under local law, we use the information described in this Privacy Notice to:
- Facilitate introductions and conversations which may lead to future opportunities or engagements;
- Where relevant, provide HR and financial services to you, including administration of payroll and benefits.
In addition, for both candidates and client contacts, we may use the information to perform the following activities (as permitted under local law):
- Managing our client and vendor relationships;
- Sending promotional materials, alerts regarding available positions and other communications;
- Communicating about, and administering participation in, special events, promotions, programs, offers, surveys, contests and market research;
- Responding to individuals’ enquiries;
- Operating, evaluating and improving our business (including developing, enhancing, analysing and improving our services; managing our communications; and performing accounting, auditing and other internal functions);
- Perform data analytics, such as (i) analysing our job candidate base; (ii) identifying skill shortages; (iii) using information to match individuals and potential opportunities, and (iv) identifying market trends and producing insights such as salary surveys. Outputs of such activity will only include anonymised data;
- Protecting against, identifying and seeking to prevent fraud and other unlawful activity, claims and other liabilities; and
- Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies.
If you are a supplier or vendor, we will only use your data to fulfil our mutual contractual obligation.
If we ever use your information in other ways, we will always provide you with a specific notice at or prior to the time of collection.
IP addresses and cookies
Here at Futureheads, we are committed to providing you with the best online experience while visiting our website. As part of this process, we utilise standard third party cookies to collect information about how you browse the site.
A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes. Cookies are used by nearly all websites and do not harm your system.
We track all this information as an aggregate and therefore do not collect any personal information about you as an individual, unless you apply for a job, upload your CV, fill in an online form, or sign up for email alerts or our newsletter through the Futureheads website.
You may see a pop-up welcome message when you first visit our website. We’ll store a cookie so that your computer knows you’ve seen it and knows not to show it again.
We also use third-party analytics services on our Sites, such as Google Analytics. The analytics providers that administer these services use technologies such as cookies, web server logs and web beacons to help us analyse your use of our website. The information collected through these means (including IP address) may be disclosed to these analytics providers and other relevant third parties who use the information, for example, to evaluate use of the website.
If you do not wish us to track your cookie information you can set your browser to reject cookies, please visit the ‘Help’ menu of your internet browser to find out how to do this. This may impact your user experience on our website and restrict you from utilising certain website functionality.
What we track and how cookies are used
|Cookie Name||Purpose of the cookie||Duration of cookie||Cookie provider Privacy Notice|
|_ga||Used to distinguish users||26 months||https://policies.google.com/privacy|
|_gid||Used to distinguish users||24 hours||https://policies.google.com/privacy|
|_gat||Used to throttle request rate||1 minute||https://policies.google.com/privacy|
|_gac_<property-id>||Contains campaign related information for the user.||90 days||https://policies.google.com/privacy|
|Cookie Name||Purpose of the cookie||Data Collected||Duration of cookie||Cookie provider Privacy Notice|
|exp_last_visit||Sets the date/time that the user last visited the site||Date/time of last visit||1 year||Futureheads|
|exp_tracker||Tracks the last 5 pages viewed by the user, and is used primarily for redirection after logging in etc||Last 5 URLs visited on site||1 year||Futureheads|
|exp_last_activity||Used to determine page expiry for logged in members||Date of your last activity on the site.||1 year||Futureheads|
|exp_csrf_token||Helps ensure that form submissions are genuine||None – stores a token generated by ExpessionEngine||1 hour||Futureheads|
|cookies_accepted||Used to stop displaying the cookie message once user has dismissed it||“true”/”false”||10 years||Futureheads|
|liked_jobs||Keeps track of which jobs a user has liked||Array of job ID numbers||90 days||Futureheads|
|user_location||Used to initially show relevant jobs based on IP address of user, then store their selected location if they manually change it||IP address (not stored), then 2 digit country code||length of session||Futureheads|
In addition to these cookies, our website also checks the visitors’ IP address on the first visit and using geoplugin.com’s API to determine what country you are in to automatically show you UK or US jobs.
Disclosure of your information inside and outside of the EEA
We may disclose your personal data to third parties if they have a proper interest in the disclosure, such as:
- Clients and prospective clients for the purpose of introducing candidates to them;
- Candidates for the purpose of arranging interviews and engagements;
- Clients, business partners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you;
- Other recruitment companies, intermediaries or vendors involved in managing the supply of personnel;
- Third parties who perform functions on our behalf and who also provide services to us, such as our timesheet provider or marketing email platform;
- Credit reference agencies, compliance partners and other sub-contractors for the purpose of assessing your suitability for a role where this is a condition of us entering into a contract with you or a client;
- Our insurers;
- Analytics and search engine providers that assist us in the improvement and optimisation of our site;
- A professional association or registration body or regulatory or law enforcement agencies if we are required by law to do so.
We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- If Futureheads or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
If we engage a third party to perform services which involve handling or processing personal data, we will take reasonable steps to prohibit the third party from using personal data except for the purposes for which it was supplied or for processing it other than in accordance with our instructions.
Unless required or permitted to do so by law, we will not otherwise share, sell or distribute any of your personal data without your consent.
The lawful basis for the third party processing will include:
- Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
- Satisfaction of their contractual obligations to us as our data processor;
- For the purpose of a contract in place or in contemplation;
- To fulfil their legal obligations.
Where your personal data is stored and processed
We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.
All information you provide to us is stored within secured, UK based datacentres and in the ISO27001/SSAE-16 certified UK data centres of our database partner Access Group. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long do we keep your information for?
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Typically, this is for 6 years, due to the long-term partnerships we develop with our customers. Accordingly, we have a data retention policy and run data clean up processes to remove data that we no longer have a legitimate business interest in maintaining.
We do the following to try to ensure our data is accurate:
- Prior to making an introduction we check that we have accurate information about you
- We keep in touch with you so you can let us know of changes to your personal data
We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data includes:
- The nature of the personal data;
- Its perceived accuracy;
- Our legal, statutory or contractual obligations.
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so.
Our current Data Retention policy is available upon request.
Know your rights
Under the GDPR, you have the following rights:
- Request access: The GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete. All subject access requests should be submitted to firstname.lastname@example.org. No fee will apply and we have to respond within 30 days.
- Request correction: If you can demonstrate that personal information we hold about you is not correct, you can ask that this information is updated or otherwise corrected.
- Request erasure: In certain circumstances, you have the right to have your personal data deleted, where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party in certain formats, if practicable.
- Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/
You have the right to ask us not to process your personal data for marketing purposes.
You can exercise your right to accept such processing by double opting in to marketing communications or to prevent such processing by unsubscribing (via links provided in our communication to you) or by contacting us at email@example.com.
Our website and any communications we send you might contain links to relevant external websites. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Changes to our Privacy Notice
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.
We welcome any questions and comments about our Privacy Notice and these should be addressed to firstname.lastname@example.org
You can also contact our Data Protection Representative on the same email address.