Introduction

All organisations that process personal data are required to comply with data protection legislation. This includes, in particular, the Data Protection Act 2018 (the successor to the 1998 Act) and the UK General Data Protection Regulation (together with the ‘Data Protection Laws’). The Data Protection Laws give individuals (known as ‘data subjects’) certain rights over their personal data whilst imposing certain obligations on the organisations that process their data.

As a recruitment business, Britannia Pathways Limited (the Company) collects and processes both personal data and sensitive personal data. It is required to do so to comply with other legislation. It is also required to keep this data for different periods depending on the nature of the data.

The Company provides work-finding services to both candidates and clients as part of their business. They process personal data in order to be able to provide these services – they need to check the identity of candidates, their right to work and qualifications as well as process pay and manage entitlement to certain statutory rights. It is in the legitimate interests of all parties involved – the recruiter, the work seeker and the client – that the recruitment business can process personal data.

This policy sets out how the Company implements the Data Protection Laws. It should be read in conjunction with the Data Protection Procedure.

Definitions

In this policy the following terms have the following meanings:

• ‘consent’: means any freely given, specific, informed and unambiguous indication of an individual’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
• ‘data controller’: means an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data;
• ‘data processor’: means an individual or organisation which processes personal data on behalf of the data controller;
• ‘legitimate interest’: means the legitimate reasons that any organisation has for processing personal data;
• ‘personal data’: means any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• ‘personal data breach’: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data;
• ‘processing’: means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• ‘sensitive personal data’: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health, an individual’s sex life or sexual orientation and an individual’s criminal convictions.

Data processing under the Data Protection Laws

Britannia Pathways Limited processes personal data in relation to its own staff, work-seekers and individual client contacts and is a data controller for the purposes of the Data Protection Laws.

The Company may hold personal data on individuals for the following purposes:

1. Staff administration;
2. Advertising, marketing and public relations;
3. Accounts and records;
4. Administration and processing of work-seekers’ personal data for the purposes of providing work-finding services, including processing using software solution providers and back-office support;
5. Administration and processing of clients’ personal data for the purposes of supplying/introducing work-seekers.

1. The Data Protection Principles

The Data Protection Laws require the Company to ensure personal data is:

1. Processed lawfully, fairly and in a transparent manner;
2. Collected for specified and legitimate purposes;
3. Adequate, relevant and limited to what is necessary;
4. Accurate and kept up to date;
5. Kept for no longer than is necessary;
6. Processed in a manner that ensures appropriate security.

2. Legal bases for processing

The Company will only process personal data where it has a legal basis for doing so. Nishi Kanta Singha and the designated team listed in the Appendix shall be responsible for reviewing the data regularly to ensure it is being lawfully processed.

3. Privacy by design and by default

The Company has implemented measures and procedures that adequately protect the privacy of individuals, including:

• Data minimisation;
• Pseudonymisation and Anonymization;
• Cyber security measures.

Rights of the Individual

The Company shall provide any information relating to data processing to an individual in a concise, transparent, and easily accessible form. All requests regarding individual rights should be sent to Nishi Kanta Singha.

Subject Access Requests: Individuals are entitled to access their personal data on request.
Erasure: Individuals have the right to ask the Company to erase their personal data. If the Company has made the data public, it shall take reasonable steps to inform other data controllers to erase the data.

Reporting Personal Data Breaches

All data breaches should be referred to Nishi Kanta Singha.

• Where the Company is the data controller: We will take steps to contain and recover the breach. If it poses a risk to the rights and freedoms of an individual, we will notify the ICO.
• Where the Company is the data processor: We will alert the relevant data controller as soon as we become aware of the breach.

Complaints

If you have a complaint or suggestion about the Company’s handling of personal data, please contact:
Nishi Kanta Singha
nishi@britanniapathways.co.uk

Alternatively, you can contact the ICO directly on 0303 123 1113 or at https://ico.org.uk/global/contact-us

DATA PROTECTION OFFICER & CONTACTS

Nishi Kanta Singha
Founder & CEO
nishi@britanniapathways.co.uk

Appendix

The Founder/CEO and designated Managing Directors are responsible for:

• Responding to subject access requests, rectification, erasure, and restriction requests.
• Reporting data breaches and dealing with complaints.
• Adding, amending, or deleting personal data.