Signature is a leading Recruitment business providing specialist work-finding services to its clients and work-seekers. In order to provide these services to our clients and their work-seekers we must process personal data (including sensitive personal data) and in doing so we act as a data controller.
We will only process data for the purposes of facilitating your work-finding services and/or information relating to roles relevant to you. We will only use your personal data in accordance with our Privacy Policy.
Your privacy and the security of the data that you share with us is extremely important to us. We therefore wish to be as transparent as possible with you about how we store and use your data, when and why we use it and how we comply with Data Protection laws when we do so – including the GDPR (General Data Protection Regulation) in force from 25 May 2018. We also want it you to be clear on the rights you have regarding the data we hold on you and how you may take any action you wish to do so about your data.
We have set out our Privacy Notice in a layered and easy to understand way so that you can find the information you need as easily as possible. If you wish to see a complete copy of this document you can download it in full here too.
If you wish to complain about this privacy notice or any of the procedures set out in it please write to Jason Libby.
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/", or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
Data Protection Officer
Jason Libby
legaldepartment@signatureeducation.co.uk
0203 973 8700
Please be aware that you have the following data protection rights:
Where you have consented to the Company processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by contacting The Legal Department.
The Company will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.
We must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
Where the Company has obtained your consent to process your personal and sensitive personal data, we will do so in line with our retention policy. Upon expiry of that period the Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal data and sensitive personal data.
If we arrange an interview or an engagement then we must retain your records for 6 years from the date of interview or the last day of assignment for legal reasons.
In this policy the following terms have the following meanings:
‘consent’ means any freely given, specific, informed and unambiguous indication of an individual’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of persona data relating to him or her;
‘data controller’ means an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘data processor’ means an individual or organisation which processes personal data on behalf of the data controller;
‘personal data’* means any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data;
‘processing’ means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to an individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable individual;
‘sensitive personal data’* means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health, an individual’s sex life or sexual orientation and an individual’s criminal convictions. [Note 1]
* For the purposes of this policy we use the term ‘personal data’ to include ‘sensitive personal data’ except where we specifically need to refer to sensitive personal data.
‘Supervisory authority’ means an independent public authority which is responsible for monitoring the application of data protection. In the UK the supervisory authority is the Information Commissioner’s Office (ICO).
All of these definitions are italicised throughout this policy to remind the reader that they are defined terms
Your information will come to us in a variety of ways.
You may send your personal details to us directly via:
We may be sent your data by third parties we have contracted with to facilitate the work seeking services we provide to you. This information will only be accessible by us when we commence work finding services for you and require you to complete your Safeguarding process. This is to ensure you are suitable to work in the roles we are seeking to introduce you to.
We receive this data electronically using a secure connection to their database.
We may receive your data from other third parties such as online “Job Boards” who you have registered with and have agreed that your details can be accessed by recruitment businesses.
The Company may transfer only the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of facilitating your work-finding services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
In order to process your data we are required by the GDPR to have a legal basis for doing so.
There are a number of different legal bases for processing data and these will change as you progress through different stages of our service.
The legal bases we rely upon to offer these services to you are as follows:
Legitimate interest
It is in the legitimate interests of all parties involved, the recruitment companies, work-seekers and other clients, that The TrustHub Group Ltd can process personal data.
Legal obligation
Contractual obligation
If you are successful in your application for an assignment or permanent job, we may process your personal data and sensitive information required for payroll and employment purposes. This will be to satisfy a contractual obligation we have with our clients and suppliers.
We send your data to a number of different places in order to provide you with our service. Your data will be shared with: