Who We Are:
Oyster Recruitment Limited (Oyster, us or we).
Oyster Recruitment is the trading name of Oyster Recruitment Limited (company number 12308419) is committed to protecting the privacy of our candidates, clients and users of our website. We want to provide a safe and secure user experience. We will ensure that the information you submit to us via our website or through our offices is only used for the purposes set out in this policy.
Purpose of This Privacy Policy
This privacy notice will inform you as to how Oyster Recruitment look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
You are not obligated to provide your personal information to Oyster Recruitment, however, as this information is required for us to provide you with our services we will not be able to offer all of our services without it.
Controller
This privacy notice is issued on behalf of Oyster Recruitment and are responsible for processing your data and are the controller and responsible for this website. If you have any questions about this privacy notice, please contact one of the Directors at Oyster Recruitment, details via the website.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
Information That We Collect:
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We process your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we collect from is:
- Name (inc. previous)
- Date of Birth
- Home Address
- Personal Email
- Home Telephone Number
- Mobile Telephone Number
- National Insurance Number
- Passport Number
- Driver’s License Number
- Reference checks (both personal and work)
- Photographs (if applicable)
- Qualifications / Training
- Travel history
- Relationship status
- Employment history
- Address history
- Special Category Data (i.e. details about religion, sexuality etc)
Our Clients And Suppliers
If you are a Client or supplier or a potential client or supplier, of goods and services we will collect and process information about individuals in your organisation. We may enter the individual’s name and business email address into our database as a designated corporate point of contact for that organisation, together with the individual’s other business contact data. Usually the only Personal Information we process about a corporate contact is the individual’s name for the purposes of contacting the organisation in relation to our services or the supplier as a recipient of the supplier’s goods and services. If the individual corporate point of contact is also a registered candidate we may be processing additional Personal Information for work finding and other purposes as described in this Privacy Notice. The source of a corporate point of contact may be the individual themselves, or their name and business details may be provided to us by a member of their HR or Procurement department or another hiring manager or existing business contact or a candidate we have placed at the organisation. We may also obtain these details from websites, social media and other sources. We may send business to business email marketing to corporate points of contact. An individual corporate point of contact can ask us at any time to stop sending business marketing emails to their business email address by contacting: [email protected]
If You Fail To Provide Personal Information
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
How Is Your Personal Data Collected?
We collect information in the ways below: –
- Information we collect from you whether this is with you completing an application form; sending us your CV; registering online; corresponding and talking to us or by you attending interviews
- Third parties or publicly available sources. We may receive personal data about you from various third parties such as jobs board. Linked in and other such websites, referees or colleagues who refer candidates to us
- Technical Data from the following parties:
(a) analytics providers [such as Google based outside the EU];
(b) search information providers to vet the information we are provided with relating to you. (c) identity and contact data from publicly available sources to vet your credentials.
How Do We Use Your Personal Data?
We use, process, store and disclose your Personal Information and other data we collect including during our Candidate Registration process, to provide you with work finding services including sending you job alerts through this website and by email, permanent and fixed term contract, employment opportunities and career-related information. Oyster Recruitment will process your Personal Information in accordance with our Candidate contract (provided during our candidate registration process) applicable to the type of work you are seeking and we will disclose your Personal Information to our Clients in relation to their job vacancies. We will also process your Personal Information for other legitimate business purposes such as producing statistics, analysing how successful our marketing campaigns are, the number of visitors to our website and complying with other contractual, legal and regulatory obligations and duties.
Change of Purpose
We will only use your Personal Information for the purposes for which we collected it (e.g. the provision of work finding services if you are a candidate or to consider you for employment if you are a job applicant), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How Long We Keep Your Data?
Oyster Recruitment takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We will retain your Personal Information for as long as necessary to fulfil the purposes that we collected it for.
If you no longer wish to receive our services we will continue to retain your Personal Information on our Candidate database for a further period of 2 years after our relationship ends, so that we can comply with our regulatory obligations. However we will inactivate your candidate record and limit access to your Personal Information during this period. After the 2 year retention period expires, we will anonymise the Personal Information in our database so that we can no longer identify you.
We are required by law to keep basic information about our Candidates, Clients and customers (including contracts, evidence of identity, financial and transaction data) for up to 7 years from when our relationship ends, for legal, compliance and tax purposes.
Where there is no retention period stated in law, we determine the appropriate retention period for Personal Information by considering the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements. Due to GDPR regulations we will send you an updated version of our privacy policy every 2 years.
Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Sharing And Disclosing Your Personal Information
Regulatory and Law Enforcement Agencies
As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under privacy laws and other laws, we may disclose certain personal information to such bodies or agencies.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
New Business Owners
If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors. If this happens, you will be sent notice of such event.
Trusted Third Parties
We will share your personal information and, where necessary, your sensitive personal information with trusted third parties where we have retained them to provide services that you or our clients have requested, such as:
- employment reference checking
- qualification checking
- criminal reference checking (as required)
- verification of details you have provided from third party sources; and/or
- psychometric evaluations or skills tests.
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Oyster Recruitment uses third-parties to provide services and business functions including payroll provision, CRM system, confidential waste, IT support and telephone providers. All processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures. Individual providers are available upon request.
Safeguarding Measures
Oyster Recruitment takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place.
Use Of Cookies
We only use cookies to count visits to our own website. We do not use cookies for any other purpose and do not store any other information using this method, however third-party search engines may record limited information relating to your online activity.
For further information on how we use cookies, view our Cookie Policy.
Legitimate Interest
We occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate. We use the legitimate interests’ legal basis for processing your personal data which is collected via CVs and through starter information in the interests of providing our service. Our service to place candidates into work and supply clients with suitable employees. We are unable to conduct our business activity and fulfil our aims without this data.
Your Duty To Inform Us Of Changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Data Management
You can make a data update, right to be forgotten request or request for data from our data management centre by Contacting Us. Once a request has been made we will endeavour to reply quickly as possible.
This Privacy Policy was last updated: 03/10/2023.