What are cookies?
First, and contrary to popular belief, cookies are NOT programs and so can’t contain a virus. They don’t do anything at all. They are simple ’text files’ which you can read using the Notebook program on your own PC. Typically, they contain two pieces of information: a site name and unique user ID.
How do they work they work?
The good thing about cookies
Some cookies are more sophisticated. They might record how long you spend on each page on a site, what links you click, even your preferences for page layouts and colour schemes. The possibilities are endless, and generally the role of cookies is beneficial, making your interaction with frequently-visited sites smoother – for no extra effort on your part.
And the bad
So why the paranoia? The answer probably depends on how you feel about organisations – both big business and government – storing information about you. There is nothing especially secret or exceptional about the information gathered by cookies, but you may just dislike the idea of your name being added to marketing lists, or your information being used to target you for special offers. That is your right, just as others are entitled to go along with the process.
Tastie Recruitment Ltd is committed to good practice, professionalism and integrity in our recruitment business. We protect the privacy of our clients and candidates and treat all dealings with us in the strictest confidence, whether through this website, on the telephone
Candidates who submit their details via this site are assured that we only gather information necessary to aid the recruitment process and to understand the profile of our customers and web site users to monitor and improve our service. By registering your details on this site, you consent to us collecting personal information for the purpose of disclosing this information to potential employers and clients in our recruitment process. Or to contact you with marketing and job alerts.
This privacy notice provides a framework of understanding about the personal data that are collected by Tastie Recruitment Ltd (“hereinafter called the Data Controller”), as required by law including the provisions of the European Union’s General Data Protection Regulation (GDPR).
The Data Controller is Tastie Recruitment Limited with the registered office 10 Dukes Place, Marlow, Buckinghamshire, SL7 2QH, (Company Registration Number 12286880).
The personal data collected will be controlled and processed by the Data Controller. Additionally, personal data may be processed or jointly controlled by affiliates of the Data Controller.
This privacy notice applies to:
- our job candidates and recipients of our career services,
- our associates, who are people we source or place on assignment with one of our clients, or individuals to whom we provide outplacement or career transition services, and
- representatives of our business partners, clients and vendors.
The privacy notice describes the types of personal data or personal information we collect, how we use the information, how we process and protect the information we collect, for how long we store it, with whom we share it, to whom we transfer it and the rights that individuals can exercise regarding our use of their personal data. We also describe how you can contact us about our privacy practices and to exercise your rights.
- Information We Collect
- How We Use the Information We Collect
- Legitimate Interest
- How We Process and Protect Personal Information
- How long We Store the Information We Collect
- Information We Share
- Data Transfers
- Your Rights and Choices
- Updates to Our Privacy Notice
- How to Contact Us
Information We Collect
We may collect personal data about you in variety of ways, such as through our job sites and social media channels; through phone; through job applications; in connection with in-person recruitment; or in connection with our interactions with clients and vendors. We may collect a selection of personal data dependant on the nature of the relationship, including, but not limited to (as permitted under local law):
- contact information (such as name, postal address, email address and telephone number);
- information you provide about friends or other people you would like us to contact. (The Controller assumes that the other person previously gave an authorisation for such communication); and
- through the “Contact Us” feature on our Sites.
In addition, if you are an associate or job candidate, you apply for a position, we may collect the following types of personal data (as permitted under local law):
- employment and education history;
- language proficiencies and other work-related skills;
- Social Security number, national identifier or other government-issued identification number;
- date of birth;
- bank account information;
- citizenship and work authorisation status;
- benefits information;
- tax-related information;
- information provided by references; and
- information contained in your resume or C.V., information you provide regarding your career interests, and other information about your qualifications for employment.
and where required by law and explicit consent has been provided by you:
- disabilities and health-related information;
- results of drug tests, criminal and other background checks.
- Special categories of data, such as information about ethnic origin, sexual orientation or religion or belief in order to monitor diversity in recruitment
In addition, we may collect information you provide to us about other individuals, such as information related to emergency contacts.
All personal data such as name, address, email address, work history and education are gathered purely for this purpose and held on secure servers. In order to comply with The Conduct of Employment Agencies and Employment Businesses Regulations 2003, we are obliged to hold relevant data for a period of one year after its creation or one year after the date on which we last provided our services to our clients or candidates. After a period of non-usage, we will contact you and ask you if you want to keep your details on our database.
How We Use the Information We Collect
The Controller collects and uses the data gathered for the following purposes (as permitted under local law):
- providing workforce solutions and connecting people to work;
- creating and managing online accounts;
- processing payments;
- managing our client relationships;
- responding to individuals’ inquiries and claims;
- operating, evaluating and improving our business (including developing, enhancing, analyzing and improving our services; managing our communications; and performing accounting, auditing and other internal functions);
- protecting against, identifying and seeking to prevent fraud and other unlawful activity, claims and other liabilities; and
- complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies.
- where permitted under law and only if you have given your consent, to send alerts regarding available positions and other communications;
- where permitted under law and only if you have given your consent, to communicating about, and administering participation in, special events, promotions, programs, offers, surveys, contests and market research;
In addition to the activities listed above, if you are an associate or job candidate and you apply for a position, as permitted under local law, we use the information described in this privacy notice for the following purposes:
- providing you with job opportunities and work;
- providing HR services to you, including administration of benefit programs, payroll, performance management and disciplinary actions;
- providing additional services to you, such as training, career counselling and career transition services;
- assessing your suitability as a job candidate and your associate qualifications for positions; and
- performing data analytics, such as (i) analyzing our job candidate and associate base; (ii) assessing individual performance and capabilities, including scoring on work-related skills; (iii) identifying skill shortages; (iv) using information to match individuals and potential opportunities, and (v) analyzing pipeline data (trends regarding hiring practices).
All processing will be carried out based on adequate legal grounds which may fall into a number of categories, including:
- explicit consent from the data subject, where required by applicable law e.g. when you tick a box to receive email newsletters
- to ensure that we comply with a statutory or contractual requirement (e.g. our client may require your personal data), and/ or a requirement necessary to enter into a contract. You are obliged to provide this data and if you do not, we will be unable to provide you with our services e.g. providing you with job opportunities or processing your personal data to ensure that your wages and taxes are paid.
- it is essential and necessary for the legitimate interest of the Data Controller e.g. letting the user access the website to be provided with the services offered. Please see our section on Legitimate Interests below to learn more about these interests and when we may process information in this way.
We also may use the information in other ways for which we provide specific notice at or prior to the time of collection.
The Data Controller may process personal data for certain legitimate business purposes, which includes all of the following:
- to provide a job seeking service;
- where the process enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our clients, candidates and associates;
- to identify and prevent fraud;
- to enhance security of our network and information systems;
- to better understand how people, interact with our websites;
- for direct marketing purposes;
- to provide postal communications to you which we think will be of interest to you;
- to determine the effectiveness of promotional campaigns and advertising
Whenever we process data for these purposes, we will ensure that we keep your rights in high regard and take account of these rights. You have the right to object to such processing. Please bear in mind that if you exercise your right to object this may affect our ability to carry out and deliver services to you for your benefit.
How We Process and Protect Personal Information
We process the personal data we collect for the purposes defined in this notice and for a period only as long as is necessary for the purposes we collected it. Different laws may also require us to keep different data for different periods of time.
We maintain administrative, technical and physical safeguards designed to protect the personal data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. In order to ensure the appropriate security and confidentiality of the personal data, we apply to the following security measures:
- Encryption of data in transit;
- Strong user authentication controls;
- Hardened network infrastructure;
- Network monitoring solutions;
How long we Store the Data We Collect
We will keep your personal data for the time period necessary to achieve the purposes described in this Privacy Notice, taking into account applicable statute of limitation periods and records retention requirements under applicable law. Subject to applicable law, we will retain your personal data as required by the company to meet our business and compliance obligations, for example, to comply with our tax and accounting obligations.
We store in our systems the personal data we collect in a way that allows the identification of the data subjects for no longer than it is necessary in light of the purposes for which the data was collected, or for which that data is further processed.
We determine this specific period of time by taking into account:
- The necessity to keep stored the personal data collected in order to offer services established with the user;
- In order to safeguard a legitimate interest of the Data Controller as described in the purposes;
- The existence of specific legal obligations that make the processing and related storage necessary for specific period of times;
Information We Share
We do not disclose personal data that we collect about you, except as described in this privacy notice or in separate notices provided in connection with particular activities. We may share your personal data (i) if you are a job candidate, with clients who may have job opportunities available or interest in placing our job candidates; and (ii) with others with whom we work, such as job placement consultants and subcontractors, to find you a job.
In addition, we may disclose personal data about you (i) if we are required to do so by law or legal process; (ii) to law enforcement authorities or other government officials based on a lawful disclosure request; and (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We also reserve the right to transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).
We do not currently work with countries outside of the country in which the information originally was collected. If this changes in the future we will immediately advise you, please bear in mind you have the right to object to such processing, we will also update all policies and notices to reflect the change.
Your Rights as Data Subject
When permitted by applicable law, a data subject can exercise under Articles 15 to 22 of the GDPR the following specific rights:
- Right of access: A data subject has the right to access their personal data concerning which in order to verify that their personal data is processed in accordance to the law.
- Right to rectification: A data subject has the right to request the rectification of any inaccurate or incomplete data held about them, in order to protect the accuracy of such information and to adapt it to the data processing.
- Right to erasure: A data subject has the right to request that the Data Controller erases information about them and to no longer process that data.
- Right to restriction of processing: A data subject has the right to request that the Data Controller restricts the processing of their data.
- Right to data portability: The data subject has the right to request the data portability meaning that the data subject can receive the originally provided personal data in a structured and commonly used format or that the data subject can request the transfer of the data to another Data Controller.
- Right to object: The data subject who provide a Data Controller with personal data has the right to object, at any time to the data processing on a number of grounds as set out under GDPR without needing to justify their decision.
- Right not to be subject of automated individual decision-making: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, if such profiling produces a legal effect concerning the data subject or similarly significantly affects them.
- Right to lodge a complaint with a supervisory authority: Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of their habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes GDPR.
You may instruct us to provide you with any personal information we hold about you (Subject Access Request); provision of such information will be subject to:
- Your request not being found to be unfounded or excessive, in which case a charge may apply; and
- The supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
Whenever the processing is based on the consent, as under art.7 of the GDPR, the data subject may withdraw their consent at any time. There may be circumstances where we will still need to process your data for legal or official reasons. We will inform you if this is the case. Where this is the case, we will restrict the data to only what is necessary for the purpose of meeting those specific requirements.
If you believe that any of your data that we process is incorrect or incomplete, please contact us and we will take reasonable steps to check its accuracy and correct it where necessary.
If you require more information about the processing of your personal data, please refer to the How to Contact Us section below.
Updates to Our Privacy Notice
This privacy notice may be updated periodically to reflect changes in our privacy practices and legal updates. For significant changes, we will notify you by posting a prominent notice on our Sites indicating at the top of each Notice when it was most recently updated.
How To Contact Us
If you have any questions or comments about this privacy notice, or if you would like to exercise your rights, please write to:
Tastie Recruitment Ltd
10 Dukes Place
This website is owned and operated by Tastie Recruitment Ltd
You can contact us:
- By post, using the postal address given above;
- Using our website contact form;
- By telephone, on the contact number published on our website; or
- By email, using the email address published on our website.
Information Commissioner’s Office, Registration number: ZA761736
PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THIS SITE
Terms of Website Use
This site is operated by Tastie Recruitment Ltd
Privacy and Cookies
Other applicable terms
If you purchase goods or services through our site, the relevant terms and conditions of supply for the relevant product or service will also apply. These will be clearly signposted on our site or during the order process.
Accessing our site
- You may use our site only for lawful purposes. You may not use our site:
- In any way that breaches any applicable local, national or international law or regulation.
- In any way that is unlawful or fraudulent or has any unlawful or fraudulent purpose or effect.
- For the purpose of harming or attempting to harm minors in any way.
- To send, knowingly receive, upload, download, use or re-use any material which does not comply with our content standards.
- To transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam).
- To knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.
You also agree:
- Not to access without authority, interfere with, damage or disrupt any part of our site, any equipment or network on which our site is stored, any software used in the provision of our site or any equipment or network or software owned or used by any third party.
We may from time to time provide interactive services on our site, including, without limitation, chat rooms, bulletin boards and blogs (“interactive services”). Where we do provide any interactive service, we will provide clear information to you about the kind of service offered, if it is moderated and what form of moderation is used (including whether it is human or technical). Where we do moderate an interactive service, we will normally provide you with a means of contacting the moderator, should a concern or difficulty arise.
We will do our best to assess any possible risks for users (and in particular, for children) from third parties when they use any interactive service provided on our site, and we will decide in each case whether it is appropriate to use moderation of the relevant service (including what kind of moderation to use) in the light of those risks. However, we are under no obligation to oversee, monitor or moderate any interactive service we provide on our site, and we expressly exclude our liability for any loss or damage arising from the use of any interactive service by a user in contravention of our content standards, whether the service is moderated or not.
The use of any of our interactive services by a minor is subject to the consent of their parent or guardian. We advise parents who permit their children to use an interactive service that it is important that they communicate with their children about their safety online, as moderation is not fool proof. Minors who are using any interactive service should be made aware of the potential risks to them.
These content standards apply to any and all material which you contribute to our site (“contributions”), and to any interactive services associated with it. You must comply with the spirit and the letter of the following standards. The standards apply to each part of any contribution as well as to its whole. You warrant that any such contribution does comply with the standards listed below, and you will be liable to us and indemnify us for any breach of this warranty.
Contributions must be accurate (where they state facts), be genuinely held (where they state opinions) and comply with applicable law in the UK and in any country from which they are posted.
Contributions must not:
- Contain any material which is defamatory of any person.
- Contain any material which is obscene, offensive, hateful or inflammatory.
- Promote sexually explicit material.
- Promote violence.
- Promote discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.
- Infringe any copyright, database right or trade mark of any other person.
- Be likely to deceive any person.
- Be made in breach of any legal duty owed to a third party, such as a contractual duty or a duty of confidence.
- Promote any illegal activity.
- Be threatening, abuse or invade another’s privacy, or cause annoyance, inconvenience or needless anxiety.
- Be likely to harass, upset, embarrass, alarm or annoy any other person.
- Be used to impersonate any person, or to misrepresent your identity or affiliation with any person.
- Give the impression that they emanate from us, if this is not the case.
- Advocate, promote or assist any unlawful act e.g. copyright infringement or computer misuse.
Accounts and passwords
Ownership of rights
We are the owner or the licensee of all intellectual property rights in our site, and in the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved.
No reliance on information
The content on our site is provided for general information only. It is not intended to amount to advice on which you should rely. Although we make reasonable efforts to update the information on our site, we make no representations, warranties or guarantees, whether express or implied, that the content on our site is accurate, complete or up-to-date.
Limitation of our liability
To the extent permitted by law, we exclude all conditions, warranties, representations or other terms which may apply to our site or any content on it, whether express or implied.
We will not be liable to any user for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with your use of, or inability to use, our site or your use of or reliance on any content displayed on it.
If you are a business user, please note that in particular, we will not be liable for loss of profits, sales, business, or revenue, business interruption, loss of anticipated savings, loss of business opportunity, goodwill or reputation or any indirect or consequential loss or damage.
If you are a consumer user, please note that we only provide our site for domestic and private use.
You agree not to use our site for any commercial or business purposes, and we have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.
We will not be liable for any loss or damage caused by a virus, distributed denial-of-service attack, or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of our site or to your downloading of any content on it, or on any website linked to our site.
Different limitations and exclusions of liability will apply to liability arising as a result of the supply of any goods or services by us to you, which will be set out in our terms and conditions of supply.
We do not guarantee that our site will be secure or free from bugs or viruses. You are responsible for configuring your information technology, computer programmes and platform in order to access our site. You should use your own virus protection software.
You must not misuse our site by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our site, the server on which our site is stored or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of service attack.
Third party links and resources on our site
Where our site contains links to other sites and resources provided by third parties, these links are provided for your information only and should not be interpreted as endorsement by us of those linked websites. We have no control over the contents of those sites or resources and accept no responsibility for them or for any loss or damage that may arise from your use of them.
Suspension and termination
- Immediate, temporary or permanent withdrawal of your right to use our site.
- Immediate, temporary or permanent removal of any posting/material uploaded by you to our site.
- Issue of a warning to you.
- Legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach.
- Further legal action against you.
- Disclosure of such information to law enforcement authorities as we reasonably feel is necessary.
- The responses described in this policy are not limited, and we may take any other action we reasonably deem appropriate.
Thank you for visiting our site
Tastie Recruitment Ltd, 10 Dukes Place, Marlow, Buckinghamshire, SL7 2QH. Registered in England with Company Number 12286880.
Terms & Conditions
Data Protection Policy
- Data processing under the Data Protection Laws
- The data protection principles
- Legal bases for processing
- Privacy by design and by default
- Rights of the Individual
- Privacy notices
- Subject access requests
- Restriction of processing
- Data portability
- Object to processing
- Enforcement of rights
- Automated decision making
- Personal data breaches
- Personal data breaches where the Company is the data controller
- Personal data breaches where the Company is the data processor
- Communicating personal data breaches to individuals
- Annex – legal bases for processing personal data
All organisations that process personal data are required to comply with data protection legislation. This includes in particular the Data Protection Act 2018 (or its successor) and the EU General Data Protection Regulation (together the ‘Data Protection Laws’). The Data Protection Laws give individuals (known as ‘data subjects’) certain rights over their personal data whilst imposing certain obligations on the organisations that process their data.
As a recruitment business the Company collects and processes both personal data and sensitive personal data. It is required to do so to comply with other legislation. It is also required to keep this data for different periods depending on the nature of the data.
This policy sets out how the Company implements the Data Protection Laws. It should be read in conjunction with the Data Protection Procedure.
In this policy the following terms have the following meanings:
means any freely given, specific, informed and unambiguous indication of an individual’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of persona data relating to him or her;
means an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data;
means an individual or organisation which processes personal data on behalf of the data controller;
means any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological
personal data breach
means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data;
means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
means the processing of personal data in such a manner that the personal data can no longer be attributed to an individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable individual;
sensitive personal data*
means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health, an individual’s sex life or sexual orientation and an individual’s criminal convictions.
means an independent public authority which is responsible for monitoring the application of data protection. In the UK the supervisory authority is the Information Commissioner’s Office (ICO).
* For the purposes of this policy we use the term ‘personal data’ to include ‘sensitive personal data’ except where we specifically need to refer to sensitive personal data.
All of these definitions are italicised throughout this policy to remind the reader that they are defined terms.
The Company processes personal data in relation to its own staff, work-seekers and individual client contacts and is a data controller for the purposes of the Data Protection Laws. The Company has registered with the ICO and its registration number is ZA761736.
The Company may hold personal data on individuals for the following purposes:
- Staff administration;
- Advertising, marketing and public relations;
- Accounts and records;
Administration and processing of work-seekers’ personal data for the purposes of providing work-finding services, including processing using software solution providers and back office support
- Administration and processing of clients’ personal data for the purposes of supplying/introducing work-seekers
The data protection principles
The Data Protection Laws require the Company acting as either data controller or data processor to process data in accordance with the principles of data protection. These require that personal data is:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Kept for no longer than is necessary for the purposes for which the personal data are processed;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures; and that
- The data controller shall be responsible for, and be able to demonstrate, compliance with the principles.
Legal bases for processing
The Company will only process personal data where it has a legal basis for doing. Where the Company does not have a legal reason for processing personal data any processing will be a breach of the Data Protection Laws.
The Company will review the personal data it holds on a regular basis to ensure it is being lawfully processed and it is accurate, relevant and up to date and those people listed in the Appendix shall be responsible for doing this.
Before transferring personal data to any third party (such as past, current or prospective employers, suppliers, customers and clients, intermediaries such as umbrella companies, persons making an enquiry or complaint and any other third party (such as software solutions providers and back office support)), the Company will establish that it has a legal reason for making the transfer.
Privacy by design and by default
The Company has implemented measures and procedures that adequately protect the privacy of individuals and ensures that data protection is integral to all processing activities. This includes implementing measures such as:
- Only data necessary for each specific purpose is processed
- Personal data is not made accessible to an indefinite number of natural persons without the individual’s intervention
The obligation applies to the following
- The amount of data collected
- Data is accurate and up to date
- The extent of the processing
- The period of storage (Retention Period)
- The accessibility to that data
Pseudonymisation and data minimisation are recognised techniques in data protection by design
- To implement appropriate technical and organisational measures from the start of a project
For further information please refer to the Company’s Information Security Policy.
Right of the Individual
The Company shall provide any information relating to data processing to an individual in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. The Company may provide this information orally if requested to do so by the individual.
Where the Company collects personal data from the individual, the Company will give the individual a privacy notice at the time when it first obtains the personal data.
Where the Company collects personal data other than from the individual directly, it will give the individual a privacy notice within a reasonable period after obtaining the personal data, but at the latest within one month. If the Company intends to disclose the personal data to a third party then the privacy notice will be issued when the personal data are first disclosed (if not issued sooner).
Where the Company intends to further process the personal data for a purpose other than that for which the data was initially collected, the Company will give the individual information on that other purpose and any relevant further information before it does the further processing.
Subject access requests
The individual is entitled to access their personal data on request from the data controller.
The individual or another data controller at the individual’s request, has the right to ask the Company to rectify any inaccurate or incomplete personal data concerning an individual.
If the Company has given the personal data to any third parties it will tell those third parties that it has received a request to rectify the personal data unless this proves impossible or involves disproportionate effort. Those third parties should also rectify the personal data they hold – however the Company will not be in a position to audit those third parties to ensure that the rectification has occurred.
The individual or another data controller at the individual’s request, has the right to ask the Company to erase an individual’s personal data.
If the Company receives a request to erase it will ask the individual if s/he wants his personal data to be removed entirely or whether s/he is happy for his or her details to be kept on a list of individuals who do not want to be contacted in the future (for a specified period or otherwise). The Company cannot keep a record of individuals whose data it has erased so the individual may be contacted again by the Company should the Company come into possession of the individual’s personal data at a later date.
If the Company has made the data public, it shall take reasonable steps to inform other data controllers and data processors processing the personal data to erase the personal data, taking into account available technology and the cost of implementation.
If the Company has given the personal data to any third parties it will tell those third parties that it has received a request to erase the personal data, unless this proves impossible or involves disproportionate effort. Those third parties should also rectify the personal data they hold – however the Company will not be in a position to audit those third parties to ensure that the rectification has occurred.
Restriction of processing
The individual or a data controller at the individual’s request, has the right to ask the Company to restrict its processing of an individual’s personal data where:
- The individual challenges the accuracy of the personal data;
- The processing is unlawful and the individual opposes its erasure;
- The Company no longer needs the personal data for the purposes of the processing, but the personal data is required for the establishment, exercise or defence of legal claims; or
- The individual has objected to processing (on the grounds of a public interest or legitimate interest) pending the verification whether the legitimate grounds of the Company override those of the individual.
If the Company has given the personal data to any third parties it will tell those third parties that it has received a request to restrict the personal data, unless this proves impossible or involves disproportionate effort. Those third parties should also rectify the personal data they hold – however the Company will not be in a position to audit those third parties to ensure that the rectification has occurred.
The individual shall have the right to receive personal data concerning him or her, which he or she has provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller in circumstances where:
- The processing is based on the individual’s consent or a contract; and
- The processing is carried out by automated means.
Where feasible, the Company will send the personal data to a named third party on the individual’s request.
Object to processing
The individual has the right to object to their personal data being processed based on a public interest or a legitimate interest. The individual will also be able to object to the profiling of their data based on a public interest or a legitimate interest.
The Company shall cease processing unless it has compelling legitimate grounds to continue to process the personal data which override the individual’s interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
The individual has the right to object to their personal data for direct marketing.
Enforcement of rights
All requests regarding individual rights should be sent to the person whose details are listed in the Appendix.
The Company shall act upon any subject access request, or any request relating to rectification, erasure, restriction, data portability or objection or automated decision making processes or profiling within one month of receipt of the request. The Company may extend this period for two further months where necessary, taking into account the complexity and the number of requests.
Where the Company considers that a request under this section is manifestly unfounded or excessive due to the request’s repetitive nature the Company may either refuse to act on the request or may charge a reasonable fee taking into account the administrative costs involved.
Automated decision making
The Company will not subject individuals to decisions based on automated processing that produce a legal effect or a similarly significant effect on the individual, except where the automated decision:
- Is necessary for the entering into or performance of a contract between the data controller and the individual;
- Is authorised by law; or
- The individual has given their explicit consent.
The Company will not carry out any automated decision-making or profiling using the personal data of a child.
Personal Data Breaches
All data breaches should be referred to the persons whose details are listed in the Appendix.
Personal data breaches where the Company is the data controller:
Where the Company establishes that a personal data breach has taken place, the Company will take steps to contain and recover the breach. Where a personal data breach is likely to result in a risk to the rights and freedoms of any individual the Company will notify the ICO.
Where the personal data breach happens outside the UK, the Company shall alert the relevant supervisory authority for data breaches in the effected jurisdiction.
Personal data breaches where the Company is the data processor:
The Company will alert the relevant data controller as to the personal data breach as soon as they are aware of the breach.
Communicating personal data breaches to individuals
Where the Company has identified a personal data breach resulting in a high risk to the rights and freedoms of any individual, the Company shall tell all affected individuals without undue delay.
The Company will not be required to tell individuals about the personal data breach where:
- The Company has implemented appropriate technical and organisational protection measures to the personal data affected by the breach, in particular to make the personal data unintelligible to any person who is not authorised to access it, such as encryption.
- The Company has taken subsequent measures which ensure that the high risk to the rights and freedoms of the individual is no longer likely to materialise.
- It would involve disproportionate effort to tell all affected individuals. Instead, the Company shall make a public communication or similar measure to tell all affected individuals.
All individuals have the following rights under the Human Rights Act 1998 (HRA) and in dealing with personal data these should be respected at all times:
- Right to respect for private and family life (Article 8).
- Freedom of thought, belief and religion (Article 9).
- Freedom of expression (Article 10).
- Freedom of assembly and association (Article 11).
- Protection from discrimination in respect of rights and freedoms under the HRA (Article 14).
How to Contact Us
If you have any questions or comments about this privacy notice, or if you would like to exercise your rights, please write to:
Tastie Recruitment Ltd
10 Dukes Place
This website is owned and operated by Tastie Recruitment Ltd
You can contact us:
- By post, using the postal address given above;
- Using our website contact form;
- By telephone, on the contact number published on our website; or
- By email, using the email address published on our website.
Alternatively, you can contact the Information Commissioner’s Office directly on 0303 123 1113 or at https://ico.org.uk/global/contact-us/email/
The lawfulness of processing conditions for personal data are:
- Consentof the individual for one or more specific purposes.
- Processing is necessary for the performance of a contract with the individual or in order to take steps at the request of the individual to enter into a contract.
- Processing is necessary for compliance with a legal obligation that the controller is subject to.
- Processing is necessary to protect the vital interestsof the individual or another person.
- Processing is necessary for the performance of a task carried out in the public interestor in the exercise of official authority vested in the data controller.
- Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the individual which require protection of personal data, in particular where the individual is a child.
The lawfulness of processing conditions for sensitive personal data are:
- Explicit consentof the individual for one or more specified purposes, unless reliance on consent is prohibited by EU or Member State law.
- Processing is necessary for carrying out data controller’s obligations under employment, social security or social protection law, or a collective agreement, providing for appropriate safeguards for the fundamental rights and interests of the individual.
- Processing is necessary to protect the vital interestsof the individual or another individual where the individual is physically or legally incapable of giving consent.
- In the course of its legitimate activities, processing is carried out with appropriate safeguards by a foundation, association or any other not-for-profit body, with a political, philosophical, religious or trade union aimand on condition that the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and provided there is no disclosure to a third party without the consent of the individual.
- Processing relates to personal data which are manifestly made public by the individual.
- Processing is necessary for the establishment, exercise or defence of legal claimsor whenever courts are acting in their judicial capacity.
- Processing is necessary for reasons of substantial public intereston the basis of EU or Member State law which shall be proportionate to the aim pursued, respects the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the individual.
- Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of EU or Member State law or a contract with a health professional and subject to the necessary conditions and safeguards.
- Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices, on the basis of EU or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the individual, in particular professional secrecy.
- Processing is necessary for archiving purposesin the public interest, scientific or historical research purposes or statistical purposes, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard fundamental rights and interests of the individual.