ion-tec

Privacy Policy

Home

  /   Privacy Policy

Data Protection, Privacy and Retention Policy

Ion-Tec Limited


Introduction


This Data Protection Policy outlines the way in which we manage the data we hold for our Candidates (“you”), for and about whom it is necessary to hold and process data in the provision of our recruitment and associated services.

For the purpose of applicable data protection laws (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the companies to which this document relates is ion-tec Limited (together, the, “we” or “us”).

This is a controlled document that may be updated from time to time. Please visit this web page to ensure you are reading the latest version: www.ion-tec.com


About This Policy


Ion-tec Limited operates as a data controller of Candidate personal data under the GDPR, which means we are responsible for deciding how we hold and use your personal information. This Data Protection Policy is intended for individuals applying for work with us as a Candidate. It makes you aware of how and why your personal data will be used and how long it will usually be retained for. It provides you with certain information that must be provided under the GDPR, including information about your rights in respect of your personal data.


Candidates


“Candidates” includes applicants for all roles advertised or promoted by ion-tec Limited (including permanent, contract and interim positions) with any ion-tec Limited clients; as well as people who have supplied a speculative CV to ion-tec Limited not in relation to a specific job. Individual contractors, interim consultants and employees of suppliers or other third-parties put forward for roles with ion-tec Limited clients as part of a managed service provision or otherwise, will also be treated as Candidates for the purposes of this Data Protection Policy.


Our Commitment


Ion-tec Limited is committed to presenting Candidates with attractive and relevant opportunities with organisations that we consider will be relevant to your career aspirations. In order to achieve this, it is necessary for us to process information about you from the various sources we have available to us. We will only ask for and use information about you that is necessary for us to provide you and our clients with the very best levels of service. There may also be a need, in providing recruitment services, for us to provide information to carefully selected suppliers and other 3rd parties in order to meet our contractual and legal obligations. Our commitment to you is that we will only process your personal data to the extent required in order to meet these objectives.


General Principles


We will comply with data protection laws and principles in respect of your personal data, which means that your personal data will be:

  • used lawfully, fairly and in a transparent way
  • collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • relevant to the purposes we have told you about and limited only to those purposes
  • accurate and kept up to date by us
  • kept only for as long as is necessary
  • kept securely whilst we hold it

What Kind Of Data We Hold About You


Depending on the relevant circumstances and applicable legal and contractual requirements, we may collect, store and use some or all of the information listed below to enable us to provide you with candidate services.

Types of general data held:

  • Name
  • Age/date of birth
  • Birth number
  • Sex/gender
  • Photograph
  • Marital status
  • Contact details (postal address, email address(es) and telephone number(s))
  • Education details
  • Qualifications, psychometric or other test results
  • Current or previous job title(s)
  • Employment history
  • Emergency contacts and details of any dependants
  • Referee details
  • Immigration status (to determine Right to Work)
  • Nationality/citizenship/place of birth
  • A copy of your driving licence and/or passport/identity card
  • Financial information (i.e. bank account information to facilitate remuneration payments)
  • National Insurance Number (Social Security Number) and any other tax-related information
  • Details about your current remuneration, pensions and benefits arrangements
  • Your contractual notice period
  • Information on your interests, needs and aspirations regarding future employment
  • Additional information that you choose to provide to us in your CV or application, during interview or in any subsequent communications between
  • Additional information that your named referees provide to us about you
  • Additional information that our clients may provide to us about you, or that we find from other third-party sources
  • IP address
  • The dates, times and frequency with which you access our services
  • CCTV footage if you attend our offices in person

Types Of Sensitive Data Held:


Some of the personal data we collect, store and use falls into the following "special categories" of more sensitive personal information:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
  • Information about your health, including any medical condition, health and sickness records
  • Information about criminal convictions and offence

We will use your particularly sensitive personal information in the following ways:

  • We will use information about your disability status or medical requirements to consider whether we (or our clients) need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting

Information About Criminal Convictions


We envisage that we may need to process information about criminal convictions where we have been asked to do so by our clients, or where a particular role requires a criminal record check. Where this is the case, we will collect information about your criminal conviction/s history if we or our client would like to offer you the position. We may be required by our client to carry out a criminal record check in order to confirm that there is nothing in your criminal convictions history which makes you unsuitable for a particular role.

We have in place appropriate safeguards which we are required by law to maintain when processing such data.


How We Collect Data About You


We collect Candidate personal data in 3 main ways:

  • A. Personal data that you provide directly to us
  • B. Personal data that we receive from other sources
  • C. Personal data that we collect automatically

Personal Data That You Provide Directly To Us


You can provide your personal data directly to us in the following ways:

  • By entering your details on the ion-tec Limited website as part of our online registration process
  • By mailing or delivering by hand a hard copy CV (alone or with a covering letter attached) to any ion-tec Limited event or office
  • By emailing your CV (alone or with a covering letter attached) to a ion-tec Limited representative.
  • By applying for a job through a third-party job aggregator, which then redirects you to ion-tec Limited website
  • By entering your personal details into a ion-tec Limited microsite
  • By entering your personal details into a social media channel (for example, LinkedIn), which then re-directs you electronically to ion-tec Limited

Personal Data We Receive From Other Sources


The following methods outline the ways in which we can receive personal data about you as a Candidate:

  • Referees may disclose personal information about you in the course of providing a professional or personal reference
  • Clients who have previously interviewed or engaged you as a Candidate may share personal information about you with us, in the course of providing feedback on your performance at interview or during placement
  • If our client asks us to carry out a credit and background check on potential Candidates, we will use third-party credit reference agencies (based inside the EEA) for this purpose where relevant to your application
  • If our client asks us to carry out an ID verification and background check on potential Candidates, we will use third-party ID verification and screening companies (based inside the EEA) for this purpose where relevant to your application or to corroborate information you give us directly
  • If our client asks us to carry out a criminal record check, we will use Criminal Records Services Limited (or another criminal record checking organisation based inside the EEA) to obtain information in respect of any criminal convictions, where relevant to your application or to a particular role
  • In conducting searches on third-party websites or applications (such as Facebook, LinkedIn, Twitter, YouTube or other sites which are based inside and outside the EEA) we may obtain publicly available information about you as relevant to your application or to a particular role
  • If you ‘like’ or ‘follow’ ion-tec Limited pages or posts on social media (Facebook, Twitter, LinkedIn, YouTube) we will receive your personal information from those sites, which are based outside the EEA
  • We may receive your personal information through a ‘second tier supplier’ who shares personal information about you with us. Where we act as a Managed Service Provider (MSP) or Managed Vendor (MV), second tier suppliers (i.e. other agencies based [inside OR outside] of the EEA who supply recruitment services to us) will refer us your information in order that we may contact you about relevant opportunities. We will always tell you the identity of the second-tier supplier that we have obtained your information from when we initially contact you in this way.

Personal Data We Collect Automatically


  • We may collect personal data about you when you access our website via cookies.
  • We may also collect analytical data about you when you open and click through emails we send to you
  • You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making

How And Why We Will Use Your Data


We will use the personal information we collect about you for the following broad purposes (“lawful purposes” under the GDPR):

  • Where we need to perform the contract we have entered into with you
  • Where we need to comply with a legal obligation
  • Where it is necessary for our legitimate interests (or those of a third-party) and your interests and fundamental rights do not override those interests
  • For some activities, such as marketing communications, where you have given your consent.

More specifically we use your personal data for the following purposes:

  • To assess your skills, qualifications, and suitability for applicable roles
  • To carry out background and reference checks, where applicable
  • To communicate with you about the recruitment process and roles which may be relevant or of interest to you
  • To keep records related to our hiring processes
  • To analyse and take steps to improve the services we provide to our clients and Candidates
  • To comply with legal or regulatory requirements

Further Information On How And Why We Will Use Your Data


Legitimate Interests

It is in our legitimate interests to decide whether to contact you about particular roles and/or forward your application to appropriate clients and assist in taking your application forward. This is because it is beneficial to our business to recommend suitable and appropriately qualified Candidates to our clients and to help match our Candidates to appropriate roles that are relevant to the Candidate’s wishes.

We may also provide a prospective employer or client with information you have provided to us (for example, the results of psychometric or skills tests) or to confirm your references, qualifications and criminal record, where this is appropriate and in accordance with EU laws.

We share this type of information in order to further our legitimate interests as a profit-making business providing recruitment services to our clients.

We may also contact you more generally to discuss and align your employment needs and career development with opportunities we can present you with and relevant information and articles we can provide to you. This is because it is in our legitimate interests to ensure that our Candidates are offered relevant, appropriate opportunities which correspond with their own career aspirations.

We may also from time to time provide the opportunity for you to contribute to interactive services such as surveys or social media content. This allows us to differentiate ourselves as a recruitment provider and compete within our market and is therefore within our legitimate interests to process your data in this way. We will always check beforehand that you are happy for us to use your data in this way.

We may send you direct marketing material from time to time. The use of your personal data for this purpose will be proportionate, have a minimal privacy impact, and will be highly relevant to the service provided. You will always be given the opportunity to unsubscribe from such material.

Contractual Obligations

We may also need to process your personal information for the purposes of entering into or performing a contract of employment or contract for services with you. This will include carrying out our internal administrative processes such as payroll processes if we engage you as a contractor/consultant, or in order to raise invoices.

Legal Obligations

We are required as part of our recruitment process to seek, confirm and hold certain Right to Work documents about you such as a passport or ID card copy, proof of address or UK driving licence in order to process you as a Candidate for a vacancy that could result in your employment within the EU.

We must also comply with our wider legal obligations. We may therefore share your data in connection with crime detection, tax collection or litigation activity, whether actual or anticipated.

If You Cannot Provide Any Relevant Data

If you fail to provide information when requested, which is necessary for us to consider or progress your application (such as evidence of qualifications or work history), we may not be able to progress your application successfully or recommend you to our full range of clients.

For example, if one of our clients requires that employees are subject to a credit check or references for a particular role and you fail to provide us with relevant details, we may not be able to take your application further.


How We Protect Your Data


We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third-parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


sharing Your Data With Third-parties


Where appropriate and in accordance with data protection laws, we may share your personal data with the following third-parties:

  • Any of the companies within the ion-tec Limited Group
  • Individuals and organisations whose details you have provided to us, who hold information related to your reference or application to work with us. This will include current, past or prospective employers, educators and examining bodies and employment and recruitment agencies, who may be based inside or outside of the EEA as applicable
  • Tax, audit, or other legal, governmental or regulatory authorities based inside the EEA, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any litigation, anticipated or actual)
  • Third-party service providers based inside or outside of the EEA who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems)
  • Third-party outsourced IT and document storage providers based [inside OR outside] of the EEA where we have an appropriate processing agreement (or similar protections) in place
  • Marketing technology platforms and suppliers based [inside OR outside] of the EEA
  • Potential employers and other recruitment agencies/organisations based [inside OR outside] of the EEA to increase your chances of finding employment (provided that you have given your consent)
  • Third-party partners, job boards and job aggregators based [inside OR outside] of the EEA if we believe this will benefit your career prospects (provided that you have given your consent
  • Managed service providers based [inside OR outside] of the EEA who operate as an intermediary between Whitewing Recruitment & Training Services Limited and its clients
  • Third-parties who we may retain to provide services such as reference, qualification and criminal convictions checks, to the extent that these checks are appropriate and in accordance with local laws
  • If Whitewing Recruitment & Training Services Limited or any of its constituent parts merges with or is acquired by another business or company in the future (or is in meaningful discussions about such a possibility), we may share your personal data with the (prospective) new owners of the business or company but will implement appropriate technical and organisational measures to protect any data that is shared (such as anonymization and the imposition of binding confidentiality obligations where appropriate).

If you would like further information about the specific identities of the third-parties listed above, please contact us at the following email address info@ion-tec.com To ensure that your personal information is subject to an adequate level of protection, Whitewing Recruitment & Training Services Limited has in place appropriate procedures with the third-parties we share your personal data with to ensure that your personal information is treated securely by those third-parties in a way that is consistent with and which respects the law on data protection. Our third-party suppliers do not use your personal data for their own purposes, and we only permit them to process your personal data in accordance with our instructions.


Data Retention Period



Candidates Who Become Contractors/consultants


For those Candidates who are placed in a contract position, and therefore become a consultant engaged via a third-party company or other entity, the relationship changes to a contractual one. As a result we will retain your data for six years (or longer, if required by statute or other regulation). Your data and that relating to the company or other third-party entity through which you supply services, will be deleted within six months of the sixth anniversary of the termination or expiry of our contractual relationship with the entity through which you supply your services (or longer as required by statute or other regulation).

If, after six years following the termination or expiry of our contractual relationship, we continue to have meaningful contact with you as a Candidate (for example if you continue to wish to be considered for contract or permanent recruitment opportunities), we will continue to retain the data relating to you and the company or other third-party entity through which you supply services while we maintain meaningful communication with you. We will delete your data within 6 months following the second anniversary of our last meaningful contact with you.

"Meaningful contact" with contractors/consultants will include any of the following:

  • Communication between ion-tec Limited and you, the contractor/consultant/Candidate and/or the company or entity that supplies your services (verbal, written or via online services). This communication includes contractual, payment or compliance related matters. It also includes communication relating to vacancies you wish to be considered for or for which we consider you suitable, should you wish to remain as a Candidate (either directly or via a third-party company or other entity) during or after your contractual relationship with us comes to an end
  • Communication by you submitting your CV, application form and/or covering letter to us through any channel
  • Communication by you clicking through links included in emails or other electronic messages received such as marketing communications
  • Receiving, opening or reading of an email or other digital message from us, without taking any further action, will not count as meaningful contact.

Meaningful contact with you means meaningful contact as described above, either with you directly or, where applicable, with the company or entity which supplies your services. Where we are notified by such company or entity that it no longer has that relationship with you, we will delete your data within 6 months of the 1st anniversary of our last meaningful contact with the company or third-party entity through which you supply services; or, if later, within six months following the second anniversary of our last meaningful contact directly with you.


Your Rights In Respect Of Your Personal Data


Under the GDPR, as an EU citizen or individual within the EU you retain various rights in respect of your data under certain circumstances, even after you have provided it to us. To get in touch about these rights, please contact us at info@ion-tec.com We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.


Right To Object To Processing


You have the right to object to us processing your personal data in certain circumstances.

This right is most likely to be enforceable by you where we are processing data for one of the following reasons:

  • To exercise our legitimate interests
  • To enable us to perform a task in the public interest or exercise official authority (for example, where required to provide information to law enforcement agencies and/or governmental bodies such as HMRC)
  • To send you direct marketing materials

Candidate Data Processing In The Furtherance Of Legitimate Interests


The GDPR states that we can process your data where it "is necessary for the purposes of the legitimate interests pursued by [us] or by a third-party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data."

The activities identified in Section 4 above (HOW AND WHY WE WILL USE YOUR DATA) are undertaken for our legitimate interests to help us to provide you with a professional, personalised, and effective service. You do, however, have the right to object to us processing your personal data on this basis. If your objection relates to us processing your personal data on the basis of legitimate interests, we must act on your objection by ceasing the activity in question unless:

  • we can demonstrate that we have compelling legitimate grounds for processing the data which overrides your interests
  • we are processing your data for the establishment, exercise or defence of a legal claim

Candidate Data Processing For Direct Marketing


If your objection relates to direct marketing, we will act on your objection by ceasing this activity.


Right To Withdraw Consent For Processing


Where you have provided your consent for us to process your personal data for certain activities (for example, to contact you about potential roles that may be of interest to you, or for marketing activities), you may withdraw this consent at any time and we will cease to carry out the specific activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data. If this is the case, we will inform you of the reason(s) for our continued processing.

If you have posted your CV or other related personal information publicly on a job board or professional networking site, we understand that you have given your consent via your application on the job board or networking site for Whitewing Recruitment & Training Services Limited to collect and otherwise use your personal data in order to contact you to offer or provide recruitment services to you. We will review your publicly posted information to assess your skills, qualifications and other relevant information provided in relation to the vacancies we are sourcing Candidates for. If we consider you may be suitable for a potential role we will share your information with prospective employers, but we will never pass your details to a prospective employer without your explicit consent.


Right To Request Access – Data Subject Access Requests (dsars)


You may ask us to confirm what information we hold about you at any time, and to provide a copy of the personal data we hold. In order to process your request, we may need to verify your identity and ask for additional information regarding your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is "manifestly unfounded or excessive". If you request further copies of this information from us, we may charge you a reasonable administrative fee where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will inform you of our reasons for doing so.


Right To Erasure Of Data


You have the right to request that we erase your personal data in certain circumstances.

Normally, a valid request must meet one of the following criteria:

  • The data is no longer necessary for the purpose for which we originally collected and/or processed it
  • You have withdrawn your consent to us processing your data and there is no other valid reason for us to continue processing
  • The data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR)
  • It is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller
  • For any processing carried out for our legitimate interests, you have objected to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing

We are legally entitled to refuse to comply with your request where our continued processing is necessary for one of the following reasons:

  • to exercise a right of freedom of expression and information
  • to comply with legal obligations or for the performance of a public interest task or exercise of official authority
  • for public health reasons in the public interest
  • for archival, research or statistical purposes
  • to exercise or defend a legal claim

When complying with a valid request for the erasure of data we will take all reasonablypracticable steps to delete the relevant data.


Right To Restrict Further Processing Of Data


You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either:

  • one of the circumstances listed below is resolved
  • you consent to further processing
  • further processing is necessary for another reason (i.e. for the establishment, exercise or defence of legal claims, for the protection of the rights of another individual, or for reasons of important public interest)

You are entitled to request that we restrict the processing of your personal data in the following circumstances:

  • Where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified
  • Where you object to our processing of your personal data for our legitimate interests. Under these circumstances, you can request that the data processing be restricted while we verify our grounds for processing your personal data
  • Where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing your data from our systems altogether
  • Where we have no further need to process your personal data but you require the data to continue to be stored in order to establish, exercise, or defend legal claims

If we have shared your personal data with third-parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort on our part. We will, notify you before lifting any restriction on processing your personal data.


Right To Rectification Of Data


You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third-parties, we will notify them about the rectification and ask them to correct their records unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third-parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.


Right Of Data Portability


If you wish, you have the right to ask us to transfer your personal data between data controllers. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another provider. Please note that this right of data portability does not apply to all data we hold about you, but applies to:

  • personal data that we process automatically (i.e. without any human intervention)
  • personal data provided by you
  • personal data that we process based on your consent or in order to fulfil a contract

Right To Lodge A Complaint With A Supervisory Authority


You also have the right to lodge a complaint with your local supervisory authority, which in the UK is the Information Commissioner’s Office.


Exercising Your Rights And Further Information


If you would like to exercise any of these rights, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), details of how to contact us can be found here. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

You may unsubscribe from direct marketing communications and SMS messaging at any time by clicking the “Unsubscribe” link in each message.

It is important that the personal information we hold about you is accurate and current.

Please keep us informed if your personal information changes during the period for which we hold your data.


International Transfers Of Your Data


In order to ensure you are presented with the best service possible, your data may be transferred:

  • between and within ion-tec Limited entities and offices
  • to third-parties, including advisers or other suppliers to ion-tec Limited to overseas clients
  • to clients within the UK or EEA who may, in turn, transfer your data internationally
  • to our cloud-based storage provider
  • to other third-parties who may be based outside of the EEA

We will only transfer data outside of the EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection laws and the means of transfer provides adequate safeguards in relation to your data, for example:

  • By way of data transfer agreement, incorporating the current standard contractual clauses approved by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws
  • By ensuring that any US-based organisations we transfer data to have signed up to the EU-US Privacy Shield Framework for the transfer of personal data from the EEA to the United States of America (or ensuring that any equivalent framework agreement is in place in respect of other jurisdictions)
  • By transferring your data to a country whose data protection laws have been found to be adequate by the European Commission
  • Where you have expressly consented to the data transfer (having been informed of any relevant risks involved)

Please contact us on info@ion-tec if you would like further information about the specific mechanism used by us when transferring your personal data outside of the EEA.


Term Of Convenience


This document applies to:

Ion-Tec Limited Registered in the UK