CyberStream Global Limited is committed to protecting the privacy of our candidates, clients and users of our website. We want to provide a safe and secure user experience.
We will ensure that the information you submit to us via our website or through any of our offices or other international websites or offices is only used for the purposes set out in this policy.
CyberStream Global Limited is a recruitment business which provides work-finding services to its clients and work-seekers. CyberStream Global Limited must process personal data (including sensitive personal data) so that it can provide these services – in doing so, CyberStream Global Limited acts as a data controller.
You may give your personal details to CyberStream Global Limited directly, such as on an application or registration form or via our website, or we may collect them from another source such as a jobs board. For the purposes of providing you with work-finding services and/or information relating to roles relevant to you we will only use your personal data in accordance with the terms of the following statement.
At a glance:
This Policy explains when and why we collect personal information about people who enquire about roles we advertise. The policy also explains how we use that information, the conditions under which we may disclose information to others and how we keep personal information secure.
At CyberStream Global Limited we’re committed to protecting and respecting your privacy and are transparent in everything we do. We may change this Policy from time to time so please check this page to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
Who is the controller of the data that you provide to us?
CyberStream Global Limited is a data controller in the United Kingdom for the purposes of the Data Protection Act 2018 and the General Data Protection Regulations. We ensure that the data you supply to us is processed fairly and lawfully, and with skill and care and used only for the purposes set out in this policy.
The Company collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with work-finding services. The legal bases we rely upon to offer these services to you are:
- Legitimate interest
- Legal obligation
- Contractual obligation
What type of data will we collect?
We will collect data about you, both personal data (such as your name and contact details) and sensitive personal data (such as information in your CV). Depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the information listed below to enable us to offer you employment opportunities which are tailored to your circumstances and your interests. In some jurisdictions, we are restricted from processing some of the data outlined below. In such cases, we will not process the data in those jurisdictions.
- Age/date of birth;
- Marital status;
- Education details;
- Employment history;
- Professional qualifications;
- Emergency contacts and details of any dependants,
- Referee details;
- Immigration status (whether you need a work permit);
- Nationality/citizenship/place of birth;
- A copy of your driving licence and/or passport/identity card;
- Financial information (where we need to carry out financial background checks);
- Social security number (or equivalent in your country) and any other tax-related information;
- Diversity information including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability-related information;
- Details of any criminal convictions if this is required for a role you are applying for;
- Details about your current remuneration, pensions and benefits arrangements, Information on your interests and needs regarding future employment, both collected directly and inferred, for example from jobs viewed or articles read on our website;
- Extra information that you choose to tell us;
- Extra information that your referees chooses to tell us about you;
- Extra information that our clients may tell us about you, or that we find from other third-party sources such as job sites;
- The dates, times and frequency with which you access our services; and CCTV footage if you attend our premises.
Lawful Basis for Collecting Data
- The lawfulness of processing conditions for personal data are:
- Consent of the individual for one or more specific purposes.
- Processing is necessary for the performance of a contract with the individual or in order to take steps at the request of the individual to enter into a contract.
- Processing is necessary for compliance with a legal obligation that the controller is subject to.
- Processing is necessary to protect the vital interests of the individual or another person.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
- Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the individual which require protection of personal data, in particular where the individual is a child.
- The lawfulness of processing conditions for sensitive personal data are:
- Explicit consent of the individual for one or more specified purposes, unless reliance on consent is prohibited by EU or Member State law.
- Processing is necessary for carrying out data controller’s obligations under employment, social security or social protection law, or a collective agreement, providing for appropriate safeguards for the fundamental rights and interests of the individual.
- Processing is necessary to protect the vital interests of the individual or another individual where the individual is physically or legally incapable of giving consent.
- In the course of its legitimate activities, processing is carried out with appropriate safeguards by a foundation, association or any other not-for-profit body, with a political, philosophical, religious or trade union aim and on condition that the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and provided there is no disclosure to a third party without the consent of the individual.
- Processing relates to personal data which are manifestly made public by the individual.
- Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Processing is necessary for reasons of substantial public interest on the basis of EU or Member State law which shall be proportionate to the aim pursued, respects the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the individual.
- Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of EU or Member State law or a contract with a health professional and subject to the necessary conditions and safeguards.
- Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices, on the basis of EU or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the individual, in particular professional secrecy.
- Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard fundamental rights and interests of the individual.
- How do we use your personal data?
The personal data and sensitive personal data will be stored, processed, used and disclosed by us in the following ways.
- Provision of services and account management:
- To provide our recruitment services to you and to facilitate the recruitment process
- To assess data about you against vacancies which we judge may be suitable for you
- To send your information to clients to apply for jobs or assess your eligibility for jobs
- To answer your questions and enquiries
- To pay you for employment related goods and services
- To use your information on an anonymised basis to monitor compliance with our equal opportunities policy
- To carry out our obligations arising from contracts entered into between you and us
- From time to time we may seek your consent to process, use or disclose your information for any other purpose not listed above.
- How do we share your personal data?
CyberStream Global Ltd. may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process products and send you mailings). These third parties may include:
- We use third party service providers to provide a recruiting software system.
- We also share your personal data with other third-party service providers that may assist us in recruiting talent, administering and evaluating pre-employment screening and testing, and improving our recruiting practices.
- To third parties where we have retained them to provide services that we, you or our client have requested including references, qualifications, credit and criminal reference checking services.
- To third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, or in connection with legal proceedings.
- How do we safeguard your personal data?
Data security is of great importance to CyberStream Global Ltd and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website. Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password, which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
- How long do we keep your personal data for?
We will hold your data for no longer than it is required and in accordance with our data retention and disposal policy. We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date. We rely on you to inform us of all changes to your Personal Data to ensure that it is up to date and we will update or delete your Personal Data accordingly.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003 require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.
We must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
Where the Company has obtained your consent to process your personal and sensitive personal data, we will do so in line with our retention policy (a copy of which is attached). Upon expiry of that period the Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal data and sensitive personal data.
- How do we access/amend your personal data?
The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: firstname.lastname@example.org
You have the right to ask for a copy of the information we hold about you.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter. Our Data Protection Officer is Nigel Gooding and you can contact them at email@example.com
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
- How do we store and transfer your personal data?
Data, which we collect from you, may be stored and processed in and transferred to countries outside of the European Economic Area (EEA). For example, this could occur if our servers are located in a country outside the EEA or one of our service providers is situated in a country outside the EEA. We also share information with our group companies, some of which are located outside the EEA. These countries may not have data protection laws equivalent to those in force in the EEA.
- What are cookies and how are they used?
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you.
We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.