Belgium
Bulgaria
Croatia
Czech republic
France
Germany
Hungary
Italy
Lithuania
Luxembourg
Montenegro
Netherlands
Poland
Portugal
Romania
Serbia
Slovakia
Spain
Switzerland
Turkey
Ukraine
Argentina
Brazil
Colombia
China
HK (China)
India
Privacy Policy for Website Visitors & Candidates
Last updated: 10/12/24
Gi Group want to protect the privacy of our website visitors and our candidates. This privacy policy will help you understand how we collect, use and process your personal data.
Data controller: Gi Group of companies, including Gi Group Holdings Recruitment Ltd, Gi Group Recruitment Ltd, Draefern Ltd, Excel Resourcing (Recruitment Consultants) Ltd, Gi Recruitment Ltd, INTOO (UK) Ltd, Marks Sattin (UK) Ltd, TACK TMI UK Ltd, TACK International Ltd, Grafton Professional Staffing Ltd, Encore Personnel Services Ltd, and Gi Group Staffing Solutions Ltd – registered at Unit A, The Glass Yard, Sheffield Road, Chesterfield, S41 8JY hereby referenced as “THE ORGANISATION”.
We are committed to protecting the privacy of all our candidates and website users. Following some recent changes to data protection laws we have updated our Privacy Policy.
Gi Group has appointed a Data Protection Officer (DPO), that can be contacted at uk.privacy@gigroup.com
For any enquiries about this privacy policy or to exercise any rights under this policy please email uk.privacy@gigroup.com
THE ORGANISATION collects and processes personal data relating to its candidates and website users. THE ORGANISATION is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
Whenever you give us personal data, it will be used in accordance with this privacy policy, including our use of cookies as explained below. This privacy policy also relates to our use of any personal information you provide to us by phone, SMS, email, in letters and other correspondence and in person.
Changes to The Organisation’s Privacy Policy
We may update or change our privacy policy at any time without giving you a direct notice, so you may want to check it each time you submit personal information to THE ORGANISATION. The date of the most recent revisions will appear on the top of this page. If material changes are made to the Privacy Notice, we will notify you by placing a prominent notice on the website.
Why do we have a privacy notice?
Your privacy is important to us, and we are committed to protecting and safeguarding the data privacy rights of visitors to our website in accordance with applicable law and this Privacy Policy. Under the UK GDPR & Data Protection Act 2018 we must comply with certain regulations which are designed to ensure that any data you provide to us is processed with due care and attention.
This Privacy Notice details the information we collect, how we use and process that information, and to whom it may be disclosed.
What information does the organisation collect?
THE ORGANISATION may collect and process a range of information about you. This includes:
- Your name, address and contact details, including email address and telephone number, date of birth and gender
- Details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers (including references, driving licences, etc) and any other information contained in your application form, CV or covering letter
- Information about your nationality and entitlement to work in the UK
- General communication, including but not limited to, email, postal letters and text messaging
- Any other information required for legal compliance
THE ORGANISATION collects this information in a variety of ways. For example, data is collected through application forms, CVs; obtained from your passport or other identity documents such as your driving licence; from correspondence with you; or through interviews, meetings or other assessments or via our website.
We automatically collect data about visitors to our website (for example on browsing patterns, demographic data, location, browser and devices used, pages visited, time spent on pages visited, referral source) by using cookies, explained below.
Data is stored in a range of different places, including (if you are a candidate applying for a role) in your personnel file and our candidate management databases, which includes; Access, Agility, Spinner, Bullhorn.
Cookies
A cookie is a small text file or piece of code, which often includes a unique identifier that is sent to your computer, tablet or mobile phone web browser from a website’s computer and is stored on your device’s hard drive. A cookie cannot read data on your hard disk or read cookie files created by other sites. Cookies do not damage your system.
Each website can send its own cookie to your web browser if your browser’s preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows. You can manage your preferences on cookies through the dedicated area on our website. When you visit the website for the first time or return after 1 year a cookie banner appears on the bottom of the website, which allows you to accept all cookies, reject cookies (other than those which are essential for our website to work), or manage your cookie preferences. You can also set your browser to block cookies generally (not just in respect of our website) or to alert you to when a cookie is being set. Please note that if you choose not to accept our cookies, some of the features of our site may not function as intended.
We only use cookies for the purposes of website administration and to give us information about the number of visitors to different parts of our website.
Why does the organisation process personal data?
We rely on a number of different legal grounds to process personal data, depending on how we are using it.
In some cases, THE ORGANISATION needs to process data to enter into a contract with you and to meet its contractual obligations, pursuant to Article 6(1)(b) of the UK GDPR.
In some other cases, THE ORGANISATION has a legitimate interest in processing personal data, pursuant to Article 13 (1) (d) of the UK GDPR.
For example, we rely on legitimate interest to process personal data for the purposes of:
- improving our website and ensuring its security;
- responding to any enquiries that you may have;
- business administration;
- certain advertising and marketing activities and the promotion of our business;
- running recruitment and promotion processes;
- responding to and defend against legal claims.
Where THE ORGANISATION relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms data subjects and has concluded that they are not.
Where THE ORGANISATION processes special categories of personal data in relation to candidates applying for roles, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. This is in our and our clients’ legitimate interests to ensure equality of opportunity and diversity within our and our clients’ workforce and is also necessary for reasons of substantial public interest. Candidates are entirely free to decide whether or not to provide such data and there are no adverse consequences if a candidate chooses not to do so.
Furthermore, to carry out some data processing pursued for sending you marketing messages with automated means (e.g. emails) – as described within this statement – THE ORGANISATION could ask for your consent as a legal base.
Who has access to data?
Your information will be shared internally, including between companies in THE ORGANISATION’s group, members of the People and recruitment team, and IT staff if access to the data is necessary for performance of their roles.
Data provided within our platform MyGiGroup will be made available to other Gi Group companies including, Gi Group Holdings Recruitment Ltd, Wyser S.r.l, Gi Group Recruitment Ltd, Draefern Ltd, Excel Resourcing (Recruitment Consultants) Ltd, Gi Recruitment Ltd, INTOO (UK) Ltd, Marks Sattin (UK) Ltd, TACK TMI UK Ltd, TACK International Ltd, Grafton Professional Staffing Ltd, Encore Personnel Services Ltd, and Gi Group Staffing Solutions Ltd to allow candidates to speed up the registration procedure to the reserved areas of the respective portals of these companies who act as independent data controllers within the Gi Group of companies.
THE ORGANISATION shares your data with third parties to obtain references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service. THE ORGANISATION may also share your data with third parties in the context of a sale of some or all its business or with THE ORGANISATION’s clients in relation to providing services related to finding suitable workers. In those circumstances, the data will be subject to confidentiality arrangements.
We will only transfer data outside of the European Economic Area or EEA (i.e., the Member States of the European Union, together with Norway, Iceland, and Liechtenstein) and/or the UK where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission and/or the UK International Data Transfer Addendum approved by the UK Information Commissioner’s Office (“ICO”) for the transfer of personal data by data controllers in the EEA and/or the UK to data controllers and processors in jurisdictions which do not provide the same level of protection for personal data as the EEA and the UK; or
- pursuant to the EU-US Transatlantic Data Privacy Framework (“DPF”) and/or the UK Extension to the DPF for the transfer of personal data from entities in the EU and/or UK to entities in the United States of America that are certified under the DPF, or any equivalent agreement in respect of other jurisdictions. The DPF is an opt-in certification scheme for US companies, under which transfers to US organisations that are certified under the DPF are held to provide an adequate level of protection; or
- transferring your data to a country where there has been a finding of adequacy by the European Commission and/or the UK government in respect of that country’s levels of data protection via its legislation; or
- for certain ad hoc transfers in some circumstances, such as where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract, or where you have consented to the data sharing.
Please contact UK.Privacy@gigroup.com if you would like further information on the specific mechanisms used by us when transferring your personal data outside the UK or the EEA.
How does the organisation protect data?
THE ORGANISATION takes the security of your data seriously. THE ORGANISATION has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where THE ORGANISATION engages third parties to process personal data on its behalf, they do so on the basis of written instructions and appropriate contractual terms in relation to data protection, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The Gi Group Data Retention Policy can be viewed here which confirms the retention periods applied to records.
Will your data be used for Marketing Purposes?
THE ORGANISATION may from time to time send you emails, postal mail, SMS messaging or otherwise contact you for marketing purposes, or to promote new services, activities or content where this is in line with your marketing preferences. We may personalise the messages based upon any information you have provided to us and your use of THE ORGANISATION’s services where you have agreed for us to do this.
You may at any time request us to stop using your personal data for direct marketing purposes, or unsubscribe from our marketing communications, if you wish to do this please click on the link “Unsubscribe” on the bottom of our e-mails or by updating your preferences on your online registration portal.
Your rights
As a data subject, you have a number of rights:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
In the limited circumstances where you may have provided your consent to the collection, processing and/or transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. You may at any time request us to stop using your personal data for direct marketing purposes, or unsubscribe from our marketing communications, if you wish to do this please click on the link “Unsubscribe” on the bottom of our e-mails or by updating your preferences on your online registration portal.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
If you would like to exercise any of these rights, please email uk.privacy@gigroup.com
You can make a subject access request by completing THE ORGANISATION’s SARs form which can be accessed via this link.
If you believe that THE ORGANISATION has not complied with your data protection rights, you have the right to lodge a complaint with the ICO. Contact details for the ICO can be found on its website at https://ico.org.uk.
What if you do not provide personal data?
If you have obligations under your contract with us to provide THE ORGANISATION with data and you refuse to provide the requested data, Gi Group may not be able to fulfil its contractual obligation.
Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable THE ORGANISATION to enter into a contract with you. If you do not provide this information, this may hinder THE ORGANISATION’s ability to manage its relationship with you in an efficient way and administer the rights and obligations under the contract.
Offensive or Inappropriate Content
If you post or send offensive, inappropriate or objectionable content anywhere on any Gi Group or associated company platforms or to THE ORGANISATION or otherwise engage in any disruptive behaviour on any of THE ORGANISATION’s services, THE ORGANISATION may use your personal information to stop such behaviour.
Where THE ORGANISATION reasonably believes that you are or may be in breach of any applicable laws (e.g. because content you have posted may be defamatory), the company may use your personal information to inform relevant third parties (such as law enforcement agencies) about the content and your behaviour.
Links
THE ORGANISATION’s website or other online services may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, and are also likely to use cookies. They will govern the use of personal information you submit, which may also be collected by cookies whilst visiting these websites. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk. This Privacy Notice applies only to personal data collected by THE ORGANISATION, and to how THE ORGANISATION processes personal data.
Automated decision-making
We do not make decisions about candidates, website users or other individuals based on automated decision-making.
Contacts
Registered office: Gi Group UK, The Glass Yard, Sheffield Road, Chesterfield, S41 8JY
Email contact: uk.privacy@gigroup.com
Signed: Paulo Canoa – Regional Head and Country Manager UK & Ireland
Date: December 2024
