The Somers Partnership Ltd “SPL” processes personal information to enable us to provide advice and professional services as a Recruitment and Networking company. SPL is subject to data protection legislation and regulation, and the following aims to outline how we manage the data we hold. SPL is registered as a Data Controller under the UK Data Protection Act, registration reference Z9781657, and will comply with the General Data Protection Regulation (GDPR) when it is passed into law in 2018. By requesting or using our services, you accept and consent to our use of your personal data as outlined in this policy.
What is personal data?
Broadly speaking, it is data held that can identify a living individual from the information we hold on them. This includes their name, address and contact details and will include individual’s IP addresses and online identifiers. This is data which identifies an individual, even without a name associated with it, where it is processed to learn or record something about that individual. Data may ‘relate to’ an individual in several different ways, the most common of which are:
- information processed or held in electronic form, usually on a computer
- information processed in a non-automated manner i.e. paper records held in a filing system, and
- information that forms part of an ‘accessible record’ (i.e. certain health records, educational records etc)
What is sensitive data?
Some personal data may be considered “sensitive” such as: racial or ethnic origin, political opinions, religion, membership of a trade union, health, criminal activity. SPL will only collect, use or disclose sensitive personal data about you in accordance with the relevant Data Protection laws and in most cases this will only be collected or used when consent has been given.
Who the information is processed about
We process personal information about our:
• customers and clients
• advisors and other professional experts
How we may use your personal information
In order to provide you with a thorough recruitment service, we may need to share your information with other organisations. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA). Types of organisations may include:
• Prospective employers, including our clients and prospective clients who may retain such data for future recruitment purposes
• Partner firms of SPL
• External vetting agencies such as those who check criminal records, credit checks etc
• Third parties who provide services to SPL such as IT consultants, database specialists, and research consultants etc, all of whom may have access to SPL’s data with the aim to assist SPL in running their business
• Marketing consultants, in order to develop and market other products and services, to improve SPL’s offering to individuals, advise you of events, developments in the industry etc. Contact may be through a variety of means including social media, direct email, or mailshots etc.
• Professional advisers and consultants, including those requested to assist with psychometric profiling of candidates
Security of personal data
All employees and contractors to SPL are under a duty of confidentiality to protect the integrity of SPL’s database and not to disclose any information of a confidential nature, including candidate information, other than as required by law.
SPL has security features in place to protect all personal data held including:
• Locks on all paper records
• All computer access is secured with strong password authentication, and access to shared network drives is limited to only authorised staff
• Passwords are changed periodically
• Data is stored on secure and encrypted hosted infrastructure only accessible by authorised staff
• All computers have anti-virus & anti-malware software installed which is updates continually
• All networks are secured using firewalls to protecting incoming and outgoing traffic to the internet.
Keeping your personal data up to date
SPL only holds data on individuals who have either contacted us in the past, or who we have identified as possible candidates or sources in searches for clients in the past. SPL takes reasonable steps to ensure that your personal data is up to date, and may request updates from you from time to time. However it is your responsibility to provide us with any changes that you feel may be relevant to us, and to provide us with accurate information.
Under new GDPR laws, individuals have the right to be “forgotten.” If requested in writing by you, we will delete all information on you from our records, both electronic and paper, but please note that will mean we will be unable to contact you in the future about relevant roles or opportunities. If you request that all your details are deleted, we reserve the right to keep you on a “Do Not Contact” list to ensure we comply with your right to opt out. If you decline this we note that we may be in touch again in the future if a new search via public sources such as the internet suggests that you might be a suitable candidate for a role we are looking to fill, and that search may pull you back into our database.
SPL will occasionally send marketing material which we hope will be of interest to you via email marketing software (EMS) and you may request to unsubscribe from these emails at any time at the bottom of these emails.
It may sometimes be necessary to transfer personal information overseas to clients or partner firms. When this is needed, information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the data protection act.
How to contact us
If you wish to update your personal data, or to request a copy of what data SPL holds about you in accordance with Data Protection laws, please contact: firstname.lastname@example.org. Please note that SPL is not always required to provide details of all data held, and may charge a fee (where permitted by law) to cover the reasonable costs of retrieval.