What personal information do we collect?
Candidates
In addition to the personal information required for employment purposes, we may gather some or all of the following information. Note that this list is not exhaustive:
- Name;
- Age/date of birth;
- Sex/gender;
- Photograph;
- Marital status;
- Contact details;
- Education details;
- Employment history;
- Emergency contacts and details of any dependents;
- Referee details;
- Immigration status;
- Nationality/citizenship/place of birth;
- A copy of your driving licence and/or passport/identity card;
- Financial information (where we need to carry out financial background checks);
- Social security number (or equivalent in your country) and any other tax-related information;
- Diversity information including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability-related information;
- Details of any criminal convictions if this is required for a role that you are interested in applying for;
- Details about your current remuneration, pensions and benefits arrangements;
- Information on your interests and needs regarding future employment, both collected directly and inferred, for example from jobs viewed or articles read on our website;
- Extra information that you choose to tell us;
- Extra information that your referees choose to tell us about you;
- Extra information that our Clients may tell us about you, or that we find from other third-party sources such as job sites;
- IP address;
- Telephone call recordings;
- The dates, times and frequency with which you access our services; and
- CCTV footage if you attend our premises.
Client Data
Our collection of Client data is minimal, generally limited to contact details and individual contact information within your organization (names, phone numbers, email addresses). We also track your engagement with Candidate profiles and our publications to ensure relevant and timely marketing communications. Additional information may be collected from your organization. Calls with our Finance and Debt Recovery teams may be recorded, subject to local laws. If more personal data is required, we will notify you.
Supplier Data
We collect minimal data from Suppliers, mainly to ensure smooth transactions. This includes contact details within your organization (names, phone numbers, email addresses) and bank details for payments. Additional information may be collected as provided by your organization. Calls with our Finance and Debt Recovery teams may be recorded, subject to local laws.
Website Users
We collect limited data from Website Users to enhance your online experience and manage our services. This includes usage patterns, browser type, location, language preferences, and peak website traffic times. If you contact us via the website, such as through a chat function, we collect the information you provide (e.g., name and contact details).
How Do We Collect Your Personal Data?
Candidate Data
Personal Data You Provide To offer our services effectively, HeartStone Care Ltd requires certain information. Sharing your information can be done in various ways, depending on your preference:
- Entering details on HeartStone Care Ltd websites or application forms during registration.
- Providing a hard copy CV at recruitment events, job fairs, or our offices.
- Emailing your CV to a HeartStone Care Ltd consultant or during an interview.
- Applying for jobs through job aggregators or boards that redirect to our website.
- Submitting details on a HeartStone Care Ltd microsite.
- Participating in competitions via social media platforms like Facebook or Twitter.
Personal Data from Other Sources We also acquire Candidate data from other sources, subject to local laws and circumstances. These may include:
- Information from your referees.
- Personal data shared by our Clients.
- Data from third-party sources like LinkedIn and job sites.
- Information from your interactions on our social media pages.
- Data shared by managed service providers or other agencies.
Automatically Collected Personal Data We may automatically collect data when you access our website or interact with our emails, in accordance with local laws and regulations.
Client Data
Personal Data You Provide To ensure you receive the best staff for your organization, we collect data directly from you:
- When you proactively contact us (via phone or email).
- When we contact you through our consultants’ business development activities.
Personal Data from Other Sources We may seek additional information about you or your colleagues through:
- Third-party market research and media analysis.
- Delegate lists from relevant events.
- Other limited sources and third parties (e.g., from our Candidates who list you as a referee).
Website Users
When you visit our website, we may automatically collect information, such as your IP address, access times and frequency, and browsing patterns. We also gather data when you contact us via the website, such as through the chat function.
Cookies are used to collect data in line with your browser settings. If you are also a Candidate or Client, we may use website data to enhance our communications and services to you.
Client Data
In delivering our services, we require and utilise information about clients or individuals within client organisations.
Supplier Data
We gather contact details for relevant individuals within supplier organisations to facilitate communication. Specific processing details are available in our contractual clauses.
3rd Party Data
We also collect data pertaining to third parties, including emergency contacts and referees. For more detail on the types of personal data we collect, please click here.
Depending on the type of personal data and its processing grounds, failure to provide certain data may impact our ability to fulfil contractual obligations or, in extreme cases, continue providing services. For legal bases underpinning our data use and processing, please refer here.
How Do We Use Your Personal Information?
Having obtained data about you, we use it in the following ways:
Candidate Data
Recruitment Our primary business focus is recruitment, matching the right Candidates with the right jobs. Here are various ways we may use and process your personal data for this purpose, in accordance with local laws and requirements. This list is not exhaustive:
- Collecting your data from you and other sources, such as social media or job sites.
- Storing your details (and updating them when necessary) in our databases, so that we can contact you regarding recruitment opportunities.
- Providing you with our recruitment services and facilitating the recruitment process.
- Comparing your data against vacancies that we believe may be suitable for you.
- Sending your information to Clients to apply for jobs or assess your job eligibility.
- Enabling you to submit your CV, apply online for jobs, or subscribe to job alerts.
- Allowing you to participate in specialist online training.
- Allowing you to engage with interactive features of our services, as you choose.
- Fulfilling our obligations under contracts between us.
- Fulfilling our obligations under contracts between HeartStone Care Ltd or its subsidiaries and third parties in relation to your recruitment.
- Managing our payroll and invoicing processes.
- Conducting customer satisfaction surveys.
- Verifying details you have provided, such as references, qualifications, and any necessary criminal convictions.
- Complying with legal obligations related to crime detection, tax collection, or duties.
Marketing We may periodically send you information we believe may interest you or ask for your assistance in connecting other Candidates with jobs. We may use your data for the following purposes, in accordance with local laws and requirements. This list is not exhaustive:
- Developing and marketing other products and services.
- Marketing our full range of recruitment services (permanent, temporary, contract) to you.
- Sending you details of reports, promotions, offers, networking and client events, and industry sector information that we think might interest you.
- Providing you with information about discounts and offers you are eligible for due to your relationship with HeartStone Care Ltd.
Our marketing is aimed at serving our Clients and Candidates best, though we understand we may not always get it right for everyone. We may use your data to show you HeartStone Care Ltd adverts and other content on external websites, such as Facebook. If you do not want us to use your data in this way, please disable the “Advertising Cookies” option (refer to our Cookies Policy). Even with advertising cookies turned off, you might still see HeartStone Care Ltd adverts, but they won’t be targeted at you personally, just an anonymous audience.
To Establish, Exercise, or Defend Legal Claims In some situations, we may use your personal data to help us establish, exercise, or defend legal claims.
Client Data
Recruitment We use Client information primarily for recruitment purposes. This includes:
- Storing your details (and updating them when necessary) in our databases, allowing us to contact you about recruitment activities.
- Keeping records of our conversations and meetings to tailor our services to your needs.
- Conducting customer satisfaction surveys.
- Processing your data to target appropriate marketing campaigns.
We may use your personal data for these purposes if we consider it necessary for our legitimate interests.
Marketing We may periodically send you information we think might interest you or seek your help in connecting other Candidates with jobs. We may use your data for the following purposes, in line with local laws and requirements. This list is not exhaustive:
- Developing and marketing other products and services.
- Marketing our full range of recruitment services (permanent, temporary, contract) to you.
- Sending you details of reports, promotions, offers, networking and client events, and industry sector information we believe may interest you.
- Providing information about discounts and offers you qualify for due to your relationship with HeartStone Care Ltd.
If you prefer not to receive marketing materials from us, you can opt out. More information on how to do so is available [here].
To Establish, Exercise, or Defend Legal Claims In certain situations, we may use your personal data to establish, exercise, or defend legal claims.
Supplier Data
We use Supplier data in the following ways:
- Storing (and updating when necessary) your details in our database to contact you about our agreements.
- Offering services to you or obtaining support and services from you.
- Fulfilling certain legal obligations.
- Targeting appropriate marketing campaigns.
- In rare circumstances, using your data to establish, exercise, or defend legal claims.
People Whose Data We Receive from Candidates and Staff
- If our Candidates or Staff list you as an emergency contact, we will contact you in case of an accident or emergency involving them.
- If you are listed as a referee by a Candidate or prospective Staff member, we will contact you to obtain a reference. This is crucial for our Candidate quality assurance process and can affect their job prospects.
- If you are listed as a referee, we may occasionally contact you regarding recruitment activities that may interest you, using your data for similar purposes as Client data.
Website Users
We use your data to enhance your experience on our website, such as by analyzing your recent job search criteria to present relevant jobs or Candidates.
Who Do We Share Your Personal Data With?
We may share your personal data in various ways and for various reasons with the following categories of people:
- Any of our group companies.
- Individuals and organizations holding information related to your reference or job application, such as current, past, or prospective employers, educators, examining bodies, and employment agencies.
- Tax, audit, or other authorities when required by law or regulation (e.g., in response to a tax authority request or anticipated litigation).
- Third-party service providers performing functions on our behalf (including external consultants, business associates, professional advisers such as lawyers, auditors, accountants, technical support functions, and IT consultants).
- Third-party IT and document storage providers with whom we have appropriate processing agreements or similar protections.
- Marketing technology platforms and suppliers.
- For Candidates: potential employers and other recruitment agencies to increase job-finding opportunities.
- For Candidates: third-party partners, job boards, and job aggregators to improve job-matching prospects.
- For Candidates: MSP suppliers as part of our clients’ MSP programs.
- For Candidates and prospective Staff referees: third parties retained to provide services such as reference, qualification, and criminal conviction checks, as appropriate and in line with local laws.
- If HeartStone Care Ltd merges with or is acquired by another business, we may share your personal data with the new (or prospective) owners.
How Do We Protect Your Personal Data?
We are committed to taking all reasonable and appropriate steps to protect the personal information we hold from misuse, loss, or unauthorized access. This includes implementing a range of technical and organizational measures, as well as procedures to handle any suspected data breaches.
How Long Do We Keep Your Data?
We will delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you work for or with) for two years, unless we believe in good faith that the law or relevant regulators require us to retain it for a longer period. After this period, your data is likely to be no longer relevant for the purposes it was collected.
For Candidates whose services are provided via a third party company or entity, “meaningful contact” refers to meaningful contact with the company or entity supplying your services. If notified by such company or entity that it no longer has a relationship with you, we will retain your data for no more than two years from that point or, if later, two years from the point we subsequently have meaningful contact directly with you.
“Meaningful contact” includes communication between us (electronic, verbal, or written) or active engagement with our online services. For Candidates, meaningful contact occurs if you submit an updated CV on our website, participate in online training, communicate with us about potential roles, or click through from our marketing communications. Simply receiving, opening, or reading an email or other digital message from us does not constitute meaningful contact unless you click-through or reply directly.
We will retain your personal data only as long as necessary for the purpose we collected it. Different laws may require us to keep different data for varying periods. For example:
- The Conduct of Employment Agencies and Employment Businesses Regulations 2003 requires us to keep work-seeker records for at least one year from (a) the date of their creation or (b) the date we last provide you with work-finding services.
- We must keep payroll records, holiday pay, sick pay, and pensions auto-enrolment records for as long as legally required by HMRC and associated national minimum wage, social security, and tax legislation.
Where we have obtained your consent to process your personal data, we will do so in line with our retention policy. Upon expiry of that period, we will seek further consent from you. If consent is not granted, we will cease to process your data, provided it is not in conflict with local laws and regulations.
How Can You Access, Amend, or Take Back Your Personal Data?
Under the Data Protection Act 2018, you have several rights regarding your personal data, which are designed to protect and clarify your privacy rights. We are committed to facilitating the exercise of these rights in a timely and transparent manner. Below are details of your rights and how you can exercise them:
Your Rights:
Right to Object: You have the right to object to the processing of your personal data under specific circumstances, such as processing based on legitimate interests or direct marketing. We will cease processing your data unless we have compelling legitimate grounds for continued processing that override your interests, or unless processing is necessary for legal claims.
Right to Withdraw Consent: If we process your personal data based on your consent (e.g., for marketing purposes), you may withdraw your consent at any time. We will stop the relevant processing activity upon withdrawal, unless another lawful basis exists for continued processing.
Right to Access: You can request confirmation of the personal data we hold about you at any time. This includes the right to request modifications, updates, or deletions (subject access request). We may ask you to verify your identity and provide further details about your request. Access to your information is generally provided free of charge, though a reasonable administrative fee may apply for repeated requests or where permitted by law. We will explain any refusal to comply with your request.
Under the Data Protection Act 2018, Subject Access Requests will be processed within one calendar month, unless the request is complex or multiple requests are received.
Right to Erasure: You have the right to request the erasure of your personal data under specific circumstances, such as when the data is no longer necessary or if you withdraw consent and no other legal basis for processing exists. We may refuse erasure in certain situations, such as exercising freedom of expression or complying with legal obligations.
Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain situations, such as disputing its accuracy or objecting to processing based on legitimate interests. Processing will be limited until the issue is resolved, you provide consent, or processing is necessary for legal claims or public interests.
Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data we hold about you. We will notify third parties with whom we have shared your data about the rectification, unless this is impractical or requires disproportionate effort.
Right of Data Portability: You have the right to receive your personal data in a commonly used machine-readable format and to transfer it to another data controller, where technically feasible. This applies to data processed automatically or based on your consent or contract fulfillment.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority regarding our processing of your personal data.
How Do We Store and Transfer Data Internationally?
To deliver our services effectively and as outlined in this Privacy Notice, we may transfer your data:
- Between and within Your World Recruitment Group Limited entities.
- To third parties, including advisors or other suppliers to Your World Recruitment Group Limited.
- To overseas clients or clients within your country who may transfer your data internationally.
- To cloud-based storage providers.
We ensure that any international data transfers comply with data protection legislation. This includes implementing adequate safeguards such as:
- Standard contractual clauses approved by the European Commission.
- Adherence to the EU-U.S. Privacy Shield Framework (for transfers to the United States) or equivalent frameworks for other jurisdictions.
- Transfers to countries with European Commission adequacy decisions regarding data protection levels.
- Transfers necessary for contract performance or concluded in your interest under a contract.
- Transfers based on your explicit consent.
To protect your personal information adequately, we have established procedures with third parties to ensure they treat your data consistently and lawfully.
For any inquiries regarding your personal data or to exercise your rights, including withdrawing consent, please contact us using the details provided in our Privacy Policy or on our website. We maintain records of communications to facilitate issue resolution and ensure compliance with your requests.
Ensuring the accuracy and currency of your personal information is crucial. Please inform us promptly of any changes during our data retention period.
Cookies Policy
What’s a Cookie?
A “cookie” is a small piece of data stored on your computer’s hard drive that records your interactions with a website. Cookies allow websites to recognize your device and tailor your experience based on your preferences and activities. They can also be used for traffic analysis, advertising, and marketing purposes.
Cookies are commonly used by websites and pose no harm to your computer system. You can manage your cookie preferences through your browser settings.
How Do We Use Cookies?
We use cookies for the following purposes:
- Tracking Usage: Cookies help us understand how visitors use our website, allowing us to analyze patterns and improve our services based on user preferences.
- Job Advertising: Cookies enable us to display job advertisements that are likely to be of interest to you, reducing the time spent searching for relevant opportunities and facilitating quicker access to desired employment.
Types of Cookies:
Session Cookies: These cookies are temporary and are deleted from your device when you close your web browser. They typically store an anonymous session ID, enabling you to navigate websites without needing to log in repeatedly. Session cookies do not collect information from your computer.
Persistent Cookies: These cookies remain on your computer after you close your web browser and can be read by the website that placed them during subsequent visits. We use persistent cookies for services like Google Analytics and for personalization purposes.
Categories of Cookies:
- Strictly Necessary Cookies: Essential for the basic functionality of our website, such as facilitating job applications. These cookies cannot be turned off without compromising the website’s performance.
- Performance Cookies: These cookies help us monitor and enhance the performance of our website. They provide insights into site visits, traffic sources, and popular content areas.
- Functionality Cookies: Functionality cookies allow our website to remember choices you make, such as language preferences or user-specific settings. They enhance your experience by providing personalized features and services.
- Personalization Cookies: Persistent cookies that personalize your experience by displaying job advertisements tailored to your previous browsing history. These cookies remain active as long as you are registered with us.
Managing Your Cookie Preferences:
You can manage your cookie preferences through your browser settings. Please note that disabling certain types of cookies may affect your experience on our website, particularly regarding functionality that relies on cookies.
For more information on how we handle your personal data, including cookies, please refer to our Privacy Policy.
Contact Us:
If you have any questions or concerns about our use of cookies or your personal data, please contact us. We are committed to addressing your inquiries promptly and ensuring transparency in our data practices.
Legal Basis for Processing Your Data
Legitimate Interest
Under Article 6(1)(f) of the Data Protection Act 2018, Your World Recruitment Group Limited processes your personal data when it is necessary for the legitimate interests pursued by us or by a third party. This legal basis applies unless these interests are overridden by your interests, fundamental rights, or freedoms that require the protection of personal data.
Key Points:
- We process your data based on our legitimate interests, such as providing recruitment services, maintaining client relationships, and improving our services.
- Your rights are respected, and we balance our interests with your privacy rights and freedoms.
Consent
In certain circumstances, we require your consent to process your personal data for specific activities. According to Article 4(11) of the Data Protection Act 2018, consent must be:
- Freely given, without coercion or pressure from us.
- Informed and specific, ensuring you understand what you are consenting to.
- Unambiguous, requiring a clear affirmative action from you to signify agreement.
- You have control over which processing activities you consent to, and you can withdraw consent at any time.
Details:
- We maintain records of the consents you provide, ensuring transparency and accountability.
- Depending on the activity, we may use opt-in consent or soft opt-in consent under the Privacy and Electronic Communications Regulations (PECR) for marketing related to our recruitment services.
Establishing, Exercising, or Defending Legal Claims
Under Article 9(2)(f) of the Data Protection Act 2018, we may process personal data, including sensitive personal data where necessary, for the establishment, exercise, or defense of legal claims. This includes situations where legal advice is sought or where disclosure is required by law.
Usage:
- We process data to protect our legal rights and fulfill legal obligations.
- This may involve handling sensitive personal data in compliance with applicable laws and regulations.
Additional Information
For more details regarding your data rights, including withdrawing consent or exercising other rights under data protection laws, please contact us. We are committed to handling your requests promptly and transparently.