Who are we?
Cognitive Group Ltd, 4 Minster Court, WeWork, EC3R 7BB, www.cognitive-group.com, firstname.lastname@example.org, 020 3587 7772. We provide permanent and temporary/contract recruitment services to clients looking to recruit personnel for their businesses.
What does this Policy cover?
We at Cognitive Group Ltd take your personal data seriously. This policy:
• sets out the types of personal data that we collect about you
• explains how and why we collect and use your personal data
• explains how long we keep your personal data for
• explains when, why and with who we will share your personal data;
• sets out the legal basis we have for using your personal data;
• explains the effect of refusing to provide the personal data requested;
• explains the different rights and choices you have when it comes to your personal data; and
• explains how we may contact you and how you can contact us.
What personal data do we collect about you?
We collect the information necessary to be able to find available opportunities and further information needed to assess your eligibility through the different stages of recruitment. This information includes CVs, identification documents, educational records, work history, employment preferences, salary/rates and references.
We do not routinely collect sensitive personal data or special category data about you. If however there is a legal basis for collecting sensitive personal data or special category data, or you volunteer this data, we will further process this data, where you have given your explicit consent.
Where do we collect personal data about you from?
The following are the different sources we may collect personal data about you from:
• Directly from you. This is information you provide while searching for a new opportunity and/or during the different recruitment stages.
• From an agent/third party acting on your behalf. e.g. Contractors Limited Company.
• Through publicly available sources. We use the following public sources:
• Job Boards
• Other public sources used such as: Hunted; Facebook, Instagram; Microsoft Community Events; Meetings; and Personal Introductions.
• By Reference or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or even a present employer.
Where we collect your information through publicly available sources as set out above, we may do this with the aid of software programs’ such as Hunted, Sourcebreaker and Lusha. These programs are given parameters on the requirements of a role and search through publicly available sources to find such candidates. These programs are designed to only output information on candidates that meet the search criteria. The parameters of this program are restricted to only searching for Name, Availability and Job role candidate information from public sites where there is a reasonable expectation that such information may be collected and further processed by job recruiters for the purpose of sourcing candidates for different job roles.
How do we use your personal data?
We use your personal data to match your skills, experience and education with a potential employer. We will initially collect basic information on you such as contact details, job role and experience. We then pass on your name, job role and experience to the client in search of personnel. If you are chosen by the client and go through to the next stage we will then be collecting more information from you at the interview (or equivalent) stage and onwards in that manner.
How long do we keep your personal data for?
We retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations and our Legitimate Business Interests. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
When determining the relevant retention periods, we will take into account factors including:
(a) our contractual obligations and rights in relation to the information involved;
(b) legal obligation(s) under applicable law to retain data for a certain period of time;
(c) our legitimate interest for specialising solely in the Microsoft skilled talent community where we have carried out a balancing test (see legal basis below);
(d) statute of limitations under applicable law(s);
(e) (potential) disputes;
(f) if you have made a request to have your information deleted; and
(g) guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information once this is no longer needed.
Who do we share your personal data with?
We share your personal data with the client who has a position to fill, in order to determine with the client whether you are a good fit for the available position. Our Clients are part of the Microsoft community and we recruit for Microsoft projects covering all sectors in the UK and Europe.
We may also conduct checks on you to verify the information (for example referencing, “CreditSafe”, VIES) you have provided and where we do not share your information with third parties.
We store your personal data on 3rd party recruitment and accounting portals: Bullhorn, ETZ, Xero and Microsoft’s O365.
What legal basis do we have for using your information?
For prospective candidates, contractors, referees and clients, our processing is necessary for our legitimate interests in that we need the information in order to be able to assess suitability for potential roles, to find potential candidates and to contact clients and referees.
We carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing. We keep a record of these balancing tests. You have a right to and can find out more about the information in these balancing tests by contacting us using the details below.
If you are interviewed and submitted as a candidate, then this may involve the processing of more detailed personal data including sensitive data such as health information that you or others provide about you. In that case we always ask for your consent before undertaking such processing.
For clients, we may also rely on our processing being necessary to perform a contract for you, for example in contacting you.
What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal data necessary, or withdraw your consent for the processing of your personal data, we may not be able to match you with available job opportunities.
Do we make automated decisions concerning you?
No, we do not carry out automated profiling.
Do we transfer your data outside the EEA?
No, we do not transfer personal data out of the EEA.
What security measures do we take?
We have adopted appropriate security features in order to protect and keep secure personal information from loss, misuse, alteration or destruction. We regularly review our security and encryption technologies and strive to protect personal information to the highest level possible.
We employ Secure Service Layer (SSL) Technology whenever any transaction is completed over our Site. Transactions involving the passage of personal information occur in one of our secure online areas only. SSL technology encrypts the information you send through our Site. The use of SSL technology requires two components –
• An SSL–compatible browser; and
• A web server to perform “key–exchange” that establishes a secure connection.
For you to benefit from the SSL Technology which we have implemented:
• you will need a browser with SSL capabilities. The latest versions of commonly used web browsers generally have this capability. However, it is your responsibility to check that this is the case. If you do not already have a browser with SSL capabilities, you can download an SSL browser from a vendor's website.
• You will also need an internet service provider that enables SSL technology. Nearly all internet service providers automatically enable SSL technology, but you will need to ensure that this is the case with your service provider.
Cognitive Group Ltd and its website manager makes no warranty or representation in respect of the strength or effectiveness of the encryption capabilities of SSL Technology and is not responsible in any way for events arising from any unauthorised access of the information you provide.
What rights do you have in relation to the data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.
Rights What does this mean?
1. The right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
This is so you’re aware and can check that we’re using your information in accordance with data protection law.
3. The right to rectification You are entitled to have your information corrected if it’s inaccurate or incomplete.
4. The right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5. The right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6. The right to data portability You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
7. The right to object to processing You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
8. The right to lodge a complaint You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
9. The right to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
• baseless or excessive/repeated requests, or
• further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
How will we contact you?
We may contact you by phone, email or by post. If you prefer a particular contact means over another please just let us know.
How can you contact us?
If you are unhappy with how we’ve handled your information, or have further questions on the processing of your personal data, contact us here: Cognitive Group Ltd., 4 Minster Court, WeWork, EC3R 7BB – GDPR@cognitive-group.com.