For the purpose of the GDPR 2016 (May 2018) please contact the Data Protection Officer (DPO) if you have any questions.
- Who we are
GRW Recruitment (GRW) is a recruitment and training provider that is based in Sunderland, UK. We look to support the public on finding suitable employment either through a permanent placement, a temporary contract or a training programme.
The DPO for GRW is Graham Rose.
- Data collected and sources
In most cases, GRW will collect certain data that is needed to support our service to its successful outcome. The data that will be collected are:
- Telephone Number
- Email Address
- Date of Birth
- CV (full working history and qualifications)
- Medical issues
- Unspent criminal convictions
On some occasions, GRW may need to process additional information which can be deemed as more sensitive. This would be in the instance of a GRW employee or temporary worker for a client. This data is:
- Bank Details
- NI number
- Photo ID
GRW collect data from subjects interested in using our service. The data gathered is from:
- Job sites (third parties)
- Telephone interviews
- Face to face interviews
- Training enrolment
- Website/Newsletter subscriptions
- GRW Employee induction
- Recommendation scheme
- Data use
As GRW provide a service, it is important that we have the correct data to carry out the service to its successful completion. If GRW doesn’t have your consent or your correct data it will result in the data subject not being able to use the GRW service.
We use your data:
- To offer/arrange suitable employment or training opportunities based on your information provided.
- To maintain company accounts and internal GRW systems
- To gain research and carry out surveys
- To meet legal obligations (Right to Work)
- To contact you in an emergency
- To arrange opportunities with third-party companies, such as employers
- To provide you with updates/alerts, such as interviews and feedback
- To improve our website and other communications with you
We do not sell or share your data with third parties for marketing purposes
- Legal processing
Within the GDPR policy, there are certain legal processing conditions that GRW adheres to. Any visitor to the GRW website who accepts ‘cookies’ will have deemed to have given consent for GRW to process their data as a legitimate interest. For any data subject that comes into physical contact with GRW, they will give consent through a Data Consent Form, this document outlines the key points and data uses of this policy in a clear manner and requires the data subjects signature as consent. The consent given either way is easily withdrawn by contacting the DPO.
In the case of a GRW Employee signing an employment contract, processing is necessary in order to fulfil the performance of the employment contract.
In some cases, GRW has a legal obligation to process your data and share it. This could be in a fraud case, a court order or other crimes.
- Sharing data
Any data that is shared as a result of the process will only be done so with the consent of the data subject. Within the recruitment process, it is necessary to share your information with a potential employer so the recruitment process is efficient.
Any personal data that is shared as a result of the process with be shared electronically between GRW and the relevant third party. Personal information will be securely transferred in a password-protected document that can only be opened by a member of the third party with access to the password.
- Storing and processing data
All data is securely stored and processed at the GRW office based in the UK.
GRW use different methods to keep data secure and utilise various technologies and procedures to protect personal information. These measures allow us to:
- Protect data against accidental loss
- Prevent unauthorised access, use, destruction or disclosure
- Ensure business continuity and disaster recovery
- Restrict access to personal information
- Conduct privacy assessments in accordance with law and GRW business policies
- Train staff and contractors on data security
- Manage third party risks, through use of contracts and security reviews.
All personal data that GRW hold are stored electronically with password protection. In the instance of completed GRW documents, these are stored in a locked filing cabinet with any sensitive financial information destroyed.
- Length of storage
GRW will only hold any information on a data subject as a necessity. GRW will hold information for a maximum period of 12 months from when the data consent was given unless:
- The subject is employed by GRW;
- The subject requests GRW they would like us to continue to hold their details for future opportunities;
- Legally we are required to hold onto the information.
The 12-month period will allow GRW to offer an efficient service to the data subject and keep necessary information on record for any further opportunities.
- Your rights
As a data subject of GRW, you have a legal right under the GDPR to always be in control of your data that is shared with us. You have the right to:
- Request a copy of your personal data held, free of charge;
- Correct and/or delete any data;
- Withdraw the consent that you have previously given;
- Request information on how your personal data is processed;
- Request a restriction to be applied to your data in certain circumstances;
- Lodge a complaint with the Information Commissioner’s Office.
If you have any of these requests then get in touch with DPO who will deal with your request. The DPO aims to deal with all requests within 7 days of the initial request. In certain circumstances, your rights may be limited. This could be if your request may expose personal data about another data subject, of if GRW has been requested to delete data that we are required to hold by law.
- Cookies & Other websites
Upon visiting www.grwrecruitment.com you will be asked to consent to cookies for this information to be recorded.
If any changes are made to this policy in the future then the latest update will be made available on our website.
- Contacting us
Please contact the Data Protection Officer (DPO) if you:
- Have any questions about anything in this document
- Think that your personal data has been misused or mishandled
Hope Street Xchange
1-3 Hind Street
0191 337 1553
You can also make a complaint to the Information Commissioner, who is an independent regulator.