The purpose of this policy is to set out the length of time that iSearch Recruitment Ltd will retain your Personal Data and Sensitive Personal Data and the processes for storing and disposing of this data at the end of the retention period.
The Company will retain your personal data only for as long as is necessary for the purpose we collect it. Different laws may also require us to keep different data for different periods of time. The Company processes personal data in relation to its own staff, work-seekers and individual client contacts and is a data controller for the purposes of the Data Protection Laws.
The Company has registered with the ICO and its registration number is ZA196751
The Company may hold personal data on individuals for the following purposes:
Advertising, marketing and public relations;
Accounts and records;
Administration and processing of work-seekers’ personal data for the purposes of providing work-finding services, including processing using software solution providers and back office support;
Administration and processing of clients’ personal data for the purposes of supplying/introducing work-seekers
The Company will only process personal data where it has a legal basis for doing so (see Annex A). Where the Company does not have a legal reason for processing personal data any processing will be a breach of the Data Protection Laws. Only those listed are permitted to add, amend or delete personal data from the Company’s database(s) (‘database’ includes paper records or records stored electronically).
All Company staff are responsible for notifying those listed where information is known to be old, inaccurate or out of date or a request for erasure, access, rectification or restriction of processing has been received from the individual. Company staff are also responsible for notifying those listed where any request for data portability, objection to processing or where consent to process has been withdrawn and has been received from the individual.
The incorrect processing of personal data e.g. sending an individual’s details to the wrong person, allowing unauthorised persons access to personal data, sending information out for purposes for which the individual did not give their consent, or not having a lawful reason to process personal data, may give rise to a breach of contract and/or negligence leading to a claim against the Company for damages from an employee, work-seeker or client contact.
The policy covers the records listed in Schedule A, irrespective of the media on which they are created or held including:
Electronic files (including database, word documents, spreadsheets and emails)
Safety/Storage of Data
Company staff should ensure that adequate security measures are in place to limit the risk of personal data breaches. For example:
Staff will lock their computer screens when they are not in use.
All devices, whether company or personal devices (including but not limited to computers, mobile phones, other hand-held devices) containing personal data relating to the services of the Company shall be encrypted and password protected.
Staff will not disclose their passwords to anyone.
Email should be used with care. Company staff must ensure that emails are sent only to the intended recipient/s. Where Company staff send an email in error then the email must be recalled immediately and Company staff must inform those listed of the error so that any risk of a personal data breach can be limited.
Personnel files (whether for internal staff or work-seekers) and other personal data should be stored securely to prevent unauthorised access. They should not be removed from their usual place of storage without good reason.
Personnel files (whether for internal staff or work-seekers) should always be locked away when not in use and when in use should not be left unattended.
Personal data should only be stored for the periods set out in the Company’s data retention policy.
Processing includes the destruction or disposal of personal data. Therefore, staff should take care to destroy or dispose of personal data safely and securely. Such material should be shredded or stored as confidential waste awaiting safe destruction.
Kamil Lis – Kamil@isearchrecruitment.co.uk
|How Long to Keep for – Source of Requirement
|Work-seeker records including application form/CV, ID checks, Contract for Services (see below), details of assignments, opt-out notices and interview notes
|1 year from the last date of providing work-finding services as an Employment Agency (Conduct of Employment Agencies and Employment Businesses Regulations 2003 (Conduct Regulations))
|Hirer records including client details, terms of business, assignment/vacancy details
|Please note there is no legal obligation to keep records where no action is taken in relation to the application
|Contract for Services with temporary worker and Terms of Business for Clients
|6 years in order to deal with any civil action in the form of contractual claim (Limitation Act 1980)
|Working Time Records • 48 hour opt out notice • Annual leave records
|2 years from the time created
Payroll records, holiday pay, sick pay and pensions auto- enrolment records
Statutory maternity, paternity, adoption pay
1 year following the introduction or supply of a work-seeker to a
For as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
3 year from the end of the tax year to which it relates
6 years except for opt-out notices (4 years)
Where the Company has a legitimate reason to process your data, provided it is reasonable and does not go against what you would reasonably expect from us. Where the Company has relied on a legitimate interest to process your personal data our legitimate interests is/are as follows:
Managing our database and keeping work-seeker and client records up to date;
Contacting the individual to seek consent where needed;
Providing work-finding services to the individual, including sending their information to our clients where they have demonstrated an interest in doing that particular type of work but not expressly consented to you passing on their cv;
Contacting the individual/client with information about similar products or services that they have used recently; and
Passing work-seeker’s information to debt collection agencies.