Itchyfeet Recruitment Agency (Itchyfeet) is a recruitment business which provides work-finding services to clients and candidates. The Company must process personal data (including sensitive personal data) so that it can provide these services and in doing so Itchyfeet acts as a data controller. Therefore complying with the current GDPR and Data Protection Laws governing Guernsey, Jersey and the Isle of Man and as applicable to each country. We understand and take our responsibility of holding your personal data very seriously, we will only collect and use your information in ways that are described within this policy. We will ensure that data held is used lawfully, fairly and in a transparent way, and collected only for valid purpose that we have clearly explained to you and not used in any way that is incompatible with those purposes, relevant to the purposes we have told you about and limited only to those purposes, accurate and kept up to date. Your data will be kept only as long as necessary for the purpose we have told you about and kept securely.
How we collect your personal data:
Itchyfeet collects the personal data using various different ways list below:
The information we collect:
Client Data: As a client of Itchyfeet, we need to collect and use information about you, or individuals at your organisation. Generally, this data is limited and we only need to have your contact details, or the details of individual contacts at your organisation (such as names, telephone numbers and email addresses) in the course of providing you services such as: (i) sourcing Candidates who are the right fit for you or your organisation; (ii) providing you with a Managed Service Provider (MSP) or assisting another organisation to do so); (iii) providing you with Recruitment Process Outsourcing (RPO) services (or assisting another organisation to do so); and/or (iv) notifying you of content published by Itchyfeet Recruitment, which is likely to be relevant.
Supplier Data: We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation, so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
Website Users: We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is the most popular.
How your personal data is collected
We collect your personal information when you contact us to ensure that we can deal with your enquiry and provide you with work related services. Your data is collected in a number of different ways, such as:
How Itchyfeet uses your personal data
We will only use your data when on a lawful basis. This will mainly be because the data is necessary for our performance of a contract with you, where we need to comply with a legal obligation, and because you have consented to our use of your personal data, or because it is in our legitimate business interest to use it. Your personal data will be used for and/or may be used for one of the following purposes:
We may also use your personal information in the following situations, which are likely to be rare:
Special Category Data is only processed in limited circumstances and with your written consent, unless you are not capable of giving consent, and where it is needed in the public interest or your best interest, for legal claims and in line with the data protection policy.
We do not need your consent to process Special Category Data as it is written in our policy, however we may request your permission and if doing so we will email / write to you and provide you with the information as to why we are requesting your consent so that you are aware.
To withdraw or opt out please email your request to: email@example.com
Who is responsible for processing your personal data?
How long do we keep your data for?
If we have not had meaningful contact with you for a period of 6 years, unless if by law we are required to store it for longer. We will either ask you to re-consent holding your data, or delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to local authorities or in connection with any anticipated litigation).
When we refer to "meaningful contact", we mean, for example, communication between us (either verbal or written), or where you are actively engaging with us and using our services. We will consider there to be meaningful contact with you if you submit your updated CV, communicate with us about potential roles, either by verbal or written communication or click through from any of our marketing communications. Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you click-through or reply directly.
How and where we store or transfer your personal data
We store or transfer your Personal Data within the European Economic Area (“EEA”) and the Channel Islands. This means that it will be fully protected under the Law.
How can you access, amend or take back the personal data that you have given us?
One of the GDPR's main objectives is to protect and clarify your rights with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these rights, please email us firstname.lastname@example.org. We will seek to deal with your request without undue delay, and in any event within 30 days (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right of access: you may ask us to confirm what information we hold about you at any time. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is "manifestly vexatious, unfounded or excessive”. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
Right to rectification: you have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
What other rights do I have?
You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following:
The data is no longer necessary for the purpose for which we originally collected and/or processed them;