People whose data we receive from Candidates and Staff, such as referees, emergency contacts and dependants.
What kind of personal data do we collect?
All we need from referees is confirmation of what you already know about our Candidate or prospective member of Staff, so that they can secure that job they really want. Emergency contact details give us somebody to call on in an emergency.
To ask for a reference, we will obviously need the referee's contact details (such as name, email address and telephone number). We'll also need these details if our Candidate or a member of our Staff has put you down as their emergency contact so that we can contact you in the event of an accident or an emergency.
We will collect your date of birth, contact details and potentially some health information if a member of our Staff has put you down as a dependant or any other kind of beneficiary for a benefit connected with their employment or if a member of our Staff exercises certain employment rights.
We may also be provided (by inference) with some limited information about your sexual orientation if a member of our Staff identifies you as a spouse or partner when putting you down as a dependant, next of kin or emergency contact.
Where appropriate and in accordance with our legal obligations and regulatory requirements, we will seek more information about you or your colleagues from other sources generally by way of due diligence or other market intelligence:
- From third party market research and by analysing online and offline media (which we will do ourselves or employ other organisations to do for us);
- From delegate lists at relevant events; and
- From other limited sources and third parties (for example from our Candidates to the extent that they provide us with your details to act as a referee for them or where they give feedback on a particular assignment).
How do we use your personal data?
We will only use the information that our Candidates or Staff give us about you for the following purposes:
- If our Candidates or Staff members put you down on our form as an emergency contact, we'll contact you in the case of an accident or emergency affecting them; or
- If you were put down by a Staff member or Temporary Worker as a next of kin or dependant or any other kind of beneficiary, we will store your personal data to ensure the personnel records of that Staff member or Temporary Worker are correct, and use your personal data where necessary to provide employee benefits and pay remuneration and disclose your data to the relevant benefits provider.
- If you were put down by a Candidate or prospective Staff member as a referee, we will contact you to get a reference or give your details to a third party to do this on our behalf. Where you are being asked to give a reference based on their professional experience of a Candidate, and where we think that you may be interested in becoming a Client of ours, we may also use your details to reach out to get in touch in that alternative capacity.
We will use your personal data for these purposes if we deem this to be necessary for our legitimate interests or in accordance with applicable employment law. If you are not happy about this, you have the right to object by emailing firstname.lastname@example.org
Who do we share your personal data with?
Where appropriate and in accordance with legal obligations and regulatory requirements, we will share your personal data, in various ways and for various reasons, with the following categories of people:
- Any of our group companies;
- Appropriate colleagues within Impellam (this may include colleagues in overseas offices);
- Third party service providers who perform functions on our behalf (external suppliers and consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
- Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
- Marketing technology platforms and suppliers;
What legal bases do we rely on to process the data of People whose data we receive from Candidates and Staff, such as Referees and Emergency Contacts?
If you have been nominated by a Candidate or a prospective member of Staff as one of their referees, we use your personal data in order to contact you for a reference. This is a part of our quality assurance procedure and so we deem this to be necessary for our legitimate interests as an organisation offering recruitment services and employing people ourselves.
Where you are being asked to give a reference based on their professional experience of a Candidate, and where we think that you may be interested in becoming a Client of ours, we may also use your details to reach out to get in touch in that alternative capacity.
If a Candidate or Staff member has given us your details as an emergency contact, we will use these details to contact you in the case of an accident or emergency. We are sure you will agree that this is a vital element of our people-orientated organisation, and so is necessary for our legitimate interests.
To Exercise our Rights or Carry out our Employment and Social Security Legal Obligations:
For some individuals whose personal data is provided by Candidates and Staff it will sometimes be necessary for us to process your sensitive/special category personal data.
Article 9(2)(b) of the GDPR allows us to do this where the processing is "necessary for the purposes of carrying out the obligations and exercising [our or your] specific rights… in the field of employment and social security and social protection law", as long as this is allowed by law.
We will also process the sensitive/special category personal data of individuals connected with Candidates or Staff for other reasons, for example to allow the relevant Staff member to access certain benefits or employment rights.
How long do we keep your personal data for?
In determining the appropriate retention period for different types of personal data, we always consider the amount, nature, and sensitivity of the personal data in question, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition of course to ensuring that we comply with our legal, regulatory and risk-management obligations, as described above).