Privacy Statement
Data Controller (“the Company”): Acorn Recruitment Ltd
Introduction
This Privacy Statement describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
This Privacy Statement applies to the following groups of people; employees, agency workers, contractors and job applicants. This personal information may be held by the Company on paper or in electronic format.
The Company is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information both during and after your working relationship with the Company. We are required under the GDPR to notify you of the information contained in this privacy notice.
This Privacy Statement applies to all current and former employees, agency workers, contractors & job applicants. It is non-contractual and does not form part of any employment contract, temporary worker agreement, consultancy agreement or any other contract for services.
We may amend this Privacy Statement from time to time. Please just visit this page if you want to stay up to date, as we will post any changes here.
Data protection principles
Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to those purposes.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits your identification for no longer than is necessary for those purposes.
- Processed in a way that ensures appropriate security of the data. The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.
What types of personal information do we collect about you?
Acorn Recruitment Ltd is an employer and also acts as an employment business for temporary client recruitment and an employment agency for permanent client recruitment. By the very nature of the services we provide, we are required to process personal information.
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed. There are also “special categories” of personal information, and personal information on criminal convictions and offences, which requires a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data.
The Company collects, uses and processes a range of personal information about you. This includes (as applicable):
Identification & Contact Information
- Name
- Age/date of birth
- Gender
- Nationality
- Contact details (including your address, telephone number and personal e-mail address)
- Emergency contact details/next of kin
- Marital status
- National Insurance Number
- Driving Licence
- Right to Work document e.g. passport, ID card, residence permit etc.
Education & Employment Information
- the start and end dates of your employment or engagement
- recruitment records; including personal information included in a CV, any application form, cover letter, interview notes, references, copies of qualification certificates, copy of driving licence and other background check documentation
- the terms and conditions of your employment or engagement (including your job title and working hours), as set out in a job offer letter, employment contract, written statement of employment particulars, contract for services, consultancy agreement, statements of changes to employment or engagement terms and related correspondence
- details of your skills, qualifications, experience and work history, both with previous employers and with the Company
- your professional memberships
- your salary, entitlement to benefits and pension information
- any disciplinary, grievance and capability records, including investigation reports, collated evidence, minutes of hearings and appeal hearings, warning letters, performance improvement plans and related correspondence
- appraisals, including appraisal forms, performance reviews and ratings, targets and objectives set
- training records
- annual leave and other leave records, including details of the types of and reasons for leave being taken and related correspondence
- any termination of employment or engagement documentation, including resignation letters, dismissal letters, redundancy letters, minutes of meetings, settlement agreements and related correspondence
- information obtained through electronic means, such as swipecard or clocking-in card records
- information about your use of our IT systems, including usage of telephones, e-mail and the Internet
- photographs
Financial Information
- your bank account details, payroll records, tax code and tax status information
Special Category Data
The Company may also collect, use and process the following special categories of your personal information (as applicable):
- information about your health, including any medical condition, whether you have a disability in respect of which the Company needs to make reasonable adjustments, sickness absence records (including details of the reasons for sickness absence being taken), medical reports and related correspondence
- information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation
- trade union membership
- information about criminal convictions and offences
How do we collect your personal information?
The Company may collect personal information about you in a variety of ways. It is collected during the recruitment and onboarding process, either directly from you or sometimes from another source.
There are many ways that you may provide our data to us and these include but are not limited to; a job application, our registration process, our employee onboarding or by emailing us your CV.
We may also obtain your information from other sources such as; a job site search, a LinkedIn search, or via a social media platform.
We may also collect personal information from other external third parties, such as references from former employers, information from background check providers, information from credit reference agencies and criminal record checks from the Disclosure and Barring Service (DBS).
We will also collect additional personal information throughout the period of your working relationship with us. Whilst some of the personal information you provide to us is mandatory and/or is a statutory or contractual requirement, some of it you may be asked to provide to us on a voluntary basis. We will inform you whether you are required to provide certain personal information to us or if you have a choice in this.
Your personal information may be stored in different places, including in your personnel file, in the Company's HR management system, recruitment database and in other IT systems, such as the e-mail system.
Why and how do we use your personal information?
We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:
- where we need to do so to perform the employment contract, agency worker agreement, consultancy agreement or contract for services we have entered into with you
- where we need to comply with a legal obligation
- where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests
We may also occasionally use your personal information where we need to protect your vital interests (or someone else’s vital interests).
We need all the types of personal information listed under “What types of personal information do we collect about you?” primarily to enable us to perform our contract with you and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: performing or exercising our obligations or rights under the direct relationship that exists between the Company and you; pursuing our business by employing (and rewarding) employees, agency workers, contractors & job applicants; performing effective internal administration and ensuring the smooth running of the business; ensuring the security and effective operation of our systems and network; protecting our confidential information; and conducting due diligence on employees, workers, contractors & job applicants. We believe that you have a reasonable expectation, as our employee, worker, contractor or job applicant that we will process your personal information.
The purposes for which we are processing, or will process, your personal information include, to:
- enable us to maintain accurate and up-to-date employee, agency worker, contractor & job applicant records and contact details (including details of whom to contact in the event of an emergency)
- run recruitment processes and assess your suitability for employment, engagement or promotion
- comply with statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK
- comply with the duty to make reasonable adjustments for disabled employees and workers and with other disability discrimination obligationsmaintain
- an accurate record of your employment or engagement terms
- administer the contract we have entered into with you
- make decisions about pay reviews and bonuses (where applicable)
- ensure compliance with your statutory and contractual rights
- ensure you are paid correctly and receive the correct benefits and pension entitlements, including liaising with any external benefits or pension providers or insurers
- ensure compliance with income tax requirements, e.g. deducting income tax and National Insurance contributions where applicable
- operate and maintain a record of disciplinary, grievance and capability procedures and action taken
- operate and maintain a record of performance management systems
- record and assess your education, training and development activities and needs
- manage, plan and organise work
- enable effective workforce management
- operate and maintain a record of annual leave procedures
- operate and maintain a record of sickness absence procedures
- ascertain your fitness to work
- operate and maintain a record of maternity leave/absence, paternity leave/absence, adoption leave/absence, shared parental leave/absence, parental leave/absence and any other type of paid or unpaid leave or time off work
- ensure payment of SSP or contractual sick pay
- ensure payment of other statutory or contractual pay entitlements, e.g. SMP, SPP, SAP and ShPP*
- meet our obligations under health and safety laws
- make decisions about continued employment or engagement
- operate and maintain a record of dismissal procedures
- provide references on request for current or employees, workers, contractors & job applicants
- prevent fraud
- monitor your use of our IT systems to ensure compliance with IT-related policies
- ensure network and information security and prevent unauthorised access and modifications to systems
- ensure effective HR, personnel management and business administration, including accounting and auditing
- ensure adherence to Company rules, policies and procedures
- monitor equal opportunities
- enable us to establish, exercise or defend possible legal claims
- respond to client and third-party requests for data in order for them to comply with legal, regulatory or audit requirements.
Please note that we may process your personal information without your explicit consent, for the purposes stated above and / or where it is required or permitted by law.
What if you fail to provide personal information?
If you fail to provide certain personal information when requested or required, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory or contractual rights.
Why and how do we use your sensitive personal information?
We will only collect and use your sensitive personal information, which includes special categories of personal information and information about criminal convictions and offences, when the law additionally allows us to.
Some special categories of personal information, i.e. information about your health or medical conditions and trade union membership, and information about criminal convictions and offences, is also processed so that we can perform or exercise our obligations or rights under employment law or social security law and in line with our data protection policy.
We may also process these special categories of personal information, and information about any criminal convictions and offences, where we have your explicit written consent. In this case, we will first provide you with full details of the personal information we would like and the reason we need it, so that you can properly consider whether you wish to consent or not. It is entirely your choice whether to consent. Your consent can be withdrawn at any time.
The purposes for which we are processing, or will process, these special categories of your personal information, and information about any criminal convictions and offences, are to:
- assess your suitability for employment, engagement or promotion
- comply with statutory and/or regulatory requirements and obligations, e.g. carrying out criminal record checks
- comply with the duty to make reasonable adjustments for disabled employees and workers and with other disability discrimination obligations
- administer the contract we have entered into with you
- ensure compliance with your statutory and contractual rights
- operate and maintain a record of sickness absence procedures
- ascertain your fitness to work
- manage, plan and organise work
- enable effective workforce management
- ensure payment of SSP or contractual sick pay
- meet our obligations under health and safety laws
- make decisions about continued employment or engagement
- operate and maintain a record of dismissal procedures
- ensure effective HR, personnel management and business administration
- ensure adherence to Company rules, policies and procedures
- monitor equal opportunities
Where the Company processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring and in line with our data protection policy. Personal information that the Company uses for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is entirely your choice whether to provide such personal information.
We may also occasionally use your special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.
Change of purpose
We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your personal information for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.
Who has access to your personal information?
Your personal information will be stored mainly on our various databases e.g. HR database, recruitment database, payroll database etc. Only authorised personnel are able to access these databases.
The Company may also share your personal information with third parties, including:
- clients that we may introduce or supply you to (when working as an agency worker);
- external organisations for the purposes of conducting pre-employment reference and employment background checks;
- payroll service providers or umbrella companies who manage payroll on the company’s behalf;
- benefits providers and benefits administration, including insurers;
- pension scheme provider and pension administrators;
- occupational health providers;
- external IT services;
- external auditors who carry out audits to ensure that our business and our client’s businesses are run in accordance with contractual, regulatory and legislative requirements;
- professional advisers, such as lawyers and accountants
- other recruitment agencies in the supply chain (e.g. master/neutral vendors and second tier suppliers);
- our insurers;
- our IT and CRM providers;
- any public information sources and third party organisations that we may use to carry out suitability checks e.g. Companies House, the Disclosure and Barring Service (DBS), DVLA, credit reference agencies;
- government, law enforcement agencies and other regulators e.g. the Police, Home Office, HMRC, Employment Agencies Standards
Inspectorate (EASI), Local Authority Designated Officers (LADOs), GLAA.
The Company may also share your personal information with other third parties in the context of a potential sale or restructuring of some or all of its business. In those circumstances, your personal information will be subject to confidentiality undertakings.
We may share your personal information with third parties where it is necessary to administer the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).
How does the Company protect your personal information?
The Company has put in place measures to protect the security of your personal information.
- We have internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, contractors & job applicants and other third parties who have a business need to know in order to perform their job duties and responsibilities.
- Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
- The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
For how long does the Company keep your personal information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you have worked for or on behalf of the company, we will be required to retain your personal information for longer than if you have not worked for or on behalf of the company. Full details of the company’s retention periods can be found in our Data Protection Policy.
Your rights in connection with your personal information
It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your home address, during your working relationship with the Company so that our records can be updated. The Company cannot be held responsible for any errors in your personal information in this regard unless you have notified the Company of the relevant change.
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
- request access to your personal information - this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected.
- request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected. In some situations, it might be that we can erase some of your information, but certain information has to be retained or the reasons detailed in this Privacy Statement.
- restrict the processing of your personal information - this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy.
- object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground.
- data portability — this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
If you wish to exercise any of these rights, please complete the electronic form on the Company’s website. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please complete the electronic form on the Company’s website. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
Transferring personal information outside the European Economic Area
The Company may transfer only the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you with work-finding services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
Automated decision making
Automated decision-making occurs when an electronic system uses your personal information to make a decision without human intervention.
We do not envisage that any employment decisions will be taken about you based solely on automated decision-making, including profiling. However, we will notify you in writing if this position changes.
Changes to this Privacy Notice
The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.