Privacy Statement

Data Controller

We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Our registered address is 17 Clarendon Road, Belfast, BT1 3BG, our registration number is Z6960767, and our Data Protection Officer (DPO) is Michael Branniff. Our Data Protection Officer can be contacted at 17 Clarendon Road, Belfast, BT1 3BG or by telephone on 02890 323466.

Data Collection

All or the vast majority of the information that we hold about you is provided to us by yourself when you seek to use our services or you are employed by us or work with us in various capacities. We will tell you why we need the information and how we will use it. This Privacy Policy applies to all personal data provided to us whether by you or any other party.
Personal data is any information that can be used to identify an individual, and it can range from the most basic of details such as contact information through to more complex data.
Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by both the UK – General Data Protection Regulation (the GDPR) and the Data Protection Act 2018.
However, not all personal data is considered equal. There are two different categories: ‘personal data’ and ‘special categories of personal data’.
We collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:

• Personal and family information, including names, dates of birth, and personal contact details;
• National Insurance details;
• Driving licence details;
• Financial details such as financial status and bank details;
• Records of goods and services relevant to the business;
• Records of education, training and employment;
• Photographs;
• Vehicle Tracking Data;
• Covid-19 Test and Trace Data.

Sensitive and special data including:

• Information used for equal opportunities monitoring about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
• Information about your health, including any medical condition, health and sickness records;
• Right to work in the UK and relevant UK VISA;
• Information about criminal convictions and offences obtained through Access NI Checks, Police/Garda Checks, DVLA and Credit Checks.

As stated above, the vast majority of the personally identifiable information that we hold about you is provided by yourself when you seek to use our services or when you make an employment application.

In addition, we may also collect information about you as a result of your relationship with one or more of our clients, employees or other service providers as well as where you have completed forms on various sections of our website or where you have requested information from us or subscribed to our services.

We may also automatically collect certain non-personally identifiable information when you visit our website which is explained further below.

By using any of our services, including our website, and by providing us with personal information you are indicating that you consent to the use of your personal information as set out in this policy.

We currently use the services of Veriphy Ltd to assist us with performing identification checks on our clients for the purposes of compliance with the Money Laundering Regulations. Any personal information received from Veriphy Ltd will be processed only to confirm your ID to us for the purposes of preventing money laundering or terrorist financing.

How Do We Collect Information?

We collect data about you in a variety of ways and such as when we undertake a recruitment exercise, throughout the course of your employment, when we are appointed to an office by applicable legislation, when you request a quote, request a services guide or engage us for our services. We also collect information when you voluntarily complete customer surveys and provide feedback. Website usage information is collected using cookies. We may also obtain information from third parties such as governmental bodies and employment referees.

We comply with our obligations under the GDPR:

• by collecting and retaining only data necessary to pursue our legitimate business interests;
• by ensuring that appropriate technical measures are in place to protect personal data;
• by keeping personal data up to date;
• by storing and destroying data securely.

We use your information to:

• Deliver services and meet legal responsibilities;
• Verify identity where this is required;
• Process financial transactions;
• Maintain the safety, security and integrity of our services and records;
• Direct your enquiries to the appropriate department and staff;
• Investigate and understand needs and how they may be met;
• Communicate by post, email or telephone;
• Provide you with news about products, services, promotions, studies, surveys, updates and events;
• Investigate or address legal proceedings relating to your use of our services, or as otherwise allowed by applicable law;
• Make statutory returns as required by the relevant legislation;
• Review applications for employment and maintain employment records;
• Prevent and detect crime, fraud or corruption;
• Perform duties as contained within relevant legislation;
• Process information necessary for the provision of employment;
• Provide goods, services, deliveries, quotations, and information, for example newsletters;
• Process or support payments for goods and services;
• Complying with health and safety obligations;
• Equal opportunities monitoring;
• Respond to requests for references;
• Or as otherwise required or permitted by law.

We do not use automated decision-making in the processing of your personal data.

Our lawful basis for processing your information

The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so. The lawful bases identified in the GDPR, to which we adhere, are:
• Consent of the data subject;
• Performance of a contract with the data subject or to take steps to enter into a contract;
• Compliance with a legal obligation;
• To protect the vital interests of a data subject or another person;
• Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and
• The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Examples of legitimate interests include:

• Where the data subject is a client or in the service of the controller;
• Transmission within a group of undertakings for internal administrative purposes;
• Processing necessary to ensure network and information security, including preventing unauthorised access;
• Processing for direct marketing purposes, or to prevent fraud; and
• Reporting possible criminal acts or threats to public security.

We take the security of all of the data we hold very seriously and have policies, procedures and training in place to cover data protection, confidentiality and security.