As a recruitment company Ronald James processes personal data in relation to its own staff, candidates and individual client contacts. It is vitally important that we abide by the principles of the Data Protection Act 1998 set out below.
Ronald James holds data on individuals for the following general purposes:
The Data Protection Act 1998 requires Ronald James as data controller to process data in accordance with the principles of data protection. These require that data shall be:
Personal data means data, which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of, or is likely to come into possession of, Ronald James.
Processing means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organising, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data. It is difficult to envisage any activity involving data, which does not amount to processing. It applies to any processing that is carried out on computer including any type of computer however described, main frame, desktop, laptop, palm top etc.
Data should be reviewed on a regular basis to ensure that it is accurate, relevant and up to date and those people listed in the appendix shall be responsible for doing this.
Data may only be processed with the consent of the person whose data is held. Therefore if they have not consented to their personal details being passed to a third party this may constitute a breach of the Data Protection Act 1998.
By instructing Ronald James to look for work and providing us with personal data contained in a CV work-seekers will be giving their consent to processing their details for work-finding purposes. If you intend to use their data for any other purpose you must obtain their specific consent.
However caution should be exercised before forwarding personal details of any of the individuals on which data is held to any third party such as past, current or prospective employers; suppliers; customers and clients; persons making an enquiry or complaint and any other third party.
As a recruitment business we are bound by Regulation 28 of the Conduct of Employment Agencies and Employment Businesses Regulations 2003 to obtain the prior consent of an individual before disclosing any information relating to them other than for the purposes of finding them work, or in relation to legal proceedings or to a professional body of which they are a member. Prior written consent must be obtained before disclosing any information relating to an individual work-seeker to their current employer.
Data in respect of the following is “sensitive personal data” and any information held on any of these matters MUST not be passed on to any third party without the express written consent of the individual:
Any offence committed or alleged to be committed by them
From a security point of view, only those staff listed in the appendix should be permitted to add, amend or delete data from the database. However all staff are responsible for notifying those listed where information is known to be old, inaccurate or out of date. In addition all employees should ensure
that adequate security measures are in place. For example:
It should be remembered that the incorrect processing of personal data e.g. sending an individual’s details to the wrong person; allowing unauthorised persons access to personal data; or sending information out for purposes for which the individual did not give their consent, may give rise to a breach of contract and/or negligence leading to a claim against Ronald James for damages from an employee, work-seeker or client contact. A failure to observe the contents of this policy will be treated as a disciplinary offence.
Data subjects, i.e. those on whom personal data is held, are entitled to obtain access to their data on request and after payment of a fee. All requests to access data by data subjects i.e. staff, members, customers or clients, suppliers, students etc should be referred to the Managing Director whose details are also listed on the appendix to this policy.
Any requests for access to a reference given by a third party must be referred to your line manager and should be treated with caution even if the reference was given in relation to the individual making the request. This is because the person writing the reference also has a right to have their personal details handled in accordance with the Data Protection Act 1998, and not disclosed without their consent. Therefore when taking up references an individual should always be asked to give their consent to the disclosure of the reference to a third party and/or the individual who is the subject of the reference if they make a subject access request. However if they do not consent then consideration should be given as to whether the details of the individual giving the reference can be deleted so that they cannot be identified from the content of the letter. If so the reference may be disclosed in an anonymous form.
Finally it should be remembered that all individuals have the following rights under the Human Rights Act 1998 and in dealing with personal data these should be respected at all times:
Mr James Blackwell – Managing Director
Mr Daniel Blackwell – Senior Consultant
Miss Isabella Derham – Consultant
Miss Emily Sheriff – Consultant
Mrs Jessica Bell – Administrator