Rullion is a recruitment company and we provide temporary and permanent workers and related consultancy services to our clients.
Rullion Limited of Mansion House, 3 Bridgewater Embankment, Altrincham, Cheshire, WA14 4RW is the data controller (or joint controller) for the purpose of the Data Protection Act 1998/Data Protection Act 2017 and any amending and replacement legislation from time to time in force, the General Data Protection Regulation and any and all domestic legislation implementing the Regulation into English law.
This privacy notice will help you understand what information we may collect, how it is used and what choices you have.
In particular, we will use information we hold about you for the purposes of carrying out any of our obligations under a contract between you and us. For example, processing your application for our services or products, provision of our services, provision of recruitment and HR services, to provide you with further information on selected goods and services we (and any selected third parties) may offer where you have consented to receiving marketing materials from us, to notify you of any changes to the services or products under any agreement between us and in order to comply with our legal and regulatory obligations.
We may collect information about you, including; your name, address and contact details, details of your qualifications, skills, experience and employment history, remuneration, whether or not you have a disability, your entitlement to work in the UK and equal opportunities monitoring information.
The Company may collect this information in a variety of ways. For example, CVs or resumes, your passport or other identity documents, or collected through interviews or other forms of assessment. We may also collect personal data about you from third parties, such as references from former employers, information from employment background check providers and information from criminal records checks.
The Company will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so. Data will be stored in a range of different places, including on your application record, in CRM systems and on other IT systems (including email).
Compliance with GDPR
We take your privacy very seriously and are committed to protecting your personal information and to ensure this we comply with the General Data Protection Regulations (GDPR) and follow guidance from the Information Commissioners Office. We take care to ensure the rights of our Data Subjects are upheld at all times and strive to continually review and improve all our system processes and ways of working to support this.
We will collect and retain information about you, including information you give us, whenever you interact with us, for example; when you enquire about our services, visit our website, during your use of our websites and apps and through certain third parties such as job boards, job board databases (e.g. Total Jobs, CV Library, Jobsite), social media channels (such as LinkedIn), sign up to receive updates on a campaign or our events, post content to our social media sites, attend a meeting with us and provide us with information about you, meet through networking events or exhibitions, contact us through the following channels: online, email, phone, SMS, social media or post.
For example, (i) if you have seen and applied to one of our adverts then your details have been collected and retained by us and we may contact you about the role you have applied for; (ii) if you have uploaded your CV and registered as a candidate on one of the many job boards that exist in the recruitment marketplace then your CV and details will be available to view and download by us for our collection and retention and to use to contact you about potential roles. When you registered with that organisation you would have given them your consent to make your data available to third parties who subscribe for access.
You may have given us permission to access information from messaging services like Facebook, LinkedIn and Twitter. This will depend on your settings or the privacy policies for the particular social media site.
Your information may have been shared with us by a reputable data provider who will have their own privacy policies and must ensure that the data they provide us is fully compliant with GDPR. We have selected data providers who demonstrate transparency, accuracy and security in their approach to data governance and in data management, processing and provision adhering to GDPR regulations and ICO (information commissioner’s office) principles and directives.
Lawful basis for processing data
Although in some cases we will seek consent to process your personal data, in some instances we may process your information without consent when we are legally allowed to do so.
This will include the following main lawful bases for processing data:
- where the processing is necessary for any contractual obligation, e.g. for the performance of a contract to which you are party or in order to take steps at your request.
- where the processing is necessary in order to comply with legal obligations, e.g. for all processing involved in complying with regulations or laws that apply.
- where it is in our legitimate interests to do so (provided we are confident that such processing is not likely to prejudice your legitimate interests or rights and freedoms).
- for special / sensitive data:
- where it is necessary for carrying out our obligations under employment, social security or social protection law; and
- where it has been manifestly made public by you.
Where we are processing your personal data on the basis of the consent you have given us, you are entitled to withdraw that consent at any time such that we can no longer rely on it as a basis for continuing to process your personal information.
You retain control of how we use your data and you have the right to ask us to rectify any inaccuracies or to stop processing your personal information, which we will do. In some circumstances we may legally be required to retain your personal information. However, this will be discussed with you depending on your requirements and does not apply if we are processing your data to contact you regarding, or sending you, marketing materials.
We will hold your personal information on our systems for as long as is necessary for the relevant activity, for example we will keep a record of any customer for a minimum of seven years to comply with HM Customer & Revenue legal requirements.
Where possible, we try to keep your records up to date; for example, we aim to contact you at least once every two years by telephone to ensure your information on our database is correct. However, we really appreciate it if you let us know if your details change.
What we do with your data
If you register with us as a candidate by either uploading your CV or contacting us directly about an advertised role we shall enter you details on our systems and with your provided consent shall forward your details to relevant clients in order to find you work. Our employees will have sight of your details and shall with your consent continue to search for available roles that suit your requirements. This will mean that we may share some (or in some cases all) of your provided details to a client or clients where we have previously agreed with you that we can.
The type and quantity of information we collect and how we use it depends on why you are providing it. If, for example, we are supplying you with marketing material and news we may collect where relevant; your name, your job title/role, your contact details – full address, email address, phone number and mobile number (if supplied).
We will use your personal information in a number of ways, including; to provide you with the services or any information you have requested, to update you about any changes to our services, to update you on marketing news to maintain our organisational records and ensure we have your most up-to-date marketing preferences, to help us improve our services, campaigns or information-offering, to analyse and improve the operation of our website, to invite you to participate in marketing reviews, events and meetings or to contact you where you have been identified as a contact person for a business or organisation, (if we obtain your contact details in this way, we will only use them to contact you in the ways in which you have agreed to be contacted).
To contact us about your marketing preferences, please write to firstname.lastname@example.org.
We ensure that there are appropriate technical controls in place to protect your personal details. For example, we use encryption technology on our websites and carry out regular security reviews on our network.
We always ensure only our staff and authorised personnel have access to your information and that they are appropriately trained to manage your data.
Despite all our precautions however, no data transmission over the internet can be guaranteed to be 100% secure. So, while we strive to protect your personal information, we cannot guarantee the security of any information you disclose to us online, and you must understand that you do so at your own risk.
If you ask us to stop sending you marketing materials that we have been sending you on the basis of the consent you have given us, we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.
We would still send marketing materials to the business (company name, company address, company telephone number, company generic email e.g. sales@ or info@) and to anyone within the business who has given their consent.
You have the ‘right to be forgotten’ if we are processing your data on the basis of consent or where your data is no longer required for the purpose for which it was originally collected, unless there are other legal grounds and obligations that require us to keep your personal data. In this case any personal data we hold would be erased and we would be unable to fulfil any requests about the information we had held retrospectively.
You also have the right to request a copy of the information we hold about you. If you want to access your information, please contact: email@example.com
You can find more information about your rights, and data protection in general, on the website of the Information Commissioner’s Office here: https://ico.org.uk .
When you use our website we collect information about your visit and record and store this for future use. Please read our cookies policy for more details.
If you would like to raise a concern or make a complaint about how we process your personal data, or about any of the services provided by Rullion please write to firstname.lastname@example.org and we shall fully investigate your complaint and report back to you within 30 working days of the original complaint.
Changes to this Privacy Notice
This Privacy Notice and our Policy may change from time to time. If we make any significant changes to our Policy, we will publicise these changes clearly on our website.
Please note that this Privacy Notice and our Policy may be updated further to reflect the requirements of the General Data Protection Regulation, which is to become law in the UK on 25th May 2018.
This Privacy Notice and our Policy only relates to information that we obtain from you or via third parties if you’ve given them permission to share your information.