At The Ocean Partnership, we take your privacy seriously and are committed to protecting the privacy of our candidates, clients, and any users of our services. This Privacy Notice provides you with clear information as to how we process your personal data when providing our work-finding services for you, and being transparent so that you know how it will be used.
This Privacy Notice sets out the types of personal data that we collect about you, along with how and why we use it, how long we will keep it for, when, why and who we will share it will, the legal basis for us using your personal data and your rights in relation to us storing and processing your personal data.
Part of the recruitment process will involve sharing your personal data with our clients (independent data controllers) who have potential work opportunities that may be suitable for you. These third parties will have their own privacy policies and will need to comply with all applicable laws – we encourage you to contact them directly if you have any concerns or questions about your data.
Who is responsible for your personal data?
The Ocean Partnership Limited, a company registered in England and Wales (Registration number is 04440901) is registered as a data controller with the ICO in the United Kingdom for the purposes of the Data Protection Act 1998 or any subsequent UK legislation resulting from EU General Data Protection Regulations (GDPR). Our registered office address is Warnford Court, 29 Throgmorton Street, London, EC2N 2AT and you can contact us at email@example.com if you have any queries relating to data protection.
We are a recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003. We provide both temporary and permanent recruitment services to clients looking to recruit personnel for their business and provide work-finding services to candidates looking for job opportunities.
Where is your personal data stored?
All the personal data we have is stored and backed up in the UK. The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (”EEA”). It may be transferred to third parties outside of the EEA for the purpose of our recruitment services.
This includes staff engaged in our recruitment services and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. The Ocean Partnership will take all steps necessary to ensure that your data is treated securely and in accordance with this privacy notice.
Legal basis for processing your data
For prospective candidates, contractors, referees and clients, our processing is necessary for our legitimate interests in that we need the information in order to be able to assess suitability for potential roles, to find potential candidates and to contact clients and referees.
We do not consider our legitimate interests to be overridden by your interests or fundamental rights and freedoms. We take into consideration the reasonable expectations of individuals who are actively applying for jobs or making their personal information publicly accessible on professional networking sites.
If you are submitted as a candidate or requested for interview, then this may involve the processing of more detailed personal data including sensitive data such as health information or any unspent criminal convictions that you or others provide about you. We will ask for your consent before undertaking such processing if we are required to do so.
For clients, we may also rely on our processing being necessary to perform a contract for you if one is in place, for example in contacting you.
The information we collect and how we use it
We will use your information in such ways to facilitate the recruitment process and provide you with work-finding services, including but not limited to:
- To provide our services by using your details to match your skills, experience and education with a role that suits your requirements (we use technology in ways to help identify the most suitable candidates for a specific role but this does not constitute automated decision making);
- To make you aware of current opportunities that may suit your requirements;
- To contact and update you about applications you have made or roles you have been submitted for;
- To share your details with Clients with the aim of securing a potential role (our Client may be the company you will provide your services to or an intermediary company that directly supplies to the company you will provide your services to).
The information we collect may include your name, email address, telephone number, CVs, identification and right to work documents, educational records and work history, employment and references.
In general, we will not ask you about sensitive personal data but there may be times that it is necessary for information to be disclosed to us and for us to share that with potential employers. We will only share the information where you have provided your explicit consent.
We are also under an obligation with our clients to provide suitable candidates. Part of that assessment will include asking you about any unspent criminal convictions you may have. We consider this to be highly confidential information and will only do so where you have provided your explicit consent.
We may also analyse the data internally so that we can offer a more relevant service, for marketing and strategic development purposes or for research purposes to improve our service.
Where does the information we collect about you come from?
The data we collect about you is obtained from the following sources:
- Directly from you. This may be via our registration process, filling in forms via our website (www.theoceanpartnership.com), subscribe to our services, attend our events, participate in a survey or by corresponding with us by phone or e-mail.
- An agent or third party acting on your behalf. This may be where you are consulting via a Limited Company.
- Publicly available sources. We may also obtain your information from professional networking sites or job boards, where you have actively published or submitted your information.
- Reference or word of mouth. You may be recommended by a friend, former employer or colleague.
Disclosure of your Information
There may also be circumstances where disclosure is required or permitted by law (such as to government bodies and law enforcement bodies).
If you secure a new role through The Ocean Partnership, additional information will need to be provided to them to enable the placement to proceed. There may be occasions where we use third parties to process your information on our behalf. In such situations, these third parties will be under strict instructions and they will not be permitted to use your information for their own business purposes.
Retention and rights to deletion of your data
The Ocean Partnership will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records:
- If you have not registered with us, your data will be retained for 12 months from when it was added to our database or from when you were last contacted. You can request to have your record deleted (see below).
- If you do register with us, your data will be retained for 2 years from the last contact or activity on your record. You can request to have your record deleted (see below).
- If we place you in a temporary assignment or permanent role, we will be required to keep certain information for specific lengths of time up to a maximum of 6 years. The purpose of keeping this information is to comply with our legal obligations.
- Client contact details are retained for 3 years. You can request to have your record deleted (see below).
Depending upon the criteria used as to whether we should retain your information we may:-
- Retain all your personal data on our main Customer Relationship Manager (CRM) system and financial systems.
- Archive all or part of your personal data from our main Customer Relationship Manager (CRM) system.
- Retain your personal data on our financial systems only.
- Pseudonymise* parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so.
- Remove all your personal data on our main Customer Relationship Manager (CRM) system and financial systems.
*For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
If you do not provide the personal data requested, or use your right to withdraw your consent for the processing of your sensitive personal data, we may not be able to match you with available job opportunities.
You have the right to object to us processing your data based on legitimate interest. You will have the right to request for your data to be erased (“right to be forgotten”) when you are provided with a copy of our Privacy Notice or you can do so by responding to our retention of information email and opting out or emailing firstname.lastname@example.org
If you have been successfully placed then we will be under certain legal obligations to retain information for specified periods (up to 6 years), this includes, but is not limited to, ensuring you have the right to work in the UK and allowing us to comply with HMRC reporting requirements regarding payroll information. In such situations you do not have the right to object to us processing your data.
Please note that we may require you to provide us with proof of your identity and answer security questions before processing your request and if your data is deleted we will have no record and you may be contacted again in the future.
Special Categories of Personal Data and Criminal Convictions
We avoid processing special categories of data, these are sensitive personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
However, by taking copies of passports or ID it may be that racial or ethnic origin can be revealed. Processing this data is necessary for us to comply with employment law obligations and the data is only used for this specific purpose.
We are under an obligation to ensure that the candidates we submit to clients are suitable. As part of our registration process, we require individuals to disclose any unspent convictions and may need to make further enquiries if necessary.
Will we contact you for Marketing Purposes?
We will only send you direct marketing emails that promote our company or services if you have opted-in to this. You will have the option to opt-in when you are provided with a copy of our Privacy Notice. You can also manage your marketing consent by contacting The Ocean Partnership on email@example.com updating your preferences.
To clarify, contacting you about specific job opportunities is not marketing because we are not advertising or marketing our services.
We do on occasion contact our candidates asking them if they are aware of other professionals suitable for specific job opportunities. We try to make this contact as specific as possible and to as narrow a list of candidates as possible. If you receive such contact and would prefer not to, you can reply to the email you receive or contact an Ocean Partnership.
Can you find out about the data we hold for you?
You have the right to be informed and access a copy of the information comprised in your personal data. If any of the data we hold is inaccurate, you have the right to rectify it. You can contact us at firstname.lastname@example.org or your consultant directly to update your data.
You can make a request to find out what personal data we hold about you. You may exercise this right by making a written subject access request (SAR) to email@example.com . We require you to provide us with proof of your identity and answer security questions before processing your request.
We usually act on such requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
GDPR introduces a new right to data portability. This will enable individuals to both receive and transmit the personal data they have provided to a data controller in a structured, commonly used and machine-readable format to another data controller.
The right to data portability only applies to the following:
- personal data provided by the individual;
- personal data that is processed with the individual’s consent or on the basis of a contract (excluding the other legal bases); and when processing is carried out through automated means.
As we rely on the legal basis of legitimate interests, this right will not apply to the data we hold about you. In addition, references obtained directly from third parties about you will not be subject to the right of data portability.
How do we protect your personal data?
We endeavour to take all reasonable steps to protect your personal data but cannot guarantee the security of any data you disclose online. You accept the inherent security implications of sending information over the Internet and will not hold us responsible for any breach of security unless we have been negligent.
All information you provide to us is stored on our secure password protected systems; robust firewall. We have company policies in place with regular reminders about not clicking on potentially malicious links or attachments to ensure risk from phishing and other malware is minimal.
How to contact us:
If you wish to gain access to or correct your personal data or make a complaint about a breach of your privacy, please contact:
Tel: +44 (0) 20 3909 8640