Data

Barron Williams Limited is a recruitment business which provides work-finding services to its clients and work-seekers. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.

“Candidates” may give personal details to the Company directly, such as on an application or registration form or via our website, or we may collect them from another source such as a jobs board. The Company must have a legal basis for processing your personal data for the purposes of providing you with work-finding services and/or information relating to roles relevant to you.

“Clients” may give personal details to the Company directly, such as via email, or we may collect them from another source such as client websites or social media profiles. The Company must have a legal basis for processing your personal data for the purposes of providing you with relevant services.

Business “Contacts” may give personal details to the Company directly, such as via email, or we may collect them from another source such as client websites or social media profiles. The Company must have a legal basis for processing your personal data for the purposes of providing you with (or the Company being provided with) relevant services or developing future business relationships.

The Company will retain personal “Candidate” data for up to three years, “Contact” and “Client” for up to six years.

The Company will keep written records of the processing activities of the Company and will include the following information:

• The name and contact details of the data controller and any joint controllers;
• The purposes of the processing;
• A description of the categories of the data subjects and of the categories of the personal data;
• The categories of recipients to whom personal data have or will be disclosed to, including to those internationally;
• Any transfers of personal data internationally, including the identification of the third country or international organisation to which the data is transferred;
• Information required for privacy notices;
• Records of consent;
• The location and security of personal data;
• Data Protection Impact Assessment reports;
• Records of personal data breaches;
• Information required for processing sensitive personal data or criminal convictions/offences data.

The Company will make these records available to the ICO as reasonably required.