TrustHub is a leading Employee Screening specialist working with end hirers and recruitment agencies to streamline their onboarding process and provide time saving efficiencies for everyone involved. In order to provide these services to our clients and their work-seekers we must process personal data (including sensitive personal data) and in doing so we act as a data controller.
Your privacy and the security of the data that you share with us is extremely important to us. We therefore wish to be as transparent as possible with you about how we store and use your data, when and why we use it and how we comply with Data Protection laws when we do so – including the GDPR (General Data Protection Regulation) in force from 25 May 2018. We also want it you to be clear on the rights you have regarding the data we hold on you and how you may take any action you wish to do so about your data.
We have set out our Privacy Notice in a layered and easy to understand way so that you can find the information you need as easily as possible. If you wish to see a complete copy of this document you can download it in full here too.
If you wish to complain about this privacy notice or any of the procedures set out in it please write to James Hunter.
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
Data Protection Officer
Please be aware that you have the following data protection rights:
Where you have consented to the Company processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by contacting James Hunter.
The Company will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.
We must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
Where the Company has obtained your consent to process your personal and sensitive personal data, we will do so in line with our retention policy. Upon expiry of that period the Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal data and sensitive personal data.
In this policy the following terms have the following meanings:
‘consent’ means any freely given, specific, informed and unambiguous indication of an individual’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of persona data relating to him or her;
‘data controller’ means an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘data processor’ means an individual or organisation which processes personal data on behalf of the data controller;
‘personal data’* means any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data;
‘processing’ means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to an individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable individual;
‘sensitive personal data’* means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health, an individual’s sex life or sexual orientation and an individual’s criminal convictions. [Note 1]
* For the purposes of this policy we use the term ‘personal data’ to include ‘sensitive personal data’ except where we specifically need to refer to sensitive personal data.
‘Supervisory authority’ means an independent public authority which is responsible for monitoring the application of data protection. In the UK the supervisory authority is the Information Commissioner’s Office (ICO).
All of these definitions are italicised throughout this policy to remind the reader that they are defined terms
Your information will come to us in a variety of ways.
You may send your personal details to us directly via:
We may be sent your data by the agency performing work seeking services for you. This information will only be accessible by us when they commence work finding services for you and require TrustHub to complete your Safeguarding and ensure you are suitable to work in the roles they are seeking to introduce you to.
We receive this data electronically using a secure connection to their database.
We may receive your data from other third parties who you have agreed can provide you with work-seeking services such as any hiring company that uses our services to carry out or verify their employment screening.
This is an integral part of providing the benefits of our services to you and leads to much of the time saving efficiencies gained from TrustHub’s service.
The Company may transfer only the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of facilitating your work-finding services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
In order to process your data we are required by the GDPR to have a legal basis for doing so.
There are a number of different legal bases for processing data and these will change as you progress through different stages of our service.
The legal bases we rely upon to offer these services to you are as follows:
It is in the legitimate interests of all parties involved, the recruitment companies, work-seekers and other clients, that The TrustHub Group Ltd can process personal data.
In certain industries it is a legal requirement for certain checks to be undertaken to ensure the suitability of applicants for the work they are applying for. This includes sensitive information such as Disclosure and Barring Service (DBS) Certificate criminal record checks.
If you are successful in your application for an assignment or permanent job, we may process your personal data and sensitive information required for payroll and employment purposes. This will be to satisfy a contractual obligation we have with our clients and will facilitate you to satisfy any contractual obligations you may have directly with them.
When your personal data is required by law or to satisfy a contractual requirement (e.g. our client may require this personal data), or it is a requirement necessary for us or for you to enter into a contract with them.
In these circumstances, you are obliged to provide the personal data and if you do not the consequences may be that:
We send your data to a number of different places in order to provide you with our service. Your data will be shared with:
You can see an infographic of what happens with your data here