PRIVACY POLICY
February 2024

If you are a member of RSS Group Limited staff, this Privacy Policy should be read in conjunction with the RSS Global Limited UK Staff Privacy Policy.

Introduction
RSS Global Limited (“RSS”) and its subsidiary companies (see Annex 1) acts as both a recruitment agency and recruitment business as defined under The Conduct of Employment Agencies and Employment Businesses Regulations 2003 (“Conduct Regs”).

We are committed to protecting the privacy and security of your personal information. We have therefore developed this Privacy Policy to inform you of the data we collect, what we do with your information, what we do to keep it secure, as well as the rights and choices you have over your personal information.

Throughout this document we refer to the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation ((EU) 2016/679) (GDPR 2018), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation.

Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.

This policy should be read together with our cookie policy that can be found on our website.

1. INFORMATION ABOUT US

Our Data Protection Officer is Laurel Taylor. You can contact them at dpo@rssglobal.com or via our correspondence address:

RSS Global Ltd
33 Soho Square
London W1D 3QU
Company Number: 14526152

This Privacy Policy applies in relevant countries throughout our international network. Where other countries may approach data privacy differently, we have included country-specific versions of this Privacy Policy, in accordance
with our comprehensive list of companies within RSS, as set out at Annex 1.

2. WHAT DOES THIS PRIVACY POLICY COVER?

This Privacy Policy sets out what RSS does with your personal data, whether you are a:

(1) Candidate

(2) Prospective Candidate

(3) Person with whom we contact to provide us with assistance in relation to one of our candidates (e.g., referees and emergency contacts)

(4) Client

(5) Supplier

(6) Temporary Worker

(7) Permanent Worker

(8) You are visiting our Website

This Privacy Policy is divided into a short-form quick reference section, and a long-form more detailed section on the website. It describes how we collect, use and process your personal data, and how we comply with our legal obligations and regulatory requirements.

We keep our Privacy Policy under regular review and we encourage you to periodically review this page for the latest information on our privacy practices.

3. WHAT IS PERSONAL DATA?
Personal data is defined by the DPA 2018 and the GDPR 2018 as ‘any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier’.

In simpler terms, personal data is any information about you that enables you to be identified (either on its own or when combined with other data we may hold on you). Personal data covers obvious information such as your name and contact details, but it also covers information such as identification numbers, electronic location data, and other online identifiers.

4. OUR LEGAL BASES FOR PROCESSING YOUR DATA
Depending on the type of personal data in question and the grounds on which we are processing it, should you decline to provide us with such data or ask us to stop processing it, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship or may have to bring that relationship to a close (i.e. because we cannot continue it without personal data about you).

Legitimate Interest

In the course of providing work-finding services to our clients and work-seekers, where RSS acts as a Data Controller, it will be necessary, and in our legitimate interest to process personal data, as defined by the DPA 2018 and the GDPR 2018.

We will process contact data as part of the Refer a Friend schemes on the grounds of legitimate interests. This is where referrals are made on behalf of work-seekers by members of their social group. Each referral is processed on the basis that there is a legitimate interest in us helping to find work for the referred individual.

Establishing, Exercising or Defending Legal claims

Sometimes it will be necessary for us to process personal data and, where appropriate and in accordance with our legal obligations and regulatory requirements, sensitive personal data in connection with exercising
or defending legal claims.

The DPA 2018 and GDPR 2018 allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.

This will arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.

To Exercise our Rights or Carry out our Employment and Social Security Legal Obligations

For some Candidates, Temporary Workers and individuals it will sometimes be necessary for us to process your sensitive/special category personal data, for the purpose of ensuring compliance with our legal obligations and regulatory requirements.

For example, we may process your medical data to enable us to provide you with adequate support if you suffer from a health condition or disability, for example by sharing medical information about you with an occupational health specialist, in order to determine prognosis and return to work arrangements, and to assess your working capacity more generally.

The DPA 2018 and the GDPR 2018 allows us to do this where the processing is “necessary for the purposes of carrying out the obligations and exercising [our or your] specific rights… in the field of employment and social security and social protection law”, as long as this is allowed by law.

Where processing your personal data is necessary for us to carry out our obligations under our Contract with you, to ensure that you are properly fulfilling your obligations to us, and to ensure that we are fulfilling our
obligations to others.

The DPA 2018 and the GDPR 2018 applies where processing of personal data “is necessary for the performance of a contract to which [you are] party or in order to take steps at [your] request … prior to entering into a contract”.

Where processing your personal data is necessary for us to carry out our Legal Obligations

In relation to the employment or engagement of Temporary Workers directly by us, as well as our obligations to you under our contract, we also have other legal obligations that we need to comply with. The DPA 2018 and the GDPR 2018 states that we can process your personal data where this processing “is necessary for compliance with a legal obligation to which [we] are subject”.

An example of a legal obligation that we need to comply with is our obligation to co-operate with tax authorities, including providing details of your remuneration and tax paid.

Electronic marketing

In addition to the DPA 2018 and the GDPR 2018 requirement for a lawful basis, where we send unsolicited electronic marketing to you we may also require either an opt-in consent or opt-out consent under the Privacy and Electronic Communication Regulations 2003 (“PECR”). That means we are permitted to market products or services to you which are related to the recruitment services we provide to you as long as you do not actively opt-out from these communications.

Consent

In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent under the DPA 2018 and GDPR 2018, or soft opt-in consent (PECR).

The DPA 2018 and the GDPR 2018 states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. In plain language, this means that:

  • you have to be in a position to give us your consent freely, without us putting you under any type of pressure to give or refuse that consent;
  • you have to know what you are consenting to – so we will make sure we give you enough information;
  • where consent is required, you should have control over which processing activities you consent to and which you don’t; and
  • you need to take positive and affirmative action in giving us your consent – we are likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion. We will keep records of the consents that you have given in this way.

You have the right to withdraw your consent to these activities. You can do so at any time by contacting dpo@rssglobal.com.

5. WHAT ARE MY RIGHTS?

One of the DPA 2018 and GDPR 2018’s main objectives is to protect and clarify the rights of EU and UK citizens and individuals in the EU and UK with regards to data privacy. This means that you retain various rights in respect
of your data, even once you have given it to us. These are described in more detail below.

To get in touch about these rights, please email dpo@rssglobal.com. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we will, where necessary, keep a record of your communications to help us resolve any issues which you raise.

Right to object:

This right enables you to object to us processing your personal data where we do so for one of the following four reasons:

(i) our legitimate interests;
(ii) to enable us to perform a task in the public interest or exercise official authority;
(iii) to send you direct marketing materials; and
(iv) for scientific, historical, research, or statistical purposes.

The “legitimate interests” and “direct marketing” categories above are the ones most likely to apply to our Website Users, Candidates, Temporary Workers, Clients and Suppliers.

If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:

  • we can show that we have compelling legitimate grounds for processing which overrides your
    interests; or
  • we are processing your data for the establishment, exercise or defence of a legal claim. If your objection relates to direct marketing, we must act on your objection by ceasing this activity.

Right to withdraw consent:

Where we have obtained your consent to process your personal data for certain activities, you may withdraw this consent at any time, and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.

Data Subject Access Requests (DSAR):

You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information.

We may ask you to verify your identity and for more information about your request.

If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”.

If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible.

Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.

Right to erasure:

You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:

  • the data are no longer necessary for the purpose for which we originally collected and/or processed
    them;
  • where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
  • the data has been processed unlawfully (i.e., in a manner which does not comply with the DPA 2018 and the GDPR 2018);
  • it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
  • if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

We would only be entitled to refuse to comply with your request for one of the following reasons:

  • to exercise the right of freedom of expression and information;
  • to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
  • for public health reasons in the public interest;
  • for archival, research or statistical purposes; or
  • to exercise or defend a legal claim.

When complying with a valid request for the erasure of data we will delete the relevant data.

Right to restrict processing:

You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either:

(i) one of the circumstances listed below is resolved;
(ii) you consent; or
(iii) further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important UK, EU or Member State public interest.

The circumstances in which you are entitled to request that we restrict the processing of your personal data are:

  • where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
  • where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
  • where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
  • where we have no further need to process your personal data, but you require the data to establish, exercise, or defend legal claims.

If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

Right to rectification:
You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

Right of data portability:

If you wish, you have the right to transfer your personal data between data controllers. In effect, this means that you are able to transfer your RSS account details to another online platform.

To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another online platform.

Alternatively, we will directly transfer the data for you. This right of data portability applies to:

(i) personal data that we process automatically (i.e., without any human intervention);
(ii) personal data provided by you; and
(iii) personal data that we process based on your consent or in order to fulfil a contract.

Right to lodge a complaint with a supervisory authority:

You also have the right to lodge a complaint with the Information Commissioners Office (‘ICO’).

Phone: 0303 123 1113
Email: casework@ico.org.uk

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5A

If you would like to exercise any of these rights, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), please email dpo@rssglobal.com

Please note that we will, where necessary, keep a record of your communications to help us resolve any issues which you raise.

You may ask to unsubscribe from job alerts and other marketing communications from us either by unsubscribing where prompted on any relevant communication from us, or at any time by emailing dpo@rssglobal.com

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.

6. WHAT DATA DO YOU COLLECT ABOUT ME AND HOW; AND HOW DO YOU USE IT, SHARE IT AND RETAIN IT?

The short-form information below can be found in more detail in our long-form section by clicking on the link relevant to what type of data subject you are on the website.

Data Subject Type What kind of personal data do we collect? How do we collect your personal data? How do we use your personal data? Who do we share your personal data with? How long do we keep your personal data for?
Candidates In order to provide employment opportunities tailored specifically to you, we need to process certain information about you. We will only ask you for details that will assist us, such as your name, age, contact details, education details, employment history, From you; or third parties; or we collect it automatically.

Data you provide to us may include:

1)  submission of your CV either in branch, at a job fair or online;

2)  photos or videos uploaded by you to recruitment platforms;

We generally use Candidate data in five ways:

Recruitment Activities; Marketing Activities;

Equal Opportunities Monitoring;

To help us to establish, exercise or defend legal claims;

Where appropriate and in accordance with our legal obligations and regulatory requirements, we will share your personal data, in various ways and for various reasons.

Some services that we provide require the involvement of third

Candidates with whom we have had no contact -6 months

Candidates whom we have had contact but have not been placed – 1 year from the later of:

Candidate

Data Subject Type What kind of personal data do we collect? How do we collect your personal data? How do we use your personal data? Who do we share your personal data with? How long do we keep your personal data for?
emergency contacts, immigration status, financial information (for the purposes of processing financial background checks), and social security number, and any other relevant information you choose to share with us.

Where appropriate and only in accordance with a statutory obligation or to ensure that any employment rights are respected, we will also collect sensitive and special category data related to your health, diversity information or details of any criminal convictions.

3) applying for a job via an aggregator that then redirects you to the brand webpage,

Data provided by a third party may include:

1)  references from referees;

2)  clients, suppliers and other candidates may share your data with us; 3) if you like us on Facebook or Twitter we may receive your personal data from those sites;

4)  if you were referred to us via an RPO or MSP they may share your personal data with us;

5)  the Home Office may provide us with nationality and immigration status data where necessary and required;

6)  Government databases may provide us with financial sanction and criminal records checks data where necessary and required

In appropriate circumstances, we may also

use Candidate data in psychometric assessments.

parties.

We have carefully selected these third parties and taken steps to ensure that your Personal Data is adequately protected.

The third parties may include our clients, suppliers of IT services, pay-rolling services or vetting services.

registration

Consent to represent received for Conduct Regs purposes, which is separate from any data protection consent

Last meaningful contact

Prospective Candidates If your information is made available online and we feel we can match it to the services we provide, we will collect and use this information about you to assess how we might be able to help with your job search and to get in touch with us. We collect your personal data from third parties (for example via social media, professional networking, referral from a member of your social group, job aggregators and job site providers, and RPO or MSP suppliers where they refer you to us). We use Prospective Candidate information in order to work out whether you might be interested in, or might benefit from, our services, and if so, to assess whether and how we may be able to help you out.

If we think we can help you, we will use your information to get in touch with you about our services.

Where we have identified you as a Prospective

Candidate we may share your information with any of our group companies and associated third parties such as our service providers in order to get in touch with you about our services.

6 months if no contact made, or 1 year from last meaningful contact.

For prospective candidates referred to us by a member of your social group

– we will erase your data after 7 days if no contact has been made following the first contact attempt.

Someone who assists us with one of our Candidates We require a referee’s contact details (name, email address and telephone number) to enable us to confirm certain details provided by the Candidate or prospective employee, to facilitate the employment process. We collect your contact details only where

a Candidate or a member of

our Staff puts you down as their emergency contact or dependent or where a Candidate gives

them to us in order for

We use referees’ personal data to help our Candidates to find employment which is suited to them.

If we are able to verify their details and qualifications, we can make sure that they are

well matched with

Unless you specify otherwise, we will share your information with any of our group companies and associated third parties such as our service providers and organisations to whom we provide services. 6 months if no made, or 2 years from last meaningful contact
Data Subject Type What kind of personal data do we collect? How do we collect your personal data? How do we use your personal data? Who do we share your personal data with? How long do we keep your personal data for?
Emergency contact information (a name, email address and telephone number) is required in case of an emergency where we would need to contact someone on your behalf. you to serve as a referee. prospective employers.

Where a referee is being asked to give a reference based on their professional experience of

a Candidate, and where we think that they may be interested in becoming a Client of ours, we may also use their details to reach out to get in touch in that alternative capacity.

We use the personal details of

a Candidate or Staff me mber’s emergency contacts in the case of an accident or emergency affecting that Candidate or member of Staff.

We use the personal data of the dependants or other beneficiaries of Staff to allow

that Staff member to access certain benefits or employment rights.

Client If you are a client of RSS we need to collect and use information about you, or individuals at your organisation, in the course of providing you or offering you services such as: (i) finding the right Candidates for you or your organisation; (ii) providing you with a Managed Service

Provider (‘MSP’) programme (or assisting another organisation to do so); (iii) providing you with Recruitment Process Outsourcing (‘RPO’) services (or assisting another organisation to do so).

We collect your personal data either:

From you; or

From third parties (e.g. our Candidates or Tem porary Workers) and other limited sources (e.g. online and offline media).

The main reason for using information about Clients is to enable us to introduce ourselves to you and to ensure that the contractual arrangements between us can properly be

implemented so that the relationship can run smoothly. This will involve:

identifying Candidates who we think will be the right fit for you or your organisation;

providing you with

an MSP programme (or assisting another organisation to do so);

providing you with RPO services (or assisting another organisation to do so); and/or

providing services to your employees, such as training courses.

The more information

we have, the more bespoke we can make

We will share your data:

primarily to ensure that we provide you with a suitable pool

of Candidates;

to provide you with

an MSP programme (or assist another organisation to do so);

to provide you

with RPO services (or assist another organisation to do so); and/or

to provide services to your employees, such as training courses.

Unless you specify otherwise, we will share your information with any of our group companies and associated third parties such as our service providers to help us meet these aims.

6 months if no contact made, or 2 years from last meaningful contact
Data Subject Type What kind of personal data do we collect? How do we collect your personal data? How do we use your personal data? Who do we share your personal data with? How long do we keep your personal data for?
our service.
Supplier We need a limited amount of information from our Suppliers to enable the provision of your services to us and the fulfilment of our contractual obligations between us.

Such details may include contact details of relevant individuals at your organisation so that we can communicate with you, and bank details so that we can pay for the services you provide.

We collect your personal data during the course of our work with you. The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements. 6 months if no contact made, or 2 years from last meaningful contact
Temporary Worker If we employ or engage you directly as a Temporary Worker, we need to process certain extra information (in addition to the information collected from Candidates).

We only collect important information such as start dates, bank details and details of previous remuneration, pensions and benefit arrangements.

Where appropriate and in accordance with legal obligations and requirements, we may also collect, by inference, information related to trade union membership, sexual orientation and childcare or carer arrangements when you provide us with information about deductions from your salary for trade union membership or childcare vouchers or details about your emergency contact.

We collect your personal data either:

From you; or From third parties.

If we employ or engage you directly as a Temporary Worker, the main reason for using your personal details is to

ensure the smooth running of our Temp Relationship, and

to comply with our contractual and other duties to each other, and

to our Clients, as part of our Temp

Relationship, and

our duties to third parties such as tax authorities and government agencies.

If we employ or engage you directly as a Temporary Worker, we may share your personal data with a number of additional parties in order to ensure the smooth running of our Temp Relationship.

For example, we may share your personal data with appropriate colleagues within RSS (this may include colleagues in overseas offices), with

a Client and, if appropriate, medical professionals such as your GP or an occupational health specialist.

6 years from the later of:

End of last assignment, or

1 year after last meaningful contact

Permanent Worker As per Temporary Workers above As per Temporary Workers above As per Temporary Workers above As per Temporary Workers above 2 years from the later of:

Placement date, or

1 year after last meaningful contact

Website User To the extent that you access our website or click through any links in We collect your data automatically via cookies when you visit We use your data to help us to improve your experience of using our Unless you specify otherwise, we will share your information
Data Subject Type What kind of personal data do we collect? How do we collect your personal data? How do we use your personal data? Who do we share your personal data with? How long do we keep your personal data for?
an email from us, we will collect certain data from you.

We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide.

This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is most popular.

We collect your IP address, information from social media activity (such as likes,

shares and tweets) when you interact with us on social media, information you provide if you report a problem with our website or services, and any additional information which you provide voluntarily and/or which we may ask from you to better understand you and your interests.

Information we collect via cookies or similar technology stored on your device (find out more about cookies and how we use them in our Cookie Policy.

our website, in line with cookie settings in your browser.

If you would like to find out more about cookies, including how we use them and what choices are available to you, please refer to our cookie policy.

Some of our emails contain a snippet of code, invisible to the naked eye, called a tracking pixel that allows us to understand which of our messages are being opened. If you would prefer that this information was not collected, please disable automatic download of images in your email software or service.

website, for example by analysing your recent job search criteria to help us to present jobs to you that we think you’ll be interested in.

If you are also

a Candidate or Client of RSS, we will use data from your use of our websites to enhance other aspects of our communications with, or service to, you.

If you would like to find out more about cookies, including how we use them and what choices are available to you, please refer to our Cookie Policy.

Please note that communications to and from RSS’s Staff including emails will be reviewed as part of internal or external investigations or litigation where necessary.

with providers of web analytics services, marketing automation platforms and social media services to make sure any advertising you receive from us is targeted to you.

7. HOW DO WE STORE AND TRANSFER YOUR PERSONAL DATA INTERNATIONALLY?

In order to provide you with the best service and to carry out the purposes described in this Privacy Policy; your data will be transferred:

  • between and within RSS entities globally;
  • to third parties (such as advisers or other Suppliers to the RSS business);
  • to overseas Clients where applicable;
  • to Clients within your country, where applicable, who may, in turn, transfer your data internationally;
  • to a cloud-based storage

We want to make sure that your data are stored and transferred in a way which is secure. We will therefore only transfer data outside of the UK, European Economic Area (EEA) (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

  • by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
  • transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
  • where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a Client of ours); or
  • where you have consented to the data transfer.

To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal information is treated by those third parties in a way that is consistent with, and which respects the law on data protection.

We are aware of the recent Schrems II ruling and its implications on the U.S.-E.U. Privacy Shield. We are diligently reviewing our privacy practices in light of this, but nevertheless remain devoted to handling your data in an ethical manner, including:

  • Mandating by contract that all sub-processors adhere to data protection legislation requirements;
  • Ensuring that any data transfers are encrypted in transit;
  • Storing your data on encrypted servers and networks;
  • Undergoing yearly security audits;

We will continue to monitor guidance from authorities and stay closely aligned with these developments including adjusting our practices accordingly.

8. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA WHEN YOU ACCESS THE RSS WEBSITE?

You can find out which RSS entity is responsible for processing your personal data and where it is located within Annex 1

9. COOKIES AND SIMILAR TECHNOLOGIES

A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that when you revisit website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising purposes.

Cookies are used by nearly all websites and do not harm your system. If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings, or you can change your preferences within our Cookie Settings. We also provide information about this within our Cookie Policy.

10.  Security of your personal data

We have implemented appropriate technical and organisational controls to protect your personal data against misuse, loss, or unauthorised access. These include measures to deal with any suspected data breach.

If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately by emailing dpo@rssglobal.com

Data Security is of great importance to RSS and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:

  • Limiting access to our buildings to those that we believe are entitled to be there by use of passes;
  • Implementing access controls to our information technology;
  • We use appropriate procedures and technical security measures (including strict encryption, anonymization and archiving techniques) to safeguard your information across all our computer systems, websites and

11.AUTOMATED DECISION MAKING OR PROFILING

We do not undertake automated decision making or profiling,

We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process.

Some of our brands may offer the opportunity for candidates to undertake a psychometric assessment. This is entirely optional and is used solely to help match candidates more closely to suitable job roles. ANNEX 1 – RSS TRADING COMPANIES

The list below is subject to amendment and update

Australia – Allied Employment Group Pty Ltd, Global Medics Pty Limited Ireland – Global Medics (trading name only), Medacs Global Group Ltd, New Zealand – Global Medics NZ Ltd, Medacs Healthcare Limited

UK – Blue Arrow Ltd, Chadwick Nott (Holdings) Limited, Global Medics Limited, Litmus Workforce Solutions Limited, Medacs Healthcare Ltd, PRN Recruitment Ltd (t/a Fast Response Healthcare), RSS Global Limited, RSS Global Central Services Limited, Tate Recruitment Limited

ANNEX 2 – RETENTION PERIODS

Retention Period (up to)
All types of Candidates with whom we have had no contact 6 months – If no contact made
Candidates we have had meaningful contact with but not placed 1 year from the later of:

·         Candidate registration;

·         Consent to represent received (for Conduct Regs purposes) (which is separate from any consent given for data protection purposes)

·         Last meaningful contact.

Temporary Workers we have placed 6 years from the later of:

·         End of last assignment; or

·         1 year after last meaningful contact.

Permanent Workers we have placed 2 years from the later of:

·         placement date; or

·         1 year after last meaningful contact.

Our Own Permanent Employees or Direct Hire Temps Not Hired – 1 year from registration or consent if not placed.

Hired – 6 years from end of employment

All Others 6 months – If no contact made; or

2 years- from last meaningful contact.

Medacs Global Group Exceptions

Items Proposed Retention Period (up to) Comment Justification
 

DBS Searches

Two years from creation Must be retained for audit for NHS Framework Agreements
Documents to support Revalidation service for doctors  

Five years from submission

 

Required by GMC to evidence revalidation for past 5 years

Medical records under the Control of Asbestos at Work Regulations.

 

Medical examination certificates.

40 years from the date of last entry

 

 

Four years from the date of issue

Records held by Occupational Health team relating to tests performed on staff of clients. Control of Asbestos at Work Regulations
 

Medical records and details of medical tests under the Control of Noise at Work Regulations 2005

40 years from the date of the last entry. Records held by Occupational Health team relating to tests performed on staff of clients. Control of Noise at Work Regulations
Records relating to care of children and young adults Until the subject reaches the age of 21 (ie 18 plus 3 years)  

Limitation Act 1980

ANNEX 3 – COUNTRY SPECIFIC VARIATIONS TO OUR PRIVACY NOTICE

Australia & New Zealand

Ireland