Brightstone Recruitment is a recruitment business which provides work finding services to its Clients and Candidates. The Company must process personal data (including sensitive personal data) so that it can provide these services in doing so, the Company is responsible for your personal data. You may give your personal details to the Company directly, such as on an application or registration form or via our website, or we may collect them from another source such as a jobs board. The Company must have a legal basis for processing your personal data.
For the purposes of providing you with work finding services and/or information relating to roles relevant to you we will only use your personal data in accordance with the terms of the following notice. Please note that this Notice will be subject to amendment as required.
Candidate(s) means any individual who registers with the Company for the purposes of obtaining permanent/fixed term employment or temporary work.
Client(s) means any organisation and individual/employee of that organisation that the Company provides recruitment services to.
Data Protection Legislation means all da ta protection laws including the Data Protection Act 1998 and the General Data Protection Regulation (EU/2016/679).
Personal data means any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Process/processing means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Sensitive personal data means personal data revealing racial or ethnic origin, political opinions, records of criminal convictions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health, an individuals’ sex life or sexual orientation and an individual’s criminal convictions.
For the purposes of this policy we use the term personal data to include sensitive personal data except where we specifically need to refer to sensitive personal data.
Supervisory authority means an independent public authority which is responsible for monitoring the application of data protection. In the UK the supervisory authority is the Information Commissioner’s Office (ICO).
Supplier(s) means any organisation and individual/employee of that organisation that provides services to the Company.
- Collection and use of personal data
2.1 Categories of personal data that may be collected
– The categories of personal data the Company may collect will depend on the type of contact you have with us.
If you are a Candidate, the Company may collect the following personal data:
– Date of Birth
– Marital Status
– Emergency Contact/Next of Kin
– Home Address
– Email address
– Telephone number
– CV/Work history
– Education or Training
– Employment History
– Referee details
– Photographic ID
– Immigration Status
– Record of criminal convictions
– Sensitive personal data such as sex/gender, ethnicity, physical or mental disabilities, religious beliefs and sexual orientation. This may be collected for the purposes of Equality and Diversity Monitoring
– Details regarding your current salary and bank account
– Any additional information that you, your referees or our Clients may provide about you.
If you are a Client, the Company may collect the following personal data:
– Contact details for you and individuals/employees of your organisation such as name, work address, email address and telephone number
– Details about previous and current job requirements
If you are a Supplier to the Company, the Company may collect the following personal data:
Contact details for you and individuals/employees of your organisation such as name, workaddress, email address and telephone number
Bank account details If you use the Company website then we may collect other data from you such as the dates and times that you used it. For more information, please see Section 6
Use of the Company Website. For or the avoidance of doubt, the above lists of categories of personal data are not exhaustive.
2.2 How we use your personal data
The Company may use your personal data for different reasons. Below is a non-exhaustive list of the uses the Company may have for your personal data.
If you are a Candidate, the Company will process your personal data for the purposes of providing you with work finding services. This service will include providing you with job recommendations and submitting your application to potential employers. The Company may also use your personal data for marketing purposes. The Company may also use your personal data for Equality and Diversity Monitoring or as required by law, regulatory bodies or for tax or audit purposes.
If you are a Client, the Company will process your personal data for the purposes of providing you with recruitment services as per our agreed terms of contract. The Company may also use your personal data for marketing purposes or as required by law, regulatory bodies or for tax or audit purposes.
If you are a Supplier to the Company, the Company will process your personal data to ensure that our agreed terms of contract may be carried out efficiently and effectively. The Company may also use your personal data as required by law, regulatory bodies or for tax or audit purposes.
2.3 Our legal basis for processing your personal data
The Company is required to confirm the legal basis which we will rely on for processing your personal data. The legal basis we will rely upon will generally be legitimate interests.
If you are a Candidate seeking employment and have applied for a position or have submitted your CV to the Company, in order to provide you with work finding services, the Company is required to process your personal data. This may include carrying out any relevant reference checks which are necessary for the purposes of you gaining employment. If you successfully obtain employment, the Company will require to process your personal data for payroll and other internal administration purposes. We may also provide job recommendations we think you may be interested in. To ensure that any recommendations are specifically tailored to your requirements, the Company may process your personal data for this purpose.
Finally, the Company may also require to share your personal data as required by law, regulatory bodies or for tax or audit purposes. The Company regards all of the above as being in our legitimate interests in running a recruitment business and to provide appropriate recruitment services.
If you are a Client, the Company will store your and your employees’ personal data for the purposes of ensuring that you are provided with suitable Candidates for job positions. The Company will also store records of role requirements, meetings, emails and conversations to ensure that the Company continues to provide you with relevant recruitment services. The Company considers the above as being in our legitimate interests in running a recruitment business and providing appropriate recruitment services.
If you are a Supplier, the Company will process the personal data of your employees and store your bank account details for the purposes of ensuring you are able to provide the relevant services as a Company Supplier and to be paid for those services. The Company considers the above as being in our legitimate interests as one of your customers.
The Company may require to obtain your consent to certain processing activities. In such circumstances, Consent must be freely given, specific, informed and unambiguous and you will be provided with a consent form with a specific opt-in option. You may withdraw your consent at anytime. For further information about your rights please see Section 5 – Your Rights.
2.4 Third parties we may share your personal data with
The Company may share your personal data with our third-party service providers where required, such as professional and business advisors like IT consultants, lawyers, auditors and accountants. The Company may share your personal data as required by law, regulatory bodies or for tax or audit purposes. Depending on the type of contact you have with the Company, there are additional categories of third parties whom data may be shared with as detailed below.
If you are a Candidate, the Company may also share your personal data with potential employers or with third party recruitment services to assist your search for employment. We may share your personal data with reference agencies where a specific form of reference is required.
If you are a Client, the Company may also share your personal data for the purposes of providing you with recruitment services which may include, with our Candidates or intermediary organisations (such as MSP or RPO), where appropriate.
If you are a Supplier, the Company may share your personal data with third party service providers or as required by law, for full details please see the first paragraph of this section.
Please note that the above lists of third parties are not exhaustive and may be updated as required.
- Overseas Transfers
The Company may transfer only the information you provide to us to countries outside the European Economic Area (EEA) for the purposes of providing you with work finding services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
- Data retention
The Company will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time. The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.
We must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
If you are a Candidate or Client, where the Company has had no meaningful contact with you for a period of 3 years, your personal data will be deleted unless we are required to keep it by law, for a regulatory body or for tax or audit purposes.
- Your rights
In terms of the Data Protection Legislation, you have the following rights:
5.1 Right to be informed
– The Company has an obligation to provide you with information on the way your personal data will be stored and used, as detailed in this Notice.
5.2 Right of access
– You have a right to access the personal data stored on our database. On request, we will provide you with copies of all the information we hold which is relevant to you. This will allow you to assess the accuracy of the information we hold and verify that the information is being used as originally intended and in compliance with the law.
5.3 Right of rectification
– Should you discover that some of the personal data we hold is inaccurate, you have a right to have that rectified and any inaccuracies will be amended accordingly. We may also contact any relevant third parties and make them aware of any changes and request that they update their records.
5.4 Right of erasure
– If you feel that there is no longer a need for the Company to retain your personal data, you can request that the information be permanently erased from our records.
5.5 Right to restrict processing
– There are some instances where erasing personal data will not be desirable or even possible. In this event you may request that we no longer process the information and simply retain for reference purposes only.
5.6 Right to data portability
– Should you exercise your right of access, the Company will endeavour to provide any information in a format which is easy to move, copy or format from one IT environment to another. This is to make it easier for you to re-use the information should you wish to do so. Please note that this provision only applies to personal data that is processed via automated systems.
5.7 Right to object
– If your personal data is being processed for legitimate interests, direct marketing or for research purposes, you have the right to object. You must have a reason for objecting to the processing if it is carried out for legitimate interests or for research purposes. In the case of direct marketing, we will immediately stop all direct marketing communications if you inform us that you no longer wish to receive this information.
5.8 Right to not be subjected to automated decision making and profiling
– You have the right to not be subjected to decisions based solely on automated processing that has a legal or similarly significant effect upon you, except where the automated decision:
- a) is necessary for the entering into or performance of a contact between the Company and you,
- b) is authorised by law, or
- c) you have given your explicit consent.
5.9 Right to withdraw consent
– You have the right to withdraw consent to processing of your personal data at any time. If you wish to enforce any of the above rights please contact the Company at firstname.lastname@example.org
- Use of the Company Website
6.1 Cookies We use “cookies”
6.2 Categories of personal data that may be collected
– Cookies may obtain information regarding your IP address, the dates and times that you access the website and the search criteria you use to search for roles.
6.3 How do we use the personal data collected
– Information that you provide or that is obtained by us through your dealings with the Company website will be held on our servers. The Company may use this information for statistical analysis for the purposes of reviewing, developing and improving the use of the website experience. The Company will take all reasonable steps to keep information we hold about you secure, however, we cannot guarantee security on line.
- Complaints or queries
If you wish to complain about this Notice or any of the procedures set out in it please contact
You also have the right to raise concerns with Information Commissioners Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.