PRIVACY NOTICE

Introduction 

We are Skyline Group Solutions Limited (Registered in England & Wales No. 10064632) and our registered office is at 16-18 Barnes  Wallis Road, Fareham, Hampshire, United Kingdom, PO15 5TT. 

This Privacy Notice sets out the basis on which we and our group companies use personal data in the course of our business  activities. Our other group companies are: 

  • Skyline Architectural Solutions Ltd (Registered in England & Wales No. 10704150) 
  • Skyline Structural Solutions Ltd (Registered in England & Wales No. 11096393) 

As a business which relies upon having access to information about Candidates to meet our Clients’ requirements, data is essential  to our business. Our systems and processes are designed to ensure that we can provide the best possible service to our clients  while operating within the law at all times and protecting individuals’ data privacy rights.  

We reserve the right to update this Privacy Notice from time to time. Where appropriate, we shall contact you to notify you of  any material changes to the Privacy Notice. You should also refer to our website periodically so that you may access and view our  updated Privacy Notice. This will ensure that you understand (i) how we are using your personal data and (ii) your legal rights  around our usage of such personal data.  

Who Should Read This Privacy Notice? 

This Privacy Notice applies to any living, identifiable individuals about whom we may process personal data in the course of our  business activities. You should read this Privacy Notice if you are a: 

  • Candidate 
  • Client Contact 
  • Referee 
  • Supplier Representative 

Please note that, in some cases, you will fall into more than one of the above categories. 

If you are an employee, applicant for employment or in-house temporary worker, you should refer to our internal Privacy Notice  instead. 

Definitions 

This Privacy Notice uses the following defined terms: 

Candidate means a person who is recorded in our records as seeking or potentially suitable for an engagement with a Client. This  includes individuals who are not actively seeking a new role but who are in contact with us about potential opportunities which  may be of interest from time to time. 

Client means a business which has engaged us to provide services or which we have identified as a business for which we wish to  perform services.

Privacy Notice (External) Skyline Group Solutions September 2021 

Client Contact means a person who is employed or engaged by a Client and with whom we may liaise in respect of any services which we are providing or wish to provide to the Client. In some cases, the Client Contact and  the Client may be the same person e.g. where a Client is a sole trader. 

Data Protection Legislation means the Data Protection Act 2018 and the UK-GDPR together with any regulations and secondary  legislation, as amended or updated from time to time, and any relevant successor legislation; 

Referee means a person who has provided to us a written or verbal opinion in respect of the work history, skills, competency  and/or experience of a Candidate; 

Supplier means a business which provides services to us and which may process personal data relating to any Candidate, Client  Contact or Supplier Representative in the course of performing such services. 

Supplier Representative means a person who is employed or engaged by a Supplier and with whom we may liaise from time to  time in respect of the services which are provided by that Supplier. 

Third-Party Services Provider means any relevant third-party business which provides services to us, including our: 

  • Professional advisers including accountants, tax advisors and lawyers; 
  • Insurers; 
  • IT services providers and software providers; 
  • Independent consultants and subcontractors 

How We Obtain Personal Data 

We obtain personal data from a number of different sources, depending on the capacity in which you are dealing with us. If you are a Candidate, we may obtain personal data relating to you: 

  • Directly if you have: 

o applied for a Client vacancy through us 

o uploaded your CV through our website 

o asked us to provide any work-finding services to you 

o engaged with us through any networking activities or events 

o had any discussions with us about finding alternative employment 

  • Indirectly from: 

o online professional networking sites such as LinkedIn 

o social networking sites such as Facebook or Twitter 

o job boards such as Total Jobs and CV Library 

o Clients who provide feedback about applications for employment or engagement which you have made,  interviews which you have attended and assignments which you have carried out 

o Referees who provide information about your employment experience and their opinion as to your skills and  aptitude 

o your employer’s website and other industry-related websites 

o business information directories and online industry databases  

o where appropriate, third-party background checking services such as the Disclosure & Barring Service If you are a Client Contact or Supplier Representative, we may obtain personal data relating to you: 

  • Directly in the course of (i) us providing services to the Client or (ii) the Supplier providing services to us, as applicable; or 
  • Indirectly from: 

o online professional networking sites such as LinkedIn

Privacy Notice (External) Skyline Group Solutions September 2021 

o your employer’s website and other industry-related websites 

o business information directories 

o other individuals within your organisation in the course of (i) us providing services to the Client or (ii) the Supplier providing services to us, as applicable. 

If you are a Referee, we may obtain personal data relating to you: 

  • Directly from you in the course of any communications between us; or 
  • Indirectly from the Candidate who has nominated you as his or her Referee 

Types of Information We Hold 

If you are a Candidate, we may collect, store and process the following types of personal information about you: 

  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses; Your gender, date of birth, nationality and place of residence; 
  • Your professional skills and experience; 
  • Your qualifications, training and certifications; 
  • Proof of your right to work in the United Kingdom such as copies of your passport and, where applicable, visa, residence  permit or similar government documents; 
  • Proof of your identity and address, such as copies of your driving licence, utility bills or similar documents; Information about your current or most recent role, including your job title, department, reporting line, responsibilities,  salary, benefits and notice period; 
  • Your motivation and reasons for seeking new employment; 
  • Any information within your CV or any application document which a Client may require you to complete; Any background information which you provide to us during the course of your dealings with us; Details of any Clients to whom you have been introduced by us; 
  • Details of any interviews which you have attended and our Clients’ feedback on those interviews;  Details of any position which you take up with a Client, including your role, duties, remuneration, department and  location; 
  • If you provide any services on a freelance basis: 

o Details of any limited company through which you contract and the nature of your relationship with that  company; 

o Information about the days and times which you have worked or the deliverables which you have provided; o Your bank details, tax code and National Insurance Number; and 

o Information about any services which you have carried out, including any comments, feedback and issues  relating to such services.  

We may also collect, store and use the following “special categories” of more sensitive personal information: 

  • Information about your race or ethnicity; 
  • Information about your health, including any medical condition, health and sickness records; and Information about criminal convictions and offences. 

If you are a Client Contact, we will collect, store, and use the following categories of personal information about you: 

  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses; Your job title and position within the Client organisation; and 
  • Any background information relating to your personal circumstances, your work history and the role which you perform  within the Client which you may provide to us in the course of your dealings with us.

Privacy Notice (External) Skyline Group Solutions September 2021 

We do not collect, store or use any “special categories” of sensitive personal information if  

you are a Client Contact

If you are a Referee, we will collect, store, and use the following categories of personal information about you: 

  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses; Your job title and position within your employer; and 
  • Any background information which you may provide to us in the course of your dealings with us. We do not collect, store or use any “special categories” of sensitive personal information if you are a Referee

If you are a Supplier Representative, we will collect, store, and use the following categories of personal information about you: 

  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses; Your job title and position within the Supplier organisation; and 
  • Any background information relating to the role which you perform within the Supplier which you may provide to us in  the course of your dealings with us. 

We do not collect, store or use any “special categories” of sensitive personal information if you are a Supplier Representative

How We Use Personal Data 

If you are a Candidate, we may use your personal data to: 

  • Assess and verify your potential suitability for employment with a Client; 
  • Contact you in relation to any potential employment opportunities with a Client; 
  • Introduce you to our Clients and potentially arrange for you to fill a Client vacancy; 
  • Stay in regular contact with you to understand your current position, career aspirations and motivation for finding new  employment; 
  • Where applicable, make payments to you or arrange for any third-party company through which you may contract to  make payments to you; 
  • Contact you to ask for a referral;  
  • Produce anonymised statistical data; 
  • Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime;  Conduct equal opportunities monitoring. 

If you are a Client Contact, we may use your personal data to: 

  • Contact you to obtain information about our Client’s requirements; 
  • Liaise with you so that we may effectively perform the services to our Client; 
  • Contact you to inform you of a Candidate’s availability or interest in a job role; 
  • Obtain a reference for a Candidate; 
  • Contact you for invoicing and credit control purposes; 
  • Provide you with statistical information about your industry sector; 
  • Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime. If you are a Referee, we may use your personal data to: 
  • Contact you to obtain a reference on a Candidate;  
  • Provide a copy of the reference to our Client; 
  • Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime. If you are a Supplier Representative, we may use your personal data to:

Privacy Notice (External) Skyline Group Solutions September 2021 

  • Liaise with you in respect of the services which are being provided by the Supplier; 
  • Contact you in relation to billing matters; 
  • Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime. 

Our Lawful Basis for Processing Data 

We have determined that we have a legitimate interest to process your personal data where you are: 

  • A Candidate, on the basis that it is necessary for us to maintain a database of individuals who are (i) actively seeking new  employment with a Client or (ii) potentially suitable for employment with a Client. By processing your personal data and  contacting you from time to time, we are able to gain an understanding of your current role (where applicable), your  skills and experience, and your career aspirations. Our processing of your personal data is therefore of benefit to: 

o You, as it assists us to identify new employment opportunities about which you might not otherwise been aware  and to give general advice and guidance in support of your career development; 

o Our Clients, who rely on us to have access to suitable, pre-qualified candidates who can fill their requirements;  and 

o Us, as we are a business which relies upon being able to introduce Candidates to our Clients 

  • A Client Contact, on the basis that we need to be able to contact and interact with the individuals who are employed or  engaged by our Clients. This will allow us to effectively provide services to them, better understand their requirements and generate revenue for our business. 
  • A Referee, on the basis that we are generally required to obtain references to comply with our contractual obligations to  third parties and, in some instances, we are under a legal obligation to do so. It is therefore necessary and reasonable for  us to process personal data relating to you strictly for compliance with these obligations. 
  • A Supplier Representative, on the basis that we need to be able to contact and interact with the individuals who are  employed or engaged by our Suppliers. This will allow us to ensure that our Suppliers provide us with the best possible  service which, in turn, is of direct benefit to both our Candidates and our Clients. 

If you are a Candidate, we may also need to process sensitive (special) personal data relating to you. The type of sensitive personal  data which we might process includes (i) information about any medical conditions or disability insofar as they are relevant to the  type of work which you are proposing to carry out (ii) information about any unspent criminal convictions and, where relevant to  the type of role which you are carrying out, spent convictions, police warnings etc and (iii) information about any trade union of  which you are a member (but only insofar as it relates to an employment claim or pay and working conditions on a client site).  

We are acting as an employment agency and/or an employment business in our dealings with you. In accordance with Article 9  (2)(b) of the UK-GDPR, this sensitive personal data is necessary in the field of employment. i.e. it is required for performing our  obligations as an employment agency or employment business and is used solely for this purpose. Any sensitive personal data  shall be held strictly in accordance with our policies on data retention and sensitive personal data.  

We may also process equal opportunities information relating to you. This shall be anonymised and it is not therefore personal  data within the meaning of the Data Protection Legislation. 

Where We Process Personal Data 

Your personal data is held and processed by us in the United Kingdom.  

In addition to our database, we may use Microsoft OneDrive to store personal data relating to you. We have ascertained that this  data is kept within a data centre within the United Kingdom. We may also use DropBox for data storage. This is a US-based business  that is certified under the US Privacy Shield Framework.

Privacy Notice (External) Skyline Group Solutions September 2021 

We have put in place appropriate safeguards to ensure that your data is only transferred to  

jurisdictions with enforceable data subject rights and effective legal remedies in respect of  

data privacy breaches. We will therefore only transfer your personal data to jurisdictions outside of the UK and EEA where: 

  • There is a current adequacy decision in respect of such jurisdiction. This means that the ICO has pre-approved the data  privacy regime in the relevant non-EEA country. At present, the UK has adopted the European Commission-approved  jurisdictions, which are Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay. 
  • The transfer of data is subject to the standard contractual clauses. This means that we have a data-sharing agreement in  place which complies with the requirements set out by ICO in the UK; or 
  • You have expressly given informed consent to the transfer of such data. This means that you have not only agreed to the  transfer but have done so in the knowledge that your data may be transferred to a jurisdiction which does not give you  the same degree of protection as you have within the UK and EEA. 

Parties with Whom We May Share Data 

If you are a Candidate, we may share your personal data for legitimate purposes with: 

  • A Client where you have expressed an interest in being introduced to such Client or are being supplied to such Client on  an assignment; 
  • Any third-party which is engaged by the Client to assist them in the recruitment process including a managed service  company, Recruitment Process Outsourcing provider or IT platform provider; 
  • A third-party company through which you are contracting; 
  • A third-party company to which you have specifically asked to be introduced or referred, such as an insurance company  or intermediary (umbrella) company; 
  • Background checking services such as the Disclosure & Barring Service; 
  • Industry bodies which are relevant to the market sector in which you work; 
  • Third-Party Services Providers who in some cases may use their own subcontractors and sub-processors; Our bankers and recruitment finance providers; 
  • Other companies within our group; 
  • Governmental departments and agencies where we are permitted or required by law to do so. 

We may also share your personal data with Clients on an anonymised basis where we have agreed to provide general statistical  information to such Clients.  

If you are a Client Contact, we may share very limited data relating to you with a Candidate where such sharing is strictly required  for the recruitment process e.g. so that the Candidate may contact you directly. We will also share your personal data with Third Party Services Providers for legitimate business purposes and within our group of companies. 

If you are a Referee, we will share with our Clients the details of any reference which you may give. We will usually provide your  name, job title and employer name when doing so. In some circumstances and only when you have agreed to such disclosure, we  will provide your contact details so that our Client may verify the reference or ask for further information. We will also share your  personal data with Third-Party Services Providers for legitimate business purposes and within our group of companies. 

If you are a Supplier Representative, we will share your personal data with other Third-Party Services Providers for legitimate business purposes and within our group of companies. 

Automated Decision Making 

Automated decision-making takes place when an electronic system uses personal information to make a decision without human  intervention. All decisions which are made in the course of our business processes involve human intervention. We do not  therefore make any decisions about you using automated means, whether you are a Candidate, Client Contact, Referee or  Supplier Representative

Privacy Notice (External) Skyline Group Solutions September 2021 

Data Security 

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or  accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those  employees, agents, contractors and other third parties who have a business need to know. They will only process your personal  information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from  the Managing Director. 

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator  of a suspected breach where we are legally required to do so. 

Data Retention 

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the  purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for  personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised  use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those  purposes through other means, and the applicable legal requirements.  

Our standard data retention period is three years from the last date on which we are in actual contact with you i.e. where we  actually speak with you or exchange correspondence. After this time, we will usually delete your personal data from our records.  

Where we are required to keep any information (i) for auditing or compliance purposes (ii) to comply with our contractual  obligations to third parties or (iii) in respect of any potential or actual legal proceedings, we shall keep your data for as long as is  strictly necessary for these purposes, which is typically for seven years in respect of audit data which we may be required to  produce for HRMC and/or to prove compliance with our contractual and legal obligations. 

In some circumstances we may completely anonymise your personal information so that it can no longer be associated with you,  in which case we may use such information without further notice to you. 

Rights of access, correction, erasure, and restriction  

Your duty to inform us of changes. It is important that the personal information we hold about you is accurate and current. Please  keep us informed if your personal information changes during your working relationship with us.  

Your rights in connection with personal information. Under certain circumstances, you have the right to: 

  • Request access to your personal information (a Subject Access Request). This enables you to receive a copy of the  personal information we hold about you and to check that we are lawfully processing it. You will not usually have to pay  a fee to access your personal information but we may charge a reasonable fee if your request is clearly unfounded,  repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances. 
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or  inaccurate information we hold about you corrected. 
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where  the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed or you  have objected to the processing and there is no overriding legitimate interest for continuing the processing. 
  • Object to processing of your personal information where we are relying on a legitimate interest and you object on  “grounds relating to your particular situation.”

Privacy Notice (External) Skyline Group Solutions September 2021 

  • Request the restriction of processing of your personal information. This enables you  

to ask us to block or suppress the processing of personal information about you, for  

example if you want us to establish its accuracy or the reason for processing it or if you have also objected to the  processing as above. 

  • Request the transfer of your personal information to another party when the processing is based on consent and carried  out by automated means. This right is not usually applicable to any data processing carried out by us. 

If you want to exercise any of the above rights, please contact the Managing Director in writing. We will consider your request  and confirm the actions which we have taken in response to such request. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the  information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information  is not disclosed to any person who has no right to receive it. 

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal  information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To  withdraw your consent, please contact the Managing Director. Once we have received notification that you have withdrawn your  consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another  legitimate basis for doing so in law. We will confirm the actions which we have taken in respect of any such request. 

If you are unhappy with any aspect of the manner in which we have processed your personal data or dealt with your decision to exercise any of the rights set out in this section, you have the right to complain to the Information Commissioners Office in the  United Kingdom. Their details are: 

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF 

Tel: 0303 123 1113 (local rate) or 01625 545 745  

Email: casework@ico.org.uk 

Contacting Us 

If you have any questions about this Privacy Notice, please write to the Managing Director, Skyline Group Solutions Limited, 16- 18 Barnes Wallis Road, Fareham, PO15 5TT. Alternatively, you may telephone us on 01489 874 281or email us at jade@skyline group.net