This Privacy Notice sets out the basis on which we use personal data in the course of our business activities.
We are The Highfield Recruitment Company Limited of 29 Carlton Crescent, Southampton, SO15 2EW. We are registered in England & Wales under company number 07010303.
As a business which relies upon having access to a database of pre-qualified Candidates to meet our Clients’ requirements, data is essential to our business. Our systems and processes are designed to ensure that we can provide the best possible service to our clients while operating within the law at all times and protecting individuals’ data privacy rights.
We reserve the right to update this Privacy Notice from time to time. Where appropriate, we shall contact you to notify you of any material changes to the Privacy Notice. You should also refer to our website periodically so that you may access and view our updated Privacy Notice. This will ensure that you understand (i) how we are using your personal data and (ii) your legal rights around our usage of such personal data.
This Privacy Notice applies to any living, identifiable individuals about whom we may process personal data in the course of our business activities. You should read this Privacy Notice if you are a:
If you are an employee, applicant for employment or in-house temporary worker, you should refer to our internal Privacy Notice instead. This is available to view at https://www.thehighfieldcompany.com/content/privacy-statement-139.htm.
This Privacy Notice uses the following defined terms.
Candidate means a person who is registered with The Highfield Company as seeking or potentially seeking new employment or engagement. This includes individuals who are not actively seeking a new role but who would like to remain in contact with The Highfield Company about potential opportunities which may be of interest from time to time.
Client means a business which has engaged The Highfield Company to provide services or which The Highfield Company has identified as a business for which The Highfield Company wishes to perform services.
Client Contact means a person who is employed or engaged by a Client and with whom The Highfield Company may liaise in respect of any services which The Highfield Company is providing or wishes to provide to the Client. In some cases, the Client Contact and the Client may be the same person e.g. where a Client is a sole trader.
Data Protection Legislation means (i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998.
Referee means a person who has provided to The Highfield Company a written or verbal opinion in respect of the work history, skills, competency and/or experience of a Candidate;
Supplier means a business which provides services to The Highfield Company and which may process personal data relating to any Candidate, Client Contact or Supplier Representative in the course of performing such services.
Supplier Representative means a person who is employed or engaged by a Supplier and with whom The Highfield Company may liaise from time to time in respect of the services which are provided by that Supplier.
Third-Party Services Provider means any relevant third-party business which provides services to us, such as our:
We obtain personal data from a number of different sources, depending on whether you are a Candidate, a Client Contact or a Supplier Representative.
If you are a Candidate, we may obtain personal data relating to you:
If you are a Client Contact or Supplier Representative, we may obtain personal data relating to you:
If you are a Referee, we may obtain personal data relating to you:
If you are a Candidate, we may collect, store and process the following types of personal information about you:
We may also ask for your consent to collect, store and use the following “special categories” of more sensitive personal information:
If you are a Client Contact, we will collect, store, and use the following categories of personal information about you:
We do not collect, store or use any “special categories” of sensitive personal information if you are a Client Contact.
If you are a Referee, we will collect, store, and use the following categories of personal information about you:
We do not collect, store or use any “special categories” of sensitive personal information if you are a Referee.
If you are a Supplier Representative, we will collect, store, and use the following categories of personal information about you:
We do not collect, store or use any “special categories” of sensitive personal information if you are a Supplier Representative.
If you are a Candidate, we may use your personal data to:
If you are a Client Contact, we may use your personal data to:
If you are a Referee, we may use your personal data to:
If you are a Supplier Representative, we may use your personal data to:
We have determined that we have a legitimate interest to process your personal data where you are:
If you are a Candidate, we may also need to process sensitive (special) personal data relating to you. The type of sensitive personal data which we might process includes (i) information about any medical conditions or disability insofar as they are relevant to the type of work which you are proposing to carry out (ii) information about any unspent criminal convictions and, where relevant to the type of role which you are carrying out, spent convictions, police warnings etc and (iii) information about any trade union of which you are a member (but only insofar as it relates to an employment claim or pay and working conditions on a client site).
We are acting as an employment agency and/or an employment business in our dealings with you. In accordance with Article 9 (2)(b) of the GDPR, this sensitive personal data is necessary for performing our obligations as an employment agency/employment business and is used solely for this purpose. Any sensitive personal data shall be deleted in accordance with our policy on data retention.
We may also process equal opportunities information relating to you, but will be anonymised and, at that stage, is not personal data.
Your personal data is held and processed by us in the United Kingdom.
In addition to our database, we may use Microsoft OneDrive to store personal data relating to you. We have ascertained that this data is kept within a data centre within the United Kingdom.
We have put in place appropriate safeguards to ensure that your data is only transferred to jurisdictions with enforceable data subject rights and effective legal remedies in respect of data privacy breaches. We will therefore only transfer your personal data to jurisdictions outside of the EEA where:
If you are a Candidate, we may share your personal data for legitimate purposes with:
We may also share your personal data with Clients on an anonymised basis where we have agreed to provide general statistical information to such Clients.
If you are a Client Contact, we may share very limited data relating to you with a Candidate where such sharing is strictly required for the recruitment process e.g. so that the Candidate may contact you directly. We will also share your personal data with Third-Party Services Providers for legitimate business purposes.
If you are a Referee, we will share with our Clients the details of any reference which you may give. We will usually provide your name, job title and employer name when doing so. In some circumstances and only when you have agreed to such disclosure, we will provide your contact details so that our Client may verify the reference or ask for further information. We will also share your personal data with Third-Party Services Providers for legitimate business purposes.
If you are a Supplier Representative, we will share your personal data with other Third-Party Services Providers for legitimate business purposes.
If you interact with our website at www.thehighfieldcompany.com, we may process information relating to your usage of the website. However, unless you are submitting information through our website as a Candidate or Client Contact, the information which we process is anonymised and not therefore personal data within the meaning of the Data Protection Legislation.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
All decisions which are made in the course of our business processes involve human intervention. We do not therefore expect to make any decisions about you using automated means, whether you are a Candidate, Client Contact, Referee or Supplier Representative.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Operations Director.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Our standard data retention period is three years from the last date on which we are in actual contact with you i.e. where we actually speak with you or exchange correspondence. After this time, we will usually delete your personal data from our records.
Where we are required to keep any information (i) for auditing or compliance purposes (ii) to comply with our contractual obligations to third parties or (iii) in respect of any potential or actual legal proceedings, we shall keep your data for as long as is strictly necessary for these purposes, which is typically for seven years in respect of audit data which we may be required to produce for HRMC and/or to prove compliance with our contractual and legal obligations.
In some circumstances we may completely anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Your duty to inform us of changes. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information. Under certain circumstances, you have the right to:
If you want to exercise any of the above rights, please contact the Operations Director in writing. We will consider your request and confirm the actions which we have taken in response to such request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Operations Director. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will confirm the actions which we have taken in respect of any such request.
If you are unhappy with any aspect of the manner in which we have processed your personal data or dealt with your decision to exercise any of the rights set out in this section, you have the right to complain to the Information Commissioners Office in the United Kingdom. Their details are:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745
If you have any questions about this Privacy Notice, you can write to our Operations Director at The Highfield Company, 29 Carlton Cres, Southampton SO15 2EW. Alternatively, you may telephone us on 01962 397777 or email us at firstname.lastname@example.org.