HR Now Privacy Notice
HR Now Ltd, company number 75364, is registered in Jersey, Channel Islands.
Data protection officer
Although the nature of our business doesn’t oblige us to appoint a Data Protection Officer (DPO), we do have a central point of contact for data protection queries. The best means of contact data protection is via email firstname.lastname@example.org or by phone on 01534 747559. If you have any questions or concerns regarding how we work with personal data, please don’t hesitate to contact us.
The data we process
We store and process only the data that we need, and we delete it when it’s no longer required. The primary collections of data we use are as described below. We don’t pass this data to anyone else without your express written consent. Your data is stored on Dropbox based in the US or on Microsoft Office 365 which is primarily in Ireland. If you’d like more details, you’re welcome to get in touch.
Microsoft’s Office 365 privacy notice is available at: https://www.microsoft.com/en-us/TrustCenter/Privacy/default.aspx
We store personal data on our employees so that we can run the company and pay our staff. This includes names and contact details, pre-employment screening information, performance and disciplinary data, health information and bank details. It also includes emergency contacts and next-of-kin information as provided to us by each employee. We retain data for former employees only for as long as we’re required to by law, and where there is no statutory retention period we use the CIPD’s best practice guidelines.
We store and process client data in order that we can correspond with, and process invoices to, our clients. When we have not done business with you for six years or longer, we will delete your personal data from our systems.
Where we use data for marketing we ask for your consent to do so. We keep a record of that consent for as long as you choose to receive that data.
Data processors are third parties who do work on our behalf using personal data we provide to them. They cannot do anything with your personal data unless we instruct them to do so (which includes sharing your data with others), and they must store the data securely and delete it when it is no longer required.
Outsourced IT support
Our IT systems are managed by an external agency, Focused IT Limited, Jersey. As you would expect, the contract between us and our IT support partner contains appropriate clauses regarding information security and data protection, and we carry out regular service reviews.
Our marketing comprises external support. As with our outsourced IT support, the agreement between us is compliant with data protection. Your data is not transferred to their systems.
Upon occasions, we use MailChimp and the Eventbrite ticketing system to manage our client mailing lists.
MailChimp’s privacy notice is at: https://mailchimp.com/legal/privacy/
Eventbrite’s privacy notice is available at: https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB
All our computer systems run up to date anti-virus software and system updates are applied regularly to protect against potential security problems.
Security on mobile devices
All our laptops’ hard drives are fully encrypted, so the data held on them is safe should one be lost or stolen. Our staff have access to their work email from their mobile phones, which we secure with a Mobile Device Management system, so we can remotely wipe any device if it is lost or stolen.
We use Google Analytics to collect standard log information, along with data about how people use our web sites. The information doesn’t identify anyone, and nor do we attempt to find anyone’s identity from the information. If we do want to collect personally identifiable information through our web sites we will be open and transparent and will explain what we plan to do with it.
We use LinkedIn and Twitter to post news and information, and to look at the profiles of people who apply for employment with us. We don’t use social media to, for example, build mailing lists. We don’t share data obtained through social media with anyone else.
People who email us
We use Microsoft Office 365 for our emails. Please note that you have a responsibility to ensure that any email you send us is within the bounds of the law.
Contact for data protection purposes
You have several rights under the laws of data protection. Please contact Becky Hill on the contact details above if you have any queries or concerns. We retain a log of requests that we receive.
Right of access
You can contact us to request a copy of any personal data we hold about you on our systems or in our files, along with information about what we use it for. We must respond to you in a reasonable time, and always within a month. Unless the request is particularly complex or onerous there is no cost to you for making these requests.
Right to rectification
We must ensure that the data we hold about you is accurate. If you tell us that something is wrong, we will correct it and then confirm to you that we’ve done so.
Right to erasure
If you ask us to erase your personal data, we must do so unless there’s a legitimate reason for us to keep it. For example, if you choose to withdraw your consent regarding marketing mailings we will remove you from our mailing lists, but if you are also a client and we need to retain and process some of your personal data to satisfy our contract with you. In this case, we will restrict the data we process in line with what we need for those purposes.
Right to restriction of processing
If there is some dispute between you and us regarding the use of your personal data, you have the right to ask us to restrict the processing of your data. This means we can continue to store it but, we can’t do anything else with it until the dispute is resolved. We’ll inform you prior to beginning processing once the restriction has been removed.
Our recruitment process
We are the data controller for any information you provide as part of our recruitment process. All of the information you provide during the process will only be used for the purpose of processing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes, and your data will be stored on our IT systems. We may look up applicants’ profiles on social media.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. The information we ask for is used to assess your suitability for employment only.
Unsuccessful applicants’ data will be retained for six months and then deleted.
This privacy notice is designed to be clear and concise. We are happy to provide any additional information you need or have cause for complaint please contact Becky Hill.
HR Now Ltd, 17 The Esplanade, St Helier, Jersey JE2 3QA
If you’re dissatisfied with the way in which your complaint has been handled you may contact your local data protection supervisory authority, or write to our local Information Commissioner:
Office of the Information Commissioner, Brunel House Old Street, St Helier, Jersey JE2 3RG
General enquires: enquiries@OICJersey.org
Breach reporting: breach@OICJersey.org