Information Security and Data Protection Policy
Star Employment Services (“the Company”) is a member of the Recruitment and Employment Confederation (REC) and adheres to their Code of Professional Practice.
Star Employment Services processes personal data in relation to its own staff, work-seekers and individual client contacts - therefore it is a “data controller” for the purposes of the Data Protection Act 1998. The Company has notified the Information Commissioner’s Office – the Company’s data protection registration number is Z6614691.
The Company holds personal data on individuals (“data subjects”) for the following general purposes:
The Data Protection Act 1998 requires the Company as data controller to process data in accordance with the principles of data protection. These require that personal data shall be:
Personal data should be reviewed on a regular basis to ensure that it is accurate, relevant and up to date and the Operations Manager shall be responsible for doing this.
Personal data may only be processed with the consent of the person whose data is held. Therefore if they have not consented to their personal details being passed to a third party this may constitute a breach of the Data Protection Act 1998. By instructing the Company to look for work and by providing us with personal data contained in a CV work-seekers will be giving their consent to processing their details for work-finding purposes. If you intend to use their personal data for any other purpose you MUST obtain their specific consent.
Caution should be exercised before forwarding the personal details of any individuals on whom personal data is held, to any third party such as past, current or prospective employers, suppliers, customers and clients, persons making an enquiry or complaint and any other third party.
Personal data in respect of the following is “sensitive personal data” and any information held on any of these matters MUST NOT be passed on to any third party without the express written consent of the individual:
From a security point of view, only the Operations Manager is permitted to add, amend or delete personal data from the Company’s database(s) (“database” includes paper records or records stored electronically). However all staff are responsible for notifying those listed where information is known to be old, inaccurate or out of date. In addition all employees should ensure that adequate security measures are in place. For example:
Data subjects are entitled to obtain access to their data on request and after payment of a fee. All requests to access personal data by data subjects should be referred to the Operations Manager.
Any requests for access to a reference given by a third party must be referred to the Operations Manager and should be treated with caution even if the reference was given in relation to the individual making the request. This is because the person writing the reference also has a right to have their personal details handled in accordance with the Data Protection Act 1998, and not disclosed without their consent. Therefore when taking up references an individual should always be asked to give their consent to the disclosure of the reference to a third party and/or the individual who is the subject of the reference if they make a subject access request. However if they do not consent then consideration should be given as to whether the details of the individual giving the reference can be deleted so that they cannot be identified from the content of the letter. If so the reference may be disclosed in an anonymised form.
Finally it should be remembered that all individuals have the following rights under the Human Rights Act 1998 and in dealing with personal data these should be respected at all times:
Operations Manager, Star Employment Services, 51-53 Queen Street, Wolverhampton WV1 1ES.
Tel: 01902 319333