Digital Data Foundation is a ‘data controller’ when the company directly collects personal data on individuals through different mechanisms, including employment candidates volunteering their data, or by using publicly accessible Job Search databases.
Digital Data Foundation is also a ‘data processor’ when it receives and uses personal data that has been collected by individuals and companies that it works on behalf of. Within this policy we will be referred to as “we”, “us” or “our” for simplicity. The company’s contact details can be found on page 4.
We will review this policy regularly to ensure we are compliant with any changes to data protection regulations.
2. WHAT DATA WE NEED and COLLECT
Digital Data Foundation collects personal data about you as part of the functioning of the company. This personal data might be, for example, such as name, address, e-mail and telephone number, employment history and academic achievements. We do ask for an idea of candidates’ current and expected salaries, but this is to help Digital Data Foundation provide a better service and will not be shared with any of our clients.
As part of recruitment work undertaken on behalf of third parties (companies and individuals)
Type of data
(a) Identity (b) Contact
Lawful basis for processing
Performance based on a contract with a third party (companies or an individual)
Type of data
(a) Identity (b) Contact
Lawful basis for processing
(a) Performance based on a contract with a third party (companies or an individual) (b) Necessary to comply with a legal obligation
3. WHY WE NEED IT and SEEKING YOUR CONSENT
Your consent: This applies where you provide your personal data and consent to us using it to provide you with a specific service. At times, we need to know your personal data in order to contact you as set out above.
As part of our work, we might compile personal data about you using publicly accessible databases or government registers as set out above. We will only gather this information as part of performing our work. Where this data is not obtainable online, we may write to you to request your contact details so that we can directly engage with you.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when legally permitted. Digital Data Foundation’s core use of personal data is to assess and recommend candidates on behalf of our clients.
Personal data may be used if we need to perform a contractual obligation based on our work with third parties (companies and individuals), or to comply with a legal or regulatory obligation.
As part of our contractual obligations, we are required to seek your permission before adding your contact details to any databases which are held by the third parties from whom we undertake contractual obligations. We will always contact you before sharing any personal data to seek your approval for Digital Data Foundation to pass on this data to third parties.
Digital Data Foundation will seek written confirmation from the third parties to ensure that they are compliant with all applicable data protection regulations.
Digital Data Foundation does not at this time use personal data for marketing purposes, and we will contact candidates in advance before any marketing initiatives such as a newsletter are commenced.
5. DISCLOSURES OF YOUR PERSONAL DATA
Further to section 4, we may have to share your personal data with other parties based on legal requirements. This could include other contractors working with the third parties from whom we undertake contractual obligations, for example a third party providing background checks. Digital Data Foundation will seek written confirmation from the third parties to ensure that these contractors are compliant with all applicable data protection regulations.
Digital Data Foundation will not transfer your data beyond the European Economic Area unless the candidate has consented by listing a specific non-EEA country in their Candidates Form.
6. DATA SECURITY AND DATA STORAGE
We have taken necessary steps to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Digital Data Foundation is committed to storing as little personal data as is required based on our contractual obligations. Personal data is stored on hard copies or computers and external hard drives held by the owner.
These computers are password protected and have up-to-date anti-virus and malware protection software installed. No information will be passed on to third parties without informing you and obtaining your consent.
There is one member of staff in Digital Data Foundation. This person has attended an external training event (organised by the Royal Institution of Chartered Surveyors) on data protection regulations, particularly the General Data Protection Regulation.
7. DATA RETENTION
The length of time we will hold or store your personal information for will depend on the services we perform for you and for how long you require these. As we often support candidates with placements over many years, and potentially throughout their careers, the purpose for which we retain candidate data is often an ongoing purpose. We conduct regular data-cleansing and updating exercises with our candidates to ensure that (a) the data that we hold is accurate and (b) we are not holding data for too long.
Our standard terms of business state that our clients should retain candidate data such as CVs for the purposes of the specific role you apply for and that, as controllers of your data, they should inform you if they plan to retain your CV on file in order to notify you about potential future roles, or to otherwise hold or use your data for other purposes.
8. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
Request access to your personal data.
Request correction to your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
Request transfer of your personal data.
Right to withdraw consent.
Right to lodge a complaint with a supervisory authority, such as the Information Commissioner’s Office (ICO)
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of the rights set out above, please email us at email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us two months rather than one month if your request is particularly complex or you have made a number of requests.
9. CONTACT DETAILS
Registered Address: 20-22 Wenlock Road, London. N1 7GU
Email address: info @digitaldatafoundation.com
10. FILING A COMPLAINT
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the ICO, the UK supervisory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact Digital Data Foundation first if you do have a complaint so that we can try to resolve it for and with you directly.