Important Information:

GDPR & Privacy Policy

Paul Mitchell Associates and its employees (“PMA”, “we” or “us”) take the privacy of our clients and candidates (“you” or “your”) very seriously.

PMA acknowledges and agrees to process all data in accordance with the Data Protection Act 2018 and the General Data Protection Regulations (effective 25th May 2018).

 


Purpose of Notice

The purpose of this GDPR & Privacy Policy Notice is to inform you of the following:

  •   What Data We Hold
  •   Why We Hold Your Data & How We Use / Disclose Your Data
  •   How Long We Hold Your Data (including Record Keeping Timescales)
  •   Data Storage
  •   Your Rights
  •   Data Breaches
  •   Queries / Complaints

What Data We Hold

PMA will hold some – or all – of the data listed below upon agreeing to engage our services:

Prospective & Existing Clients:

  •   Your Name
  •   Your Company Email Address
  •   Your Company Telephone Number(s)
  •   Log Of Our Communications With You (email , telephone, letter, face-to-face)

Candidates:

  •   Your Name
  •   Your Address
  •   Your Email Address
  •   Your Company Telephone Number(s)
  •   Date Of Birth
  •   Curriculum Vitae & Employment History
  •   **Identification Documentation (including – but not limited to – Passport, VISA, Proof Of Address, Proof Of National Insurance, Driving Licence)
  •   **Registration Documentation (including – but not limited to – Referees, Proof of Qualifications, Health / Emergency Contact Information)
  •   **Financial Information (including – but not limited to – Bank Details, Payroll Data, HMRC Data)
  •   **Criminal Record Checks / Security Clearance for Specific Roles
  •   Log Of Our Communications With You (email , telephone, letter, face-to-face)
  •   Record Of CV Submissions, Interviews, Job Offers & Placements
  •   Job Preferences / Requirements (including – but not limited to – salary, position, location)
  •   Photograph

**Sensitive Personal Data

N.B: If you provide PMA with information relating to Third Parties (Referees / Emergency Contact Details) – PMA will assume that the Third Party in question has consented for you to do so, and for PMA to collect, process and store their Personal Data in accordance with the above.

If you DO NOT consent to PMA storing your personal data – or registering your CV with PMA – DO NOT submit your CV for any jobs advertised on our website, or listed by us on Third Party job boards. We are unable to process any applications without your consent.

 


Why We Hold Your Data

PLUS – How We Use / Disclose Your Data

Under the auspices of legitimate interest – PMA may hold personal data on individuals for the following reasons:

Prospective & Existing Clients: 

  •   Contact by email, phone, SMS & letter in relation to recruitment services
  •   Advertising, Marketing & Public Relations
  •   Supplying recruitment services
  •   Submitting candidate CVs / details in relation specific vacancies
  •   Introduction & supply of permanent, temporary or fixed-term-contract job seekers
  •   Invoicing your company for recruitment services rendered
  •   In compliance with recruitment / employment / HMRC law & legislation

Candidates: 

  •   To inform you of job opportunities
  •   To inform you of our services
  •   To match your skillset & requirements to specific vacancies
  •   To establishing your right to work
  •   To undertake criminal record / security clearance checks as required
  •   Submission of your CV / details to clients / prospective employers
  •   To provide contractual arrangements & documentation relating to a job offer
  •   To place you in permanent, temporary or fixed-term-contract employment
  •   To address any workplace medical / health & safety issues
  •   To pay you as a temporary worker on PMA’s payroll
  •   In compliance with recruitment / employment / HMRC law & legislation

N.B: For the purpose of undertaking pre-employment checks – or in relation to paying you – we may share your data with trusted Third Parties including – but not limited to – HMRC, Pension Scheme Providers, Legal Advisors, Barclays Bank, and other relevant organisations.

 


How Long We Hold Your Data

In compliance with statutory requirements – and in order to run our business effectively – we are required to keep personnel & financial records for a set period of time. The length of time is determined by the type of record. For more information, please download our Record Keeping Timescales document.

Prospective & Existing Clients:

Due to the nature of recruitment – and under the auspices of legitimate interest – PMA will hold prospective and existing client data indefinitely for administrative purposes. This does not affect your right as a contact to be “Forgotten”. If you wish to be “Forgotten” and receive no further communication from PMA, please email office@paulmitchellassoc.co.uk or get in touch.

Candidates:

As your agency for life, we proudly maintain relationships with candidates that can span many years – involving numerous placements throughout their career. Under the auspices of legitimate interest, your consent allows us to store your personal data until such time as you wish to be removed from our records. This does not affect your right as a contact to be “Forgotten”.

In order to best serve you, PMA will periodically make contact to ascertain your employment status. You have access to the following options:

  •   LIVE: Actively / passively seeking employment and open to contact
  •   INACTIVE: Not seeking employment, but keep me on file with periodical contact
  •   STOP: Keep me on file, but do not contact me
  •   FORGET: Erase all of my data

In the event that we have had no contact with you within a period of 12 months, we will make your file “INACTIVE” and delete all **Sensitive Personal Data. Should you become a “LIVE” candidate in the future, you will be required to provide this information / documentation again.

N.B: Where we have placed and/or employed a candidate – we are required to retain evidence of said placement / employment for accounting, administrative & contractual purposes. PMA will ensure only essential personal data is retained, and will not make further contact unless legally required to do so. For more information, please download our Record Keeping Timescales document.

 


Data Storage

We take the security and storage of your data very seriously. We have internal controls and policies to ensure your data is not lost, accidentally destroyed or accessed by unauthorised Third Parties.

If you would like further information on how your data is stored and managed, you can request a copy of our Data Storage & Management Policy by emailing office@paulmitchellassoc.co.uk or contacting us.

 


Your Rights

As a data subject, you have the following rights:

  •   Access to obtain copies of the data we hold for you
  •   The ability to request updates and/or alterations to your data
  •   Alter how we contact you
  •   The right to be “Forgotten”
  •   Object to the processing of your data where PMA is relying on legitimate interest as the legal ground for processing

If you would like to exercise any of these rights, please email office@paulmitchellassoc.co.uk or contact us. Once PMA has verified your identity, we will provide / alter / erase the data you have requested within 30 days. If you believe PMA has not complied with your data protection rights, you can complain to the Information Commissioner's Office (ICO).

 


Data Breaches

PMA treats any data breach as a serious incident. In the event, PMA will conduct a thorough internal investigation and will notify the affected parties – along with the Information Commissioners Office – within 72 hours.

ICO Reference: Z9844382

 


Queries / Complaints

If you have a query or complaint regarding this GDPR & Privacy Policy Notice – or any of the procedures set out within – please contact us immediately so we may address any concerns you have:

  •   Data Protection Officer: Paul Mitchell
  •   Data Protection Administrator: Charlotte Burgess

If you believe that your data protection rights have not been adhered to, you have the right to raise your concerns with the Information Commissioner’s Office at www.ico.org or by calling 0303 123 1113 – or with the equivalent regulatory body outside of the UK.