Coded People Limited is committed to respecting your privacy and providing quality services to you. This notice outlines our ongoing obligations to you in respect of how we manage your personal information.
Who we are?
Coded People Limited, whose registered address is: Crystal Gate House, 28 – 30 Worship Street, London, EC2A 2AH, specialise solely in the Information Technology sector; supplying permanent and contract IT staff across the UK, mainland Europe and the United States of America.
Coded People Limited will act as the ‘data controller’ of the personal data obtained from its employees. Coded People will ensure that all the information submitted via its website or through our office is only used for the purposes explained in this privacy notice and is compliant with the General Data Protection Regulation (GDPR).
The EU GDPR (Regulation (EU) 2016/679) replaces the Data Protection Act (Directive 95/46/EC) from 25 May 2018. It is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens.
What is personal data?
Personal data is the data that relates to a living individual who can be identified from this data or other information which is in possession of, or is likely to come into the possession of, the data controller. This also includes sensitive personal data which consists of information regarding race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual orientation and criminal records.
Sensitive data will only be used:
- With explicit written consent;
- Where it is needed to establish, bring or defend legal claims;
- Where needed to carry out our legal obligations relating to employment law, social security law or social protection law; and
- Where it is needed to assess working capacity on health grounds, subject to appropriate confidentiality safeguards.
What data do we collect?
- Telephone numbers
- Cover letter
- Education and employment history, qualifications and skills
- Passport, visa or other right to work or identity information
- National insurance and tax information
- Bank details
- Pension details
- Next of kin details + Family details
- Referee contact details
- Information from references
- Annual leave details
- Sick leave details
- Performance details
- DBS (if required)
- Sensitive personal data (explained above)
Where do we collect your data from?*
- Our website
- You (application or registration form, CV)
- Online jobsites
- A client
- Other candidates
- Social Media
- Marketing databases
- Search engines
- Telephone calls
*This list is not exhaustive
Why we need your data?
- To collect, store and process it
- To assess and review your suitability for job roles
- To send information to third parties which relate to our recruitment services
- To carry out our obligations arising from any contracts entered into between you and us
- To notify you of any changes to our services
- To provide information to regulatory authorities or statutory bodies
- From time to time we may seek your consent to process, use or disclose your information for any other purpose not listed above
Our lawful basis to process your data is contract and legal obligations.
- Contract- if you are our employee it means that you have entered into a contract with us. Thereby, most of personal data processing will be carried out according to the lawful basis of contract. To do so, certain information is needed from you such as your contact details, bank details, next of kin etc. The contract may include us processing your data for payroll on your behalf.
- Legal obligation- in order to provide our services, sometimes we may need to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data to exercise or defend legal claims. We must comply with statutory provisions that include payroll, tax, social security, HMRC reporting requirements, and any other law or regulation. It also applies to the business generally when complying with fraud/crime prevention, data protection legislation and co-operating with regulatory authorities such as Information Commissioner’s Office or HMRC.
Where reasonable and practicable to do so, we will collect your personal data only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take responsible steps to ensure that you are made aware of the information provided to us by the third party.
Coded People is a recruitment company specialising in Microsoft .Net, Opensource Technologies and Business Intelligence and our sister company Marcus Donald People Ltd specialise in IT Operations. Your personal information may be shared across both companies, other third party suppliers (IT support, storage service providers, accountancy suppliers, etc.) and any regulatory or statutory body.
To provide our recruitment services we may transfer your personal data outside the European Economic Area (EEA). Coded People want to make sure that your data is stored and transferred in a secure way, therefore we will only transfer your data where it is compliant with data protection legislation in accordance with the European Commission. If this is not the case, it is our policy to take steps to identify risks and ensure that appropriate safeguards are in place.
Security of personal data
Your personal data is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. When your personal data is no longer required for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal data.
Maintaining the quality of your personal data
It is important to us that your personal data is up-to-date. We will take reasonable steps to make sure that your personal data is accurate, complete and up-to-date. If you find that the information we have is inaccurate, please advise us as soon possible so we can update our records and ensure we can continue to provide quality services to you.
In most circumstances your data will be retained for a minimum of 2 years or maximum of 6 years from the last point at which we provided any services or otherwise engaged with you. Please note the retention periods as follows:
- for no less than 2 years from the end of your last period of engagement or employment in order to prove that the right to work checks were carried out The Immigration (Restrictions of Employment) Order 2007. Coded People has chosen to store this information for 6 years.
- for 6 years from the end of each tax year for the purposes of retaining payroll records under the Income Tax (Employment and Pensions) Act 2003;
- for 6 years from the end of each tax year for the purposes of keeping VAT records for any VAT registered limited company contractors.
- Right to be informed about the collection and use of your personal data.
- Right to access your personal data and supplementary information. If you would like to make a request for information, please contact firstname.lastname@example.org.
- Right to rectification when your data is inaccurate or incomplete. We will respond to such a request within 1 month.
- Right to erasure where there is no compelling reason for personal data to be further processed. Agencies are required to keep certain records such as ID or right to work checks and payroll records for certain periods of time. These obligations will override any request to erase data or any objection to processing for so long as they must keep the data.
- Right to restrict processing of your personal data in certain circumstances.
- Right to data portability when you want to obtain and reuse your personal data across different services.
- Right to object of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data;
- Object to our processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data; any decision, which significantly affects you, being taken solely by a computer or via another automated process; direct marketing.
- Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations. Consent can be withdrawn by emailing to email@example.com.
- Make a complaint to the Information Commissioner’s Office.
Should you wish your personal data to be removed from our database earlier, please email us on firstname.lastname@example.org.
Changes to our privacy notice:
We keep our privacy notice under regular review and may be updated from time to time to reflect changes in our business, or legal or commercial practice. Where an update is relevant to our processing of your data, we shall notify you of the same.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to us by emailing to: email@example.com or the Information Commissioner’s Office (ICO).
Should there be any queries, please do not hesitate to contact us at: firstname.lastname@example.org or by writing to:
Coded People Limited
28-30 Worship Street