Privacy Policy
ARHR Consult Ltd (T/A The HR Consultancy) Privacy Policy
​
Introduction
​
The HR Consultancy is committed to protecting individual’s safety and privacy, and takes its responsibilities regarding the security of individual’s personal data very seriously. This privacy policy explains what personal data we collect about individuals, how and why we use it, who we disclose it to, and how we protect your privacy.
References in this Privacy Policy to “ARHRConsult”,”The HR Consultancy”, “the Company”, “we”, “us” or “our” mean ARHR Consult Ltd. (a company registered in England and Wales with registration no 8583576 and registered office at 21 Best Avenue, Kenilworth, Warwickshire, England, CV8 2TN; telephone number 01926 853388; email info@arhrconsult.com). Our Data Controller is Angela Roberts, with the same contact details. We control the ways your personal data are collected and the purposes for which your personal data are used by ARHR Consult. ARHR Consult is the “data controller” for the purposes of the UK Data Protection Act 2018(as amended or replaced), the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and other applicable European data protection legislation (together the “Data Protection Legislation”).
​
The below sets out the Company’s statement on dealing with personal data.
Section 1 relates to those applying for jobs with the Company; Section 2 deals with personal data relating to customers, clients, those subject to our services and or suppliers; Section 3 relates to marketing.
Please refer to the relevant section.
​
Section 1: Privacy Notice Recruitment
​
The below provides you with important information concerning the personal data the Company may collect, retain and process relating to job applicants. The personal data collected, retained and processed is limited to that which is relevant to the entering into an employment relationship. The Company seeks to be transparent in respect to personal data and is committed to meeting its data protection obligations. The below provides information to assist in this matter.
​
1.1 Purposes of Processing and Legal Basis of Processing
​
The Company needs to collect, retain and process or use personal data for the following reasons.
In order to enter into a contract of employment or any other work contract with you or to take steps at your request prior to entering into a contract;
-
To meet our legal responsibilities as an employer (for example to check you are entitled to work in the UK and or the meet our responsibilities under the Equality Act 2010)
-
To pursue the relevant and legitimate interests of the business (for example being able to process and retain information for managing the recruitment process and or for making appropriate decisions about suitability of candidates and or for making offers of employment).
-
Special categories of personal data may be processed in order to comply with the Equality Act 2010 and or other legislation.
The Company will not use your personal information for any other purpose than recruitment activity. However, if you are not successful the Company may retain your details for a 6 month period. In this period the Company may contact you if a suitable vacancy arises.
​
1.2 Who has Access to Personal Data
​
Your personal data will only be disclosed where appropriate to authorised individuals within the Company involved in the recruitment process or third parties involved in the recruitment process and or who are providing relevant support or advice.
Those authorised individuals within the Company who may be included in the recruitment process include those with HR and or recruitment responsibilities, the management team in the area where the vacancy exists, those involved in the interview and assessment process and those with responsibility for IT, where they need access to your data for the performance of their role. However, in respect of those with access to your data, the access they have will be limited to what they need to have access to only. Also your data may be disclosed to third parties providing computerised storage facilities including cloud technology.
If you are not successful your personal data will not be shared with third party providers, other than those who may be included in the recruitment process or who may give us advice on such matters. If, however, you are successful in your application your personal data may be provided to third party providers such as any third parties providing accountancy, I.T., payroll or HR/legal/Occupational Health/Benefit Provision support to the company and in such circumstances only data relevant to such support will be provided. Further the need for pre employment checks and or the obtaining of references may result in us sharing information with other employers. Also we may need to perform pre employment screening or conduct Disclosure and Barring checks and again we may share your data with such external organisations as are used in such circumstances.
Where data is provided to third parties they are placed under an obligation of confidentiality and are given written instructions, and operate under an agreement, to only use the data for the purposes for which it is disclosed.
It may be that your personal data will be transferred outside the European Economic Area (EEA) for example through the use of cloud storage or technology. In such circumstances relevant safeguards, including obligations of confidentiality will apply as required. The safeguards will include where required an adequacy decision by the EU Commission. In the absence of any such adequacy decision relevant safeguards such as standard data protection clauses adopted by the Commission, or by the ICO and approved by the Commission, or contractual clauses as authorised by the ICO and or other safe guards as set down by article 46 of the GDPR will apply. A copy of safeguards or where they can be obtained from can be provided via the Data Controller.
​
1.3 Time Period for Retaining Data
​
If you are unsuccessful in your application the Company will retain your personal data for a period of up to 6 months following the decision in relation to your application.
​
1.4 Your Rights
​
As a data subject you have the following rights:
-
You can request from the Company access to and copy of your data
-
You can request the Company to correct or erase personal data
-
You can request a restriction of processing of your personal data
-
You can object to processing of your personal data
-
You can request to exercise the right to data portability in certain circumstances.
If you wish to exercise any of the above rights you should contact the Data Controller identified above. In addition you have the right to lodge a complaint about data protection with the Information Commissioner’s Office.
You are not under any contractual or statutory requirement to provide any personal data to the Company during the process of recruitment.
However, if you fail to provide relevant personal data this may prevent the Company from being able to fully or properly process your application or it may be the Company will not be able to process your application at all.
No automated decision making is used in respect to any personal data.
​
1.5 Categories of Personal Data
​
The Company may or will collect, use and process a range of personal information relating to you during or as part of the recruitment process. The nature of the personal data may include information such as or relating to the following:
Your name, address, email address, contact details, phone number, personal details, right to work in the UK, criminal records, your qualifications, work history, future career plans, experience, skills, current level of pay and associated employment benefits, health records/history, whether you have a disability and or whether reasonable adjustments are needed, references, equal opportunity related information, information relating to your suitability for the role.
​
1.6 Source
​
The information and or data collected and or processed relating to you is received from a number of sources. These include information provided by you (such as CVs, application forms, identity documents) or information gained at interviews, meetings or assessments with or of you.
In addition data about you may be obtained from other sources for example; recruitment agencies, job boards, where references are provided from a previous employer or third party or from other employment checks such as criminal records checks or other pre employment checks where appropriate or from professional networking sites such as LinkedIn.
The data held by the Company will be stored securely and will be held within the Company’s computer or electronic or cloud or email systems, filing systems, HR system or the appropriate recruitment file(s).
​
Section 2: Privacy Notice Customers, Clients, those Subject to our Services and or Suppliers
​
This notice provides you with important information concerning personal data the Company may collect, retain and process relating to customers, clients, those subject to our services and or suppliers. The personal data is limited to that which is relevant to the business relationship or the service we provide. The Company seeks to be transparent in respect to personal data and is committed to meeting its data protection obligations. This notice aims to assist in this matter.
​
2.1 Purpose of Processing
​
The Company needs to collect, retain and process or use personal data: in order to enter into a commercial contract with you or your organisation; to manage and meet its obligations under or connected with any such contract; to meet any of our legal responsibilities in connection with the contract or to you or your organisation; to pursue the relevant and legitimate interests of the business.
​
2.2 Legal Basis of Processing
​
The processing of personal data is:
-
on the grounds of consent (where such consent has been given);
-
for the performance of the commercial contract to which you or your organisation is party or in order to take steps at your request prior to entering into any such commercial contract;
-
for compliance with a legal obligation to which the Company is subject; and or
-
for the purposes of the legitimate interests pursued by the Company. The legitimate interests pursued include the provision of products and services to you, and keeping you informed of our products and services or changes relating to our products and or services.
​
2.3 Who has Access to Personal Data
​
Your personal data will only be disclosed where appropriate to authorised individuals within the Company or authorised third party providers external to the Company.
However, in respect of those with access to your data, the data to which they have access will be limited only to that which is necessary for the proper performance of their function.
Third party providers to whom data might be disclosed include any third parties providing accountancy, I.T., and or legal support to the Company, or may provide web based systems to support the Company’s services, and in such circumstances only data relevant to such support will be provided. In addition data will be disclosed as required to HMRC or where it must be legally disclosed. Also your data may disclosed to third parties providing computerised storage facilities including cloud technology.
Where data is provided to third parties they are placed under an obligation of confidentiality and are given written instructions, and operate under an agreement, to only use the data for the purposes for which it is disclosed.
It may be that your personal data will be transferred outside the European Economic Area (EEA) for example through the use of cloud storage or technology. In such circumstances relevant safeguards, including obligations of confidentiality will apply as required. The safeguards will include where required an adequacy decision by the EU Commission. In the absence of any such adequacy decision relevant safeguards such as standard data protection clauses adopted by the Commission, or by the ICO and approved by the Commission, or contractual clauses as authorised by the ICO and or other safe guards as set down by article 46 of the GDPR will apply. A copy of safeguards or where they can be obtained from can be provided via the Data Controller.
​
2.4 Time Period for Retaining Data
​
The Company will retain relevant personal data for a period of 6.5 years from the end of the tax year following the support given, in part due to the need to keep records for certain legal reasons.
​
2.5 Your Rights
​
As a data subject you have the following rights:
-
You can request from the Company access to and a copy of your data;
-
You can request the Company to correct or erase personal data;
-
You can request a restriction of processing of your personal data; and
-
You can object to processing of your personal data:
-
You can request to exercise the right to data portability in certain circumstances.
If you wish to exercise any of the above rights you should contact the Data Controller identified above. In addition, you have the right to lodge a complaint about data protection with the Information Commissioner’s Office.
The provision of certain personal data is or may be a contractual requirement, or a requirement necessary to enter into a contract. Also, the provision of certain personal data is or may be a statutory requirement. The consequences of not providing the personal data is that the commercial contract may not be able to function and certain legal responsibilities may be impossible to meet.
In certain circumstances it may be the case that the commercial contract cannot function and so is brought to an end.
No automated decision making is used in respect of any personal data.
​
2.6 Categories of Personal Data
​
The nature of the personal data may or will include information such as or relating to the following:
Your name, email address, contact details, and phone number. In addition if the contract or provision of services is to you personally then personal details (such as address, bank details) and data relating to any contract between the Company and you (including terms and conditions).
​
2.7 Source
​
The data collected and processed relating to you is received from your organisation and or you.
The data held by the Company will be stored securely and will be held within the Company’s computer or electronic or cloud or email systems, filing systems, and or account system.
​
2.8 Where we are a Processor and not a Controller
​
There may be circumstances where we act as a data processor only and in such cases we will only process data on the instructions of the client’s Data Controller. It may be in such circumstances we process, in addition to the categories of personal data above, special categories data and data relating to employment. In such circumstances all relevant safeguards will apply to such data and processing and such data will only be used for the purposes it is collected for.
​
Section 3: Marketing
​
This notice provides you with important information concerning personal data the Company may collect, retain and process relating to marketing information. The personal data is limited to that which is relevant to such purposes. The Company seeks to be transparent in respect to personal data and is committed to meeting its data protection obligations. This notice aims to assist in this matter.
​
3.1 Purpose of Processing
​
The Company may process personal data for the purposes of marketing, to keep in touch with you and to keep you informed of its products and services and related information.
​
3.2 Legal Basis of Processing
​
The processing of personal data is:
-
on the grounds of consent (where such consent has been given); and or
-
for the purposes of the legitimate interests pursued by the Company. The legitimate interests pursued include keeping customers and clients informed of our products and services or changes relating to our products and or services.
3.3 Who has Access to Personal Data
​
Your personal data will only be disclosed where appropriate to authorised individuals within the workplace or authorised third party providers external to the Company.
Third party providers to whom data might be disclosed include any third parties providing I.T., legal, marketing support to the Company and in such circumstances only data relevant to such support will be provided. Also your data may be disclosed to third parties providing computerised storage facilities including cloud technology.
Where data is provided to third parties they are placed under an obligation of confidentiality and are given written instructions, and operate under an agreement, to only use the data for the purposes for which it is disclosed.
It may be that your personal data will be transferred outside the European Economic Area (EEA) for example through the use of cloud storage or technology. In such circumstances relevant safeguards, including obligations of confidentiality will apply as required. The safeguards will include where required an adequacy decision by the EU Commission. In the absence of any such adequacy decision relevant safeguards such as standard data protection clauses adopted by the Commission, or by the ICO and approved by the Commission, or contractual clauses as authorised by the ICO and or other safe guards as set down by article 46 of the GDPR will apply. A copy of safeguards or where they can be obtained from can be provided via the Data Controller.
​
3.4 Time Period for Retaining Data
​
The Company will retain relevant personal data of business contacts until such time as they request to be removed from any marketing list. Only limited data is retained for such purposes. You can request to unsubscribe from marketing emails at any time.
​
3.5 Your Rights
​
As a data subject you have the following rights:
-
You can withdraw consent at any time
-
You can request from the Company access to and a copy of your data;
-
You can request the Company to correct or erase personal data;
-
You can request a restriction of processing of your personal data; and
-
You can object to processing of your personal data:
-
You can request to exercise the right to data portability in certain circumstances.
If you wish to exercise any of the above rights you should contact the Data Controller identified above or in the case of withdrawing consent for marketing purposes you can click on any unsubscribe button on any marketing material sent.
In addition, you have the right to lodge a complaint about data protection with the Information Commissioner’s Office.
There is no contractual requirement or statutory requirement that you provide to us your personal data for marketing purposes. The consequences of not providing such personal data is that we will not be able to keep you informed of, or changes relating to, our products and services. This may affect your ability to enjoy our products and services.
No automated decision making is used in respect of any personal data.
​
3.6 Categories of Personal Data
​
The nature of the personal data the Company may or will process may include information such as or relating to the following: Your name, email address, contact details, phone number, business address.
​
3.7 Source
​
The data collected and processed relating to you may or is received from a number of sources. These include information provided by you or your organisation.
The data held by the Company will be stored securely and will be held within the Company’s computer or electronic or cloud or email systems, and/or filing systems.