1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
- User privacy and data protection are human rights
- We have a duty of care to the people within our data
- Data is a liability, it should only be collected and processed when absolutely necessary
- We loathe spam as much as you do!
- We will never sell, rent or otherwise distribute or make public your personal information
2.0 RELEVANT LEGISLATION
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1998 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well.
3.0 PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY WE COLLECT IT
This website collects and uses personal information for the following reasons:
3.1 Site visitation tracking
Like many websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section 6.0 below).
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
3.2 Registering on this site
- When you register we may collect, store and use the following personal information:
- - Your Name
- - Your Contact information including email address and telephone no.
- - Your location (city/town)
- - Demographic information such as postcodes
- 2. Please note that the above information may be collected by us via various ways including when you submit a CV or job vacancy to our website, and/or participate in customer surveys, sales promotions (clients only) or any other feature of this website. Further, information might be collected by using common online collection methods like web browser cookies.
3.2.1 Registration details
Contact and other details you supply as part of the registration process are stored by us and used to provide you with the information you have requested. Please note that although we require customers who use our services, such as employers seeking to recruit staff, to agree to use the information made available solely for recruitment-related purposes, we do not control their use of any information that they have access to as part of receiving our services.
3.2.2 CV information
When you complete a job application including a CV submission, or submit your CV to us, it may be made available to direct employers, or other person or organisation who requests CVs matching your profile to be shown to them during our recruitment services to them. Authentic Recruitment does not include your full identity in material provided to such organisations; this is including omitting personal information from your CV where you have placed it.
3.2.3 Jobseeker CV Visibility
We will respect the choices you make to limit the sharing of your CV to certain organisations, should you wish us to do so, please inform us upon submitting your CV or job application, or contact us by telephone or email.
3.2.4 Right To Delete
You have the right to request Authentic Recruitment delete all stored personal information within our systems relating to yourself by contacting us to make the request.
If you choose to submit a CV to our database, we rely on you to ensure that your details are kept up to date. You should update your CV at least every six months, particularly if your contact details have changed, please contact us should you wish to submit an up to date CV.
Please note that Authentic Recruitment reserves the right to remove from our systems, CVs which include any content that we consider to be illegal or offensive.
3.2.5 Why do we collect and process sensitive personal data?
We collect and process Sensitive Personal Data only so far as is necessary and in compliance with all applicable legislation. By using the Website and by registering your details with us, you consent to us collecting and processing Sensitive Personal Data supplied by you and disclosing this information to prospective employers, and clients in connection with the Recruitment Process.
3.3 Contact forms and email links
Should you choose to contact us using the contact form on our Contact us page or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined in section 6.0. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
4.0 HOW WE STORE YOUR PERSONAL INFORMATION
As detailed in section 3.2 above, if you submit a CV and/or register on this website as a jobseeker or employer, no personal information will be stored within this website’s database itself. To protect your personal data and to minimise it being identifiable in the event of a breach, we keep the data we store from your personal online submissions to a minimum, further data you provide in your submission such as uploaded CV's which may have your full address present, are stored in a separate location to the main in-house database tables. Data transfers between the website script and the email clients we use, are over encrypted connections using the TLS (Transport Layer Security) protocol.
4.1 Disclosure of your information
Authentic Recruitment will not sell, trade or rent your personal information to others unless you have given us your permission. Only if you opt to agree to our privacy policies and term, will we make your details and CV available to third party prospective employers.
5.0 ABOUT THIS WEBSITE’S SERVER
This website is hosted within a UK data centre located just outside London. Some of the servers security features are listed below:
- By default, the server uses the latest PHP 7 version with the latest security fixes.
- It is running Apache in a chrooted environment with suExec.
- Sophisticated IDS/IPS systems which block malicious bots and attackers are in use.
- ModSecurity is installed and the hosting providers update their security rules weekly, thus protecting from the most common attacks.
Some of the server's data centre’s more notable security features are as follows:
- 3m rota-spike security fence and perimeter anti ram barriers
- Blast proof anti-intruder shielded external windows and doors
- Proximity access locks on all external and internal doors
- Server cabinets have locked doors (no open racks)
- Perimeter and internal IP CCTV system monitored 24×7
- 24×7 on-site security guards with static and mobile patrols
- All on-site personnel are security vetted to BS7858 standard
- Only authorised security cleared staff are allowed into the facility
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
5.1 Security of Your Personal Information
We take the security of your personal information very seriously and have appropriate technical and organisational measures in place. The site is protected against unauthorised access using the latest security devices and 'firewalls'.
To protect your personal information Authentic Recruitment uses industry standard SSL (Secure Sockets Layer) encryption to encrypt and secure your data.
6.0 OUR THIRD PARTY DATA PROCESSORS
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. Both of MailChimp and Google are based in the USA and are EU-U.S Privacy Shield compliant.
7.0 DATA BREACHES
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
8.0 DATA CONTROLLER
The data controller of this website is: Diverse Professionals Ltd t/a Authentic Recruitment, a UK Private limited Company with company number: 10522841
whose operating office is:
2nd Floor, Parkhead House
In order to keep up to date with your precise requirements you may from time to time receive relevant information and reminders from us connected to the services you have requested. This complies with The Privacy and Electronic Communications Regulations of 2003.
10.0 LINKS TO THIRD PARTY WEBSITES
11.0 FACEBOOK, TWITTER, & OTHER SOCIAL NETWORKS
These services provide social buttons and similar features which we use on our website – such as the “Like” and “Tweet” buttons.
To do so we embed code that they provide and we do not control ourselves. To function their buttons generally know if you’re logged in; for example Facebook use this to say “x of your friends like this”. We do not have any access to that information, nor can we control how those networks use it.
Social networks therefore could know that you’re viewing this website, if you use their services (that isn’t to say they do, but their policies may change). As our website is remarkably inoffensive we imagine this is not a concern for most users.