Appropriate Policy Document

​

Walter Everett operates as an employment agency and consultancy. In line with legal requirements, including the Data Protection Act 1998 (superseded by the DPA 2018) and GDPR, we process personal data, including special category data, when placing individuals in employment. This document serves as our Appropriate Policy Document, recommended by the ICO, to provide you with a clear understanding of how and why we store this data.

 

Personal Data Definition

​

"Personal data" encompasses any information related to an identified or identifiable natural person (referred to as the 'data subject'). An identifiable natural person is someone who can be directly or indirectly identified, especially through an identifier like a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

 

Special Category Data Explanation

​

Certain personal data may be more sensitive in nature and, thus, require a higher level of protection. The UK GDPR classifies such data as 'special categories of personal data.' This includes personal data about an individual's:

1. Race

2. Ethnic origin

3. Political opinions

4. Religious or philosophical beliefs

5. Trade union membership

6. Genetic data

7. Biometric data (if used for identification)

8. Health data

9. Sex life

10. Sexual orientation

 

Purpose of Processing Special Category Data

​

We are legally obligated to comply with The Employment Agencies Act 1973 and The Conduct of Employment Agencies and Employment Businesses Regulations 2003. These regulations require us to maintain compliance documents such as passports, driving licenses, and offers that include salary details for individuals we place. These documents may infer a person's race or ethnic origin. Among the categories listed, only the first two apply. We do not collect data from the third through tenth categories unless you openly disclose this information in your application documents. We follow government guidelines for record-keeping, which can be found at www.gov.uk/record-keeping-for-employment-agencies-and-businesses.

 

Compliance Procedures

​

To ensure compliance with the law, GDPR, and ICO principles, we have established Terms and Conditions for both our clients and work-seekers, which are prominently displayed during the job application process. When you apply to a job via an advertisement, or if we approach you directly, you will be directed to an online application portal containing our work-seeker and client terms, as well as our legal obligations for data storage. Our advertisements explicitly state our status as an agency and follow government guidelines for job advertisements. The portal also includes links to our privacy and data policies. We kindly request that you read these terms carefully. Furthermore, if you agree, you can provide consent for the policies outlined in this document and our privacy policy by ticking the consent box. Some of our terms extend beyond consent, as we are legally required to store data that validates your identity. Often, candidates submit special category data such as passports, BRPs, driving licenses, birth certificates, etc.

 

Security and Technology

​

Our clients require us to send them documentation that verifies your right to work in the UK and provides proof of address. We store this data securely within our Applicant Tracking System (ATS). The ATS is integrated with a secure network, protected by passwords and VPN, and linked to our email account. The ATS itself is secure and password-protected, with regular password changes. Access to the system occurs through encrypted PCs, providing an additional layer of security.

 

Data Minimisation and Supplier Security Reviews

​

We prioritize data minimization, aiming to keep only records required by law or explicitly agreed upon by candidates for inclusion in our database. We conduct annual reviews to ensure compliance with this principle. In collaboration with our ATS provider, we work to maintain secure data practices. Every three months during renewal, we discuss and review the security measures in place. The provider is aware of its legal obligation to notify us in case of a system breach.

Retention and Erasure Policies

Upon your request, we will erase your data if there is no legal obligation to retain it. Simply email us at contact@waltereverett.co.uk.

 

Policy Review Date: January 2023