Xede Recruitment is a leading education employment agency providing specialist work-finding services to its clients and work-seekers. We want to be clear from the outset that we will only process your data for the purposes of carrying out these services and in accordance with this Privacy Notice.
We recognise that in storing and processing individuals’ personal information we are in a position of responsibility, looking after your data is therefore our top priority. The purpose of this Privacy Notice is to provide information to you in a clear and transparent manner about what happens to the data we hold, give you information on the rights you have regarding your personal information and what actions you can take if you are not happy with something you see.
When we provide our services to our clients and work seekers we act as a data controller as we must process personal data (including sensitive personal data) in order to provide these services. We comply with Data Protection laws when we do so – including the GDPR (General Data Protection Regulation) in force from 25 May 2018.
We will always welcome any questions relating to the way we handle information and invite you to call us at any time on 01872 712388 or email our Privacy Care team at contact@xede.co.uk FAO Privacy Care Team. You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
© Xede Recruitment – Company Number 11178019
In this policy the following terms have the following meanings:
‘consent’ means any freely given, specific, informed and unambiguous indication of an individual’s wishes by which he or she, by a statement or by a clear airmative action, signifies agreement to the processing of persona data relating to him or her;
‘data controller’ means an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘data processor’ means an individual or organisation which processes personal data on behalf of the data controller;
‘personal data’* means any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data;
‘processing’ means any operation or set of operations peormed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that natural person’s peormance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to an individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable individual;
‘sensitive personal data’* means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health, an individual’s sex life or sexual orientation and an individual’s criminal convictions. * For the purposes of this policy we use the term ‘personal data’ to include ‘sensitive personal data’ except where we specifically need to refer to sensitive personal data.
‘Supervisory authority’ means an independent public authority which is responsible for monitoring the application of data protection. In the UK the supervisory authority is the Information Commissioner’s Office (ICO).
All of these definitions are italicised throughout this policy to remind the reader that they are defined terms
Please be aware that you have the following data protection rights:
• The right to be informed about the personal data Xede processes on you
• The right of access to the personal data Xede processes on you;
• The right to rectification of your personal data;
• The right to erasure of your personal data in certain circumstances;
• The right to restrict processing of your personal data;
• The right to data portability in certain circumstances;
• The right to object to the processing of your personal data that was based on a public or legitimate interest;
• The right not to be subjected to automated decision making and profiling; and
• The right to withdraw consent at any time.
Throughout this Privacy Notice we will go into further detail regarding these rights and how you can take any relevant action you would like to.
Xede Recruitment will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time. The Conduct of Employment Agencies and Employment Businesses Regulations 2003 require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services. We must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation. Where Xede Recruitment has obtained your consent to process your personal and sensitive personal data, we will do so in line with our retention policy. Upon expiry of that period Xede will seek further consent from you. Where consent is not granted Xede will cease to process your personal data and sensitive personal data.
Collecting your Data:
Your information will come to us in a variety of ways.
1. You may send your personal details to us directly via: • an application or registration form • email • post • via our website • by other electronic means such as mobile messaging
2. We may obtain your data from third parties such as online “Job Boards” who you have registered with and have agreed that your details can be accessed by recruitment businesses.
3. We may obtain your data from the public domain
Storing your Data:
Your data is primarily stored on our secure database which is encrypted with the latest security technologies to ensure your information is safe from external parties. Our database is hosted by Vincere, a leading recruitment software solution provider, and their privacy information is available at https://static.vincere.io/doc/vincere_privacy_policy_en.pdf. Our IT infrastructure and security is hosted by Interhost and their privacy information can be found here https://www.interhost.co.uk/uploads/interhost-privacy-policy.pdf. Our telephony provider, Cloudcall, records and stores our phone calls and their privacy policy can be found here https://www.cloudcall.com/privacypolicy/.
We may also store your data locally on computers held at our offices that are password protected and only accessible by the consultants you are working with. These are kept in secure offices that are locked and monitored outside of working hours.
Processing your Data
In order to provide our services to you we will require to transfer personal information between clients and workseekers. We will always seek permission to transfer this information and use password encryptions to send any sensitive personal data.
We may also be required to send your information to other third parties, such as accounting and payroll firms, in order to fulfil any contracts you may obtain through us. We will only do so with your prior knowledge and agreement.
In order to process your data we are required by the GDPR to have a legal basis for doing so. There are a number of different legal bases for processing data and these will change as you progress through different stages of our service. The legal bases we rely upon to offer these services to you are as follows: Legitimate interest • The Company will collect your personal data in order to provide work-seeking services to you. • We process personal data in order to be able to provide these services, including the checking of identity, right to work and qualifications as well as to manage pay and your entitlement to certain statutory rights. • It is in the legitimate interests of all parties involved, the recruitment companies, work-seekers and other clients, that Xede Recruitment (Exede Ltd) can process personal data. Consent • When we are seeking to share your personal information with another entity, we will seek your permission to do so. We may do this on a per party basis or through a more general agreement you may enter into with us. • We will only seek to share your information in order to provide our agreed services. Legal obligation • In certain industries it is a legal requirement for certain checks to be undertaken to ensure the suitability of applicants for the work applied for. This includes sensitive information such as Disclosure and Barring Service (DBS) Certificate criminal record checks and medical fitness information. Contractual obligation • If you are successful in your application for an assignment or permanent job, we may process your personal data and sensitive information required for payroll and employment purposes. This will be to satisfy a contractual obligation we have with our clients and suppliers. • When your personal data is required by law or to satisfy a contractual requirement (e.g. our client may require this personal data), or it is a requirement necessary for us or for you to enter into a contract with them. In these circumstances, you are obliged to provide the personal data and if you do not the consequences may be that: • You may not be permitted to continue with your application for work • You may not be permitted to commence an agreed work placement • You may not be permitted to continue on any work placements that have already commenced
