What information we collect about you
We collect all information required so that we can fulfil the requirements of the contract between the client and KSS, this includes but is not limited to the information provided as part of the contract and additional information provided to KSS by the client in order to fulfil the contract by way of advice.
We will hold all of the data for as long as we have an obligation to the client to provide the Services, and thereafter until such time as we delete the Client’s account in accordance with our Terms and Conditions (please see below).
Information we collect from other sources
From time to time we may also obtain personal data from other sources as follows:
- Names and contact details of individual contacts of prospective Clients from third party data providers and/or public sources, such as social networks, company websites and other online sources.
We rely on legitimate interests in performing our contract with our Clients or prospective clients as the lawful basis on which we collect and use your personal data.
We use information held about you in the following ways:
- To provide you with information, products or Services that you request from us or which we feel may interest you or our client.
- To carry out our obligations arising from any contracts entered into between our clients and KSS.
- To notify you about changes to our Services and provide you with information that is relevant to your use of the Services.
- Where you or your employer are a prospective Customer, to provide you with information about our Services for marketing purposes.
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you would like to exercise any of these rights, please contact us using our Contact details below.
The Company is the data controller for the information you provide during the process unless otherwise stated.
What will we do with the information you provide to us?
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information is gathered primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.
We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for.
We might ask you to participate in tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.
Offer of Employment
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
- Proof of your identity
- Proof of your qualifications
- We will contact your referees, using the details you provide in your application, directly to obtain references
- We will also ask you to complete a questionnaire about your health.
- Bank details – to process salary payments
- Emergency contact details – so we know who to contact in case you have an emergency at work
Use of data processors
Data processors are third parties who provide elements of our recruitment service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. Further details will be provided upon commencement of employment.
How long is the information retained for?
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
(to be read in conjunction with the contract between KSS and the client)
1.1 KSS will comply with the Data Protection legislation at all times.
1.2 All parties to the contract will comply with all applicable requirements of the Data Protection legislation. This clause is in addition to, and does not relieve, remove or replace a party’s obligation under Data Protection legislation.
1.3 The parties acknowledge that for the purposes of the Data Protection legislation the client is the data controller and KSS is the data processor (where data controller and data processor have the meanings as defined in the Data Protection legislation).
1.4 Without prejudice to the generality of clause 1.1 above the client will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the personal data (as defined in Data Protection legislation) to KSS for the duration and purposes of the contract.
1.5 Without prejudice to the generality of 1.1, KSS shall, in relation to any personal data processed in connection with the performance by the Company of its applications under the contract: –
- Process personal data only on the written instruction of the client, unless KSS is required by the laws or any member of the European Union, or by the laws of the European Union applicable to the supplier to process personal data (applicable data processing laws). Where KSS is relying on laws or a member of the European Union or European Law as the basis of processing personal data, KSS shall promptly notify the client of this before performing the processing required by the applicable data processing laws, unless those applicable data processing laws prohibit KSS from notifying the client.
- Ensure that it has in place, appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data, and against accidental loss, destruction or damage to personal data appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage, and the nature of the data to be protected having regard to the state of technological development and the cost of implementing any measures (those measures may include where appropriate, pseudonymising and encrypting personal data ensuring confidentiality, integrity, availability and resilience of its systems and services) ensuring that availability of any access to personal data can be restored in a timely manner after an incident and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it.
- Ensure that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential.
- Only retain your personal data for as long as necessary to fulfil the purposes KSS collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for such data, KSS will consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process the data and whether we can achieve those purposes through other means.
- In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
- Not transfer any personal data outside of the European and economic area unless the prior written consent of the client has been obtained and the following conditions are fulfilled:
- The client or KSS has provided appropriate safeguards in relation to the transfer;
- The data subject (as defined in the Data Protection legislation) has enforceable rights and effective legal remedies;
- KSS complies with its obligations under the Data Protection legislation by providing an adequate level of protection to any personal data that has been transferred; and
- KSS complies with reasonable instructions notified to it, in advance, by the client in respect of the processing of the personal data;
- Assist the client (at the clients cost) in responding to any requests from a data subject and in ensuring compliance with its obligations under the Data Protection legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulator;
- Notify the client and the ICO without undue delay, on becoming aware of a personal data breach;
- That at the written direction of the client to delete or return personal data and copies thereof to the client on termination of the agreement, unless required by the applicable data processor to lawfully store/retain the personal data; and
- Contain, complete accurate records and information to demonstrate its compliance with this clause.
1.6 In order for the Company to fulfil its contract and obligations, KSS may appoint third party processors of personal data under the contract. KSS confirms that it is entered into or (as the case may be) enter with a third-party processor in to a written agreement and substantiate on that third party’s standard terms of business or incorporating terms which are substantially similar to those set out in this document.
1.7 As between the client and KSS shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause.
1.8 KSS, may at any time, on not less than 30 days’ notice, revise this document by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which will apply when replaced by attachments to the contract).