At The Staff Directory, we respect your right to privacy online and understand that you want to keep control of your personal information. That’s why we are committed to collecting the minimum of personal information needed for us to provide an effective service.
We will never sell, distribute, or intentionally make your personal information public and have implemented appropriate technical and organisational security measures to protect the data you share with us from loss and preserve its security and confidentiality.
Our legal basis for processing
We will only collect information from you where we have a proper legal basis for doing so. This legal basis will depend on the individual services you use and how you choose to interact with them. Additional information is provided below, however, in general, we will only collect and use your information where:
- It is necessary for us to provide you with a service, including for support or to protect the safety and security of the service itself.
- It satisfies a legitimate interest that is not overridden by your data protection interests. Such as for research and development.
- You have given us consent to do so for a specific purpose.
- We need to process your data to comply with a legal obligation.
In cases where you have consented to our use of your personal information for a specific purpose, you have the right to change your mind at any time. Where we are using your information because we have a legitimate interest to do so, you have the right to object to that use, but in some cases, this may mean you are no longer able to access our services.
Third-Party Data Processors
Like most businesses, we rely on a number of third-party providers to support our operations, for example in areas such as online file storage and email delivery. We may also hire third parties to operate, maintain, or improve our website and other digital services. Some of these service providers will by necessity have access to or be directly involved in processing or storing a subset of the personal information you share with us.
All our third-party data processors have been carefully chosen as service suppliers who also practice responsible data handling. We believe that each has in place appropriate protections to ensure the security of the data we store or process with them and have clear policies for how they treat that data. But if in doubt you should review their individual Privacy Policies.
Amazon Web Services (Email delivery & file storage): https://aws.amazon.com/compliance/data-privacy-faq/
Google (Website analytics): https://support.google.com/analytics/answer/6004245?hl=en
HeartInternet (Hosting services): https://www.heartinternet.uk/terms/heart-internet-privacy-statement
Microsoft (Email services): https://privacy.microsoft.com/en-GB/privacystatement
The Pixel Parlour (Website development & support): https://www.pixelparlour.co.uk/about/privacy-and-cookies/
Before using or sharing your information with third parties in ways not described here or previously authorised by you, we will provide you with notice and an opportunity to control the further use or disclosure of your personal information.
Transfers Outside of the European Economic Area
Under certain circumstances, we will transfer your information outside of the European Economic Area. We will only do this with your informed consent, when it is necessary to perform a contract we have with you or where the receiving organisation has adequate safeguards in place – for example, certification under the EU-US Privacy Shield framework.
Our website is hosted in the UK in a data centre managed by Heart Internet. When you visit our website or access one of the files stored on our web server information about this request will be automatically stored in our log files to provide usage statistics, enable security features and aid technical troubleshooting. This is on the legal basis of legitimate commercial interests. In these cases, your IP address at the time acts as a unique identifier and is stored along with information about your operating system, browser version and the pages/files you access. These logs are retained on the server for up to 30 days, after which they are automatically deleted. Heart Internet will also record a similar set of data for the purposes of data management and security. This data is retained by them for up to 3 months.
Like most businesses, we use Google Analytics to help understand how our website is being discovered and interacted with and we use this information to help improve the experience for our visitors and make decisions about future development. Google Analytics presents us with aggregate information about the geographic location, device types and operating systems used by our website visitors, but not in a way that personally identifies you. Additionally, Google will record your computer’s IP address and set a number of temporary cookies in your browser to help distinguish you as an individual visitor as you move around our site. In the interest of limiting the amount of data Google collects via our site we are using Google’s standard Analytics implementation and have not enabled any additional advertising features, such as remarketing tags which would tie your usage of our site in with your broader browsing habits. Any user-level data that is associated with Analytics’ cookies are retained for up to 26 months from your last activity on our site, after which it is automatically deleted from Analytics’ servers.
Our website and emails contain a number of links to third party sites. It is important to be aware that these external sites are governed by their own privacy policies and we do not accept any responsibility or liability for these policies. The inclusion of a link to an external source should not be understood to be an endorsement of that website, it’s owners or their products/services. Always check the individual privacy policies of these external sites before you submit any personal data through them.
Cookies are temporary files stored in your web browser by a website to help track usage and enable services that rely on a persistent identity. You can control which cookies you accept and remove them at any time by adjusting your browser settings or using the tools provided by this site, but it is important to be aware that some cookies are essential and our website may not function as expected without them.
These cookies are strictly necessary to provide you with services available through our websites and to use some of its features. But you can still block or delete them by changing your browser preferences.
- PHPSESSID, JSESSIONID (The Staff Directory). Used to give you a unique identifier during your time on the site and temporarily store information when filling out a registration, enquiry, or job application form. Expire at the end of your session.
These cookies are used to enhance the performance and functionality of our websites. They are non-essential but without them, certain functionality may become unavailable.
Analytics and customisation cookies
These cookies collect information to help us understand how our website is being used or customise it in order to enhance your experience.
- _ga (Google Analytics) – used to distinguish between users. Expires after 2 years.
- _gat (Google Analytics) – used to distinguish between users. Expires after 24 hours.
- _gid – (Google Analytics) – used to throttle the request rate. Expires after 1 minute.
These cookies are used to make advertising messages more relevant to you and your interests.
Contact us by email
When you send us an email, either to one of the addresses displayed on our website or to an individual member of staff, we will collect your email address and any other information you provide within your email.
Microsoft is our email service provider so any emails you send us will be stored on their servers. Therefore your email and any associated personal data may be transferred outside of the European Economic Area to servers located in the USA. Microsoft’s certification under the EU-US Privacy Shield Framework commits it to maintain appropriate safeguards for international data transfers. You can learn more here: https://privacy.microsoft.com/en-GB/privacystatement
The information you provide will only be processed in relation to the purpose of your correspondence with us. We have no fixed retention period for email correspondence, but we are committed to only storing your data for no longer than is necessary to serve our legitimate interests of record keeping or to perform a contract we have entered into with you.
Registering as a candidate
When you register your CV online the information provided is sent to our team via email to enable them to process your application and start matching relevant job opportunities. A subset of the information (your name, email address and IP address) is also temporarily stored by the website for our legitimate interest in keeping a failsafe and to help us appropriately log submissions of personal data.
Your candidate registration will include the following:
- Date of birth
- Proof of ID
- Languages spoken
- Status to work in the UK
- DBS check
- Your CV
- Written references
- Current job title
- Current salary
- Email address
- Telephone number
Optionally you can also provide:
Microsoft is our email service provider so any information submitted will be temporarily stored on their servers. Therefore your email and any associated personal data may be transferred outside of the European Economic Area to servers located in the USA. Microsoft’s certification under the EU-US Privacy Shield Framework commits it to maintain appropriate safeguards for international data transfers. You can learn more here: https://privacy.microsoft.com/en-GB/privacystatement
The information you submit is processed only for the purpose of performing our contract with you and the data only made available to a limited number of team members who are all bound by a strict confidentiality agreement. By default, we treat all information provided as confidential and won’t share it beyond the company without your explicit consent.
Applying for a vacancy
When you apply for one of the vacancies advertised on our website the information you provide is sent to our team by email. Additionally, we record your IP address and a timestamp for the purposes of fulfilling our obligation to log submissions of personal data.
Your job application will include the following, which are necessary for us to appropriately assess your suitability for the role and contact you regarding it:
- Email address
- Telephone number
- Your CV
- Written references
Optionally you can also provide:
Because your submission can include attachments and open text fields we can’t limit what information you share with us. Therefore we request that you only share information directly relating to your application and that in all cases you have the appropriate consent to disclose the information you share with us.
The information you submit is processed only for the purpose of processing your application and the data only made available to a limited number of team members who are all bound by a strict confidentiality agreement. By default, we treat all information provided as confidential and won’t share it beyond the company without your explicit consent.
Microsoft is our email service provider so any emails relating to your application will be stored on their servers. Therefore your email and any associated personal data may be transferred outside of the European Economic Area to servers located in the USA. Microsoft’s certification under the EU-US Privacy Shield Framework commits it to maintain appropriate safeguards for international data transfers. You can learn more here: https://privacy.microsoft.com/en-GB/privacystatement
Making a recruitment enquiry
When you submit one of our online enquiry forms the information you provide (which includes your name, email address, phone number) is sent to us by email. Additionally, we record your IP address and a timestamp for the purposes of fulfilling our obligation under GDPR to appropriately log submissions of personal data.
The information you submit is processed only for the purpose of responding to your enquiry and the data only made available to a limited number of team members who are all bound by a strict confidentiality agreement. By default, we treat all information provided as confidential and won’t share it beyond the company without your explicit consent.
If you don’t go on to take up our services within 12 months your enquiry along with any accompanying attachments will be permanently deleted. If you do, we will retain the information for as long as is necessary to perform the contract we have entered into with you and for the legitimate interest of record keeping.
Children under 16
Our website and services are not for use by children under 16 years and we will not knowingly collect or use the personal data of children. If you are under the age of 16 please do not provide any personal data even if prompted to do so.
Personal data breaches
Our Press Policy: We strongly believe that no level of client information (whether it includes identifiable details or not) should ever be discussed with the Press. We have a concrete policy to never, under any circumstances speak to the press regarding our clients and put client confidentiality at the forefront of our approach at all times.
We recommend to any employer to conduct a level of due diligence when selecting an agency to work with, ensuring you have absolute confidence in their level of confidentiality and discretion before proceeding with your search.
Questions & access requests
The General Data Protection Regulation (2018) gives you the right to know what personal data we hold, to have it updated if it is inaccurate or removed entirely if you no longer consent to our use of it. We will endeavour to respond to any such requests within one month confirming receipt and outlining what follow-up actions will be taken and when. While we will make every effort to act quickly please note it can take up to 3 months before some types of data can be fully removed from both our primary and backup systems.
The Staff Directory is registered with the UK Information Commissioner’s Office as a tier 1 data controller/processor, reference number: ZA758448.