GDPR Mission Statement:
Flowers and it’s employees will operate with full transparency and commitment to GDPR compliance. Essentially, operating within the frameworks laid out in this document to fulfil it’s purpose.
That purpose being: To be absolutely clear to all who engage with us regarding what data we hold, why we hold data, how long we hold data for and what we will do with that data.
Appointed DPO: Niki Weston
What Data We Hold:
We will hold some or all of the below data upon an agreement to engage.
- Prospect & Client data: Telephone number, email address, journal notes, vacancy history
- CV’s
- Identification: Passport, Payslips, Proof of Address, Driving License
- Personal Information: Address, Telephone number(s), email address, date of birth, social media profiles. Employment history & Vacancy history including CV submissions and interview data
- Registration documentation Approved reference documentation Proof of qualification (copies or as advised by the appropriate governing body)
- Payroll and Bank Account data
Why We Hold Your Data & How We Will Use It:
Employer data will be held for the purpose of prospecting or historical referencing if the employer is a current or past client. Candidate data will be held for the purpose it was intended, which is to assist the person in finding employment either on a temporary or permanent basis. The data would have been obtained either by us finding you or you finding us. Upon permission being granted to share data with a specific employer, Flowers will share that data with only those employers specified. Flowers will disclaim that those employers in receipt will themselves be GDPR compliant and delete the data once it’s purpose has been fulfilled. Candidate data will not be shared on a speculative basis without consent nor will it be shared with third party outsourced organisations. Once the candidate has found employment, Flowers will continue to hold the person’s data for a period of 12 months from the date of registration. Flowers will continue to market job opportunities to our database of candidate data.
How Long We Will Hold Your Data:
Flowers will hold employer (prospect and client) data indefinitely with clear opportunity for all contacts to have a route of communication to make a “Forget Me” request. This can be done through contacting [email protected].
Flowers will hold candidate data for a period of 12 months. During this period, all candidates have the right to request access to, removal from our database, porting to another database or rectifying of their data we hold. This can be done through contacting [email protected].
Candidates who reach 12 months will not automatically be forgotten, however, Flowers will be in touch at that point to ask the question. “Do you want to remain on our database for another 12 months?” This process will be repeated accordingly until you say stop.
If Flowers does not hear from a candidate either way, that candidate will be deemed forgotten and all data will be erased
Where We Hold Your Data:
We store data utilising a GDPR compliant and secure CRM & Candidate Management system called “Recruit So Simple”. Flowers’ policy is to have all relevant and appropriate data to recruitment activities stored within Recruit So Simple.
Additional software we use includes “BrightPay Payroll Software”, Digital Banking with RBS and Email/MSOffice tools within Office365 software.
We will comply with legal HMRC and payroll regulations where specific payroll information and historical data will be retained within Brightpay.
All bank account details will be removed from both our digital banking systems upon the completion of an assignment. Our employees will not share your data through utilising the email platform within Recruit So Simple. Any other email software is forbidden.
Any Application Emails, Downloaded CV’s and any other pieces of Candidate Data stored within Office365 shall be audited and deleted by the DPO on the 1st day of every month Our employee’s will not store data on their mobile phones including telephone numbers and photographed items of personal documentation
Data Breaches
Flowers Registration reference: Z1497369
We treat a data breach as a serious matter and shall conduct a full internal investigation where a data breach has occurred. Any form of data breach shall be addressed by the Flowers DPO, notifying the Information Commissioners Office within 72 hours.