Blue Star Human Resources Privacy Notice
Blue Star Human Resources provide HR consultancy, outsourcing, project management, interims and learning and development to a range of businesses. We are committed to protecting the privacy and security of your personal information. This notice sets out the basis on which we will collect, hold and process any data that you share with us, or that we collect from you.
For the purposes of the General Data Protection Regulations (GDPR), Blue Star Human Resources Ltd is a “Data Processor”. This means that we are responsible for deciding how we hold and use personal information.
The Director responsible for Data Protection in our organisation is Stella Day, who will deal with requests and enquiries regarding the use of personal data and endeavour to ensure that all personal data is processed in compliance with this policy and data protection law.
Who we are?
Our company is: Blue Star Human Resources Ltd, The Admirals House, 13 – 15 Tower Street, Ipswich, IP1 3BE. To contact us please email email@example.com
What information do we collect?
• We collect your data when you become a client or make an enquiry about our services or sign up to our newsletter. This data will be stored in email systems, on password protected mobile phones, and in online systems such as mailchimp.
• We collect your data if you apply for a job role through us and submit your CV, this includes Personal Data regarding your name, address and contact details. This data is stored in email and online filing systems.
• We may collect sensitive data in the course of delivering contractual services or during a recruitment and selection process. Where this is the case all data will be securely stored and password protected or encrypted.
How do we use personal information?
We use Personal Data for the purposes of: business administration such as invoicing, to meet legal requirements in terms of employing and paying employees, carrying out pre-employment checks, providing services to our clients and ongoing administration and management of our HR services. The primary purpose for processing Data is to deliver HR services to our clients.
Blue Star Human Resources, and its associates will process Personal Data in accordance with all applicable laws and contractual obligations and Data will only be processed once Informed Consent is given.
What legal basis do we have for processing your personal data?
We process your data on the following legal grounds:
• Consent – where you have provided your information to us and agreed to its use for a specific purpose such as signing up for our newsletter
• Contract – where this applies to the HR services we provide to you
• Legitimate interests – where this applies to the HR services we provide to you or process recruitment applications
• Legal obligation - we may process your personal data without your knowledge or consent where this is required or permitted by law.
Where we are required to collect Personal Data by law, or under the terms of the contract between us and you do not provide us with that data when requested we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please contact us. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.
When do we share personal data?
All personal data will be treated confidentially. Where there is a need to share your data in the course of the services we provide to you we will contact you to discuss this. The Personal Data you provide is not shared with third parties unless you give explicit consent. Where we share data with you we will agree with you the most appropriate method of security for the exchange of data.
Where do we store and process personal data?
We do not store or process data outside the EEA.
How do we secure personal data?
All data is stored securely in our office systems.
• We use password encrypted laptops and mobile phones
• Email accounts are password protected
• All online data is stored in a shared drop box facility which is automatically backed up and stored on remote servers.
• We employ third party IT services who provide anti-virus software and advice and guidance on back-ups and data storage.
How long do we keep your personal data for?
We do not retain data for longer than is reasonably necessary and have agreed retention periods for information relating to clients. All contractual data or any other data that may give rise to a legal claim is retained for 6 years after the last event relating to that data. Recruitment related data is retained for a period of 6 months after the recruitment process.
We will adopt the same retention policy as the client we are working for in relation to personal HR information e.g. where we hold personal files on behalf of the client or are recruiting on their behalf.
Inactive client records will be held electronically for 6 years from the date we cease working with them and then destroyed.
Where data is no longer required hard copies are securely shredded and electronic copies are permanently deleted.
Your rights in relation to personal data
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of the rights set out above please email us at firstname.lastname@example.org
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests with one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), www.ico.org.uk. Please contact us first if you do have a complaint so that we can try to resolve if for you.
Use of automated decision-making and profiling
No automated decision-making or profiling is used by Blue Star Human Resources.
How to contact us?
If you have questions or concerns about our privacy practices, your personal information, or if you wish to file a complaint please contact us at email@example.com
Linking to other websites / third party content
We may from time to time link to external sites and resources from our website, www.bluestarhr.co.uk this does not constitute endorsement of these sites and we do not take any responsibility for the content (or information contained within) any linked website.