ComRisk Limited is committed to protecting and respecting your privacy under our current Data Protection Policy. As from 25th May the new EU General Data Protection Regulation (GDPR) comes into effect and to comply with this we have updated our policy to ensure that we continue to provide compliant and responsible recruitment services as always.
It is important that ComRisk Group Ltd update this policy from time to time, so please visit this page to stay up to date.
Data Security and Confidentiality
It is our policy to ensure, in so far as is reasonably practicable, that our systems and records are secure and not accessible to unauthorised third parties in line with contemporary practice. We do so by ensuring our IT providers adheres to the GDPR guidelines and our systems have the latest and most up to date virus and security protection.
We take Cyber Security serious and have the Advanced Gateway Security Suite which protects us from known and unknown threats and cyber-attacks from infecting our business.
We have intensive meetings every 6 months with our Technical Service Director ensuring we have the latest technology and security protecting our business information.
We will only collect data on a lawful basis for processing as per Article 6 of the GDPR.
- LEGITIMATE INTEREST – In providing our Recruitment services, we will carry out some processing of personal data, which is necessary for the purpose of our legitimate interest in providing this service. Where a staff member has given us the information of an emergency contact, we are sure you agree that this is a vital element of our people-orientated organisation, and so is necessary for our legitimate interest. By supplying your information to us by: social media, email, telephone, post, our website or job pages, we rely on legitimate interest in providing a tailored service to you.
- LEGAL OBLIGATION – where us, the Data Controller need to supply information to HMRC, or obtain information for any clearance or financial checks to comply with public sector recruitment, we will collect such data under the legal obligation basis as per Article 6 of GDPR
- CONSENT – consent given by you by supplying your personal data to us via our website/email/post/or social media. We will rely on consent if legally required, for instances where we (if you are a candidate) would like to introduce you to a client.
Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
This may also be interpreted as follows:
- you have to give us your consent freely, without us putting you under any type of pressure;
- you have to know what you are consenting to – so we'll make sure we give you enough information;
- you should have control over which processing activities you consent to and which you don’t. We provide these finer controls within our privacy preference centre; and
- you need to take positive and affirmative action in giving us your consent – we're likely to provide a tick box for you so that this requirement is met in a clear and unambiguous fashion;
- We will keep records of the consents that you have given in this way.
- CONTRACT – between you and us, the Data Controller. We will rely on contract if we are negotiating or have entered into a placement agreement with you or your organization and any other contract to provide services to you or to receive a service from you.
We use our Database Manager to sort, filter and review personal data held on our database. This software may determine suitability for a specific role or a particular job.
Who controls your data:
- Data Controller is ComRisk Limited including (ComRisk Limited). Registered in the UK Company Number 3390805 of 10th Floor, No.1 Croydon, 12-16 Addiscombe Road, Croydon, Surrey, CR0 0XT, United Kingdom;
- The Data Controller’s data protection representative is the Managing Director, and the DPO
- You can email them on email@example.com
- ComRisk Ltd is registered as a Data Controller with the Information Commissioner’s Office Certificate Number ZA460809;
- Any reference to our Group means our subsidiaries and associated companies;
- We, as the controller, document all categories of data we process under Article 30(1) of the GDPR. (GR_Document Control Log_GR307);
- If we act as the processor for personal data under Article 30(2) of the GDPR. (GR_Document Control Log_GR307);
- As the Data Controller we do information audits to find out what personal data our organisation holds;
You have the right at any time to ask for a copy of the information supplied by you that we hold. We have a Subject Access Request Form for such requests to ensure we understand your request. Please email firstname.lastname@example.org requesting a Subject Access Request Form.
Please keep in mind where a request for deletion is made, and your file also holds information about our client and/or financial information that we need to keep for 6 years, we may be unable to delete the data.
By withdrawing consent, our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations. Withdrawal of consent will not have any effect on the lawfulness of any processing based on consent before its withdrawal.
Where we are unable to comply with your request, we will provide reasons for failing to do so.
We take the protection of your personal data very seriously and it is important that you know your rights within that context, which include rights to:
- Request a copy of the personal data that we hold about you. If you would like to make a request for information, please contact email@example.com There might be a £10 discretionary fee for this information.
- Object to our processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data;
- Request that we restrict processing of your data in certain circumstances;
- Request that data is erased where the continued use of that data cannot be justified. Agencies are required to keep certain records such as ID or right to work checks and payroll records for certain periods of time. These obligations will override any request to erase data or any objection to processing for so long as we must keep the data;
- Object to automated decision, which significantly affects you, being taken solely by a computer or via another automated process;
- Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations
- Request inaccurate or incomplete data is rectified. We will respond to such a request within 1 month;
- Request that data provided directly by you and processed by automated means is transferred to you or another controller; this right only being applicable where our processing of your data is based either on your consent or in performance of a contract;
- Make a complaint to the Information Commissioner’s Office https://ico.org.uk
- Request that direct marketing by us to you is stopped.
We will only collect what we need to provide you’re the best niche recruitment we specialize in. We will use this information only to keep you up to date with information which we feel is relevant to you.
What sort of data do we collect and process?
- Marital status
- Contact details
- Education details
- Employment history
- Emergency details of any dependents
- Referee details
- Immigration status
- Bank details to make payment to candidates/suppliers
- Certified copies of driving license/identity documents/passports/visa
- Diversity information
- Details of criminal offences
- Information on your interest and needs regarding future employment
- IP address
- Dates and times you use our website
How we collect Candidate data:
- Applying for a vacancy on our website or any other aggregator
- Submitting a copy of your personal details in a CV by any means of any kind
- By contacting us on any social platform and supplying information
- Supplying information through any of our microsites
We collect information about your organisation and / or individuals at your organisation for the purpose of providing a recruitment service. We want to ensure that you have the best staff for your organisation and our consultants would like to stay up to date with your needs through continued communication. We will keep this on our database on the legitimate basis of providing continued support for current, continuing and future placements. The Client have the right to have all their data removed as per Individual rights.
What sort of data do we collect and process?
- Contact details for our contacts within your organization (names/telephone numbers/email address);
- Organisation/client bank details to pay the client.
How we collect Client data:
- Any Data we receive directly from the client;
- Personal Data we receive from others / referrals;
- Personal Data we collect which is freely available.
We do need to collect a small amount of details about our suppliers to ensure that we are obtaining value for money and the best possible service.
What sort of data do we collect and process?
- Key contact details/our account managers at your organisations names, email addresses and telephone numbers;
- Bank details to make payment to yourselves which we share with our accounting department;
- When engaging with our accounting dept.
Our Client Database Manager:
When visiting our website and providing information by applying for a role, no information is stored by the website. Your information is directed into our secure CRM database and not stored anywhere on the website. Your information is only accessible by ComRisk Ltd employees.
How long do we keep data for:
We will delete any personal data from any Candidate/Supplier information if we have either received a request from you, or not had any meaningful contact with you for at least 3 years. We will retain any client information for as long as is necessary or upon a deletion request.
ComRisk Ltd employee personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes. Personal data shall be accurate and kept up to date where possible. Personal data shall not be kept for longer than what it is needed or intended for. We will delete any ComRisk Group Ltd employee information which has not in our employment for 12 consecutive months, however our Accounting Department will retain all payroll
Retaining records of our dealings and transactions and where applicable, use of such records for the purposes of:
- establishing compliance with contractual obligations with Clients or Suppliers;
- addressing any query or dispute that may arise including establishing, exercising or defending any legal claims;
- protecting our reputation;
- maintaining a backup of our system, solely for the purpose of being able to restore the system to a particular point in the event of a system failure or security breach;
- evaluating quality and compliance including compliance with this Privacy Notice;
- determining staff training and system requirements .
How and with whom with do we share data:
We shall not share your personal information unless we are entitled to do so.
The categories of persons with whom we may share your information:
- Our service providers: this includes service providers such as accountants, auditors, lawyers, IT support systems, records management providers, insurers, legal advisors, Support and hosting service providers and any such service providers that assist us in carrying out business activities;
- Our Group Companies: We are a member of ComRisk Group Ltd. We may share your information with certain members of our group companies, but only for the purposes set out in this policy.
Diversity, Inclusion and Equal Opportunities:
ComRisk Ltd are committed to valuing equality and diversity. We oppose any form of discriminatory treatment of employees or job applicants on the grounds of age, sex, gender, race, marital or civil partner status, disability, religion or belief, sexual orientation, color, nationality, ethnic or national origin, pregnancy, trade union membership, or part-time or fixed-term status. A copy of the EHRC code of practice is available to all new and existing staff upon request, in addition to this overall policy. Failure to act in accordance with these policies are disciplinary offences and will be treated as such. Our Equal Opportunities Policy is available upon request (GR188.Equal Opportunities Policy).
EHRC Equal Pay Statutory Code of Practice
EHRC Employment Statutory Code of Practice
EHRC Services, Public functions and Associations Statutory Code of Practice
This GDPR statement and training material will be distributed to all ComRisk Ltd staff regarding the collecting and processing of all personal data.
We update and remind our staff to adhere to data housekeeping and protection by regular housekeeping emails, posters around the office and one to one discussions. Training is given as and when needed by employees. We keep a record of this and staff sign our GDPR Staff Awareness Policy GR307.V3, to ensure they understand.
As a company we have signed up to the personal information promise which can be accessed here
Privacy & our website
- Personal data collected on this website is not stored on, or by this website, save for the job alert feature*.
- The personal data is collected to facilitate the websites users to find work, be made aware of jobs we have in future, supply their latest job seeking data to us and or make contact with us for recruitment related activity.
- The personal data collected by the site is transferred to us via encrypted data transfer and all reasonable care has been taken to ensure it’s safety and integrity. Though no data transfer can ever be fully secure due to the nature of software.
- The website makes no automated screening decisions on your personal data, all choices on how data is presented/sent to us are made by the user.
*Job alert feature
The job alert feature follows the privacy by design principal and so our staff are not made are of your alert and have no access to your alert data.
The feature works by collecting a small amount of personal data, that is kept in the website code for the duration the job alert runs, so that the job alert feature can send you job data by email. When the alert expires, or your end the alert the data is then removed from the code and permanently deleted.
Cookies consist of pieces of text, often including unique identifiers, that are sent by web servers to web browsers, and which may then be sent back to the server each time the browser requests a page from the server.
Cookies can be used by web servers to identity and track users as they navigate different pages on a website and to identify users returning to a website.
Cookies may be either "persistent" cookies or "session" cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies on this website
We use only session cookies on this website. We may send to you the following cookies:
(1) JSESSION_ID cookie
(2) BACKurl Session cookie
(3) LinkedIn session cookie
We may use the information we obtain from your use of our cookies for the following purposes:
(1) to recognise your computer when you visit our website;
(2) to improve the website's usability;
(3) to analyse the use of our website;
(4) to connect to 3rd party services of benefit;
Third party cookies
When you use our website, you may also be sent third party cookies.
If you need to contact our DPO please email firstname.lastname@example.org