CIM Recruitment Ltd are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have created this privacy statement (together with our Terms & Conditions and any other documents referred to in it) sets out the basis on how we collect, retain and use the information we receive about you. Our goal is to demonstrate and communicate our high ethical standards and how we implement appropriate internal controls. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our website (“our site”) you are accepting and consenting to the practices described in this statement.
Who we are?
CIM Recruitment Ltd is a recruitment agency and recruitment business as defined in the Employment Agencies Act 1973 (our business). We also provide sector specific online training. We collect the personal data from the following types of people to allow us to undertake our business;
CIM Recruitment Ltd is a UK registered company, No: 6910774
Registered address: Suite 21,10 Churchill Square, Kings Hill, West Malling, ME19 4YU
For the purpose of the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR), the data controller is CIM Recruitment Ltd. Registration reference: 6901774. This privacy statement applies to all of our subsidiary companies in the UK: CIM Recruitment Ltd
Tim Nicholson is the Data Protection Officer (DPO). The DPO is responsible for promoting awareness of the GDPR across the organisation, continued assessment of our GDPR policies and procedures, identifying any gap areas and implementing the new policies, procedures and measures. Contact details of the DPO are in the Contact Section below:
WHAT IS THE PURPOSE OF THIS STATEMENT?
We are committed to protecting the privacy and security of your personal information.
This privacy statement describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) as updated from time to time. It applies to all clients, candidates and contractors. Employees of CIM Recruitment Ltd should refer to the Group’s Employee Privacy Statement which is available on the intranet.
We will comply with data protection law. This says that the personal information we hold about you must be:
OUR LEGAL BASIS FOR USING YOUR PERSONAL DATA
Under GDPR, the main grounds that we rely upon in order to process personal information of clients and candidates are the following:
(a) Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing a service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;
(b) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;
(c) Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your personal data for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
(d) Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way.
WHAT PERSONAL DATA WILL WE COLLECT FROM YOU?
We will hold, use and disclose your personal information, for our legitimate business purposes including:
We may process, in accordance with local regulations, certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health, religion or ethnic origin in the CV you send to us. We may also be required to conduct a criminal records check against your details. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.
HOW WE SHARE YOUR PERSONAL INFORMATION
In certain circumstances we will share your personal information with other parties. Details of those parties are set out below along with the reasons for sharing it.
Other Companies within our Group within the EEA
Where you are registered as a candidate on our database, we will share your personal information with other companies in the CIM Recruitment Ltd Group of companies in the European Economic Area (“EEA“).
We will share your personal information as above for any or all of the following purposes:
Other companies within our Group outside the EEA
In the event you require us to explore job opportunities for you outside the EEA, we will notify you that we intend to pass your personal information to, or allow access to such information by, other companies within our Group of companies worldwide so they can use it for the purposes set out above.
If you would like details of the particular companies within our Group which can access your personal information, please contact us using the details in the contact section below.
We apply equal rigour to the security of data held and processed across our company. Each company within our Group of companies outside the EEA with access to data in the UK, enters into a specific data protection agreement with CIM Recruitment Ltd thereby undertaking to meet the same standards of data security and to act in accordance with data protection principles applicable under the strict European data protection laws. This agreement is based on the Model Clauses as approved by the EU Commission
We disclose your personal information to clients who have vacancies for jobs in which you are interested.
Trusted Third Parties
We will share your personal information and, where necessary, your sensitive personal information with trusted third parties where we have retained them to provide services that you or our clients have requested, such as:
We will also share your personal information with third parties who perform functions on our behalf and provide services to us such as:
We require minimum standards of confidentiality and data protection from such third parties. To the extent that any personal information is provided to third parties outside the EEA, or who will access the information from outside the EEA, we will ensure that approved safeguards are in place, such as the approved Model Clauses or the EU/US Privacy Shield.
Regulatory and Law Enforcement Agencies
As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
WHERE IS YOUR PERSONAL DATA STORED?
All company storage locations which holds personal information are encrypted to the highest standard. This includes our CRM database; file locations and remote access. All cloud data is secured by Microsoft and also locally by our IT security package Kaspersky.
We will do our best to protect your personal data, although as the transmission of information via the internet is not completely secure we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, misuse or loss.
If you suspect any unauthorised access to or misuse or loss of your data, please contact us immediately using our contact details within the ‘How can you contact us?’ section lower down on this web page.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your personal data in accordance with the following data retention periods:
Candidate personal data – 5 years since the last contact with you, where contact means addition of your personal data to our database, placement into a role or there is a record of verbal or written communication with you. Candidates includes applicants for all vacancies we advertise, including permanent, part-time and temporary positions with any of our clients. This also includes individuals put forward by any of our clients.
Contractor financial data – 7 years following the last payment made. Contractors includes any Candidate who we have placed and made a payment to.
We will endeavor to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so. However, some of your data may still exist within our systems. For our purposes, this data will be put beyond use, meaning that while it still exists on a system, it cannot be readily accessed by operational systems, processes or staff.
Use of automated profiling tools
We do not carry out any automated profiling in our recruitment process.
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
YOUR RIGHTS ON INFORMATION WE HOLD ABOUT YOU
You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
Right of Access
You have the right at any time to ask us for a copy of the personal information about you that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
Right of Correction or Completion
If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. You can let us know by contacting us using any of the methods in the contact section below.
Right of Erasure
In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed, or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
Right to object to or restrict processing
In certain circumstances, you have the right to object to our processing of your personal information by contacting us using any method. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes.
You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
Right of Data Portability
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
You can ask us to transmit that information to you or directly to a third-party organisation.
The above right exists only in respect of personal information that:
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third-party organisation’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of the above rights by contacting us using any of the methods in the contact section below.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the details in the contact section below.
If you are dissatisfied about any aspect of the way in which your data is processed you may, in the first instance refer the matter to: firstname.lastname@example.org. This does not affect your right to make a complaint to the Information Commissioner’s Office: https://ico.org.uk
To subscribe to job alerts emails, you will be required to provide your name and e-mail address, which will be used for the purpose of keeping you informed, by e-mail, of the latest jobs in your nominated industry and to provide you with industry news and other information related to our services.
Should you decide that you no longer wish to receive this information, unsubscribe links are provided in every job alert email that you receive.
Job alerts emails are sent by CIM Recruitment Ltd or a company within our Group of companies. Where the sender is based outside the EEA your details will be sent to or accessed by that entity to enable them to issue the relevant job e-mail alert to you.
If you wish to receive a copy of the information we hold about you, write to: Data Controller, CIM Recruitment Ltd, Springfield House, Royal Engineers Rd, Maidstone, ME14 2LP
IP ADDRESSES AND COOKIES
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
All copyright and other intellectual property rights in the contents of the Website (including the design of the Website) belong to CIM Recruitment Ltd and accordingly all rights are reserved. Visitors to the companies group of websites are permitted to copy, print or download information from the Website for personal use only and not for any business purpose
LINKS TO OTHER WEBSITES
Our website is protected with a variety of security measures to ensure that data you provide is not lost, misused, or altered inappropriately.
CONTENT OF THE WEBSITE
All information on the website (www.cimrecruitment.co.uk) is for general information purposes only and may be altered at any time by CIM Recruitment Ltd without notice.
This website was created in England. Any interpretation of its content claims or disputes (of whatever nature and not limited to contractual issues) shall be subject to the exclusive jurisdiction of the English Courts under English law.
If you have any enquires you can contact us at: email@example.com or by writing to us at:
Data Protection Officer
CIM Recruitment Ltd
Royal Engineers Rd