Benson Clarke Ltd is, and always has been, fully committed to ensuring that it’s use of personal data is lawful, for a specific purpose and fully-compliant with Data Protection Regulation.
This policy has been updated on 24th October 2018 and will be further updated in line with any changes to current Data Protection Regulation, specifically the General Data Protection Regulation (“GDPR”). Individuals should check this page regularly to ensure satisfaction with it’s content and to familiarise themselves with any update.
Who we are:
Benson Clarke Ltd is an independent Recruitment Consultancy, placing individuals into permanent roles within the Property, Construction, Engineering and Legal sectors within the UK. To perform this role, we need to obtain certain personal data in order to match to appropriate career opportunities and to assess for suitability for the same, and to present individuals to clients in application for jobs.
What personal data do we collect:
The primary source of personal data we collect are Curriculum Vitaes (“CV’s”) from candidates whom we are assisting with career opportunities or professional advice. CV’s contain personal data including (but not limited to) name, job titles, employers, salaries, contact details (telephone numbers, Email, social), addresses and other information related to career history, academic and professional training and career aspirations and interests. Such personal data may additionally or alternatively be collected via written communication (via Email, social media, applications (“apps”), text message, iMessage, or other relevant written communication channels) or telephone or Face to Face communication. As we operate exclusively in permanent recruitment, we would be unlikely to ever request bank details from individuals as these would be provided directly to our client (an employer) in the event of accepting a position, however on occasion we might be asked to collect such details for the client, in which case we would only ever do so verbally, destroying the data once passed to our client. As far as we are aware, our website does not use or place “cookies” and does not collect any personal data from visitors. In any event, we understand that web browsers can be set to not accept cookies, and also that functionality exists to remove existing cookies from browsers.
Why we collect personal data:
Collection of personal data allows us to identify individuals and to assess for suitability for career opportunities with our clients, as well as to communicate with the individuals during our process. It is at the individual’s discretion what information they provide us with, however the more complete and accurate this information, the better we are able to perform our duties matching to the requirements of our clients and their positions. Data is kept for no longer than is reasonably necessary to perform our duties with due care and professionalism.
How we share personal data:
We only ever use and share data in line with the requirements of our role as Recruitment Consultants, sharing only with our clients and only once the individual has provided consent to do this. The information shared would typically be CV content and notes from discussion / interview as well as information from any background check, or references if appropriate (references would never we taken without consent of the candidate). Data are kept for internal record keeping and to demonstrate a transparent “paper trail” through the recruitment process.
Please rest assured, we would never under any circumstance whatsoever sell or share your personal data with any other organisation other than clients for whom we are recruiting, or in any other way use it unlawfully.
Where we store personal data:
We are an environmentally-conscious, modern, technology-driven company and as such try to operate a paperless environment. On that basis, virtually all personal (and general business) data is securely stored and shared with clients through our cloud-hosted CRM system “Recruit so Simple”. Recruit so Simple is fully compliant with the General Data Protection Regulation. Their infrastructure is hosted by Amazon Web Services (AWS), which provides industry-leading security and has a long list of internationally recognized certifications and accreditations including: ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1 and many others. All customer data is backed up at regular intervals and stored in two alternative locations within the EU at all times, as per AWS recommended guidelines. Our own database within Recruit so Simple is secured with additional layers of security including: 2-Step Authentication, Access Control Lists and use of the in-built comprehensive Permissions System. In the unlikely event of a data breach, Recruit so Simple has strict procedures in place to report this to customers, and the ICO within 72 hours of discovery. The Recruit so Simple database is accessed via Apple iPhone, iPad, iMac and Lenovo Thinkpad T-series devices, all of which are used exclusively for business-use, and in the case of the iMac and Lenovo devices, full, up to date, state of the art virus protection and internet security software run at all times, minimising any potential digital vulnerability at any point of data access.
On those occasions where we do produce or receive printed documents containing personal data, we ensure that these exist for only as long as is necessary, ensure that any documents are locked away in storage and not left on desks when the office is closed and ensure that such documents are shredded in-house to security level Din P-3 at the earliest opportunity.
Controlling your personal data:
You retain the right to review the personal data of yours that we hold, withdraw consent to the processing of your personal data or request the deletion of your personal data at any time. Please make any such enquiries to Lee Fallon, Data Protection Officer “DPO” via Email at firstname.lastname@example.org, please use the subject line “Data Query” in any correspondence relating to data. Contact regarding any further query relating to anything within this policy can also be addressed to the DPO using the same details above.
You also have the right to make a complaint to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues at any time. The ICO’s contact details are: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 03031231113 or 01625545700, in the Welsh language on 029 2067 8400 or online at https://ico.org.uk/concerns