“Personal Data” is information that can be used to directly or indirectly identify an individual, like name, address, email address, telephone number. “User” is a natural entity with which Office Concierge has an established relationship (for example an employee, supplier, client, etc.) “Web Visitor” is an individual visiting our front-end website at www.officeconcierge.co.uk. “Candidate” is an applicant for employment with Office Concierge, either through our Web Recruitment portal or directly. “Data Subject” is the natural entity to which the Personal Data relates.
3. Data Controller
4. Base principles
In formulating our policy we have adhered to the following principles:
Transparency with regards to the collection and use of data and that only data deemed essential for a specific purpose is collected
The collected data will only be used for the purpose specified
That all processing is lawful, fair, transparent and necessary for a specific purpose
That data is accurate, kept up to date and removed when no longer necessary
That data is kept safely and securely employing where possible risk-based approaches and privacy-by-design principles.
5. Collection and use
The following sections cover the specifics of each of the three groups from which data is collected: website Visitors, Candidates, Users and CCTV.
5.1 Website Visitors
As a general Visitor you can visit our website without giving away any personal information. Office Concierge uses Google Analytics and Cookies in order to provide the metrics that allow us to improve our website and to provide a better user experience. The data collected by Google Analytics are anonymous traffic data including browser information, device information and language. This information is used only to provide a general overview of how the Office Concierge website is assessed and used. No additional information is collected beyond this (The IP address of the visiting computer is known to Google but this information is not accessed or used by Office Concierge).
5.1.2 Contacting Office Concierge
If you contact us via the website, information about you will be collected. It will be information you fill in the contact page and include personal data such as your name, email address, organisation which will be processed and stored in order for us to effectively deal with and respond to your request. No further use will be made of the data.
Office Concierge job vacancies can be filled by recruitment from a specific job advertisement, from CVs sent in directly (or through our Web Recruitment Portal) or from Job Board listings (and/or Social Media sites). In all cases we will ask for your explicit consent to process the personal data you have provided in connection with the job application. This consent is entirely voluntary but in the event that the requested consent to the processing of your Personal Data is withheld, further progress of the application will not be possible. All data provided, requested or volunteered will be used exclusively for the evaluation of a candidate’s suitability for a vacancy and for recruitment related purposes. (See also section 8 “Data Transfer”) Page 3 of 5 Office Concierge may, with your additional consent, keep your data for a further period for the possibility of matching you with other positions should the opportunities arise.
Office Concierge necessarily processes and stores personal data of Users as part of its operations. All processing of these data is lawful and the legality, depending on the activity involved, based on:
the legitimate interests of the controller
necessary for performance of contract
in compliance with legal obligation
with the consent of the natural person
Office Concierge operates a CCTV system to capture high definition video images for the purposes of crime prevention and staff and public safety in its Head Office. CCTV data is processed in pursuit of our legitimate interest and those of the data subjects whose data is processed. Appendix 1 provides further information on the personal data held, how they are used and the legal processing basis employed for the processing of personal data.
6. Data retention and deletion
Office Concierge will keep your personal data in accordance with our internal data retention policies which is based on the minimum retention period required by law. We will only keep personal information beyond this period if there is a legitimate and provable business reason to do so.
7. Data Security
Through the use of appropriate technical measures we will make sure that any information you have given us is protected from unauthorized access, use or disclosure, loss.
8. Data Transfers
The processing of Personal Data is strictly limited to the specific purposes for which they are gathered. Such processing is done within Office Concierge and, where applicable, members of the group. In certain instances Personal Data is shared with 3rd parties. These are:
For purposes of staff training.
For the provision of additional employee benefits.
For the performance of additional employment related services.
The nature of the services provided by Office Concierge means field staff are sited at client premises. Clients may wish to participate in the staff placement process in which case a candidate’s personal information will be transferred to the client for their evaluation.
For purposes of crime prevention and detection CCTV images may be shared with the police. Personal data is not transferred out of the EEA.
9. Natural person (Data subject) rights
Under GDPR, as the natural person to which the personal data relates, you have, depending on the circumstance, the following rights:
The right to be informed – you have the right to be informed in a clear, transparent and concise manner how personal data is collected and processed
The right of access - you will have the right to know what information is held about you and how it is processed. The first data access request is free but subsequent ones may be subject to an administrative charge. You data copy will be sent to you by electronic means
The right of rectification – you will be entitled to have personal data corrected if it is inaccurate or incomplete. The right to erasure (or 'the right to be forgotten') – you have the right to have your personal data deleted or removed.
The right to restrict processing –you have the right to block or suppress processing of your personal data.
The right to data portability - allows you to obtain your personal data in a commonly used and machine readable format for your own purposes across different services or to transfer this to another organisation.
The right to object or withdraw consent - you are entitled to object to your personal data being used (for example your personal data for direct marketing) or withdraw a previously given consent.
Rights relating to automated decision making and profiling - you can choose not to be the subject of a decision is based on automated processing On matters concerning or exercising these rights please contact the Data Controller at the address given above.
11. Policy Acceptance and Changes
Office Concierge rely on the following basis, depending on the activities carried out, for the lawful processing and storing of the personal information:
For the performance of a contract or agreement that Office Concierge has entered into with the data subject. An example is the Contract of Employment
For complying with applicable laws. Examples are processing of statutory sick pay and statutory maternity pay.
Legitimate interest, where it is in the legitimate interest of Office Concierge to collect, process and store your personal data to provide the company with information required to provide our services more effectively and to run the business in an efficient and proper manner. In adopting this basis office Concierge has carried out an assessment of its interest in using personal data against the interest of the data subject as a citizen and their rights under data protect laws.
Consent. Where you have given us consent to process the information. Examples are using your photo and the processing of medical & health records
With regards to special category data the basis used to ensure lawful processing are, depending on the activity:
Necessary for the carrying out of obligations under employment
For assessing the working capacity of the employee