Privacy Policy

At Baltimore Consulting Ltd (“we”, “us”, or “our” for short) we are a recruitment business providing work-finding services to our clients and work-seekers. We must process personal data (including special categories of personal data) so that we can provide these services – in doing so, we act as a data controller.

This privacy notice applies to all contractors, workers and employees. This notice does not form part of any contract of employment or other contract to provide services.

It is important that you read this notice, together with any other privacy notice that is provided on specific

occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

Contents

1. Collection and use of personal data
   1. Purpose of processing and legal basis
   2. Legitimate interest
   3. Statutory/contractual requirement
   4. Recipients of data
2. Personal information we collect
   1. Categories of data
   2. Sources of data
3. Data retention
4. Your rights
5. Cookies
6. Login files
7. Links to external sites
8. Sale of the business
9. Data security
10. Changes to this privacy notice
11. Complaints or queries

1. Collection and use of personal data

• Purpose of processing and legal basis

We will collect your personal data (which may include special categories of personal data) and will process your personal data for the purposes of providing you with work-finding services or for other job related purposes. For contractors this includes for example, contacting you about job opportunities, assessing your suitability for those opportunities, updating our databases, putting you forward for job opportunities, arranging payments to you and developing and managing our services and relationship with you and our clients. For employees or potential employees this includes for example making a decision about your recruitment or managing your employment with us.

We may contact you by email or other electronic means about opportunities that you might be interested in from time to time. You can opt-out from receiving these at any time by unsubscribing.

On some occasions we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

We must have a legal basis to process your personal data. The legal bases we rely upon to offer our work-finding services to you are:

• Your consent;
• Where we have a legitimate interest;
• To comply with a legal obligation that we have; or
• To fulfil a contractual obligation that we have with you.

• Legitimate interest

This is where we have a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us. Where we rely on a legitimate interest to process your personal data there will be a legitimate interest such as follows:

• Managing our database and keeping work-seeker and client records up to date;
• Providing work-finding services to you and our clients including contacting you about opportunities that you might be interested in from time to time;
• Giving you and our clients information about similar products or services to those that you will have used from us recently;
• Ensuring compliance with a fair and non-discriminatory recruitment process and protecting us from legal claims;
• Making a decision about your recruitment and the terms on which you work for us;
• Maintaining accounting/payroll records and other record keeping;
• Helping prevent and detect fraud or loss;
• Assessing risk, carrying out market research or statistical analysis, testing systems, improving the way that we run our recruitment process (including quality assurance) and analysing your application and recruitment history;
• Training staff and monitoring our services. This may mean that we may record our conversations or our correspondence with you to make sure we are providing you with a good service and to make sure we keep to our legal and regulatory obligations;
• Managing your performance and development;
• Managing your sickness absence & ascertaining fitness to work; or
• Making decisions about your continued employment or engagement, pay reviews, disciplinary matters or other job related matters.

• Statutory/contractual requirement

We have certain legal and contractual requirements to collect personal data including (but not limited to) the following:

• Complying with the Conduct of Employment Agencies and Employment Businesses Regulations 2003;
• Complying with immigration, tax, auto-enrolment, equality and health and safety legislation;
• Complying with safeguarding obligations;
• Managing contracts of employment, legal disputes and other employer duties; or
• Paying you and make legally required deductions.

Our clients may also require this personal data, and we may need your data to enter into a contract with you. If you do not give us the personal data we need to collect In order to comply with our statutory and legal requirements, we may not be able to continue to provide work-finding services to you or in the case of potential employees, to employ you.

• Recipient/s of data

We will process your personal data and/or sensitive personal data with the following recipients:

• Clients (who we may introduce or supply you to and who may perform their own suitability checks with third parties);
• Your former employers from whom we may seek references;
• Payroll service providers who manage payroll on our behalf or other payment intermediaries who we may introduce you to;
• Other recruitment agencies in the supply chain;
• IT and software providers who we use to support our services or business processes;
• Auditors or legal advisors who are assessing the compliance and processes of the business to ensure its adherence to all relevant legislation and good practice guidance;
• Any public information sources or third-party organisations that may be used to carry out suitability checks on work-seekers including the Disclosure and Barring Service (DBS), Social Work England and NFI (National Fraud Initiative);
• Government, law enforcement agencies and other regulators including (but not limited to) HMRC, Employment Agencies Standards Inspectorate (EASI) and Local Authority Designated Officers (LADOs), Disclosure and Barring Service and Social Work England;
• Any member of our group, which means our subsidiary companies, our ultimate holding company and its subsidiary companies; or
• If we are under a duty to disclose or share your personal data in order to comply with any other legal obligation, or in order to enforce or apply our terms and conditions to and other agreements; or to protect the rights, property, or safety of Baltimore Consulting Limited our customers, or others.

2. Personal information we collect

• Categories of data: We may collect personal information including but not limited to the following:

Personal data:

• Name
• Date of birth
• Contact details, including telephone number, email address and postal address (current and previous)
• Gender
• Marital status
• National insurance number
• Next of kin and other emergency contact details
• Bank account details and payroll records
• Professional and work history, training and qualifications
• CV
• References
• Links to your professional profiles available in the public domain and on social media (e.g. LinkedIn)

Special categories of personal data:

• Disability/health conditions relevant to the role
• Information required to establish your Right to Work
• Criminal convictions

• Source of the personal data: We may source your personal data/special categories of personal data from the following sources:

• Our website including application and contact forms together with any comments or remarks that you may provide in free text fields (such as personal statements) or CVs (where applicable);
• Directly from you – This covers the information you provide us whether searching for a new opportunity, during the various stages of a recruitment process or at a recruitment or networking event;
• Third Party – this could be your own limited company, an umbrella company or another recruitment agency;
• Publicly available sources – including social media and networking sites, job boards and corporate websites;
• Referrals / references – for example, a recommendation from a colleague or friend, a former employer or a current employer;
• Third party job boards and networking sites such as LinkedIn;
• Software providers who we use to support our services; or
• Cookies (more details in section 5).

3. Data retention

We will retain your personal data in line with our retention policy and for at least as long as is necessary for the purpose we collect it. Different laws may require us to keep different data for different periods of time. For example, the Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.

Additionally, we must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation. This is currently 3 to 6 years.

4. Your rights

Please be aware that you have the following data protection rights:

• The right to be informed about the personal data we process on you
• The right of access to the personal data we process on you
• The right to rectification of your personal data
• The right to erasure of your personal data in certain circumstances
• The right to restrict processing of your personal data
• The right to data portability in certain circumstances
• The right to object to the processing of your personal data that was based on a public or legitimate interest
• The right not to be subjected to automated decision making and profiling; and
• The right to withdraw consent at any time.

Where you have consented to us processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by:

• e-mailing us at dataprivacy@baltimoreconsultingltd.com inserting the words ‘Data Request’ in the heading; or
• writing to us at FAO Phil Renison, Finance Director, Baltimore Consulting Limited, 17^th Floor, Castlemead, Lower Castle Street, Bristol BS1 3AG.

Please note that if you withdraw your consent to further processing that does not affect any processing done prior to the withdrawal of that consent, or which is done according to another legal basis. There may be circumstances where we will still need to process your data for legal or official reasons. Where this is the case, we will restrict the data to only what is necessary for those specific reasons.

If you believe that any of your data that we process is incorrect or incomplete, please contact us using the details above and we will take reasonable steps to check its accuracy and correct it where necessary.

You can also contact us using the above details if you want us to restrict the type or amount of data we process for you, access your personal data or exercise any of the other rights listed above.

5. Cookies

We may obtain data about you from cookies. These are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies also enable us to deliver more personalized content.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, please refer to our Cookie Policy available on our website. Please note that in a few cases some of our website features may not function if you remove cookies from your browser.

6. Login Files

We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

7. Links to external websites

Our website may contain links to other external websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you leave our site we encourage you to read the privacy notices of each and every website that collects personally identifiable information. This privacy notice applies solely to information collected by our website.

8. Sale of business

If our business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.

9. Data Security

While we take every precaution to safeguard your personal information, you should be aware that the use of email/ the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/the Internet.

If you share a device with others, we recommend that you do not select the “remember my details” function when that option is offered.

10. Changes to this privacy notice

We do keep our privacy notice under regular review so please do check each time you use the site. You’ll be able to read about any updates on this page – as soon as they happen.

11. Complaints or queries

If you wish to complain about this privacy notice or any of the procedures set out in it please contact us by e-mailing  dataprivacy@baltimoreconsultingltd.com   inserting the words ‘Privacy Policy Grievance’ in the heading.

You also have the right to raise concerns with the Information Commissioner’s Office or any other relevant authority should your personal data be processed outside of the UK and you believe that your data protection rights have not been adhered to.