Andy File Associates Privacy Policy

May 2018

Andy File Associates is committed to keeping your personal data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold.  

Our security measures include: –

  • encryption of our services and data
  • review our information collection, storage and processing practices, including physical security measures
  • restrict access to access of personal information to Andy File Associates employees, contractors and agents who need to know that information in order to process it for us and who are subject to contractual confidentiality and processing obligations. They may be disciplined or their contract terminated if they fail to meet these obligations; and
  • internal policies setting out our data security approach and training for employees

You have other rights under data protection law that you can exercise against Andy File Associates, but these do not apply in all circumstances. You can exercise those rights free of charge except in very limited circumstances, which will be explained to you if relevant.

For more information about all these rights and how to exercise them against Andy File Associates, please contact us at dpo@andyfileassociates.com and we will be able to tell you more.

Here are short descriptions of your rights:

Right of access – you have a right to request access to your personal data, to obtain confirmation that it is being processed and to obtain certain prescribed information about how it is processed.
Right of rectification (correction) – in certain circumstances you have a right to ask for your personal data to be corrected if it is inaccurate, and completed if it is incomplete. Where your personal data in question has been disclosed to organisations, they must be informed of the rectification if possible
Right to be forgotten – in certain circumstances, you can ask to have your personal data erased. It is unlikely to be possible to accept your request if, for example, Andy File Associates has a legal duty or employment law supercedes, to retain or process your information
Right to restriction of processing – if certain conditions apply, you have a right to restrict the processing of your information. This includes when you contest it as being inaccurate (until the accuracy is proved); if you have objected to the processing (when it was necessary for legitimate interests) and Andy File Associates is considering whether its legitimate interests override your own; if you consider that the processing is unlawful (and if this is true) so that you can oppose erasure and request restriction instead; or if Andy File Associates no longer need the personal data for the purposes they held it but you require one or both of them to continue to hold it to establish, make or defend legal claims

Right of portability – in certain circumstances, you have the right to move, copy or transfer your personal data to another organisation or to yourself. This right is only relevant if personal data is being processed based on a consent (or for performance of a contract) and is done automatically. This right is different from the right of access and the types of information you can get under the two separate rights may be different. Using the data portability right, you cannot get all the personal data you can get using the right of access.
Right to object – in certain circumstances, you have the right to object to certain types of processing of your personal data when it is based on legitimate interests, when it is processed for direct marketing (including profiling relevant to direct marketing) or when it is processed for the purposes of statistics. Your rights to object may be relevant if you wish to find out more about what legitimate interests Andy File Associates rely on (as are listed in their respective parts of this privacy notice) or about what profiling Andy File Associates does regarding its direct marketing. Please note that Andy File Associates does not involve any 3rd party direct marketing.

Automated decision making – Andy File Associates does not make automated decisions nor do we profile your data for marketing and communication purposes.. Andy File Associates does not do any automated decision-making that would produce legal or other significant effects on you. You can also withdraw consent if you have provided it and if this is being relied on as the legal basis for using your personal data – as previously described.

How we use Personal Information (through consent)
We use Personal Information to do some or all of the following:

  • Communicate with you as part of our business; Our prime and only usage of your data is for the purposes of obtaining employment (temporary or permanent)
  • Send you important information regarding changes to our policies, other terms and conditions and other administrative information
  • Manage our infrastructure and business operations and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management
  • Resolve complaints and handle requests for data access or correction
  • Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence)
  • Establish and defend legal rights; protect our operations, our rights, privacy, safety or property, and pursue available remedies or limit our damages

How long we hold your data for

We will hold your data for a period of 12 months unless employment law dictates that we must hold your data for longer (as in direct permanent employment)

How we store your data

CRM – All electronic data is stored in a secure web hosting environment with restricted access

Internal computer drive – storage of all candidate details.  This drive is password protected (available to Andy File personnel only) and all candidate details are archived after a period of 12 months – again this archive is password protected.

Hard copies of data – Registration forms and paper CV’s are kept in a lockable cabinet, the key is held by the DPO and are stored for a period of 12 months.

Temporary storage of data on emails and mobile phones (generally when meeting candidates off site) – this information will be deleted once it has been transferred to the internal computer drive, within a 30 day period

How we delete/archive data

CRM – All electronic data is archived within 12 months from point of registration (archive is password protected and available to senior management only). Electronic data is deleted from the CRM within 12 months unless candidates request their data to be deleted earlier.

Hard copies are retained by Andy File Associates for a period of 12 months after which time they are removed and destroyed by a registered confidential waste company within a 6 month period.

Temporary storage of data on emails/phones – To be responsibly deleted by all Andy File Associates staff within 30 days of obtaining the data.

Changes to Privacy Policy

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business and legal requirements. We will place updates on our website.

Please take a look at the “UPDATED” date on the Privacy Policy to see when it was last revised.