Teacher Agency Nottingham, Derby Hadfield Education

Helping you build and amazing teaching career

Hadfield Education Privacy Policy and Incident Response Plan

Identity and contact details of the controller and where applicable, the controller’s representative) and the data protection officer Lee Stanley – gdpr@hadfieldeducation.com / 0115 9312122.

Purpose of the processing and the legal basis for the processing Hadfield Education processes personal data for the purpose of recruitment activity. This includes assessing the suitability of individuals for job roles, contacting individuals to gain updates on their job status and skills and to engage with prospective employers or hiring managers about their  recruitment plans. The legal basis for such processing will be based on the specific consent of the individual, or in certain cases where legitimate interests may apply. Hadfield Education will also process data on the basis of an individual entering into a contract with Hadfield Education, and such data is required to be processed under the terms of the contract.

 

Categories of personal data

Personal data means data which relate to a living individual who can be identified –

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come

into the possession of, the data controller, and  includes any expression of opinion about the  individual and any indication of the intentions of the data controller or any other person in respect of the individual.

 

Hadfield Education  may process data including:  email addresses, names, postal  addresses, employment history or other personally identifiable information that an individual includes within a CV. Any recipient or categories of recipients of the personal data Hadfield Education may disclose personal data to prospective employers on behalf of the data subject (with prior consent). Hadfield Education may also disclose personal data to third parties, only if applicable and with consent of the data subject (for example – reference or background checking agencies).

 

Transfers to third country and safeguards

Hadfield Education does not transfer data to third countries (outside the EEA). In the unlikely event  we are required to do so adequate safeguards would be put in place in line Data Protection Law and principles.

 

Retention period or criteria used to determine the retention period

Hadfield Education will usually  retain personal data for  a period of two years. However, this period would continue if we remained in contact and the data subject consented to it. In some instances  Personal data will be retained in accordance with the contractual obligations between Hadfield Education and the individual.

 

The rights of Data Subjects

–  Data Subjects  will have the right to withdraw their consent at any time. The easiest way to do this is to email gdpr@hadfieldeducation.com

–  Data  Subjects  have the right  to launch a complaint  to the appropriate supervisory authority

–  Data Subjects have the right to submit a Subject Access Request (SAR) at any time to

gdpr@hadfieldeducation.com. There will be no fee applicable and the data will be supplied within one month from the date of the request.

The source the personal data originates from and whether it came from publicly accessible sources Data processed by Hadfield Education is predominately sourced from the Data Subject directly via their CV or contact details sent through email or other communication channels such as LinkedIn. Hadfield Education also processes data from publicly accessible sources. The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.

Hadfield Education use software to help filter data in order to identify suitable individuals for specific vacancies or client requirements.

 

Data Breach Incident Response

In the event of a Data breach Hadfield Education will:

–  Our  designated  DPO will take  the lead on investigating  the breach along with our hosting provider.

–  Engage with our hosting provider to isolate and/or shut down the area compromised.

–  If the breach  could result in a risk for the rights and freedoms of the data subject(s)

Hadfield Education will notify the ICO no later than 72 hours after becoming aware of the breach.

–  Provide  the ICO details  regarding the nature  of the breach and the  categories and approximate number of data subjects and personal data records affected.

–  Where  there is  high risk to  the rights and  freedoms of the Data  Subject Hadfield Education  will notify the breach to the Data Subjects without undue delay.  In the event of Data loss or  if otherwise unfeasible to  contact the Data Subjects Hadfield Education  will make a public communication whereby Data Subjects are informed in an effective manner.This will  be done through the most appropriate media platform(s) available. Such notifications will include the name and contact details of our designated DPO.

–  Document the mitigating measures taken or proposed to be taken and share these with the ICO and the Data Subjects that have been affected.