XML is committed to protecting your privacy. This privacy notice seeks to explain our approach in line with current Data Protection laws and XML Data Protection Policy.
The General Data Protection Regulations defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Legitimate business Interest
XML processes your data when it is in our legitimate business interests to do this and when these interests are not overridden by your data protection rights.
What sort of data do we collect and retain?
XML retains Personal Information (data) about you to help in the Recruitment & Outsourcing process. By applying for an advertised position, contacting you with regards to an open position or in response to a direct enquiry from you we will hold any data that you have provided on your CV or Linkedin profile and any information you have provided to us directly including but not limited to:
- Contact Details: Address, Postcode, Telephone Number, Email Address;
- CV Details: Job titles, previous employers names, Education, Graduation Year;
- Other details: Notice Period, Salary/Rate, Expected Salary/Rate, Preferred Work Locations, Position Sought, Current Work Permits, Date of Birth;
How is Personal Data used?
Information given freely by yourself is only used for the recruitment/outsourcing process.
XML will continue to process your data in order to find relevant job opportunities to present you with; the processing will include running specific searches against a number of criteria from the information we have gathered and from the criteria our client has given us.
XML also plans to use your data to communicate relevant opportunities to you via phone, email, Skype, LinkedIn and SMS.
XML will, on some occasions, process your data for internal reporting reasons such as reviewing the number of candidates in our CRM system. These reports will not be shared with third parties but anonymised reports may be discussed and shared (not including any specific personal data).
How long is Personal Data retained?
We will retain your personal data on our secure database only for as long as is necessary.
Different laws require us to keep different data for different periods of time.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.
We must also keep your payroll records, holiday pay, sick pay and pension’s auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
Where do we keep your data?
We are committed to ensure that your data is kept secure. In order to prevent unauthorised disclosure we have in place suitable electronic and access control mechanisms and your data is securely stored on our CRM system which is hosted in the UK.
All of the software used to process and store your data is password protected and is accessed by authorised employees only.
Transfer of Data
XML reserves the right to share your personal data with third parties for the purpose of carrying out our legitimate business interests. In all cases in which personal data is shared, it shall be done in full compliance with the General Data Protection Regulation (GDPR), subject to your written consent, which you may withdraw at any time.
- Rectification and Erasure:
You have the right to choose who holds your data. If you do not wish XML to hold your data, you have the right to have any personal data we hold on you corrected and or deleted. If this is the case, please communicate this in writing to Datasecurity@myxml.co.uk providing details of the data you wish to be corrected OR if you wish to have your data deleted. We will then respond within 30 days of receipt of request.
- Subject Access Request:
If you wish to access the data we hold on you, please email Datasecurity@myxml.co.uk outlining the specific request and we will respond to you within 30 days of the receipt of SAR.
- Withdraw Consent:
Where you have consented to XML processing your personal data you have the right to withdraw that consent at any time please communicate this in writing to Datasecurity@myxml.co.uk
Please be aware that you also have the following data protection rights:
- The right to restrict processing of your personal data;
- The right to data portability in certain circumstances;
- The right to object to the processing of your personal data that was based on a public or legitimate interest;
If you wish to complain about how XML has processed your data or how we have dealt with any of your requests regarding your data, please communicate this in writing to Datasecurity@myxml.co.uk.
If you wish to contact us about any issues relating to your data please use the contact details below:
St. Chad’s Street
King’s Cross St. Pancras
London WC1H 8AG
Changes of our Privacy Notice and Data Protection policy
Any changes made on our Data privacy documents will be published on our website