GDPR Candidate Agreement
Trustify Ltd takes data protection and privacy very seriously. We recognise that new General Data Protection Regulations (GDPR) become effective from 25th May 2018 and have been running a programme of work for some time to ensure we are able to comply with these changes. The following summarises our position.
Trustify Ltd is a UK limited company whose commercial offices are at One Lochrin Square, Edinburgh, EH3 9QA and whose registered office is at 5 Royal Exchange Square, Glasgow G1 3AH.
Trustify specialises in PKI Consulting and Crypto Service Delivery for large Enterprise organisations with evolving IT/OT requirements. Trustify’s Managed Security Services solve the problem of delivering End-2-End Encryption to complex Enterprise and IoT use cases, simply and cost-effectively. Trustify Professional Services provides global expertise in cyber security consulting and skilled resource for transformational programme delivery. We work with Global leaders in DX Consulting and Systems Integration to secure their customers’ infrastructure and protect their digital services. Our customers include some of the largest companies and public sector/government departments globally. We also offer leading Cyber Risk Management solutions to SMEs, enabling organisations of any size, anywhere, to Secure Everything. Always.
This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC) The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Your new rights under the GDPR are set out in this notice.
To carry out our core recruitment activities, we collect information about you which may include: your name, address and post code; private and corporate e-mail address and phone number; financial information and compliance documentation; references verifying your qualifications and experience and your right to work in the United Kingdom; curriculum vitae and photograph; employment details and preferences; links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, Facebook for Business or corporate website.
Where appropriate, and in accordance with local laws and requirements, we may also collect information related to diversity, security clearance status or details of any criminal convictions.
How we collect this information
The information we collect about you will be provided by you, either by uploading your personal details onto our online candidate portal or by corresponding with us by phone, e-mail or otherwise. It will also include information you provide when you register to use our website, subscribe to our services, attend our events, participate in discussion boards or other social media functions on our website, enter a competition, promotion or survey, and when you report a problem with our site.
We may also obtain information about you from other sources such as LinkedIn, corporate websites, job board websites, online CV libraries, your business card, personal recommendations, and any relevant social media sites. In this case – and within 30 days of collecting – we will inform you that we hold this personal data, the source the data originated from, whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.
Our legal basis for processing data
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contractual provisions if there is a legal document between the parties.
We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligations.
We will, in some circumstances, rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce you to a third party.
At Trustify, we take your privacy seriously and will only use your personal information for administration purposes and to provide our recruitment services. The information we have collected is used to provide our services to you in our capacity as an employment business or recruitment agency to find you suitable work whether on a temporary or permanent basis based on your requirements.
We think it’s reasonable to expect that, if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you recognise that it is fair to collect that public information and otherwise use your personal data to provide our recruitment services, use that to approach you as a recruiter, to share that information with prospective employers and assess your skills against our live vacancies. During the job or contract offer process, the potential third party employer may also want to confirm your references, qualifications and criminal record which we will ensure is in accordance with the laws and regulations.
We therefore think it’s reasonable for us to process your data and to contact you in order to propose relevant roles or available opportunities.
We may also need to use your data for our internal administrative activities.
Where we store your personal data
All information stored on our recruitment software is secured through the Microsoft Azure Infrastructure and located at two data centres locations within Europe. Our primary centre is located in Microsoft’s Western European centre, and these facilities are secured by a series of measures, including (but not limited to) biometric access, security alarm systems and round-the-clock security staff. Additional security information on Microsoft’s data centres can be found here.
How long we keep your data for
The length of time we will hold or store your personal information for will depend on the services we perform for you and for how long you require these. As we often support candidates with placements over an extended period the purpose for which we retain data is often an ongoing purpose. We conduct regular data-cleansing and updating exercises with our candidates to ensure that (i) the data that we hold is accurate, (ii) we are not holding data for too long and (iii) the data remains relevant for the purposes for which it was collected.
We will consider there to be meaningful contact with you if you submit your updated CV onto our website, apply for jobs or we receive an updated CV from a job board. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication or engage with any of our marketing communications.
Under new data protection regulations (GDPR), we are required to keep the data we hold accurate and, where necessary, up to date. As such, we will make an effort to regularly communicate with you to ensure your data is up to date and accurate.
We endeavour to permanently erase your personal data on expiration of the retention period or where we receive a valid request from you to do so.
For a list of all data categories and retention periods, please contact the Data Protection Officer at firstname.lastname@example.org
The GDPR provides you with the following rights:
- The right to be informed about the personal data we process on you
- The right of access to the personal data we process on you
- The right to rectification of your personal data
- The right to erasure of your personal data in certain circumstances
- The right to restrict processing of your personal data
- The right to data portability in certain circumstances
- The right to object to the processing of your personal data
- The right not to be subjected to automated decision-making and profiling.
Therefore, we encourage you to log in to your profile through our website to ensure your data is accurate, complete and up to date at all times.
Changes to our privacy notice
Any changes we make to our privacy notice in future will be posted on this page and, where appropriate, you will be notified by e-mail. Please check back frequently to view any updates or changes to our privacy notice or for any further information please email email@example.com