Bruin is part of The FISER Group Ltd. The FISER Group Ltd is registered as a data controller in the United Kingdom for the purposes of the Data Protection Act 1998 (or its successor) and the EU General Data Protection Regulation (together the ‘Data Protection Laws’). Bruin’s website and online services are designed to protect the privacy of all users. We ensure that the data you supply to us is processed fairly and lawfully, and with skill and care. This Data Protection Policy governs our processing of all personal data provided to us, in all forms. By registering your details with us and using our website, you consent to us collecting and processing personal data supplied by you and disclosing this information to prospective employers and clients in connection with the recruitment process.
This Privacy Notice provides you with clear information as to how we process your personal data. We are obliged to use your information in line with all applicable laws. We do so in a manner that is fair by using your information in a way that you would reasonably expect when providing our work-finding services or recruiting personnel for you, and being transparent so that you know how it will be used.
This Privacy Notice sets out the types of personal data that we collect about you, how and why we use it, how long we will keep it for, when why and who we will share it will, the legal basis for us using your personal data and your rights in relation to us storing and processing your personal data. It also explains how we may contact you and how you can contact us.
Part of the recruitment process will involve sharing your personal data with our clients (independent data controllers) who have potential work opportunities that may be suitable for you. These third parties will have their own privacy policies and will also need to comply with all applicable laws – we encourage you to contact them directly if you have any concerns or questions about your data.
WHO WE ARE
The FISER Group Limited (registration number 07102496) is an employment business and agency that also includes specialist brands Bruin Financial, IBAM Consulting, and LUDGATE Search. We provide both temporary and permanent recruitment services to clients looking to recruit personnel for their business and provide work-finding services to candidates looking for job opportunities.
We are registered as a data controller with the ICO in the United Kingdom for the purposes of the Data Protection legislation and General Data Protection Regulation (GDPR). Our registered office address is WeWork No.1 Poultry, London, EC2R 8EJ and you can contact us at firstname.lastname@example.org if you have any queries relating to data protection.
LEGAL BASIS FOR PROCESSING YOUR DATA
For prospective candidates, contractors, referees and clients, our processing is necessary for our legitimate interests in that we need the information in order to be able to assess suitability for potential roles, to find potential candidates and to contact clients and referees.
We do not consider our legitimate interests to be overridden by your interests or fundamental rights and freedoms. We take into consideration the reasonable expectations of individuals who are actively applying for jobs or making their personal information publicly accessible on professional networking sites.
If you are submitted as a candidate or requested for interview, then this may involve the processing of more detailed personal data including sensitive data such as health information or any unspent criminal convictions that you or others provide about you. We will ask for your consent before undertaking such processing if we are required to do so.
For clients, we may also rely on our processing being necessary to perform a contract for you if one is in place, for example in contacting you.
WHAT INFORMATION WILL WE COLLECT ABOUT YOU?
We collect and process personal data only as far as is necessary to facilitate the recruitment process and provide you with work-finding services. We need your personal data in order to find you suitable opportunities and further information may be needed to assess your eligibility through the different stages of the recruitment process.
The information we collect may include your name, email address, telephone number, CVs, identification and right to work documents, educational records, work history, employment and references.
In general, we will not ask you about sensitive personal data but there may be times that it is necessary for information to be disclosed to us and for us to share that with potential employers. We will only share the information where you have provided your explicit consent.
We are also under an obligation with our clients to provide suitable candidates. Part of that assessment will include asking you about any unspent criminal convictions you may have. We consider this to be highly confidential information and will only do so where you have provided your explicit consent.
WHERE DOES THE INFORMATION WE COLLECT ABOUT YOU COME FROM?
The data we collect about you is obtained from the following sources:
- Directly from you. This may be via our registration process, information requests and applications via our website.
- An agent or third party acting on your behalf. This may be where you are consulting via a Limited Company.
- Publicly available sources. We may also obtain your information from professional networking sites or job boards, where you have actively published or submitted your information.
- Reference or word of mouth. You may be recommended by a friend, former employer or colleague.
HOW WILL WE USE THE INFORMATION COLLECTED ABOUT YOU?
We will use your information in such ways to facilitate the recruitment process and provide you with work-finding services, including but not limited to:
- To provide our services by using your details to match your skills, experience and education with a role that suits your requirements (we use technology in ways to help identify the most suitable candidates for a specific role but this does not constitute automated decision making);
- To make you aware of current opportunities that may suit your requirements;
- To contact and update you about applications you have made or roles you have been submitted for;
- To share your details with Clients with the aim of securing a potential role (our Client may be the company you will provide your services to or an intermediary company that directly supplies to the company you will provide your services to).
If you are selected by the Client for an interview or the next stage of the recruitment process, we will need further information from you. This is likely to come directly from you but may also be from third parties such as a referee for example.
We may also analyse the data internally so that we can offer a more relevant service, for marketing and strategic development purposes or for research purposes to improve our service.
HOW AND WHEN WILL WE CONTACT YOU?
We may contact you by phone, email or social media.
Some examples of when we will contact you are:
- Upon receipt of a CV or your personal data, it will be reviewed to determine whether we are likely to be able to provide you with work-finding services and we will notify you if you are added to our database.
- When one of our consultants considers you for a suitable job opportunity or to find out more about the type of role you are looking for.
- Before we put you forward for a role.
- During and following an assignment we have placed you in.
- In relation to any correspondence we receive from you.
- To update you on any material changes to our policies and practices.
WHO WILL WE SHARE YOUR INFORMATION WITH?
There may also be circumstances where disclosure is required or permitted by law (such as to government bodies and law enforcement bodies). As an example, we are under an obligation to report pay details of all workers we place with clients to HMRC. We may also share data with our Financier.
Generally, we will process your information within The FISER Group. There may be occasions where we use third parties to process your information on our behalf. In such situations these third parties will be under strict instructions and they will not be permitted to use your information for their own business purposes.
WILL WE TRANSFER YOUR DATA OUTSIDE THE EEA?
The FISER Group is based in the UK and our back-up systems are stored in the EEA. We do not generally transfer your data out of the EEA.
In the event that we do need to make transfers to countries outside the EEA, we will ensure the appropriate safeguards are in place.
HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION?
The FISER Group will only retain information for as long as necessary for the relevant activity. This may be determined by legislation or a decision as to what we consider necessary for the business based on a number of factors.
- If you have not registered with us, your data will be retained for 12 months from when it was added to our database or from when you were last contacted. You can request to have your record deleted (see below).
- If you do register with us, your data will be retained for 3 years from the last contact or activity on your record. You can request to have your record deleted (see below).
- If we place you in a temporary assignment or permanent role we will be required to keep certain information for specific lengths of time up to a maximum of 6 years. The purpose of keeping this information is to comply with our legal obligations.
- Client contact details are retained for 3 years. You can request to have your record deleted (see below).
WILL WE PROCESS SPECIAL CATEGORIES OF PERSONAL DATA AND CRIMINAL CONVICTIONS?
We avoid processing special categories of data, these are sensitive personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
However, by taking copies of passports or ID it may be that racial or ethnic origin can be revealed. Processing this data is necessary for us to comply with employment law obligations and the data is only used for this specific purpose.
We are under an obligation to ensure that the candidates we submit to clients are suitable. As part of our registration process we require individuals to disclose any unspent convictions and may need to make further enquiries if necessary.
WILL WE CONTACT YOU FOR MARKETING PURPOSES?
We will only send you direct marketing emails that promote our company or services if you have opted-in to this. You will have the option to opt-in when you are provided with a copy of our Privacy Notice. You can also manage your direct marketing preferences by contacting a Bruin consultant, updating your preferences or clicking the unsubscribe link on an email.
To clarify, contacting you about specific job opportunities is not marketing because we are not advertising or marketing our services.
CAN YOU REFUSE TO PROVIDE YOUR DATA TO US OR REQUEST THAT WE DELETE YOUR DATA?
If you do not provide the personal data requested, or use your right to withdraw your consent for the processing of your sensitive personal data, we may not be able to match you with available job opportunities.
You have the right to object to us processing your data based on legitimate interest. If you have not been placed then we will be able to delete your data. You will have the option to delete your data when you are provided with a copy of our Privacy Notice by following the link on the transparency notice email or you can do so by emailing email@example.com
If you have been successfully placed then we will be under certain legal obligations to retain information for specified periods (up to 6 years), this includes, but is not limited to, ensuring you have the right to work in the UK and allowing us to comply with HMRC reporting requirements regarding payroll information. In such situations you do not have the right to object to us processing your data.
You do also have the right to restrict processing which means that we will stop further use of your data but still store it. However, if we stop processing your data it will mean that any assignment you may currently be on will be terminated immediately or in line with any notice period.
Please note that we may require you to provide us with proof of your identity and answer security questions before processing your request and if your data is deleted we will have no record and you may be contacted again in the future.
CAN YOU FIND OUT WHAT DATA WE HOLD ABOUT YOU?
You have the right to be informed and access a copy of the information comprised in your personal data. If any of the data we hold is inaccurate, you have the right to rectify it. You can contact us at firstname.lastname@example.org or your consultant directly to update your data.
You can make a request to find out what personal data we hold about you. You may exercise this right by making a written subject access request (SAR) to email@example.com . We require you to provide us with proof of your identity and answer security questions before processing your request.
We usually act on such requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
- Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
DO YOU HAVE THE RIGHT TO DATA PORTABILITY?
The GDPR introduces a new right to data portability. This will enable individuals to both receive and transmit the personal data they have provided to a data controller in a structured, commonly used and machine-readable format to another data controller.
The right to data portability only applies to the following:
- personal data provided by the individual;
- personal data that is processed with the individual’s consent or on the basis of a contract (excluding the other legal bases); and
- when processing is carried out through automated means.
- As we rely on the legal basis of legitimate interests, this right will not apply to the data we hold about you. In addition, references obtained directly from third parties about you will not be subject to the right of data portability.
COOKIES & EXTERNAL WEBSITES
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. We use 4 types of Google Analytics cookies on the site. In summary they track visitor information for each visit and for returning visits. The detailed description of each cookie is as follows:
|_utma||This cookie is used to determine new and returning visitors. It has an expiration time of 2 years. If the ga.js library is executed and no _utma cookie exists, this will be recorded as the users’ first visit and a _utma cookie will be set. If a _utma cookie is already in place, the expiration time is reset and the user is recorded as a return visitor.|
|_utmb||This cookie is used to determine a new session. The cookie is set when the ga.js library executes and there is no _utmb cookie in place. It has an expiration time of 30 minutes, therefore if a user is inactive for a period longer than this, a new cookie will be set when the library executes and the interaction will be recorded as a new session.|
|_utmc||This cookie works in conjunction with _utmb and takes a timestamp of the exact moment in time when a visitor leaves a site, waits 30 minutes, for another pageview to happen, and if it doesn’t, it expires at the end of a session (when you close your browser)|
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. Please note that in a few cases some of our website features may not function if you remove cookies from your browser.
We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
Some external links appear on our website to websites owned and operated by third parties. These websites have their own privacy policies and we encourage you to review them. We accept no responsibility or liability for the privacy practices of such third parties and you use them at your own risk.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to change our Privacy Notice at any time. Changes to our Privacy Notice will be displayed on our website.
If you have any issues or concerns then we ask that in the first instance you set this out in writing and send this to firstname.lastname@example.org .
If we are unable to satisfactorily deal with your complaint you can complain to the ICO which is the UK supervisory authority. You have the right to claim compensation for damages caused by a breach of data protection legislation.