Introduction
This policy summarises the key points about how DBFS Limited collects, uses and discloses personal data and ensures compliance with the laws and regulations where we operate.
More information can be provided upon request to our Data Protection Officer. Defined words are in the Appendix at the end of this policy.
What is Personal data?
Personal data is information (including opinions) which relates to an individual and from which he or she can be identified either directly or indirectly through other data which the firm has or is likely to have in its possession. These individuals are sometimes referred to as data subjects.
Responsibilities
The firm is the data controller of the personal data we process and therefore is responsible for ensuring our systems, processes, suppliers and DBFS representative comply with data protection laws in relation to the information we handle.
All DBFS representative must abide by this policy and the manual when handling personal data and must take part in any required data protection training. Any breach will be taken seriously and may result in disciplinary action.
We have a Data Protection Officer who oversees compliance with data protection laws and this policy and provides guidance and advice to the firm and DBFS representative as required.
Principles of Data Protection
The firm has adopted the following principles to govern our use, collection and disclosure of personal data.
The firm’s core principles provide that personal data must:
- be processed fairly and lawfully and to the extent required under local law with valid and informed consent;
- be obtained for specific and lawful purposes;
- be kept accurate and up to date;
- be adequate, relevant and not excessive in relation to the purposes for which it is used;
- ·not be kept for longer than is necessary for the purposes for which it is used;
- be processed in accordance with the rights of individuals;
- be kept secure to prevent unauthorised processing and accidental loss, damage or destruction; and
Collection, Use and Disclosure
As a firm the type of data we collect and process falls into one of the following categories:-
- personal data relating to subscribers to our newsletters and other promotional materials;
- personal data obtained and created in relation to a candidate applying to a vacancy; and
- personal data relating to DBFS representative; and
- personal data relating to Representatives of Client Organisations and prospective Client Organisations.
- The below table provides a summary of how we collect and use personal data:
Subscribers to our newsletters and other promotional material
Types of data | Information such as name and business information (email address, job title, who you work for). Additional information may be processed where it is provided by you, for example in correspondence, in connection with an event or in letting us know what areas you are interested in and when you wish to be contacted by us. This may include access or dietary requirements which may reveal information about your health or religious beliefs. Our websites may also collect your device’s unique identifier, such as an IP address. |
Collection | Data is collected in our CRM system when you register to receive updates and news letters, or we otherwise receive your contact details. Data may also be collected in our Candidate database when you sign up for updates on vacancies. You will receive a notice when your details have been added to the CRM or Candidate database. You can revisit your profileat any time to amend your information or preferences or to provide additional details. You will also be provided with the option to opt out and/ or be removed from the CRM or Candidate database database with each marketing communication you receive from us. |
Use | Personal data will be used to: – complete any request you may make; – contact you with communications about updates, breaking news, newsletters and event invitations which we think are relevant to your interests and in line with your preferences; – make users’ experiences more efficient and understand how we can improve your browsing preferences and the services DBFS provides; and – analyse what subjects are of interest to particular users so that we can improve the content in our newsletters and promotional material. |
Disclosure | Personal data: – may be transferred worldwide to our affiliates, and to service providers who support the operation of our business; – which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected; |
Providing a job candidate with services
Types of data | Personal data such as name, address, contact details, education and employment history;background checks (financial and criminal), ID and right to work status; information relating to next of kin/ dependants;financial information including bank details and identifiers (e.g.National Insurance numbers); Additional when the personal data is uploaded onto any of the web based services which we provide to you. Our web-based services will also process online registration details and login credentials for the individuals who request access to these services. |
Collection | Relationship management and CV information is collected from you directly and further information (e.g. to verify your identity, status and suitability) may be collected from third parties, such as publicly available sources or service providers. All additional personal data is collected when supplied to us, or created by us in connection with a particular vacancy on which we are providing recruitment services on.Where relevant, this may be through a web based service you are using. |
Use | Relationship management and CV data is used for providing recruitment services, administration, commercial purposes and as required by law. All other personal data will be used for the purposes of providing recruitment services and to comply with our statutory/ regulatory obligations In relation to our web based services we will monitor and record information relating to use of the services. This will include how and when the system is accessed and how data is uploaded. |
Disclosure | Personal data: – may be transferred worldwide to our affiliates, and to service providers who support the operation of our business; – which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected. |
DBFS representative
Types of data | Personal data such as name, address, contact details, education and employment history;background checks (financial and criminal), ID and right to work status; information relating to next of kin/ dependants;financial information including bank details and identifiers (e.g.National Insurance numbers); records of your use of the firm’s IT and information services ; CCTV and swipe card data. Also we may process information revealing sensitive information such as health details, racial origin, religious beliefs and information about offences/ alleged offences. |
Collection | Personal data will be collected from a number of sources including your application form/CV;providers of background checks (eg Experian) and referees; providers of occupational health services; tracking your use of the firm’s IT and information services; notes and records kept throughout your employment including absences, expenses claims, questionnaires, performance reviews and details of any grievances/ disciplinary action; CCTV and swipe cards. |
Use | Personal data will be used for: human resources administration;assessing suitability, eligibility and/or fitness to work; learning and development; to ensure the firm’s information and offices are secure; and management purposes (including where necessary disciplinary purposes). Photographs, education and career information may be used in marketing and promotional material for the firm including our website, brochures, bids and tenders. |
Disclosure | Your personal data may be: -may be transferred worldwide to our affiliates, and to service providers who support the operation of our business; – stored within DBFS’ information systems and within third party software applications and services which have been procured to support the operation of the HR function; – transferred to other third parties such as our insurers, legal and other professional advisors, regulators, administrators and government departments, who may be acting as data controller; – shared with DBFS’ clients for the purposes of tendering for or providing services. When information is shared with service providers it is limited to that which is required for providing the service and will be adequately protected. |
Representatives of Client Organisations and prospective Client Organisations
Types of data | Personal data such as name, address, position, employer, contact details and employment history; |
Collection | Data is collected in our CRM system when you register to receive updates and news letters, or we otherwise receive your contact details. You will receive a notice when your details have been added to the. You can revisit your profileat any time to amend your information or preferences or to provide additional details. You will also be provided with the option to opt out and/ or be removed from the with each marketing communication you receive from us. |
Use | Personal data will be used for: – administration and management purposes including connecting with suitable clients,assessing suitability, performance management. – other purposes connected with you being a the representative of a Client Organisation or Prospective Client Organisation. |
Disclosure | Your personal data may be: – stored worldwide within DBFS’ information systems and within third party software applications and services which have been procured to support the operation. When information is shared with service providers it is limited to that which is required for providing the service and will be adequately protected; – transferred to other third parties such as our insurers and other professional advisors, regulators, administrators and government departments, who may be acting as data controller |
Individuals’ Rights
Personal data must be processed in line with individuals’ rights, including the right to:
- request a copy of their personal data;
- request that their inaccurate personal data is corrected;
- request that we limit our usage of personal data;
- request that their personal data is deleted and destroyed when causing damage or distress; and
- opt out of receiving electronic communications from the firm.
Should you wish to make a request in line with your rights as an individual, please forward it to the Data Protection Officer.
DBFS representative must notify or inform the Data Protection Officer immediately if they receive a request in relation to personal data which the firm processes.
How to Make a Complaint
You should direct all complaints relating to how the firm has processed your personal data to the Data Protection Officer.
DBFS representative must inform the Data Protection Officer immediately if they receive a complaint relating to how the firm has processed personal data so the firm’s complaints procedure can be followed.
Security
Information security is a key element of data protection. The firm takes appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage.
Contact details
Data Protection Officer
DBFS Limited
Salisbury House
Finsbury Circus
London
EC2M 5SQ
United Kingdom
dpo@dbfs.co.uk
Appendix Definitions
In the Privacy Policy and the Data Protection Manual, the following terms have the following meanings:
“Account“ | means an account required to access and/or use certain areas and feature of Our Site; |
“Cookie“ | means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set our in section 13, below; |
“Cookie Law“ | means all relevant parts of the Privacy and Electronic Communications (EC Directive Regulation 2003; |
“Personal data“ | Means any and all data that relates to an identifiable person and can be directly or indirectly identified from the data. In this case, it means personal data you give to Us via Our Site, or data we have been provided directly or indirect by you via email, job boards, CV databases or similar. This definition shall, where applicable, incorporate the definition provided in the [Data Protection Act 1998] OR [EU Regulation 2016/679 – The General Data Protection Regulation (“GDPR”)]; and |
“We/Us/Our“ | means DBFS Limited [, a limited company registered in England under company number 3216157, whose registered address is Salisbury House, Finsbury Circus, London, EC2M 5SQ. |
“client“ | any person or organisation to whom the firm provides a service and who is identified as a client on the firm’s practice management system, regardless of whether time is recorded or a fee is charged; |
“contact“ | an individual who is a contact of the firm, including any client, any potential or former client, any supplier, any consultant, or any another professional advisor and any other contact of the firm; |
“CRM“ | the firm’s client relationship management system; |
“data“ | recorded information whether stored electronically, on a computer, or in certain paper-based filing systems; |
“data controller“ | a person who or organisation which determines how personal data is processed and for what purposes. |
“Data Protection Officer“ | the person designated as the Data Protection Officer of the firm from time to time who can be contacted at dpo@dbfs.co.uk |
“individual” or “you” | the person whose personal data is being collected, held or processed; |
“personal data“ | please see the what is personal data section of this policy; |
“policy“ | the Privacy Policy as amended from time to time; |
“process” or “processing” | any activity that involves use of personal data. It includes obtaining, recording or holding the personal data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties as a result of those third parties having access to it. |
Amendments
Please note that this privacy policy is subject to change from time to time. It was last reviewed in May 2018.