Privacy Policy
Who we are?
The TechStream Group will process your personal information in accordance with all applicable laws, including the Data Protection Act 2018 (DPA 2018), the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR). The UK GDPR will apply if you are in the UK and the EU GDPR will apply if you are in the EU.
1. What Personal Data is
The term “Special Category Personal Data” is Personal Data revealing racial or ethic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying someone, data concerning health and data concerning a person’s sex life or sexual orientation.
2. The purpose of this Privacy Notice
We are committed to compliance with data protection laws. We believe that ensuring data protection compliance is the foundation of trustworthy business relationships.
It is important that you read this Privacy Notice together with any other Privacy Notices we provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other Privacy Notices and is not intended to override them.
3. Why we collect your Personal Data and the Type of Data Collected
· Visa details and copies of passports.
· Bank or building society account details.
· Details of job role and salary including data held on staff organisation charts.
· Records concerning appraisal and training.
· Sickness and other absence details.
· Contracts or terms and conditions of employment.
· Correspondence between you and Techstream Group
· Visual images, for example if CCTV images are used as part of building security
· Investigations into breaches of terms and conditions of employment.
· Records of disciplinary proceedings.
· Health and safety records (including accident reports).
· In some departments, workload and work allocation.
4. How we collect your Personal Data
We will collect your Personal Data directly from you in the following ways:
· Job application via the Group’s website
When you apply for a job via Techstream Group, you will be required to provide personal data for your application. For example, your contact details and your, right to work and employment history.
· Techstream’s website profile creation
When you create a profile on one of the websites within the Techstream Group, you will be required to provide contact details.
· Job applications via the direct job advert
When you apply for a job directly, you will be required to provide contact details and job history.
· Applicants found on the job board via the CV search function
If we find you on the job board, you will have already provided your contact details in order to apply for prospective jobs.
· Applicants found on LinkedIn
If we find you on LinkedIn, you will have already provided your employment history on your LinkedIn profile.
· Applicants found via Headhunt
This system is used to understand where key hires are placed, so the TechStream Group will contact candidates directly to introduce them to a role and then request more data.
· Applicants found on Daxtra
Daxtra sits in between applications and entry onto the CRM, creating coversheets entering candidates if flagged in Broadbean or sent via email to Daxtra. This data will include contact details and employment history.
· Applicants found via Broadbean
Broadbean is an applicant tracking system that sits between Techstream and the Job boards. Applicant data is stored in AdCourier. This data will include contact details and employment history.
· Details stored on CRM systems – Permanent placements
Our CRM systems will store candidate details, such as contact details, employment history and salary details. Our systems can also be used to communicate with clients to confirm candidates’ placements or offers.
· Communications via email
We may communicate with you via email in order to discuss your job applications or you may apply for jobs via an email sent directly to the TechStream Group. During that correspondence, you will be providing Personal Data. We will process the Personal Data you provide to us to respond to you and provide our recruitment services. Emails will be stored in accordance with our retention period set out in the Schedule of Processing which can be found at the end of this document.
· Security checks using Verifile
Special Category Personal Data may be collected in order to carry out DBS checks for successful candidates. This will include your name, proof of address, and your passport.
5. How we use your Personal Data
We will use your Personal Data in order to provide you with the TechStream Group service. In particular, when you access and interact with our website or recruitment consultants, we need to track your activities to enable you to connect to our website. We use tracking cookies to identify you in performance of this service, information of which is provided in detail in our Cookie Policy.
6. Our Lawful Bases for processing your Personal Data
The UK GDPR and the EU GDPR (our global standard of compliance) requires that a controller must have a lawful basis for processing Personal Data. More details are provided in the Schedule of Processing but, in most instances, our lawful bases for processing your personal information are:
· The processing is necessary Article 6(b) of the UK GDPR or the EU GDPR for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. This is where you engage with the TechStream Group such as by applying directly on the website, jobs board, or LinkedIn, with a view to securing an employment contract;
· We need to comply with a legal obligation under Article 6(c) of the UK GDPR or the EU GDPR. For example, this is where the law requires us to obtain Personal Data in relation to things like DBS checks, making reasonable adjustments, and in relation to maintaining personal and financial records according to the relevant legislation;
· It is necessary for our legitimate interests (or those of a third party, including you) and there are no overriding interests under Article 6(f) of the UK GDPR and the EU GDPR. This is where we will communicate with you about potential jobs available, and, where relevant send marketing material; and
· We have your consent under Article 6(a) of the UK GDPR and the EU GDPR. This is where you agree either in writing or verbally for us to store and process your Personal Data.
On rare occasions we may need to use your Personal Data as follows:
· We need to protect your vital interests or someone else’s. This relates to life-or-death type scenarios.
7. Who we share your Personal Data with?
Your Personal Data may be shared internally at the TechStream Group for purpose of providing our recruitment services. Your Personal Data may also be shared as follows:
· Service Providers
This can include database management systems that we use to store data, finding prospective candidates and sharing that information with our clients.
· Sharing data with prospective employers and other third parties
This is essential to carry out our business and place candidates.
· Data transfer due to legal obligation
If we are obligated to transfer your Personal Data to a third party based on a legal obligation or in order to comply with applicable laws and governmental bodies, we will only do so in accordance with those laws (i.e.: DPA 2018, EU GDPR and UK GDPR). This may include for example, defending or pursuing legal claims, investigating fraud and co-operating with criminal investigations, such as complying with a subpoena, or similar legal process, or with the data protection supervisory authority.
8. Marketing
With your consent, we may contact you via email to promote our services. To start or stop receiving marketing from us, simply contact us via our job website portal.
9. How long we will keep your Personal Data
We will only keep your Personal Data for as long as is necessary to fulfil the purposes we collected it for, which may include satisfying any legal, accounting, or reporting requirements. The retention period depends on the type of Personal Data and the reason we are processing it. Further details of retention periods are set out in the Schedule of Processing which can be found at the end of this document.
When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the Personal Data which we hold and the purposes for which it is held and processed.
When we determine that Personal Data can no longer be retained (or where we must comply with your request for us to delete your Personal Data in accordance with your right to do so) we ensure that this Personal Data is securely deleted or destroyed.
10. Security of your Personal Data
11. International Transfers
In order to provide our services, we may need to send your Personal Data outside the UK and, in some cases, outside the EEA. For example, although part of the Techstream Group is based only in the UK (Etonwood), other divisions of the Techstream Group have offices, not only in the UK, but in Europe (Spain & Germany) and in Africa, Asia and North America. It may therefore be necessary to transfer your Personal Data to our other offices outside the UK and/or the EEA. Also, it may be necessary to send your Personal Data outside the UK and/or the EEA in order to share it with third parties, such as, your prospective employer.
If we do transfer your Personal Data outside the UK and/or the EEA, we will ensure that it receives the same protection as if it were being processed inside the UK or the EEA. For example, we will ensure that the country we are sending it to has an adequacy decision issued by the European Commission. (Whilst the UK is no longer in the EU, the UK recognises all adequacy decisions already made by the European Commission). In the absence of an adequacy decision, TechStream will adopt other appropriate safeguards to protect your Personal Data, such as Standard Contractual Clauses (SCC) issued by the European Commission. Again, whilst the UK is no longer in the EU, the UK recognises the SCC for the time being. The SCC can be found here Standard Contractual Clauses (SCC) | European Commission (europa.eu)
12. Your Rights
You have rights under the data protection legislation and, subject to certain legal exemptions, we must comply when you inform us that you wish to exercise these rights. There is no charge, unless your requests are manifestly unfounded or excessive. In such circumstances, we may make a reasonable charge or decline to act on your request. Before we action your request, we may ask you for proof of your identity. Once in receipt of this, we will process the request without undue delay and within one month. In order to exercise your rights please contact gdpr@techstreamgroup.com
Your rights in connection with personal information are set out below.
· Subject Access Request
o You have a right to receive a copy of the Personal Data we hold about you.
· Rectification
o If any of the Personal Data we hold about you is incomplete or inaccurate, you have a right to have it corrected.
· Erasure
o This is also known as the “right to be forgotten”. You have a right to ask us to delete your Personal Data where there is no good reason for us to continue to process it. However, certain criteria apply and if we have a legitimate reason to continue processing your Personal Data, we will not be legally required to delete it.
· Objection
o You have a right to object where we are relying on legitimate interests as our lawful basis for processing your Personal Data but, in certain circumstances we may be able to continue with the processing. For example, if we have compelling legitimate grounds which override your interests, rights and freedoms or your Personal Data is needed for the establishment, exercise or defence of legal claims.However, you have an absolute right to object to us processing your Personal Data for direct marketing purposes.
· Restriction
o You have a right to ask us to restrict the processing of your Personal Data in certain circumstances. For example, you may require us to suspend processing information about you whilst checks are made to ensure it is accurate.
· Portability
o You have the right to ask us to transfer any Personal Data you have provided to us to another party, subject to certain criteria being satisfied. We will provide this Personal Data in a structured, commonly used and machine-readable format.
· Right to withdraw consent
o If you have given us your consent for the processing of your Personal Data, you can withdraw this at any time. Please note, the withdrawal has no effect on the legality of the data processing carried out in the past on the basis of your consent.
· Right to complain
o If you are unhappy with the way in which your personal information has been or is being processed, you have the right to make a complaint about it to the relevant supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). They can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
13. Your obligations
If any of your Personal Data changes whilst you are a user of our services, it is important that you update the information within your account or otherwise notify us to ensure that the data we hold about you is accurate and up to date.
14. How to contact our Data Protection Officer
We have appointed a global Data Protection Officer (DPO) to handle data protection matters. You can contact via email dpo@dataprivacyadvisory.com or via gdpr@techstreamgroup.com
15. Questions or Concerns
You can contact us if you wish to complain about how we collect, store and/or use your Personal Data.It is our goal to provide the best possible remedy with regard to your complaints. However, if you are not satisfied with our answer, you can also contact the relevant supervisory authority
16. The Data Protection Principles
We will comply with the EU GDPR, UK GDPR and the DPA 2018. Article 5 of the UK GDPR and the EU GDPR contains the data protection principles, which require that Personal Data shall be:
· Processed lawfully, fairly and in a transparent way.
· Collected for specified, explicit and legitimate purposes and not used in any way that is incompatible with those purposes.
· Adequate, relevant and limited to what is necessary.
· Accurate and, where necessary, kept up to date.
· Kept for no longer than is necessary for the purposes we have told you about.
· Kept securely.
We operate according to the principles of the UK GDPR and the EU GDPR.
17. Changes to this Privacy Notice
18. Schedule of Processing
Ref | Purpose of Processing | Type of Personal Data | Who has Access | Lawful Basis | Retention Period |
1. | Job application via the TechStream Group’s website
| Identity/contact data and employment history | TechStream staff | Contract | 3 years from date of last meaningful contact for unsuccessful applicants and 6 years from the date the contract ends for successful placements.
|
2. | Contacting candidates regarding job applications
| Identity/contact data and employment history | TechStream staff
| Contract | 3 years from date of last meaningful contact for unsuccessful applicants and 6 years from the date the contract ends for successful placements.
|
3. | Onboarding candidates
| Identity/contact data | TechStream staff
| Contract | 3 years from date of last meaningful contact for unsuccessful applicants and 6 years from the date the contract ends for successful placements.
|
4. | TechStream’s website profile creation
| Identity/contact data | TechStream staff
| Contract | 3 years from date of last meaningful contact for unsuccessful applicants and 6 years from the date the contract ends for successful placements.
|
5. | Job applications via the direct job advert
| Identity/contact data and employment history | TechStream staff
| Contract | 3 years from date of last meaningful contact for unsuccessful applicants and 6 years from the date the contract ends for successful placements.
|
6. | Candidates found on job board via the CV search function
| Identity/contact data and employment history | TechStream staff
| Legitimate interests | 3 years from date of last meaningful contact. |
7. | Candidates found on LinkedIn
| Employment history and contact information.
| TechStream staff
| Legitimate interests | 3 years from date of last meaningful contact. |
8. | Candidates found via Headhunt
| Identity/contact data | TechStream staff
| Legitimate interests | 3 years from date of last meaningful contact.
|
9. | Candidates found on Daxtra
| Identity/contact data and employment history | TechStream staff
| Legitimate interests | 3 years from date of last meaningful contact.
|
10. | Candidates found via Broadbean
| Identity/contact data and employment history | TechStream staff
| Legitimate interests | 3 years from date of last meaningful contact.
|
11. | Details stored on CRM systems – Permanent placements | Identity/contact data, employment history, and salary details. | TechStream staff | Contract | 6 years from date the placement ends. |
12. | Security checks using Verifile (Security checks)
| Name, proof of address, and passport. | TechStream staff | Contract | 2 years from date the placement ends |
13. | Communications via email
| Identity/contact data | TechStream staff
| Legitimate interests or contractual obligation | 3 years (dependent on the subject matter of the email) from the date of the last meaningful contact
|
14. | Financial information | Bank details, tax bills, receipts and statements, tax returns, sales tax records | TechStream staff
| Legal obligation | 7 years from the date of the record |
15. | Financial Information
| Tax-exemption documents and related correspondence, and annual returns information | TechStream staff
| Legal obligation | Indefinitely |
16. | Right to work | Passport, national identity cards | TechStream staff
| Legal obligation | 2 years from date the contract ends |
17. | Employment contracts | Contact details, salary details | TechStream staff
| Legal obligation | 6 years from the contract ends.
|
18. | Employee personal records | Contact details, attendance records, application forms, performance evaluations, training, qualifications, disciplinary records. | TechStream staff
| Legal obligation | 6 years from the date the contract ends. |
19. | Sickness and absence records | Medical data | TechStream staff
| Legal obligation | 6 years from the date the contract ends.
|
20. | Equal opportunities and reasonable adjustments | Data relating to disabilities and ethnic background
| TechStream staff
| Legal obligation | 6 years from the date the contract ends |
21. | Legal Memoranda and opinions | Case files | TechStream staff
| Legal obligation | 7 years after the case file is closed.
|
22. | Litigation case files | Case files where proceedings have been initiated | TechStream staff
| Legal obligation | 1 year after expiration of appeals
|
23. | Court Orders | Court Orders (any other applicable documentation issued by the court) | TechStream staff
| Legal obligation | Indefinitely |
24. | Insurance documentation | Insurance certificates, claims files, correspondence, medical records, insurance policies | TechStream staff
| Legal obligation | Indefinitely |
25. | Corporate records | Company minutes, records of incorporation, annual corporate reports, licenses and permits) | TechStream | Legal obligation | Indefinitely |