Cavendish House Recruitment LLP (“Cavendish Maine”) and its group companies (together “the Company”, “we”, “us”, “our”) are committed to protecting and respecting your privacy.
The companies within the Cavendish Maine group to which this policy applies are:
- Cavendish House Recruitment LLP (Registered number: OC304995)
- Cavendish House Operations LLP (Registered number: OC345411)
This Privacy Notice applies to the above group companies and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. The person responsible for data protection across the group companies is the Nick Hester – Designated Member at Cavendish Maine.
This policy is made pursuant to the Data Protection Act 2018 (“DPA 2018”) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”).
Your rights under the UK GDPR and the DPA 2018 are set out in this Privacy Notice.
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. If you have any questions about this Privacy Notice or the use of your information by any group company, please contact us at email@example.com
3. Who are we and what we do
We are a group of recruitment agencies and recruitment businesses as defined in the Employment Agencies and Employment Businesses Regulations 2003. We also provide managed recruitment services, Recruitment Process Outsourcing and consultancy services to our clients. We collect the personal data of the following types of people to allow us to undertake our business;
- Prospective and placed candidates for permanent or temporary roles;
- Prospective and live client contacts;
- Supplier contacts to support our services, including agency contacts; and
- Employees, consultants, temporary workers.
We collect information about you to carry out our core business and ancillary activities.
4. How we obtain your Personal Data
a) Information you give us or we may collect from you
We may collect information about you when you fill in forms on a group company website, for example www.cavendishmaine.com or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, to enter our database, subscribe to our services, attend our events, participate in discussion boards or other social media functions on our site or enter a competition, promotion or survey. The information you give us or we collect about you may include:
- information contained in your CV or job application such as your name, address, private and corporate e-mail address and phone number;
- information contained in any documents that you send to any of us for identity verification purposes such as your passport or driving licence;
- financial information, compliance documentation and references verifying your qualifications and experience and your right to work in the United Kingdom; and
- links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, business Facebook or corporate website; and
- information that you provide about yourself when negotiating or entering into a contract with us.
b) Information we collect about you when you visit our websites
With regard to each of your visits to our websites, for example, www.cavendishmaine.com, we will automatically collect the following information:
- information that you provide by filling in forms on any of our websites. This includes information provided to us at the time of registering to use any of our websites (where applicable), subscribing to any of our services (where applicable), personalising any of our websites with your preferences or requesting further services;
- technical information relating to your visits including, but not limited to, traffic data, location data, weblogs, other communication data and the resources that you access; and
- information when you respond to a survey and/or when you report a problem with one any of our websites.
c) Information we collect about you when you visit our websites
This is information that we obtained about you from other sources such as LinkedIn, corporate websites, job boards, online CV libraries, your business card and personal recommendations. In this case, we will inform you by sending you this Privacy Notice within a maximum of 30 days of collecting the data of the fact that we hold personal data about you, the source of the personal data and whether it comes from publically available sources, and for what purpose we intend to retain and process your personal data.
We work closely with other third parties including other group companies, our clients, other employment agencies who may be acting on your behalf, your previous employer or organisation that you worked for, credit reference agencies, organisations who process criminal checks (with your prior consent), DVLA and any other pre-engagement or preemployment screening providers specifically required by our clients. We may receive information about you from them for the purposes of our recruitment services, preemployment or pre-engagement screening services and other ancillary support services.
d (i)) Special Categories of Data - Diversity
We may ask you for some ethnicity and diversity information to support our own or a client’s equal opportunities monitoring. This could be information about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs, and/or social-economic background. Providing this information is entirely voluntary and will not adversely affect your employment or engagement. It will be used for statistical analysis and equality monitoring only. We are required to comply with the Equality Act 2010 and therefore have a legitimate interest in understanding the composition of our workforce. Clients have the same obligations and rely on us as their recruitment partner to support them in meeting those obligations. If we ask you to provide diversity data which requires your explicit consent to processing, we will always ask for your consent first.
d (ii)) Special Categories of Data - Criminal Convictions
If a client requests us to obtain a criminal convictions check as part of their pre-employment or pre-engagement screening process, we will contact you first to explain the process and obtain your explicit consent to proceed. You have the right to withdraw your consent to us using your personal information for these purposes at any time by emailing firstname.lastname@example.org.
5. Why we hold your Personal Data and how we use it
Our core service to both candidates and clients is to introduce suitably qualified and experienced candidates to our clients for the purpose of temporary or permanent engagement. Sometimes this may be through a managed recruitment service or recruitment process outsourcing programme. However, we want to support individuals throughout their career and to support business’ resourcing needs and strategies and build strong and trustworthy relationships along the way.
If you are a candidate, we may use information held about you:
- to process your application to register with us;
- for matching you with any of our clients and placing you with any of our clients for work assignments;
- to process payments for or to you;
- to engage you or your company for temporary assignment(s);
- to carry out credit assessments and identity verification, right to work, criminal record and background reference checks;
- to notify you about changes to any of our services;
- to contact you for future work-finding services; and
- to send you information about changes to our business and/or changes of legal name, which is pertinent to your assignment.
In addition, or if you are a client or other third party, we may use information held about you in the following ways:
- to carry out our obligations arising from any contracts entered into between you and us;
- to notify you about changes to any of our services;
- for client service, customer satisfaction, product analysis and market research purposes;
- to ensure that content from our websites is presented in the most effective manner for you and for your computer;
- to provide you with information or services that you expressly request from any of us or which any us feels may interest you, where you have consented to be contacted for such purposes;
- to meet any of our obligations under any applicable laws or regulations;
- to carry out any obligations or provide you with any other services, functionality or content which you specifically agree to on any of our websites;
- to help us establish, exercise, or defend legal claims; and
- to send you information about changes to our business and/or changes of legal name, which is pertinent to you.
Except for the mailing list activities which each group company runs on some parts of our websites, where you explicitly consent to receive materials from us, we will not use your personal information collected from our websites to carry out unsolicited marketing activities.
You may change your marketing preferences at any time by contacting us at email@example.com
We do not use your personal information to make automated decisions. All our recruitment activities and ancillary services involve human decision making in the process.
6. The legal basis for processing your Personal Data
Depending on the purpose that we hold and process your data for, we will rely on one or more of the following legal grounds to process your data:
a) Legitimate Interests
We will rely on legitimate business interests to process your personal data to carry out work-finding services for you, to introduce candidates to our clients for permanent employment, temporary worker placements or independent professional contracts and to carry out pre-engagement and pre-employment screening services (except where we are required to obtain explicit consent to carry out a check). The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process.
Legitimate Interests means the interests of the Company in conducting and managing our recruitment business. For example, we have an interest in ensuring that the information provided in your CV and/or job application is correct and that you have the necessary skills and experience to meet our client’s requirements.
Legitimate Interests can also apply to the processing of data that is in your interests. For example, we only wish to put you forward for roles that you want to perform and that you have the right skills to deliver so that you have the best chance of your application succeeding.
When we process your personal information, we make sure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
b) Necessary for the performance of a contract
We will rely on contract if you are appointed to undertake an assignment at a client (whether as a contractor or temporary worker). We will enter into a contract with your limited company (PSC), umbrella company or other third party authorised by you to engage you for that assignment. Your personal data will be processed as necessary throughout the assignment in order to perform the contract. For example, to ensure your timesheets are authorised, that payments are made to you and that you comply with your obligations under the contract.
We will also rely on contract if we are negotiating or have entered into a contract to provide services to you or receive services from you or your organisation.
c) Necessary for compliance with a legal obligation
We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations. For example, if you are a limited company contractor engaged on an assignment HMRC requires that we submit regular reports to them detailing the payments which we make to you and other information as set out in The Income Tax (Pay as You Earn) (Amendment No.2) Regulations 2015.
We will ask for your explicit consent to pass your personal data to a client for consideration for permanent employment or temporary assignment. We will request your consent orally, by email or by an online process. Should we want or need to rely on consent for other processing activities, we will request consent orally, by email or by an online process for the specific activity we require consent for. Your responses will be recorded on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular activity at any time by emailing firstname.lastname@example.org.
7. Who do we share your Personal Data with?
We may share your personal data with:
- Any of our group companies located in the UK or the EEA;
- Clients and/or their appointed agents in relation to roles you wish to be considered for or assignments you are engaged to perform. We will only ever provide your details to a client/their agent in relation to a potential role if you have consented to us doing so;
- Third parties to enable the completion of pre-engagement screening checks, for example current, past or prospective employers. We will notify you in advance of the pre-engagement checks we will undertake and seek your permission to us carrying them out;
- Managed service suppliers if our clients have a managed service programme;
- If you are engaged as a contractor your personal information will be provided to HMRC and/or third parties in order to meet our and the third party’s reporting obligations under The Income Tax (Pay as You Earn) (Amendment No.2) Regulations 2015;
- If you agree to us sending you documents electronically for signing your email address and a copy of the relevant document will be sent to you via DocuSign with whom we have appropriate arrangements in place to protect your personal data and comply with data protection laws.
In addition to the above, we may share your personal data with any of our group companies or suppliers outside of the UK or the EEA in the following circumstances:
- where we have your express consent to do so; or
- appropriate contractual safeguards exist applying the same type and level of protections as required by the DPA 2018 and UK GDPR (these may be in the form of standard data protection clauses recognised or issued in accordance with the UK data protection regime); and
- we have conducted a transfer impact assessment taking into account the protections contained in the appropriate safeguards referred to above and the legal framework of the destination country (including laws governing public authority access to the data) which has concluded that the required level of protection for your personal data is being provided.
We may disclose your personal data to third parties:
- in the event that any of us sell or buy any business or assets, in which case each of us may disclose your personal information to the prospective seller or buyer of such business or assets;
- in the event that any of us outsource any of our business functions under which we collect or store your information in which case we will ensure that any such service provider adheres to at least the same obligations of security with regard to your information as undertaken by us;
- where any of us use your information to carry out credit assessments we will need to share your information with credit reference agencies to assess your eligibility to register with us as a candidate and to verify your identity; and
- each of us may share your information with our associates, UK and overseas law enforcement agencies or regulatory authorities and other relevant bodies for crime prevention purposes.
The lawful basis for the third party processing will include:
- Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
- Satisfaction of their contractual obligations to us as data controller;
- For the purpose of a contract in place or in contemplation;
- To fulfil legal obligations.
8. Where do we store your Personal Data?
We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Notice.
All information that you provide to us in physical form such as documents will be stored securely at our offices or at a secure storage facility.
All information you provide to us electronically is stored on our secure servers located in the United Kingdom. If you agree to us sending you documents electronically for signing your email address and a copy of the relevant document will be sent to you via JotForm with whom we have appropriate arrangements in place to protect your personal data and comply with data protection laws.
Where a group company has given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. You must not share your password with anyone.
Unfortunately, sending information to us via post, fax, email or the internet is not completely safe and secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information sent to us by any of these means and any information sent to us in this way is at your own risk.
Once we have received your information, we will each use strict procedures and security features to try to prevent unauthorised access and require our suppliers to do the same.
9. How long will we store your Personal Data for?
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention policy and run data routines to remove data that we no longer have a legitimate business interest in maintaining.
We segregate your data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data includes:
- The nature of the personal data
- Its perceived accuracy
- Our legal obligations
- Whether an interview or placement has been arranged
- Our recruitment expertise and knowledge of the industry by country, sector and job role.
As a general rule, if you are a candidate, your information will be held for as long as you are actively engaging with us in order to receive work finding services.
If you cease to actively engage with us:
- if you are a candidate seeking a permanent or fixed term engagement we will retain your personal data for a two (2) years after the date we last had meaningful contact with you;
- if you are a candidate seeking a temporary assignment or a contracting role we will retain your personal data for two (2) years after date we last had meaningful contact with you (or, where appropriate the company you are working for or with);
- if you are a contractor or temporary worker and have performed an assignment we will retain details of your assignment for seven (7) years after the end date of your assignment in order to comply with applicable accounting and tax laws and to assist in the event of HMRC raising any queries regarding your tax status.
When we refer to "meaningful contact", we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services.
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (“CRM”) system. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data to ensure that we do not re-enter your personal data on to our database, unless requested to do so.
For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
Our current Data Retention Policy is available on request.
10. Your Rights
You have the right to ask us not to process your personal information for marketing purposes. We will usually inform you (before collecting your information) if we wish to use your information for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect your express consent from you if legally required prior to using your personal data for marketing purposes. You can exercise your right to accept or prevent such processing by checking certain boxes on the forms we use to collect your information or advising us over the ‘phone. You can also exercise the right at any time by contacting email@example.com.
Our websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
The UK GDPR provides you with the following rights to:
- Request correction of personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or removed personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restrictions of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party in certain formats, if practicable.
- Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted at: https://ico.org.uk/concerns/
If you want to contact us to exercise any of your rights, you can write to any group company via Cavendish Maine, Leigh Court Business Centre, Leigh Court, Abbots Leigh, Bristol BS8 3RA or contact us by email at firstname.lastname@example.org
11. Subject Access to information
The UK GDPR and the DPA 2018 give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete.
A subject access request should be sent to email@example.com
13. Changes to our Privacy Notice
Any changes we may make to our Privacy Notice in the future will be publicised on this page and may be notified by email.