close
close

UPLOAD YOUR CV

Register an account

    • Home
    • Privacy Policy

    Privacy Policy

    At Xencore UK your right to privacy and our treatment of your personal data is important.

    Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. The Government intends for the GDPR to continue in UK law post Brexit and has also introduced a Data Protection Bill to replace the current Data Protection Act in due course.

    Your new rights under the GDPR are set out in this notice, please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

    • Who we are and what we do
    • Personal information you give to us, or we may collect from you
    • Purposes and the legal basis for the processing of your Personal Data
    • Our Legitimate Business Interests
    • Disclosure of your information inside and outside of the EEA
    • How long do we keep your information for?
    • How long do we keep your information for?
    • Changes to our Privacy Notice
    • Contact us

    The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

    The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

    Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. The Government intends for the GDPR to continue in UK law post Brexit and has also introduced a Data Protection Bill to replace the current Data Protection Act in due course.

    Your new rights under the GDPR are set out in this notice, please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

    • Who we are and what we do
    • Personal information you give to us, or we may collect from you
    • Purposes and the legal basis for the processing of your Personal Data
    • Our Legitimate Business Interests
    • Disclosure of your information inside and outside of the EEA
    • How long do we keep your information for?
    • How long do we keep your information for?
    • Changes to our Privacy Notice
    • Contact us

    PRIVACY POLICY

    At Xencore UK your right to privacy and our treatment of your personal data is important.

    The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

    Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. The Government intends for the GDPR to continue in UK law post Brexit and has also introduced a Data Protection Bill to replace the current Data Protection Act in due course.

    Your new rights under the GDPR are set out in this notice, please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

    Who we are and what we do

    We are an IT manage services, recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003. We may collect and process information about you for the purposes of our core business of providing recruitment services.

    Personal information you give to us, or we may collect from you

    We collect personal data from the following people to allow us to undertake our business:
    • Prospective and placed candidates for scheduled project, permanent or temporary roles;
    • Prospective and live client contacts;
    • Supplier contacts to support our services;
    • Employees, consultants, temporary workers.
    We collect personal information about you in various ways, such as the information you give us over the phone, email and/or social media; through job applications and in-person recruitment; at events; through our website and social media channels; and in connection with our interactions with clients and vendors.
    If you are an actual or potential employee or job candidate and you apply for a position, we may collect the following types of personal information (as permitted under local law):
    • Contact information (such as name, postal address, email address and telephone number);
    • Proof of Right to Work in the UK;
    • Employment and education history;
    • Information provided by references;
    • Information contained in your resume or CV, information you provide regarding your career interests, and other information about your qualifications for employment; language proficiencies and other work-related skills;
    • Date of birth;
    • Gender;
    • Information about other individuals, such as emergency contacts
    • Bank account information;
    • National Insurance number, national identifier or other government-issued identification number;
    • Tax-related information (P45);
    • Compliance documentation
    • Geolocation data in connection with certain features of our Sites (Please refer to our IP addresses and Cookies section for more information)
    Following client specific requests and only after obtaining your explicit consent, we may also collect the following sensitive data:
    • Relevant disabilities and health-related information;
    • Results of drug tests and criminal and other background checks.
    If you are a client contact, we may collect the following data from you:
    • Contact information (such as name, postal address, email address and telephone number);
    • Relevant information about your job function and your preferred recruitment process in relation to the service you requested;
    • Correspondence between us and your organisation, including Contracts, Agreements or Terms of Business entered into.
    In addition, we may obtain information about you from other sources, such as LinkedIn, job boards and online CV libraries. In this case, we will inform you by sending you this privacy notice within 30 days of collecting your data, the source where this data originated from, whether it came from publicly accessible sources, and what purpose we intend to use and process your data for.
    If you are a supplier or vendor, we may collect the following data from you:
    • Relevant disabilities and health-related information;
    • Results of drug tests and criminal and other background checks.

    Purposes and the legal basis for the processing of your Personal Data

    The core service we offer to our candidates and clients is the introduction of candidates to our clients for the purpose of scheduled project, temporary or permanent engagement. However, our service expands to supporting individuals throughout their career and to supporting businesses’ ongoing resourcing needs and strategies. We work in long-term partnership with our candidates, clients and other suppliers and partners.
    The purposes for processing your personal data are:
    • To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation.
    • To provide you with information about other services we offer that are similar to those that you have already purchased, been provided with or enquired about.
    The legal basis for us processing your data are:
    • Our primary legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
    • We will rely on Contract to carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation.
    • We will rely on Legal Obligation if we are legally required to hold information on you to fulfil our legal obligations (such as HMRC Intermediary reporting).
    • We will in some circumstances rely on Consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to collect sensitive personal data (if you are a candidate) in accordance with a client’s Terms of Business.
    Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity, we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.
    We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process.
    Article 6(1)(f)
    Our legitimate interests in collecting and retaining your personal data are described below:
    As an IT manage services, recruitment business and recruitment agency, we introduce candidates to clients for scheduled projects, permanent employment, temporary worker placements or independent professional contracts. The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process.
    In order to support our candidates’ career aspirations, our candidates’ organisationand our clients’ resourcing needs, we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.
    To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts. This helps us to offer a wider range of opportunities and qualified workers to our candidates and clients and to fulfil our service to you.
    We publish newsletters, job alerts and other marketing communications in order to give you insight into the activities of our business, including relevant events we are hosting or participating in, and relevant wider market conditions, trends or opportunities. Such communications will be about services which are similar to the services you have asked us to provide or agreed to us providing; you can request to unsubscribe via links provided in our communication to you, as per section “Know Your Rights” below.
    We use information held about you in the following ways:
    If you are a candidate and you apply for a position, whether for one of our clients or internally, as permitted under local law, we use the information described in this Privacy Notice to:
    • Provide you with job opportunities and work;
    • Assess your suitability as a job candidate and your qualifications for positions;
    • Facilitate introductions and conversations which may lead to future opportunities;
    • Provide HR and financial services to you, including administration of payroll and benefits.
    If you are a client contact, as permitted under local law, we use the information described in this Privacy Notice to:
    • Facilitate introductions and conversations which may lead to future opportunities or engagements;
    • Where relevant, provide HR and financial services to you, including administration of payroll and benefits.
    In addition, for both candidates and client contacts, we may use the information to perform the following activities (as permitted under local law):
    • Managing our client and vendor relationships;
    • Sending promotional materials, alerts regarding available positions and other communications;
    • Communicating about, and administering participation in, special events, promotions, programs, offers, surveys, contests and market research;
    • Responding to individuals’ enquiries;
    • Operating, evaluating and improving our business (including developing, enhancing, analysing and improving our services; managing our communications; and performing accounting, auditing and other internal functions);
    • Perform data analytics, such as (i) analysing our job candidate base; (ii) identifying skill shortages; (iii) using information to match individuals and
    • potential opportunities, and (iv) identifying market trends and producing insights such as salary surveys. Outputs of such activity will only include anonymised data;
    • Protecting against, identifying and seeking to prevent fraud and other unlawful activity, claims and other liabilities; and
    • Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies.
    In addition, for both candidates and client contacts, we may use the information to perform the following activities (as permitted under local law):

    Disclosure of your information inside and outside of the EEA

    We may disclose your personal data to third parties if they have a proper interest in the disclosure, such as:
    • Clients and prospective clients for the purpose of introducing candidates to them;
    • Candidates for the purpose of arranging interviews and engagements;
    • Clients, business partners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you;
    • Other recruitment companies, intermediaries or vendors involved in managing the supply of personnel;
    • Third parties who perform functions on our behalf and who also provide services to us, such as our timesheet provider or marketing email platform;
    • Credit reference agencies, compliance partners and other sub-contractors for the purpose of assessing your suitability for a role where this is a condition of us entering into a contract with you or a client;
    • Our insurers;
    • Analytics and search engine providers that assist us in the improvement and optimisation of our site;
    • A professional association or registration body or regulatory or law enforcement agencies if we are required by law to do so.
    We will disclose your personal information to third parties:
    • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
    • If Xencore UK or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
    • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Xencore UK, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
    • Prospective and placed candidates for scheduled project, permanent or temporary roles;
    • Prospective and live client contacts;
    • Supplier contacts to support our services;
    • Employees, consultants, temporary workers.
    If we engage a third party to perform services which involve handling or processing personal data, we will take reasonable steps to prohibit the third party from using personal data except for the purposes for which it was supplied or for processing it other than in accordance with our instructions.


    Unless required or permitted to do so by law, we will not otherwise share, sell or distribute any of your personal data without your consent.
    The lawful basis for the third party processing will include:
    • Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
    • Satisfaction of their contractual obligations to us as our data processor;
    • For the purpose of a contract in place or in contemplation;
    • To fulfil their legal obligations.

    Where your personal data is stored and processed

    We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.
    All information you provide to us is stored on our UK internal secure servers and in the ISO27001/SSAE-16 certified UK data centres of our database partner Access Group. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
    Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

    How long do we keep your information for?

    We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Typically, this is for 6 years, due to the long-term partnerships we develop with our customers. Accordingly, we have a data retention policy and run data clean up processes to remove data that we no longer have a legitimate business interest in maintaining.
    We do the following to try to ensure our data is accurate:
    • Prior to making an introduction we check that we have accurate information about you
    • We keep in touch with you so you can let us know of changes to your personal data
    We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data includes:
    • The nature of the personal data;
    • Its perceived accuracy;
    • Our legal, statutory or contractual obligations.
    We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so.
    Our current Data Retention policy is available upon request.
    Under the GDPR, you have the following rights:
    • Request access: The GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete. All subject access requests should be submitted to gdpr@xencore.co.uk. No fee will apply and we have to respond within 30 days.
    • Request correction: If you can demonstrate that personal information we hold about you is not correct, you can ask that this information is updated or otherwise corrected.
    • Request erasure: In certain circumstances, you have the right to have your personal data deleted, where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
    • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
    • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
    • Request the transfer of your personal information to another party in certain formats, if practicable.
    • Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link.
    You have the right to ask us not to process your personal data for marketing purposes.
    You can exercise your right to accept such processing by double-opting into marketing communications or to prevent such processing by unsubscribing (via links provided in our communication to you) or by contacting us at gdpr@xencore.co.uk.
    Our website and any communications we send you might contain links to relevant external websites. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

    Changes to our Privacy Notice

    Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.

    Contact us

    We welcome any questions and comments about our Privacy Notice and these should be addressed to gdpr@xencore.co.uk.
    You can also contact our Data Protection Representative at the same email address.
    Linkedin-in Twitter Facebook-f
    Linkedin-in Twitter Facebook-f
    Xencore (UK) Limited
    Registered number: 06572711
    +44 7833 273071
    info@xencore.co.uk