Data privacy notice
References to “You” refer to you the client ~ References to “We” or “Us” refer to Face2Face Services – full details outlined below:
We respect any personal data you give to us and agree to comply with all relevant data protection laws in force within the UK at the time of instruction, including the General Data Protection Regulations (as enacted in UK).
Lawful Basis and your rights
The lawful basis upon which we rely to process any personal data is contract necessity and legal obligation in respect of the provision of the services. You will have the right to data portability of your personal data in the event you wish to move to another provider and we have the electronic ability to do this quickly and easily.
Should we wish to send you updates in respect of any services or facilities then we will seek your consent regarding unrelated marketing matters; you will always have the opportunity to quickly and easily unsubscribe in respect of any mailings.
If you are a business contact that we have met through networking and wish to stay in contact with you or wish to refer business to you, then we will rely on legitimate interest to do so since we believe that this is the nature of business networking and it would be in both of our interests to do this. For these purposes, you have the right to object to such processing, the right to erasure and the right to amendment of your personal details.
Sharing of your personal data – In respect of client work, we will obtain personal data from you when taking instructions on the recruitment services you require us to carry out and share data with other parties when:
- We are undertaking your ID checks (May 2018 – Experian)
- Working on our electronic systems (Provided through Microsoft Office 365)
- We advertise, source and select suitable candidates for you
- Working with permitted third parties with your consent (eg. Business contacts, professional advisors)
You may withdraw your consent to our sharing of data with third parties at any point in time; kindly do this in writing to firstname.lastname@example.org
In respect of marketing, business contact data is stored as a part of our Microsoft Office 365 package which we professionally subscribe to. We do not operate a newsletter service at this time.
Should you be a business contact that we have met through business marketing then we may provide people with your personal data in order to refer business or enquiries to you. We will retain your business card in our locked office.
Transfer of Data outside the EEA
To the best of our knowledge, none of the client data within Face2Face Services is transmitted outside of the EEA (unless this happens technologically without our knowledge).
Our electronic systems are based on Microsoft Office 365 for which all staff use a paid business package for the services. Our systems inform us that all data is actually based in the UK. We use up to date commercial grade anti-virus software on systems and these are automatically updated to maintain the safety of our electronic systems. All computers and devices are password protected. We print out the minimum required for paper files – and what files exist are kept in a locked office at all times.
Data Retention Periods
Ordinarily, we will store client file data for 7 years (statutory 6 years + 1 to allow overlap of years) and it will be erased, burnt, deleted thereafter. If there is a statutory/regulatory requirement to keep the documentation for a longer period – it will be kept for that period.
Your Data Subject Rights
Subject Access Requests: Should you wish to exercise your right to submit a Subject Access Request under GDPR/UK Data Protection Bill/Act then you must submit your request to Face2Face Services together with a copy of your photo ID (passport/driving licence) – by email to email@example.com. Email is preferred so we can be clear as to what you wish to obtain. No fee will be requested however in line with legislation, we reserve our right to charge a fee/refuse to comply in the event of a manifestly unfounded, excessive or repetitive request. We will check our systems for the requested information and a response will be made available to you within 28 calendar days.
We will ordinarily exercise any reasonable request for rectification (inaccurate / incomplete personal data), erasure, restriction of processing, portability of data as soon as reasonably practicable unless there is a lawful reason as to why we need not comply with such request.
If you require your data to be ported to another firm – then we will do that provided all fees that are undisputed and due, have been paid. Automated Decision making – Note that Face2Face Services does not make automated decisions.
If you are concerned about the way we have handled your personal data – you have the right to complain to the ICO. You should note that they have an expectation that you will have raised it with Face2Face Services directly first so please contact firstname.lastname@example.org in the first instance, who will deal with your complaint expeditiously.
Should you want external advice, full information as to how can raise a concern with Face2Face Services (and/or the ICO) is available at the ICO’s website https://ico.org.uk/for-the- public/raising-concerns/
If you would like to report a concern then the ICOs current contact details are available at https://ico.org.uk/concerns/ or call the ICO helpline at 0303 123 1113
Face2Face Services May 2018
Face2Face Services is a trading name of Face2Face Services Limited
Face2Face Services Limited is a company registered in England and Wales
Company Registration No. – 5328163
VAT No. – 855740406
Registered Office – Cliff Mead, 96 Victoria Avenue, Shanklin, Isle of Wight PO37 6QW
Telephone – 0845 838 3545
Face2Face Services is registered as a Data Controller with the Information Commissioner’s Office. Registration No. – Z1110752
Face2Face Services is authorised and regulated by the Recruitment and Employment Confederation – REC Membership No. – 00067075