KAIROS RECRUITMENT GROUP (KRG HOLDINGS LTD) – COMPANY REG: 10197802
Introduction
Kairos Recruitment Group (KRG Holdings Ltd) attaches great importance to the personal privacy of individuals (data subjects) and we are committed to protecting and respecting your privacy.
When you register with us via our website, on-line job boards, social media or other digital methods and/or when you are in contact with one of our employees, the personal data that you entrust to us will be treated in accordance with GDPR legislation and held securely.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which is updating data protection law and aims to harmonise data protection legislation across EU member states, enhancing privacy rights for data subjects (individuals) and providing a strict framework within which commercial organisations can legally operate.
We encourage you to read through our Privacy Notice so you understand what information we collect about you, who we share it with and how your data could be used.
Who controls your personal data?
The Data Controller is Kairos Recruitment Group (KRG Holdings Ltd), registered in England (Company No. 10197802)
We are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003.
Kairos Recruitment Group (KRG Holdings Ltd) employees will have access to your personal data through our secure internal database (RDB ProNet).
Who is Kairos Recruitment Group and what do we do?
Kairos recruitment Group is a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003. We have offices located in Handforth, Cheshire but we operate as a global business. We collect the personal data of the following types of people to allow us to undertake our business;
Prospective and placed candidates for permanent or contract roles;
Prospective and live client contacts;
Supplier contacts to support our services;
Employees, independent consultants, temporary workers;
What are the lawful bases and purposes of the processing?
Legitimate Interest
As ‘Data Controller’ Kairos Recruitment Group relies on ‘legitimate interest’ as the lawful basis upon which we collect & retain your personal data. This is defined by Article 6(1)(f) of the General Data Protection Regulation as:
“…processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”
A wide range of interests may be considered as legitimate interests. They can be our own interests or the interests of third parties, commercial interests, as well as wider societal benefits.
Our legitimate interest in collecting and retaining your personal data is described below:
As a recruitment business and recruitment agency we introduce candidates to clients for permanent employment or independent professional contracts. The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process.
In order to support our candidates’ employment needs & career aspirations and our clients’ staff resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.
To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts.
As a recruitment agency Kairos Recruitment Group (KRG Holdings Ltd) has a legitimate commercial interest to collect & process personal data relating to active & passive jobseekers (Candidates) as well as the collection of personal data relating to Hiring Managers of organisations we provide recruitment services to; or Hiring Managers of organisations we would engage with to offer our services (these can be defined as live & prospective Clients). Organisations that use our services to fill their vacancies would be considered as third parties, though Kairos Recruitment Group (KRG Holdings Ltd) has a legitimate interest in sharing Candidate personal data with these organisations as part of its recruitment services.
In order to provide permanent and contract recruitment services, it is necessary for Kairos Recruitment Group (KRG Holdings Ltd) to process certain types of personal data. The personal data we collect is only used only for the purpose of providing recruitment services. In particular, we use your data to deliver recruitment services by:
Identifying & selecting Candidates whose skills and/or experience are appropriate for the vacancies and contract assignments detailed to us by our Clients;
Notifying Candidates of potentially suitable and appropriate permanent jobs or contract assignments;
Notifying Hiring Managers of the availability of suitably skilled workers (Candidates).
As a Candidate your data may also be used for:
Assisting our Clients to identify and select suitable Candidates for interview on permanent vacancies and contract assignments;
Processing of pre-employment screening
If we provide recruitment services to you, as Candidate or Client, we will also need to ensure compliance with relevant laws and regulations in the jurisdictions that we operate, such as:
identification
labour
tax
social legislation
Because we provide recruitment services to our Clients (who may be the organisations subject to the above laws and regulation), we may need to process Candidate personal data to meet contractual obligations with our Clients, but we will always obtain further consent from a Candidate where required by law.
Consent
Should we want or need to rely on consent to lawfully process your data Kairos Recruitment Group (KRG Holdings Ltd) will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.
What personal data does Kairos Recruitment Group (KRG Holdings Ltd) collect?
We collect and process personal information to enable us to provide advice and professional services as an employment agency and employment business. This information may include:
Personal contact details;
Personal Identification (Passport copy or Driving Licence copy)
Links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, corporate websites;
Education and employment details.
We only collect personal information necessary for the best performance of our services and/or to improve our services, or to be able to fulfil specific requests & requirements from our Candidates and Clients.
Upon registration as a Candidate we may ask for your:
Full name & contact details (telephone, mobile & email);
Location / home address;
Your most recent Curriculum Vitae (CV) or skills portfolio;
Links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, corporate website;
Relevant educational, industry qualifications and employer references (diplomas, courses and certifications);
Your availability & proof of the right to work in your country or countries of residence & choice.
When placing you in a role at one of our Clients we might request additional personal information such as:
nationality (Right to work in the UK or EU);
passport or identity card;
employer references.
and if you are an independent Contractor, personal business documents such as:
Company registration certificate / freelancer registration certificate;
Insurance documentation;
VAT registration details.
Where is our data stored?
We take data protection very seriously and as a result we work with Bullhon Inc to securely store all of our data.
Bullhorn – GDPR compliance & security measures
Employees of Bullhorn have access to our database in order to provide us with technical support and maintenance services.
Bullhorn are very much aware of the GDPR and have taken measures in all areas of their business to protect your data, this includes but is not limited to:-
Changes and additions to authored software where appropriate to accommodate encryption for sensitive information / lawful basis for processing and right to be forgotten
Changes to internal processes to ensure they maintain appropriate records and comply with the regulation
Ensuring they have all existing systems recorded that contain personal data and again the lawful basis for processing / agreements etc. and that they can provide that information to individuals when asked
Privacy Impact Assessments across the business
Updated privacy notices & data protection policies
Amendment of their ISMS (ISO27001:2013) to accommodate GDPR regulation
GDPR compliant contracts and Framework agreements
Provisions for special categories of data
Active retention and deletion processes and software, as well as an annual review of retention schedules
Incorporating the Data protection Role within the Information Security Managers remit
Employee screening
System access and end point security
Non Disclosure Agreements
All Bullhorn Server Rooms are covered by CCTV, locked and restricted to only those that require access in the performance of their role. All perimeter doors are secured by Salto card access or combination button locks; external physical barriers are also in place; all doors are alarmed and, where possible, internal intruder alarms are installed. All staff are required to wear ID badges at a times and visitors are required to wear badges with red lanyards that clearly identify them as visitors, they are required to sign in and out of each office and are not permitted to walk around their premises unaccompanied.
They do not permit third party access to their network or systems and Data is never stored or managed outside of the EU.
How long will we keep your data?
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests. Accordingly, we run data routines to remove data that we no longer have a legitimate business interest in maintaining.
We do the following to ensure our data is accurate:
Initial phone call to review & confirm whether the details we hold about you are accurate.
Prior to introducing you to a client for a vacancy we check that we have accurate information about you
We keep in touch with you periodically (via the phone or email) so you can let us know of changes to your personal data
Kairos Recruitment Group (KRG Holdings Ltd) will retain your personal data for 5 years from the date of the last communication with you (email, telephone or otherwise). This is determined on the basis that 5 years is considered to be the average length of time individuals and hiring managers are employed within the industry sectors and organisations we deal with and many candidates can remain ‘dormant’ for long periods of time, only to become ‘actively looking’ when approached by Kairos Recruitment Group with a relevant job opportunity. If there have been no active communications for a period of 5 years or more, your details will be deleted.
Correcting, Updating & Removing your personal data
If your personal information or circumstances change, you can correct, update or request to remove your personal data by emailing: dataprivacy@kairosrecruitment.com
What are your rights?
Whilst the processing of your personal data is necessary for the completion of our employment agency services and our legitimate commercial interests, under Article 6 of the GDPR, we have obligations to you the Data Subject.
You retain the following rights to have your personal data processed fairly, lawfully and proportionately to the services that we provide. Specifically, Kairos Recruitment Group (KRG Holdings Ltd) confirms your individual rights as follows:
The right to be informed – that we have collected and are processing your data;
The right of access - gives you the right to access information held about you;
The right to rectification - this enables you to have any incomplete or inaccurate information we hold about you corrected;
The right to restrict processing - this enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
The right to object – to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for marketing purposes;
The right to erasure - this enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
The right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Queries & Complaints
If you have a request, query, concern or complaint about how Kairos Recruitment Group (KRG Holdings Ltd) collects, stores and uses your personal data then please email us: Dataprivacy@kairosrecruitment.com and we will respond to you within the timeframe stipulated by the GDPR.