Your Privacy Entitlements
The purpose of this document is to set out the privacy entitlements of Data Subjects, as defined in the General Data Protection Regulation (GDPR), of living persons. Privacy can only apply to information that is not already in the public domain and GDPR only applies to such personal data.
The General Data Protection Regulation (GDPR) is a European Union Regulation that sets out the data entitlements of data subjects and the obligations of those who process the personal data of data subjects. GDPR seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU.
Who We Are?
BSS Contracts Solutions Ltd, BSS Subcontractors and BSS Personnel Ltd (hereinafter referred to as “BSS”) is the data controller for any personal information you supply to us in relation to enquiries recruitment process and when registering as a client or candidate.
Our full postal address is:
What we collect?
BSS may collect your personal and sensitive personal data such as your name, address, date of birth, contact details, e-mail address and sensitive personal information obtained from your CV such as criminal convictions and ethnic origin. We will only collect information which we believe to be relevant to our recruitment process and to fulfil your needs and provide the best service possible.
How we collect this data?
We collect personal data about you from the application forms and questionnaires you may be asked to complete; we also gather personal data from records of our correspondence, phone calls, emails and details of your visits to our website, including but not limited to personally identifying information like Internet Protocol (IP) addresses. This information can be used to identify visitors to our website and also to collect statistics about the behavior of visitors to our website.
What we use this data for?
Our company uses that data to place you in employment with third parties which involves making telephone contact with you, emailing you with positions that may be of interest to you, emailing and telephoning potential employers to advance your career prospects with those companies and sharing your data with those potential employers. When you register with us you are agreeing to our company acting as an agent for you in your pursuit of an employment position with a third party until you either opt out (which you can do at any stage) or we cease in promoting you to potential employers. Our company in their capacity as your agent operates as a Data Controller in respect of the personal data you supply to us. We share your data with third party Clients in order to advance your prospect of obtaining your desired position and while we require that our clients are GDPR compliant we can make no guarantees or warranties in that regard.
Where we have collected your data from a job board application process, we will consider you for positions other than the sole position you have applied for.
Data Minimisation Principle
We will only collect the information we need so that we can ensure adequate information is provided to our employer/clients consistent with the requirements of the particular placement relevant to you, as the contract is being performed, it may be necessary to obtain further data from you, we will do this if and when it is necessary and only the necessary data will be obtained. This agency does not sell or broker your data.
This company has different categories of data subjects:
- Data subjects who general candidates are looking for temporary or permanent work.
- Data subjects who are engaged on a contract of employment by our company to be placed in temporary assignments in our client companies.
- Data subjects who our own internal employees are carrying out the work of the recruitment agency.
- Data subjects whom we introduce to companies and who provide contractual work to those companies
There are different categories of data required between the differing data subject categories and only the information necessary to conduct the contractual relationship and perform the contract unique to each data subject will be collected.
How long do we keep your information?
We will process personal data during the duration of any contract and will continue to store only the personal data needed for periods after the contract has expired to meet any legal obligations as set out in the table below. After these periods any personal data not of use will be deleted or consent will be sought to retain information.
|Source of Obligation||Retention Period|
|Revenue Commissioners, Collector General, Companies Acts legislative provisions||6 years rolling retention of records|
|Personal Injuries related records||Records are retained for a period of 3 years past the date of the cause of action, unless it involves a minor, in which case the retention period will be up until 3 years after the minor reaches the age of 18.|
|Breach of Contract related records||Records are retained 6 years from the date of the breach|
|Employment Agency Candidate for Interviews/Placements Records||Candidate information is kept for a period of 1 year past the initial contact with the agency by the candidate, unless the candidate exercises their entitlement to a termination of processing.|
|Employment contract/terms of employment related information||Duration of the employment – this includes everything from the application form, interview notes, contract related, performance appraisals, references|
|Organisation of Working Time – time sheets/holiday and public holiday records
National Minimum Wages
Protection of Employment – Temporary Agency Workers, Part Time Workers, Fixed Term Workers
Protection of Young Persons
|3 years post the termination of the employment. Records kept are sufficient to show compliance with legal obligations in accordance with the statutory provisions.|
|Parental Leave Related||8 years – records kept show the dates when a qualifying employee availed of the parental leave and force majeure leave provisions|
|Employment Equality||All records, including interviews and applications are kept for a period of one year.|
|Health and Safety Records||All records relating to health and safety will be kept for a period of 10 years|
|Data Law Compliance||Records in relation to our compliance with Data Law and GDPR will be kept for a five year period.|
Legal Basis for processing any personal data
This company relies upon the following legal bases for data collection:
- Information is required in order to perform the contract of employment agent on behalf of you the candidate to potential employers. The basis of data gathering in that instance is contractual requirements. This will include identification information such as but not limited to name, address, date of birth, information regarding education/qualifications and reference checks.
- Information is required in order to perform our statutory obligations such as tax returns and compliance with employment permit legislation. This information will include PPS numbers and where relevant GNIB card copies.
- Information is sought on your express and explicit consent in relation to training options.
- Information is processed in the legitimate interests of the business of the employment agency, and where so processed it will be in accordance with and subject to your data subject rights and entitlements.
Through agreeing to this privacy notice you are consenting to us processing your personal data for the purposes outlined. You can withdraw consent at any time by emailing firstname.lastname@example.org or writing to us, see last section for full contact details.
A necessity of our contractual engagement is that we share your personal data with our employer/clients. We have in place Data Sharing Agreements (in the form of actual agreements or merely additional clauses within the terms and conditions of engagement between the agency and its clients) or Data Processing Agreements with all such employer/clients and we have done our utmost to ensure that all such parties process your data in a manner that is consistent with this Privacy Notice and GDPR. Our employer/clients may themselves be subject to third party audits either in the form of ethical audits, governmental/statutorily required audits or legal obligations, these are deemed a necessity of the contract of engagement between you and our company or on this legal basis your personal data will be shared to comply with these requirements.
How we keep your data safe?
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Data is held in Ireland using different (multiple) servers. We do store personal data outside the EEA.
Your rights under GDPR
For the entirety of the time that we are in possession of your data, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records and we will comply with this request in accordance with our own obligations to keep records for statutory purposes
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
These rights may on occasion need to be modified/curtailed by statutory or competing obligations, for example, you may request that we delete your data, however if we have been your employer we can only do so after the statutory period of record retention has expired. In the event that we are obliged to refuse your request in accordance with your data subject rights, or if we are obliged to place conditions on our assent to your request, we will provide you with a reason as to why, which you have the right to legally challenge.
At any time following a request from you we can confirm what information we hold about you, as well as how and why it is being processed.
For more information on your rights please visit the DPC website: https://www.dataprotection.ie/docs/Home/4.htm
You can request the following information
- Identity and the contact details of the person or organization that has determined how and why to process your data.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of our company or a third party such as one of its clients, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (Data Protection Regulator).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
We will not disclose opinions given in confidence.
To access what personal data is help, identification will be required
We will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If we are dissatisfied with the quality, further information may be sought before personal data can be released.
You may request details of personal information which we hold about you under the Data Protection Act 1998 and the forthcoming General Data Protection Regulation (GDPR)
If you would like a copy please submit your request in writing to:
By email to: email@example.com
By post to: BSS 27-30 Merchant House, Merchant Quay Dublin 8
If you have any questions about this policy or about your personal information the please contact BSS on 017071012
In the event that you wish to make a compliant about how your personal data is being processed by us or by our partners, you have the right to complain to Shauna Whitty. If you do not get a response within 30 days you can complain to the OFFICE OF THE DATA COMMISSIONER, Supervising Authority of Ireland.
Last updated: 23/05/2018