Last updated 22/03/2023
Who are we?
We are Sigma Recruitment Ltd, T111 Titan House, Cardiff Bay Business Centre, Cardiff, CF24 5BS. We provide recruitment services to clients/prospective clients looking to recruit personnel for their businesses.
What does this Policy cover?
What personal data do we collect and why do we use it?
The table below explains who we collect personal data about, what that personal data is and the purpose we process it for.
The last column sets out the ‘lawful basis’ we rely on for processing that personal data which is a requirement of data protection rules. Essentially, companies may only process personal data if they can identify a lawful basis from a list set out in the legislation.
|Individual||Personal Data||Source and Purpose||Lawful Basis for Processing|
|Candidates/Prospective Candidates||Name, contact details (address, email, phone numbers), CVs, identification documents, educational records, work history, employment record and references, correspondence, remuneration details and other personal data provided by you as part of the recruitment or engagement process.
We rarely process special category information such as racial, disability, trade union or health information where you have made this available to us. We ask you not to supply us with special category data.
|We collect this information directly from you during the recruitment, engagement and onboarding stages. Or from a third-party provider for example via job boards on which you have posted a CV or from LinkedIn (if you are a first-level connection of a current or previous member of our team or have messaged us expressing interest in a job or our services)
Sometimes we collect information from third parties such as an agent acting on your behalf such as an interim manager or from a third-party recommendation or a person giving a reference.
We do use some publicly available sources to find information about potential candidates, specifically LinkedIn and company websites.
See note below for details of software programs that may be used to source candidate data.
We use this data to make you aware of vacancies via email, LinkedIn/Social Media messages, SMS (mobile and landline), and phone calls (including voicemails). We could also use this data to make you aware of our wider recruitment services for example our, free career/CV review services or example candidate scheme. We use software settings to limit the times in which we contact you to sociable hours, however, there is a chance that due to matters outside our control, you could be contacted at unsociable hours, if this is a major concern then please opt-out – refer to opting out below for details.
Candidates/Prospective candidates should be aware that any information they share with us (verbally or in writing) could be potentially shared with our clients, during an application process or after the process if the candidate is placed in a job by us., in which case the information provided may be passed to their employer/our client.
Candidates/Prospective candidates should note that Sigma Recruitment is not under any obligation to store your details, and can remove them at any time at our discretion.
|The processing is necessary for our legitimate interests of assessing suitability for potential roles, to find potential candidates for clients.
Please note we do not consider job information/job alert emails, SMS or calls to be marketing under GDPR/PECR. However, you can of course still opt out of these communications at any time. Please see opting out of communications below for details on how to opt-out.
|Contact details (address, email, phone numbers) and correspondence details.||Reference contact details may be given to us by candidates as part of the recruitment process.
Other personal data about referees are given to us by you directly.
|Our legitimate interest as a business in obtaining references on candidates.|
|Individuals who contact us with general queries
|Contact details provided, correspondence, and any other data supplied.||This information is given to us by you.
It is used to respond to the query and keep a record of it. We could respond via LinkedIn/social media messages, email, SMS (to mobiles and landlines), and phone calls (including voicemails). We use software settings to limit the times in which we contact you to sociable hours, however, there is a chance that due to matters outside our control, you could be contacted at unsociable hours, if this is a major concern then please opt-out – refer to opting out below for details.
|Our legitimate interests as a business in responding to and keeping a record of correspondence.|
|Clients, prospective clients, previous clients||Name, contact details (address, email, phone numbers), job title, company name, correspondence and notes.||This information is given to us by you (email or telephone enquiry), your company or publicly available information (for example on your website), LinkedIn (if you are a first-level connection of a current or previous member of our team or have engaged with us via a message/connection request) or a third-party data provider. See the list below of software programs/data suppliers that may be used to obtain data. Note that sometimes programs are used in conjunction with each other to enrich the data.
It is used for us to fulfil contracts and engage in business discussions. and also for business development and marketing to make you aware of our recruitment services and candidates via LinkedIn/social media messages, email, SMS (mobiles and landlines), and phone calls (including voicemails). It might be that we contact you on a personal mobile if you are using this in a business capacity/or if we think you are. We use software settings to limit the times in which we contact you to sociable hours, however, there is a chance that due to matters outside our control, you could be contacted at unsociable hours, if this is a major concern then please opt-out – refer to opting out below for details.
You can opt out at any time see opting-out below.
|Our legitimate interests as a business in responding to and keeping a record of correspondence. And also for our legitimate interest of direct marketing, marketing services and/or candidates to you.
Some information is also necessary for us to perform any contract we have with you.
We class all types of clients as “corporate subscribers” for GDPR/PECR purposes unless companies are sole traders or non-limited partnerships, in which case we try to avoid data collection from third-party sources.
|Coaching clients (ie where you are a client of ours we are providing coaching services to)||Contact details, correspondence, assessments, the information provided, analysis and recommendations and opinions.
Special category information such as health, disability or ethnicity or racial information is only processed if provided by you.
|This information is given to us by you.
Occasionally we undertake feedback sessions as part of coaching which may involve the provision of information about you from other people known to or nominated by you.
We use the information to provide our coaching services to you.
|Our legitimate interests as a business in providing coaching services. Some information may also be necessary specifically for us to perform the contract.
We only process special category data with your express consent.
|Suppliers and contractors (and prospective suppliers/contractors)||Contact details (address, email, phone number), any provided data and correspondence.||This information is given to us by you or from publicly available information (for example on your website).
It is used for us to fulfil contracts and engage in business discussions.
|Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details.|
Where we have indicated in the table above that we rely on legitimate interests for the processing of personal data, we carry out a ‘balancing’ test to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing.
Where we obtain data, third-party data, and software/tools used.
Where we collect or screen candidate/prospective candidate, and client/prospective client, previous client information through sources as set out above, we may do this with the aid of software programs or third-party data suppliers such as but not exclusive to (Cognism, Zimplify, Dun & Bradstreet, Apollo, Pipl, ZenLeads Inc, ZenProspect, ZoomInfo, BoardEx, Kaspr, Pipl, Coresignal, Lusha, SignalHire, Rocket, LinkedIn, Lempire, NeverBounce, Zapier etc). These programs/suppliers are given parameters and search through available sources to find candidate/prospective candidates and client/prospective client data. These programs/suppliers are instructed to only output information that meets the search criteria. The parameters of this program/suppliers are restricted to only searching for information/data from sites where there is a reasonable expectation that such information may be collected and further processed by recruiters for the purpose of sourcing candidates/prospective candidates for job roles or making clients/prospective clients aware of candidates, recruitment services and market information, including direct marketing of recruitment services. Where any client data is collected this data is treated as a “corporate subscriber”, we attempt to exclude all data from contacts at sole traders or partnerships, unless provided to us. If you would like more information on how and where we obtained your data then please email email@example.com and quote “data source”. Clients and candidates (all types), should note that we may use email/messaging sequencing software to contact you examples of such programs are Mailerlite, Apollo, ZenProspect, ZenLeads Inc, Lempire List, Zimplify, Sendy, and any other similar tools, some of which may integrate with our CRM database.
Data cleaning and data input
We may use tools such as NeverBouce(ZoomInfo) or similar to check the validity of emails, and we may use Zapier or similar data automation tools to move data around within our systems.
Special Category Data
We strictly request that you do not supply us with any of the below data unless we specifically request it as part of our client’s recruitment/onboarding process (which you have the right to refuse):-
- personal data revealing racial or ethnic origin;
- personal data revealing political opinions;
- personal data revealing religious or philosophical beliefs;
- personal data revealing trade union membership;
- genetic data;
- biometric data (where used for identification purposes);
- data concerning health;
- data concerning a person’s sex life; and
- data concerning a person’s sexual orientation.
- details of criminal allegations, proceedings or convictions
If you choose to supply us with any of the above data you agree to indemnify Sigma Recruitment and its staff against any losses or claims arising from your supply of this data.
How long do we keep your personal data for?
We keep your information only for as long as is necessary for the relevant purpose. For example, if we have a contract with you, this will be for 6.5 years after expiry in order to assist us with any contractual claims. We use a number of criteria for determining the retention period including obligations under the law, our need to defend or bring contractual claims within the statutory limitation period and consideration of the original purpose we collected it for.
Who do we share your personal data with?
Data may be shared with the following parties:-
- Where you are a candidate/prospective candidate, we share your personal data with the client who has a position to fill in order to determine with the client whether you are a good fit for an available position;
- With professional advisors;
- In the event of a sale of the company or its assets;
- With suppliers but only subject to contractual protections;
- Other companies in our group;
What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal data necessary, we may not be able to respond to your query or consider your application or request or match you with available role opportunities or provide the relevant services to you.
Do we make automated decisions concerning you?
Automated decisions are those made without human intervention that has a legal effect on you or another similarly significant effect (for example determining whether you are eligible for a job). For candidates, we may make automated decisions about you during the assessment stage of any recruitment process. We put candidates through a structured screening process to assess whether each candidate meets the specific criteria for a particular position. These assessments may be fully automated e.g. online pre-screening tests. As these assessments may result in a candidate being deemed not suitable for a position by means of a solely automated assessment, we only undertake this activity with the candidate’s explicit consent. We also carry out personality profiling on candidates with the candidate’s consent.
Opting out of communications – you can opt-out or pause communications at any time.
- Pause – to pause messages via email or SMS, please reply “pause” to the email or SMS we’ve sent stating the number of months to pause for.
- SMS – to unsubscribe, please reply “end” or “stop” to any SMS we’ve sent you.
If you wish to opt out of one or more methods of contact but are happy to be contacted by another please email firstname.lastname@example.org with your full name, and state which methods you want to unsubscribe from, for example, please unsubscribe from SMS/text, but continue to email and call me. Or please unsubscribe from email and SMS but continue to call me.
Caution on opt-out
We may record telephone calls in and out of our organisation for training and monitoring purposes.
Do we transfer your data outside the UK and Europe?
We may sometimes transfer your personal data to countries outside the UK and European Economic Area, for example, to our group companies, or suppliers, if we are either using a supplier or working with a client based elsewhere. You can find the list of European member states by clicking on the following link: https://europa.eu/european-union/about-eu/countries/member-countries_en. The privacy laws in countries outside the UK and European Economic Area may be different from those in your home country.
At present, we transfer personal data to the following countries outside of the UK and European Economic Area: including South Africa, The Philippines, Australia, India, the USA, and Canada.
Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we always have security measures and approved model clauses or other adequate safeguards in place to protect your personal data. Please contact us if you would like more details about our safeguards for data transfers.
What rights do you have in relation to the data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country. In the UK this is the Information Commissioner.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request in some circumstances.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
|Rights||What does this mean?|
This is so you’re aware and can check that we’re using your information in accordance with data protection law.
|3. The right to rectification||You are entitled to have your information corrected if it’s inaccurate or incomplete.|
|4. The right to erasure||This is also known as the right to be forgotten and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions.|
|5. The right to restrict processing||You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.|
|6. The right to data portability||You have rights to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature but if you have any questions you can contact us.|
|7. The right to object to processing||You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on our legitimate interests for processing (e.g. if you no longer want to be contacted with potential role opportunities).|
|8. The right to lodge a complaint||You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.|
|9. The right to withdraw consent
|If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.|
How can you contact us?
If you are unhappy with how we’ve handled your information or have further questions on the processing of your personal data, or how we obtained it, please contact us via email@example.com or 02920 450 100