• Home
  • About
  • Our Sectors
  • How We Work
  • Contact Us
  • CV UPLOAD
  • VACANCY UPLOAD
  • More
    • Home
    • About
    • Our Sectors
    • How We Work
    • Contact Us
    • CV UPLOAD
    • VACANCY UPLOAD
  • Home
  • About
  • Our Sectors
  • How We Work
  • Contact Us
  • CV UPLOAD
  • VACANCY UPLOAD

Privacy Policy

  

Introduction

We are RAW RESOURCING LTD (Registered in England & Wales No. 15132024 ) of 63-66 Hatton Garden, London, EC1N 8LE

This Privacy Notice sets out the basis on which we use personal data in the course of our business activities.

As a business which relies upon having access to information about Candidates to meet our Clients’ requirements, data is essential to our business. Our systems and processes are designed to ensure that we can provide the best possible service to our clients while operating within the law at all times and protecting individuals’ data privacy rights.

We reserve the right to update this Privacy Notice from time to time. Where appropriate, we shall contact you to notify you of any material changes to the Privacy Notice. You should also refer to our website periodically so that you may access and view our updated Privacy Notice. This will ensure that you understand (i) how we are using your personal data and (ii) your legal rights around our usage of such personal data.

Who Should Read This Privacy Notice?

This Privacy Notice applies to any living, identifiable individuals about whom we may process personal data in the course of our business activities. You should read this Privacy Notice if you are a:

  • Candidate
  • Client Contact
  • Referee
  • Supplier Representative

Please note that, in some cases, you will fall into more than one of the above categories.

If you are an employee, applicant for employment or in-house temporary worker, you should refer to our internal Privacy Notice instead.

Definitions

This Privacy Notice uses the following defined terms:

Candidate means a person who is recorded in RAW RESOURCING LTD’s records as seeking or potentially suitable for an engagement with a Client. This includes individuals who are not actively seeking a new role but who are in contact with RAW RESOURCING LTD about potential opportunities which may be of interest from time to time.

Client means a business which has engaged RAW RESOURCING LTD to provide services or which RAW RESOURCING LTD has identified as a business for which RAW RESOURCING LTD wishes to perform services.

Client Contact means a person who is employed or engaged by a Client and with whom RAW RESOURCING LTD may liaise in respect of any services which RAW RESOURCING LTD is providing or wishes to provide to the Client. In some cases, the Client Contact and the Client may be the same person e.g. where a Client is a sole trader.

Data Protection Legislation means (i) the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998.

Referee means a person who has provided to RAW RESOURCING LTD a written or verbal opinion in respect of the work history, skills, competency and/or experience of a Candidate;

Supplier means a business which provides services to RAW RESOURCING LTD and which may process personal data relating to any Candidate, Client Contact or Supplier Representative in the course of performing such services.

Supplier Representative means a person who is employed or engaged by a Supplier and with whom RAW RESOURCING LTD may liaise from time to time in respect of the services which are provided by that Supplier.

Third-Party Services Provider means any relevant third-party business which provides services to RAW RESOURCING LTD, including our:

  • Professional advisers including      accountants, tax advisors and lawyers;
  • Insurers;
  • IT services providers and software      providers;
  • Independent consultants and      subcontractors

How We Obtain Personal Data

We obtain personal data from a number of different sources, depending on the capacity in which you are dealing with us.

If you are a Candidate, we may obtain personal data relating to you:

  • Directly if you have:
  • applied for a Client vacancy through us
  • uploaded your CV through our website
  • asked us to provide any work-finding      services to you
  • engaged with us through any networking      activities or events
  • had any discussions with us about finding      alternative employment
  • Indirectly from:
  • online professional networking sites such      as LinkedIn
  • social networking sites such as Facebook      or Twitter
  • job boards such as Jobsite and CV Library
  • referees who provide information about      your employment experience and their opinion as to your skills and      aptitude
  • your employer’s website and other      industry-related websites
  • business information directories
  • online industry databases such as the      Construction Industry Training Board
  • where appropriate, third-party background      checking services such as the Disclosure & Barring Service

If you are a Client Contact or Supplier Representative, we may obtain personal data relating to you:

  • Directly in the course of (i) us      providing services to the Client or (ii) the Supplier providing services      to us, as applicable; or
  • Indirectly from:
  • online professional networking sites such      as LinkedIn
  • your employer’s website and other      industry-related websites
  • business information directories
  • other individuals within your      organisation in the course of (i) us providing services to the Client or      (ii) the Supplier providing services to us, as applicable.

If you are a Referee, we may obtain personal data relating to you:

  • Directly from you in the course of any      communications between us; or
  • Indirectly from the Candidate who has      nominated you as his or her Referee

Types of Information We Hold

If you are a Candidate, we may collect, store and process the following types of personal information about you:

  • Personal contact details such as name,      title, addresses, telephone numbers, and email addresses;
  • Your gender, date of birth, nationality      and place of residence;
  • Your professional skills and experience;
  • Your qualifications, training and      certifications;
  • Proof of your right to work in the United      Kingdom such as copies of your passport and, where applicable, visa,      residence permit or similar government documents;
  • Proof of your identity and address, such      as copies of your driving licence, utility bills or similar documents;
  • Information about your current or most      recent role, including your job title, department, reporting line,      responsibilities, salary, benefits and notice period;
  • Your motivation and reasons for seeking      new employment;
  • Any information within your CV or any      application document which a Client may require you to complete;
  • Any background information which you      provide to us during the course of your dealings with us;
  • Details of any Clients to whom you have      been introduced by us;
  • Details of any interviews which you have      attended and our Clients’ feedback on those interviews;
  • Details of any position which you take up      with a Client, including your role, duties, remuneration, department and      location;
  • If you provide any services on a      freelance basis:
    • Details of any limited RAW RESOURCING       LTD through which you contract and the nature of your relationship with       that RAW RESOURCING LTD;
    • Information about the days and times       which you have worked;
    • Your bank details, tax code and National       Insurance Number; and
    • Information about any services which you       have carried out, including any comments, feedback and issues relating to       such services.

We may also collect, store and use the following “special categories” of more sensitive personal information:

  • Information about your race or ethnicity;
  • Information about your health, including      any medical condition, health and sickness records; and
  • Information about criminal convictions      and offences.

If you are a Client Contact, we will collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name,      title, addresses, telephone numbers, and email addresses;
  • Your job title and position within the      Client organisation; and
  • Any background information relating to      your personal circumstances, your work history and the role which you      perform within the Client which you may provide to us in the course of      your dealings with us.

We do not collect, store or use any “special categories” of sensitive personal information if you are a Client Contact.

If you are a Referee, we will collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name,      title, addresses, telephone numbers, and email addresses;
  • Your job title and position within your      employer; and
  • Any background information which you may      provide to us in the course of your dealings with us.

We do not collect, store or use any “special categories” of sensitive personal information if you are a Referee.

If you are a Supplier Representative, we will collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name,      title, addresses, telephone numbers, and email addresses;
  • Your job title and position within the      Supplier organisation; and
  • Any background information relating to      the role which you perform within the Supplier which you may provide to us      in the course of your dealings with us.

We do not collect, store or use any “special categories” of sensitive personal information if you are a Supplier Representative.

How We Use Personal Data

If you are a Candidate, we may use your personal data to:

  • Assess and verify your potential      suitability for employment with a Client;
  • Contact you in relation to any potential      employment opportunities with a Client;
  • Introduce you to our Clients and      potentially arrange for you to fill a Client vacancy;
  • Stay in regular contact with you to      understand your current position, career aspirations and motivation for      finding new employment;
  • Where applicable, make payments to you or      arrange for any third-party RAW RESOURCING LTD through which you may      contract to make payments to you;
  • Contact you to ask for a referral;
  • Produce anonymised statistical data;
  • Comply with our legal obligations, defend      or bring any legal proceedings and prevent fraud or any other crime;
  • Conduct equal opportunities monitoring.

If you are a Client Contact, we may use your personal data to:

  • Contact you to obtain information about      our Client’s requirements;
  • Liaise with you so that we may      effectively perform the services to our Client;
  • Obtain a reference for a Candidate;
  • Contact you for invoicing and credit      control purposes;
  • Provide you with statistical information      about your industry sector;
  • Comply with our legal obligations, defend      or bring any legal proceedings and prevent fraud or any other crime.

If you are a Referee, we may use your personal data to:

  • Contact you to obtain a reference on a      Candidate;
  • Provide a copy of the reference to our      Client;
  • Comply with our legal obligations, defend      or bring any legal proceedings and prevent fraud or any other crime.

If you are a Supplier Representative, we may use your personal data to:

  • Liaise with you in respect of the      services which are being provided by the Supplier;
  • Contact you in relation to billing      matters;
  • Comply with our legal obligations, defend      or bring any legal proceedings and prevent fraud or any other crime.

Our Lawful Basis for Processing Data

We have determined that we have a legitimate interest to process your personal data where you are:

  • A Candidate, on the basis      that it is necessary for us to maintain a database of individuals who are      (i) actively seeking new employment with a Client or (ii) potentially      suitable for employment with a Client. By processing your personal data      and contacting you from time to time, we are able to gain an understanding      of your current role (where applicable), your skills and experience, and      your career aspirations. Our processing of your personal data is therefore      of benefit to:
  • You, as it assists us to identify new      employment opportunities about which you might not otherwise been aware      and to give general advice and guidance in support of your career      development;
  • Our Clients, who rely on us to have      access to suitable, pre-qualified candidates who can fill their      requirements; and
  • Us, as we are a business which relies      upon being able to introduce Candidates to our Clients
  • A Client Contact, on the      basis that we need to be able to contact and interact with the individuals      who are employed or engaged by our Clients. This will allow us to      effectively provide services to them, better understand their requirements      and generate revenue for our business.
  • A Referee, on the basis that      we are generally required to obtain references to comply with our      contractual obligations to third parties and, in some instances, we are      under a legal obligation to do so. It is therefore necessary and      reasonable for us to process personal data relating to you strictly for      compliance with these obligations.
  • A Supplier Representative, on      the basis that we need to be able to contact and interact with the      individuals who are employed or engaged by our Suppliers. This will allow      us to ensure that our Suppliers provide us with the best possible service      which, in turn, is of direct benefit to both our Candidates and our      Clients.

Our Lawful Basis for Processing Sensitive Personal Data

[If you are a Candidate, we may also need to process sensitive personal data relating to you. In this event, we will ask for your consent to process this type of data. You are free to decline such consent but it may affect the scope of the services which we can provide to you and the roles for which you may be submitted.]

OR

[If you are a Candidate, we may also need to process sensitive (special) personal data relating to you. The type of sensitive personal data which we might process includes (i) information about any medical conditions or disability insofar as they are relevant to the type of work which you are proposing to carry out (ii) information about any unspent criminal convictions and, where relevant to the type of role which you are carrying out, spent convictions, police warnings etc and (iii) information about any trade union of which you are a member (but only insofar as it relates to an employment claim or pay and working conditions on a client site).

[We are acting as an employment agency and/or an employment business in our dealings with you. In accordance with Article 9 (2)(b) of the GDPR, this sensitive personal data is necessary in the field of employment. i.e. it is required for performing our obligations as an employment agency or employment business and is used solely for this purpose. Any sensitive personal data shall be held strictly in accordance with our policies on data retention and sensitive personal data.

We may also process equal opportunities information relating to you. This shall be anonymised and it is not therefore personal data within the meaning of the Data Protection Legislation.]

Where We Process Personal Data

Your personal data is held and processed by us in the United Kingdom.

We have put in place appropriate safeguards to ensure that your data is only transferred to jurisdictions with enforceable data subject rights and effective legal remedies in respect of data privacy breaches. We will therefore only transfer your personal data to jurisdictions outside of the EEA where:

  • There are binding corporate rules in      place regarding the transfer of such data within the Group, in accordance      with Article 47 of the GDPR. This means that the data transfer is      between group companies and those group companies have agreed to share      that data in accordance with the rules specified by the European      Commission.
  • The European Commission has made an      adequacy decision in respect of such jurisdiction. This means that      the European Commission has pre-approved the data privacy regime in the      relevant non-EEA country. At present, the European Commission-approved      jurisdictions are Andorra, Argentina, Canada (commercial organisations),      Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand,      Switzerland, Uruguay and the US (limited to the Privacy Shield framework).
  • The transfer of data is subject to the      model contractual clauses adopted by the European Commission. This means      that we have a data-sharing agreement in place which complies with the      requirements set out by the European Commission; or
  • You have expressly given informed consent      to the transfer of such data. This means that you have not only      agreed to the transfer but have done so in the knowledge that your data      may be transferred to a jurisdiction which does not give you the same      degree of protection as you have within the EEA.

Parties with Whom We May Share Data

If you are a Candidate, we may share your personal data for legitimate purposes with:

  • A Client where you have expressed an      interest in being introduced to such Client or are being supplied to such      Client on an assignment;
  • Any third-party which is engaged by the      Client to assist them in the recruitment process including a managed      service RAW RESOURCING LTD, Recruitment Process Outsourcing provider or IT      platform provider;
  • A third-party RAW RESOURCING LTD through      which you are contracting;
  • A third-party RAW RESOURCING LTD to which      you have specifically asked to be introduced or referred, such as an      insurance RAW RESOURCING LTD or intermediary (umbrella) RAW RESOURCING LTD;
  • Background checking services such as the      Disclosure & Barring Service;
  • Industry bodies such as the Construction      Industry Training Board and any similar organisations which are relevant      to the market sector in which you work;
  • Third-Party Services Providers who in      some cases may use their own subcontractors and sub-processors;
  • Our connected or associated companies;
  • Our bankers and recruitment finance      providers;
  • Governmental departments and agencies      where we are permitted or required by law to do so.

We may also share your personal data with Clients on an anonymised basis where we have agreed to provide general statistical information to such Clients.

If you are a Client Contact, we may share very limited data relating to you with a Candidate where such sharing is strictly required for the recruitment process e.g. so that the Candidate may contact you directly. We will also share your personal data with Third-Party Services Providers for legitimate business purposes.

If you are a Referee, we will share with our Clients the details of any reference which you may give. We will usually provide your name, job title and employer name when doing so. In some circumstances and only when you have agreed to such disclosure, we will provide your contact details so that our Client may verify the reference or ask for further information. We will also share your personal data with Third-Party Services Providers for legitimate business purposes.

If you are a Supplier Representative, we will share your personal data with other Third-Party Services Providers for legitimate business purposes.

Our Website

If you interact with our website at www.rawresourcing.com, we may process information relating to your usage of the website. However, unless you are submitting information through our website as a Candidate or Client Contact, the information which we process is anonymised and not therefore personal data within the meaning of the Data Protection Legislation.

Automated Decision Making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.

All decisions which are made in the course of our business processes involve human intervention. We do not therefore expect to make any decisions about you using automated means, whether you are a Candidate, Client Contact, Referee or Supplier Representative.

Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Manager.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Our standard data retention period is two years from the last date on which we are in actual contact with you i.e. where we actually speak with you or exchange correspondence. After this time, we will usually delete your personal data from our records.

Where we are required to keep any information (i) for auditing or compliance purposes (ii) to comply with our contractual obligations to third parties or (iii) in respect of any potential or actual legal proceedings, we shall keep your data for as long as is strictly necessary for these purposes, which is typically for seven years in total. This usually applies in particular to Candidates who we have placed with Clients.

In some circumstances we may completely anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Rights of access, correction, erasure, and restriction

Your duty to inform us of changes. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information. Under certain circumstances, you have the right to:

  • Request access to your      personal information (a Subject Access Request). This enables you to      receive a copy of the personal information we hold about you and to check      that we are lawfully processing it. You will not usually have to pay a fee      to access your personal information but we may charge a reasonable fee if      your request is clearly unfounded, repetitive or excessive. Alternatively,      we may refuse to comply with the request in such circumstances.
  • Request correction of the      personal information that we hold about you. This enables you to have any      incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your      personal information. This enables you to ask us to delete or remove      personal information where the personal data is no longer necessary in      relation to the purpose for which it was originally collected/processed or      you have objected to the processing and there is no overriding legitimate      interest for continuing the processing.
  • Object to      processing of your personal information where we are relying on a      legitimate interest and you object on “grounds relating to your particular      situation.”
  • Request the restriction of      processing of your personal information. This enables you to ask us to      block or suppress the processing of personal information about you, for      example if you want us to establish its accuracy or the reason for      processing it or if you have also objected to the processing as above.
  • Request the transfer of your      personal information to another party when the processing is based on      consent and carried out by automated means. This right is not usually      applicable to any data processing carried out by RAW RESOURCING LTD.

If you want to exercise any of the above rights, please contact the Data Protection Manager in writing. We will consider your request and confirm the actions which we have taken in response to such request.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will confirm the actions which we have taken in respect of any such request.

If you are unhappy with any aspect of the manner in which we have processed your personal data or dealt with your decision to exercise any of the rights set out in this section, you have the right to complain to the Information Commissioners Office in the United Kingdom. Their details are:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745

Email: casework@ico.org.uk

Contacting Us

If you have any questions about this Privacy Notice, you can write to the Data Protection Managerat RAW RESOURCING LTD, ADDRESS. Alternatively, you may telephone us on 07 946 390 098 or email us at info@rawresourcing.com.

You should be specific about the job boards which you use, if any.

This is a possible justification. The company could also choose to use consent or performance of a contract, depending upon their preferences. This point requires advice.

Assumes no international data transfers as standard.

If applicable

You should also have a cookie policy on your website. This has been a requirement for several years so is not a new GDPR-related issue. However, you should check that there is one present.

Do you capture the IP address of all visitors? If so, this would be personal data and this will need to be amended

This is open to discussion. 1-3 years are all common.

Where I have referred to a Data Protection Manager, this could be amended to any other suitable job title.

SUBJECT ACCESS REQUEST PROCEDURE

About This Procedure

This Subject Access Request Procedure sets out RAW RESOURCING LTD . ’s procedures in relation to any Subject Access Request which RAW RESOURCING LTD  may receive from a Data Subject.

The Data Protection Manager (DPM) is responsible for overseeing this procedure. Any questions about the operation of this procedure should be submitted to the DPM.

Receiving A Request

Data Subjects have the right to request access to their personal data processed by RAW RESOURCING LTD. Such requests are called subject access requests (SARs).

When a Data Subject makes an SAR, RAW RESOURCING LTD shall take the following steps:

(a)            log the date on which the request was received (to ensure that the relevant timeframe of one month for responding to the request is met);

(b)            confirm the identity of the Data Subject who is the subject of the personal data. For example, RAW RESOURCING LTD may request additional information from the Data Subject to confirm their identity;

(c)            search databases, systems, applications and other places where the personal data which are the subject of the request may be held; and

(d)            confirm to the Data Subject whether or not personal data of the Data Subject making the SAR are being processed.

Charges

RAW RESOURCING LTD shall not usually charge a fee to the Data Subject for carrying out a SAR (i.e. as the previous statutory £10 fee is no longer in force.)

If the SAR is manifestly unfounded or excessive, for example, because of its repetitive character, RAW RESOURCING LTD  may charge a reasonable fee, taking into account the administrative costs of providing the personal data.

Provision of Information

If personal data of the Data Subject are being processed, RAW RESOURCING LTD  shall provide the Data Subject with the following information in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in writing or by other (including electronic) means:

(a)            the purposes of the processing;

(b)            the categories of personal data concerned (for example, contact details, bank account information and details of sales activity);

(c)            the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients overseas (for example, US-based service providers);

(d)            where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(e)            the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing;

(f)             the right to lodge a complaint with the Information Commissioner’s Office (ICO);

(g)            where the personal data are not collected from the Data Subject, any available information as to their source;

(h)            the existence of automated decision-making and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject; and

(i)       where personal data are transferred outside the EU, details of the appropriate safeguards to protect the personal data.

RAW RESOURCING LTD shall also, unless there is an exemption, provide the Data Subject with a copy of the personal data processed by RAW RESOURCING LTD . in a commonly used electronic form e.g. PDF documents, unless the Data Subject either did not make the request by electronic means or has specifically requested not to be provided with the copy in electronic form. RAW RESOURCING LTD . shall usually submit the data to the Data Subject within one monthof receipt of the request.

Before providing the personal data to the Data Subject making the SAR, RAW RESOURCING LTD shall review the personal data requested to see if they contain the personal data of other Data Subjects. If they do, RAW RESOURCING LTD . may redact the personal data of those other Data Subjects prior to providing the Data Subject with their personal data, unless those other Data Subjects have consented to the disclosure of their personal data.

Extending the Time to Respond

If the request is complex, or there are a number of requests, RAW RESOURCING LTD may extend the period for responding by a further two months. If RAW RESOURCING LTD extend the period for responding RAW RESOURCING LTD  shall inform the Data Subject within one month of receipt of the request and explain the reason(s) for the delay.

Refusing A Request

If the SAR is manifestly unfounded or excessive, for example, because of its repetitive character, RAW RESOURCING LTD  may refuse to act on the request.

If RAW RESOURCING LTD is not going to respond to the SAR, RAW RESOURCING LTD . shall inform the Data Subject of the reason(s) for not taking action and of the possibility of lodging a complaint with the ICO.

Find and replace Company with the actual business name

Amend as appropriate

Data Retention & Erasure Policy (External)

About This Policy

This Data Retention & Erasure Policy (External) relates specifically to Candidates, Referees, Client Contacts and Supplier Representatives (Data Subjects).

For information about data retention relating to Applicants and Employees, you should refer to our Data Retention Policy (Internal) which may be viewed at URL.

The policy is intended to ensure that RAW RESOURCING LTD processes its business records in accordance with the personal data protection principles, in particular that:

  • Personal data must be collected only for      specified, explicit and legitimate purposes. It must not be further      processed in any manner incompatible with those purposes.
  • Personal data must be adequate, relevant      and limited to what is necessary in relation to the purposes for which it      is processed. When personal data is no longer needed for specified      purposes, it is deleted or anonymised as provided by this policy.
  • Personal data must be accurate and, where      necessary, kept up to date. It must be corrected or deleted without delay      when inaccurate.
  • Personal Data must not be kept in an      identifiable form for longer than is necessary for the purposes for which      the data is processed.
  • Personal Data must be secured by      appropriate technical and organisational measures against unauthorised or      unlawful processing, and against accidental loss, destruction or damage.

The Data Protection Manager (DPM) is responsible for overseeing this policy. Any questions about the operation of this policy should be submitted to the DPM.

Location of Business Records

Our business records are mainly stored within our CRM/database, NAME. We may also store relevant information:

–         On our internal network in shared folders;

–         In cloud-based storage services such as OneDrive and Dropbox.

Keeping Information Up To Date

RAW RESOURCING LTD needs to ensure that our business records are kept up to date and accurate. Our employees are trained to update Data Subjects’ records whenever appropriate to ensure that (i) the data is up to date and (ii) all relevant employees are able to access and use such data for legitimate business purposes.

General Principles on Retention & Erasure

RAW RESOURCING LTD’s approach to retaining business records is to ensure that it complies with the data protection principles referred to in this policy and, in particular, to ensure that:

  • Business records are regularly reviewed      to ensure that they remain adequate, relevant and limited to what is      necessary to be used for the purpose for which they were recorded.
  • Business records are kept secure and are      protected against unauthorised or unlawful processing and against      accidental loss, destruction or damage.
  • When records are destroyed, whether held      as paper records or in electronic format, RAW RESOURCING LTD . will ensure      that they are safely and permanently erased.

Standard Retention & Erasure of Business Records

  1. RAW RESOURCING LTD’s standard data      retention period is twoyears from the last date on which RAW RESOURCING      LTD . was in actual contact with the relevant Data Subject. If more than      twoyears have elapsed since the RAW RESOURCING LTD was last in contact      with the Data Subject (Expiry Date), RAW RESOURCING LTD’s process      is to delete the personal data relating to such Data Subject, subject to      paragraph 2 below.
  2. If the Data Subject is a Candidate who RAW      RESOURCING LTD has placed in a permanent or temporary role with a Client, RAW      RESOURCING LTD will usually retain the Candidate’s personal data for a      period of seven years from the date on which the Candidate was placed with      the Client (Legal Retention Period). The reasons for the Legal Retention      Period are:
  3. That the usual contract limitation period      is six years and RAW RESOURCING LTD could be required to defend itself      against a breach of contract claim at any time during the limitation      period. Certain personal data may be subject to an extended limitation      period of up to twelve years in total where the relevant agreement has      been executed as a Deed.
  4. It is a common provision in Client      agreements that RAW RESOURCING LTD must for a period of not less than six      years retain complete records of the recruitment activities which were      carried out in the course of performing the contract; and
  5. Where RAW RESOURCING LTD has placed the      Candidate in a temporary role, RAW RESOURCING LTD is required by HMRC to      retain a full audit trail of payments and receipts in respect of such      temporary supply for the remainder of the relevant financial year plus a      further six years i.e. up to seven years in total.
  6. Where the Expiry Date has passed but RAW      RESOURCING LTD is required to keep relevant data for the Legal Retention      Period:
  7. Any personal data which is not needed for      audit or legal defence purposes should be removed from the Data Subject’s      record. This includes personal data which is (i) irrelevant and/or (ii)      particularly confidential in nature.
  8. The Data Subject’s data shall not be used      in the course of usual recruitment activities but shall instead be marked      as Archived/Pending Deletion for the remainder of the Legal Retention      Period.
  9. Contact between the Data Subject and RAW      RESOURCING LTD may be re-established. In such event, the Data Subject’s      record may be marked as Active once again but any irrelevant and/or      expired data should still be removed from the business record to ensure      that it remains up to date and relevant.
  10. In some instances, a Data Subject’s      record will not pass the Expiry Date because RAW RESOURCING LTD stays in      regular contact with such Data Subject. Although the record itself shall      not expire under these circumstances, RAW RESOURCING LTD shall take active      steps to ensure that the personal data within the Business Record remains      relevant and necessary for the purpose for which it was obtained. RAW      RESOURCING LTD shall delete any documents, notes and other types of      personal data which are no longer required.

Erasure/Right To Be Forgotten Requests

A Data Subject may submit a request for erasure of their details from time to time (Erasure Request) i.e. the right to be forgotten.

Upon receipt of an Erasure Request, RAW RESOURCING LTD shall first verify the identity of the Data Subject and then establish whether the Data Subject wishes (1) to be entirely deleted from RAW RESOURCING LTD’s business records or (2) to remain within the RAW RESOURCING LTD’s business records but marked as Non-Active or Do Not Contact.

(1) Erasure. If the Data Subject wishes to have their personal data erased:

  1. RAW RESOURCING LTD shall process such      request in accordance with the Data Subject’s instructions but RAW      RESOURCING LTD shall advise the Business Record that they may have no      record of the Erasure Request and may therefore contact the Data Subject      again upon subsequent receipt of the Data Subject’s details from a third      party source e.g. a job board, CV search or LinkedIn.
  2. RAW RESOURCING LTD shall ensure that any      (i) joint Data Controller or (ii) third party which is processing relevant      Data Subject’s data on behalf of RAW RESOURCING LTD is informed that Data      Subject has made an Erasure Request and takes appropriate steps to comply      with such Erasure Request.
  3. RAW RESOURCING LTD shall within one month      of receiving the Erasure Request, confirm the outcome of such Erasure      Request. Where RAW RESOURCING LTD . has a legal right or duty to retain      certain data for the Legal Retention Period set out above, RAW RESOURCING      LTD shall confirm to the Data Subject in writing the steps which it has      taken in respect of the Erasure Request and the extent to which any data      has been retained.
  4. If the request is manifestly unfounded or      excessive, for example, because of its repetitive character, RAW      RESOURCING LTD may charge a reasonable fee, taking into account the      administrative costs of erasure, or refuse to act on the request.
  5. If RAW RESOURCING LTD is not going to      respond to the request, RAW RESOURCING LTD  shall inform the Data Subject of the      reasons for not taking action and of the possibility of lodging a      complaint with the ICO.

(2) Do Not Contact. If the Data Subject wishes to have their record marked as Do Not Contact:

  1. RAW RESOURCING LTD shall establish      whether the Do Not Contact request is for a limited or indefinite period. RAW      RESOURCING LTD shall record the Data Subject’s decision in the relevant      business record.
  2. Once marked as Do Not Contact, the Data      Subject’s record shall then be subject to RAW RESOURCING LTD’s standard      data retention procedures and may be deleted after two years or more of      inactivity, subject to any legal right or duty upon RAW RESOURCING LTD to      retain the data for the Legal Retention Period.

User should find and replace all instances of Company with the actual business name.

Or as appropriate. This should mirror the Job Title specified in the Internal Privacy Notice

These are typical examples. Business should consider where and how data is stored as part of the usual GDPR data mapping process.

This is relatively uncommon but the business should be aware of this and potentially retain any relevant data for this longer limitation period where applicable.

Unless it is possible for data to be stored away from the main database in a secure manner e.g. in an encrypted data backup. In that event, it may be possible to delete from the CRM, provided that this does not corrupt any other records which are dependent upon the Data Subject’s data record.

Or as appropriate, depending on the terminology used

Or as appropriate, depending on the business terminology

Subject to any technical process which the Agency may have to prevent this happening.

In most circumstances, there will not be a joint data controller. The Data Subject would need to make the erasure request to each independent Data Controller separately. i.e. the agency does not have the power to instruct clients/MSPs to delete the data unless they are processing on behalf of the agency. Usually, any such third party will be a controller in their own right.

WHAT ARE COOKIES?

Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device. What are cookies used for?

Cookies allow a site or services to know if your computer or device has visited that site or service before. Cookies can then be used to help understand how the site or service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.

WHAT TYPES OF COOKIES DOES RAW RESOURCING USE?

There are generally four categories of cookies: “Strictly Necessary,” “Performance,” “Functionality,” and “Targeting.” RAW RESOURCING routinely uses all four categories of cookies on the Service. You can find out more about each cookie category below.

  1. Strictly Necessary Cookies. These cookies      are essential, as they enable you to move around the Service and use its      features, such as accessing logged in or secure areas.
  2. Performance Cookies. These cookies      collect information about how you have used the Service, for example,      information related to the unique username you have provided, so that less      strain is placed on our backend infrastructure. These cookies may also be used      to allow us to know that you have logged in so that we can serve you      fresher content than a user who has never logged in. We also use cookies      to track aggregate Service usage and experiment with new features and      changes on the Service. The information collected is used to improve how      the Service works.
  3. Functionality Cookies. These cookies      allow us to remember how you’re logged in, whether you chose to no longer      see advertisements, whether you made an edit to an article on the Service      while logged out, when you logged in or out, the state or history of Service      tools you’ve used. These cookies also allow us to tailor the Service to      provide enhanced features and content for you and to remember how you’ve      customized the Service in other ways, such as customizing the toolbars we      offer in the right column of every page. The information these cookies      collect may be anonymous, and they are not used to track your browsing      activity on other sites or services.
  4. Targeting Cookies. RAW RESOURCING, our      advertising partners or other third party partners may

Copyright © 2025 RAW Resourcing - All Rights Reserved.

Powered by

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept