Coded People Limited is committed to respecting your privacy and providing quality services to you. This notice outlines our ongoing obligations to you in respect of how we manage your personal information.
Who we are?
Coded People Limited, whose registered address is: Crystal Gate House, 28 – 30 Worship Street, London, EC2A 2AH, specialise solely in the Information Technology sector; supplying permanent and contract IT staff across the UK, mainland Europe and the United States of America.
Coded People Limited will act as the ‘data controller’ of the personal information submitted by candidates interested in job postings. Coded People will ensure that all the information submitted via its website or through our office is only used for the purposes explained in this privacy notice and is compliant with the General Data Protection Regulation (GDPR).
The EU GDPR (Regulation (EU) 2016/679) replaces the Data Protection Act (Directive 95/46/EC) from 25 May 2018. It is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens.
What is personal data?
Personal data is the data that relates to a living individual who can be identified from this data or other information which is in possession of, or is likely to come into the possession of, the data controller. This also includes sensitive personal data which consists of information regarding race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual orientation and criminal records.
Sensitive data will only be used:
- With explicit written consent;
- Where it is needed to establish, bring or defend legal claims;
- Where needed to carry out our legal obligations relating to employment law, social security law or social protection law; and
- Where it is needed to assess working capacity on health grounds, subject to appropriate confidentiality safeguards.
What data do we collect?
- Telephone numbers
- Cover letter
- Education and employment history, qualifications and skills
- Passport, visa or other right to work or identity information
- National insurance and tax information
- Bank details
- Next of kin details
- Referee contact details
- Information from references and pre-employment checks from third parties
- Marketing preferences
- DBS (if required)
- Sensitive personal data (explained above)
Where do we collect your data from?*
- Our website
- You (application or registration form, CV)
- Online jobsites
- A client
- Other candidates
- Social Media
- Marketing databases
- Search engines
- Telephone calls
*This list is not exhaustive
Why we need your data?
- To collect, store and process it
- To assess and review your suitability for job roles
- To provide recruitment services to you and to facilitate the recruitment process
- To inform you, by email or telephone, of job opportunities or contract assignments that may be of interest to you
- To market our recruitment services
- To allow details of your skills and experience, to be viewed by our clients whom we feel may be interested in engaging your services. This will only be done if you have given your consent to us to do so
- To send information to third parties which relate to our recruitment services
- To carry out our obligations arising from any contracts entered into between you and us
- To notify you of any changes to our services
- To provide information to regulatory authorities or statutory bodies
- From time to time we may seek your consent to process, use or disclose your information for any other purpose not listed above
Our lawful basis to process your data is our legitimate interests and also consent, contract and legal obligation for more specific cases.
- Legitimate interests- in order to provide our services, the processing of your data is necessary for our and third parties’ legitimate interests. We may use your data for assessing your suitability for job roles; contacting you regarding our services and job opportunities.
- Consent- in order to process your data for some cases, we may need your consent. Such cases are when you apply for a role and agree to for us to process your data in order to assess your suitability and progress your application or when you consent to receive direct marketing or other services. You may withdraw your consent at any time.
- Contract- in order to provide our services, we may enter into a contract with you and/or a third party. To do so, certain information is needed from you such as your name and address. The contract may include us processing your data for payroll on your behalf.
- Legal obligation- in order to provide our services, sometimes we may need to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data to exercise or defend legal claims. We must comply with statutory provisions that include payroll, tax, social security, HMRC reporting requirements, and any other law or regulation. It also applies to the business generally when complying with fraud/crime prevention, data protection legislation and co-operating with regulatory authorities such as Information Commissioner’s Office or HMRC.
Where reasonable and practicable to do so, we will collect your personal data only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take responsible steps to ensure that you are made aware of the information provided to us by the third party.
Coded People is a recruitment company specialising in Microsoft .Net, Opensource Technologies and Business Intelligence and our sister company Marcus Donald People Ltd specialise in IT Operations. Your personal information may be shared across both companies, other third party suppliers (IT support, storage service providers, accountancy suppliers, etc.) and any regulatory or statutory body.
To provide our recruitment services we may transfer your personal data outside the European Economic Area (EEA). Coded People want to make sure that your data is stored and transferred in a secure way, therefore we will only transfer your data where it is compliant with data protection legislation in accordance with the European Commission. If this is not the case, it is our policy to take steps to identify risks and ensure that appropriate safeguards are in place.
Security of personal data
Your personal data is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. When your personal data is no longer required for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal data.
Maintaining the quality of your personal data
It is important to us that your personal data is up-to-date. We will take reasonable steps to make sure that your personal data is accurate, complete and up-to-date. If you find that the information we have is inaccurate, please advise us as soon possible so we can update our records and ensure we can continue to provide quality services to you.
In most circumstances your data will be retained for a minimum of 2 years or maximum of 6 years from the last point at which we provided any services or otherwise engaged with you. Please note the retention periods as follows:
- for 3 years to share your CV with our clients for recruitment purposes (only in the case when you have given your consent);
- for 3 years to process and store your personal information on our database for recruitment purposes (only in the case when you have given your consent);
- for 3 years to send you marketing emails/mailers regarding available job opportunities (only in the case when you have given your consent);
- for not less than 2 years from the end of your last period of engagement or employment in order to prove that the right to work checks were carried out The Immigration (Restrictions of Employment) Order 2007. Coded People has chosen to store this information for 6 years.
- for 6 years from the end of each tax year for the purposes of retaining payroll records under the Income Tax (Employment and Pensions) Act 2003;
- for 6 years from the end of each tax year for the purposes of keeping VAT records for any VAT registered limited company contractors.
- Right to be informed about the collection and use of your personal data.
- Right to access your personal data and supplementary information. If you would like to make a request for information, please contact firstname.lastname@example.org.
- Right to rectification when your data is inaccurate or incomplete. We will respond to such a request within 1 month.
- Right to erasure where there is no compelling reason for personal data to be further processed. Agencies are required to keep certain records such as ID or right to work checks and payroll records for certain periods of time. These obligations will override any request to erase data or any objection to processing for so long as they must keep the data.
- Right to restrict processing of your personal data in certain circumstances.
- Right to data portability when you want to obtain and reuse your personal data across different services.
- Right to object of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data;
- Object to our processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data; any decision, which significantly affects you, being taken solely by a computer or via another automated process; direct marketing.
- Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations. Consent can be withdrawn by emailing to email@example.com.
- Make a complaint to the Information Commissioner’s Office.
Should you wish your personal data to be removed from our database earlier, please email us on firstname.lastname@example.org.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to us by emailing to: email@example.com or the Information Commissioner’s Office (ICO).
Should there be any queries, please do not hesitate to contact us at: firstname.lastname@example.org or by writing to:
Coded People Limited
28-30 Worship Street