Privacy Notice.

The privacy and protection of your personal data is important to People People UK Ltd.

Our Privacy Notice describes how we collect, use and look after your personal data in accordance with data protection legislation (including but not limited to the General Data Protection Regulation 2016/679, the UK Data Protection Act 2018, any amending or implementing regulations or legislation, and all other relevant EU and UK data protection legislation). It explains the purposes for which your personal data is collected, who we share it with, and what rights you have in relation to our handling of your personal data.

This notice applies to all clients, candidates, employees, workers, contractors, suppliers, referees, and individuals using the services of People People UK Ltd, including website users (regardless of where you visit the website from). Our website is not intended for children, and we do not knowingly collect data relating to children.

Please read this Privacy Notice carefully. It is important that you read it together with any other privacy information we may provide on specific occasions when we are collecting or processing your personal data so that you are fully aware of how and why we are using your data. This Notice supplements other notices and policies and is not intended to override them.

It is important the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

People People UK Ltd are a Recruitment and HR business, delivering HR consultancy and recruitment solutions specialising in professional, technical, and executive markets across permanent, contract and temporary roles.

Our registered office is Unit 4, Dewar House, Carnegie Campus, Dunfermline, Enterprise Way, KY11 8PY. We are a private limited company (SC793223).

We comply with data protection law, which says that personal data we hold about you must be:

• Used lawfully, fairly and in a transparent way.

• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

• Relevant to the purposes we have told you about and limited only to those purposes.

• Accurate and kept up to date.

• Kept only as long as necessary for the purposes we have told you about.

• Kept securely and protected against unauthorised or unlawful use and against loss, destruction or damage using appropriate technology and procedures.

If you have any queries or concerns, you may contact us by emailing andrew.guild@peoplepeople.uk.

How do we collect data?

We collect data directly from people, in particular those who give us personal data when choosing to apply for work opportunities with People People UK Ltd, and/or those who register via the website or submitting application forms or a C.V., as well as those contacting the business directly (for example, by telephone) in order that we can provide a recruitment service.

We may also receive personal data about you indirectly from third parties, namely

On-line professional directories and social media platforms, e.g. LinkedIn, S1Jobs, C.V. Library, Indeed, etc.

As you interact with People People UK Ltd’s website, it automatically collects technical data about your equipment, browsing actions and patterns using cookies and other similar technologies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For more information about these automated technologies or interactions, please see our Cookie Policy

What data is used? Why People People UK Ltd use it? What is the level of access and retention?

Personal data, or personal information, means any information about an individual from which that person can be identified.  It does not include data where the identity has been removed (anonymous data). 

We only use your personal data where there are lawful reasons to do so. Most commonly, it is in the following circumstances:

• Where we need to perform a contract, we have entered into, or are trying to enter into, with you.

• Where we need to comply with a legal obligation.

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights, do not override those interests.

There are also circumstances where your consent is the lawful basis.

Please note we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Contact us if you need details about the specific legal ground we rely on. Also, note that we do not sell your personal data. 

We may use different kinds of personal data about you, which we have grouped in categories as follows:

• Contact data

  Address, email address and telephone numbers

• Criminal offence data

  Personal data relating to criminal convictions and offences or related security measures

• Education data

  Information which relates to the education and skills, such as professional training and qualifications

• Employment (including worker) data

  Information relating to work or employment of a data subject, including eligibility to work in the UK, current work/employment and career history, references, interview notes, pay and pension and compensation history, leave records (such as maternity, paternity, adoption and annual leave) and also information related to work or employment of interest to candidates, such as minimum rate of pay and type of work sought and geographical range within which seeking to work.

• Family, lifestyle and social circumstances data

  Contact details for next of kin and/or emergency contact details, any information relating to the family of the data subject, such as details of family and other household members, as well as information about the data subject’s lifestyle and social circumstances, including whether vehicle owner or car details (for those who use the car parking facilities), travel details, leisure activities, membership of charitable or voluntary organisations, and (in the case of some data subjects) current marriage and partnerships and marital history, and any additional information about family, lifestyle and social circumstances which is provided voluntarily by candidates or staff within a resume or CV, including social media information

• Financial data

  Bank account and payment card details. It may also include personal data about earnings arrestment (for example for student loans and child support)

• Identification document data

  Information issued as an identifier by a public authority, such as passport details, national insurance numbers, identity card numbers, driving licence details, visa information

• Identity data

  First name, maiden name, last name, username or similar identifier, marital status, title, gender, age, date of birth and any information that identifies an individual and their personal characteristics, including physical description

• Image data

  Images and/or photographs, for example provided within a CV

• Marketing and Communications data

  Preferences in receiving marketing and communications, such as areas of interest (permanent or temporary, sector)

• Profile data

  Online username and password, information provided about interests and preferences, online survey responses and feedback.

• Special category data

  Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where used for identification purposes), sexual orientation, information concerning a person’s sex life or health

• Technical data

  Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices used

• Transaction data

  Details about payments to and from a data subject and other details of services purchased

• Usage data

  Information about how website services are used

If you share personal data with People People UK Ltd to engage our commercial services or provide us with service, the table below explains in summary: 

• Why we use personal data

• What categories of personal data we use for that purpose

• Potential recipients of that personal data.

Retention periods depend on what categories of data are used and why.  Generally, we only keep personal data for as long as we provide you with our services or to achieve the purposes for which it was collected (unless you have asked us to retain your personal data for longer). We do this in accordance with our internal retention procedures, in line with our statutory obligations and good practice, after which time we securely erase or delete the personal data.

Purpose Example 1

• Providing services to candidates and clients (including communication such as updates on recruitment progress and timesheets, sending documentation, administration of wage payment including tax, national insurance and pension contribution deductions)

Categories of Data Used

• Contact

• Education

• Employment 

• Family, Lifestyle and Social Circumstances 

• Financial 

• Identification document 

• Identity 

• Marketing and Communications 

• Profile 

• Special category 

• Technical

• Transaction

Categories of potential recipients

• Clients, by which we mean businesses or organisations recruiting and/or utilising People People UK Ltd  services 

• Third Party providers of services such as our pension, benefits, screening, IT (including website, database, finance systems,  payroll) and other professional advisors, such as legal advisors

Retention of data by People People UK Ltd

• Seven years for candidates where People People UK Ltd services involved work for other candidates, personal data is retained for no more than two years from data of last contact with People People UK Ltd.

Purpose Example 2

• Audit and due diligence checks, which include credit and criminal record checks in some instances, and checks to detect and prevent fraud.

Categories of Data Used

• Contact

• Criminal offence

• Education

• Employment

• Family, lifestyle and social circumstances

• Financial Identification document

• Identity

• Transaction

Categories of potential recipients

• Disclosure Scotland and DBS

• Credit Reference Agencies (such as Experian, Equifax, HireRight, etc).

Retention of data by People People UK Ltd

• In relation to candidates where Eden Scott services involved work:

• up to two years for personal data within credit and criminal record checks

• Seven years for all other personal data 

• For all other candidates, personal data is retained for no more than two years from data of last contact with People People UK Ltd.

Purpose Example 3

• Direct marketing (to candidates but also on occasion clients)

Categories of Data Used

• Contact

• Education Employment 

• Family, lifestyle and social circumstances

• Financial

• Identity

• Marketing and communications

• Transaction

Categories of potential recipients

• People People UK Ltd

Retention of data by People People UK Ltd

• Seven years for candidates where People People Ltd services involved work

• For other candidates, personal data is retained for no more than two years from data of last contact with People People Ltd.

Purpose Example 4

• Administration of prize draws, competitions and surveys

Categories of Data Used

• Contact,

• Employment,

• Family,

• lifestyle and social circumstances,

• Financial,

• Identification document,

• Identity,

• Marketing and communications,

• Transaction,

• Usage

Categories of potential recipients

• None

Retention of data by People People UK Ltd

• Seven years for candidates where Eden Scott services involved work

• For other candidates, personal data is retained for no more than two years from data of last contact with People People UK Ltd.

Purpose Example 4

• Delivering  website content & using data analytics to measure the effectiveness of the website and improve it

Categories of Data Used

• Profile, 

• Technical, 

• Transaction, 

• Usage

Categories of potential recipients

• Squarespace (website provider);  

• Google Tag Manager

Retention of data by People People UK Ltd

• Personal data automatically transferred to People People UK Ltd  and kept in line with GDPR. 

• Data stored on the website database for three months 

Changing of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If you wish to get an explanation as to how such processing is compatible, please contact us.

If ever we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Where we need to collect personal data by law, or under the terms of a contract we have with you, or propose to enter into, and you fail to provide the data requested, we may not be able to provide you with services. In such situations, we may have to cancel a service you request from us, but if this is the case we will notify you at the time.

These types of particularly sensitive personal data (described in the section above) require higher levels of protection.

We ensure that we meet legal requirements in relation to the collection, use and storage of personal data including any additional protections or measures that may be required for any special category and criminal offence personal data.  It may be processed when necessary to take steps, at your request, prior to entering a contract with you, or when necessary for the performance of a contract with you (for example when performing pre-employment background checks requested by our clients, such as financial or criminal history checks) and when you have given explicit consent.

Other examples of the further justifications which may permit its lawful use in some circumstances include 

• For employment, social security and social protection purposes (when authorised by law)

• To protect your vital interests

• For reasons of substantial public interest (with a basis in law) such as preventing or detecting unlawful acts, for example fraud, suspicion of terrorist financing or money laundering, or to meet regulatory requirements or ensure equality of opportunity or treatment.  

Less commonly, we may process this type of data where it is in our legitimate interests and needed in relation to legal claims, or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the data public.

We provide you with choices regarding certain uses of personal data, particularly around direct marketing and advertising.

If you’ve given us your consent, we may use data we’ve collected about you to send marketing offers and news about our services using various channels such as mail, phone, email and SMS. If you prefer not to receive any future marketing communications, you can at any time remove your consent by writing or sending an email to our Director, Andrew Guild - andrew.guild@peoplepeople.uk.

We won’t sell your personal data to other organisations outside of People People UK Ltd for marketing purposes.

People People UK Ltd may share your personal data with third parties to administer the working relationship with you or, where we have another legitimate interest in doing so (for example such as enforcing our contracts and agreements, where we may pass your personal data to a third party to assist us in this enforcement, obtaining professional advice).  "Third parties" includes service providers (including contractors and designated agents). The following activities involve sharing personal data with third-parties: 

• Pension Administration

• Benefits Provision

• Screening providers

• IT Services (including storage)

• Delivering website content and data analytics 

• Receiving professional advice, such as legal advice and audit services.

We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. We ensure that we have written agreements in place with all such service providers who process any personal data on our behalf which require that they will comply with obligations that meet the terms of this Privacy Notice. All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies.

We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business.  Any new owners may use your personal data in the same way as set out in this privacy notice.

We may be under a duty to disclose or share personal data to comply with any legal obligation or regulatory compliance, for example sharing information with HMRC. This may include where for example we are subject to a court order to disclose your personal data, or if we believe a crime or fraud is being committed, or assets are being used to fund terrorism or bribery, or where we believe that the safety of another person is at risk.

Yes.  All personal data we collect is stored on cloud based, secure servers, which are hosted by Google.

In limited circumstances, in order to provide services to you, we may need to transfer your data outside the United Kingdom for:

• background screening checks if you have worked outside the UK

• overseas recruitment, since some of our divisions recruit for organisations outside the UK

• providing our services using software providers located outside the EEA, although we use providers in the EEA as much as possible 

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it.  When a country or territory is not deemed by the UK government to provide an adequate level of protection, we use specific contracts approved for use by the UK regulator giving personal data the same protection it has in the UK.  Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

We have technical and operational security policies and procedures in place to protect the personal data we collect, use and store, against unauthorised or unlawful access or disclosure, improper use, alteration and unlawful or accidental destruction or loss.

Within People People UK Ltd, access to your personal data is limited to those who have a business need to know and they will only process your data on our instructions and under strict conditions of confidentiality. All People People UK Ltd staff who handle personal data are aware of their responsibilities under this Privacy Notice and are adequately trained and supervised. In addition, we have in place internal policies and procedures including the following:

• We encourage a clear desk policy and do not use or retain paper files and records except where this is necessary;

• We use all appropriate encryption and password protection and up to date anti-virus software on our systems.

Under certain circumstances, by law you have the right to make the following requests:

Request access to your personal data (commonly known as a "data subject access request")

This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it 

Request correction of the personal data that we hold about you.

This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data.

This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data

Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground unless, we can demonstrate compelling legitimate grounds for the processing which override your individual interests or for the establishment, exercise or defence of legal claims. You also have the right to object where we are processing your personal data for direct marketing purposes.

Request the restriction of processing of your personal data.

This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal data.

This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.  You can request transfer to you or to a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.

For the avoidance of doubt, we do not use automated decision making in the processing of personal data.

If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer an electronic copy of your personal data to another party, please contact Andrew Guild, Director – andrew.guild@peoplepeople.uk.

All requests will be considered without undue delay and within one month of receipt as far as possible .No fee is usually required, however, we may charge a reasonable fee if your request for access is requires extreme or unique measures. Please note that we may in limited circumstances refuse a request, where we have compelling legitimate grounds, or where prevented by obligations of confidentiality or legal privilege.

In the limited circumstances where you may have provided your consent to use of your personal data for a specific purpose, you have the right to withdraw consent at any time. To do so, please contact Andrew Guild, Director. 

Nothing in this notice affects our professional obligation to keep the affairs of our clients confidential.

You have the right to make a complaint about anything regarding the processing, storage, retention of your data. We would hope to resolve any complaint internally and if you would like to lodge a complaint with us in the first instance please contact Andrew Guild, andrew.guild@peoplepeople.uk.
However, you also have the right to lodge a complaint at any time to the Information Commissioner (ICO) in respect of our processing of your personal data. Information can be found at www.ico.org.uk.

Contact us

If you have any queries regarding this notice, please email andrew.guild@peoplepeople.uk.