APR – Privacy Notice
Who we are and our contact details
We are Austin Professional Resourcing LLP (“APR”, also referred to as “we” or “us”). We are registered as a Data Controller with the Information Commissioner’s Office (ICO) in the United Kingdom.
Our business address is BH Office, Church Street, Ardington, Wantage, Oxfordshire, OX12 8QA.
Our company number is OC324134 and our VAT registration number is 895 5853 56.
Our Data Protection Coordinator can be contacted by telephone on 01235 821 160 or by e-mail at privacy@aprllp.com .
Purpose and scope of this Privacy Notice
As part of our dealings with you, APR collects and processes items of your personal data. APR is committed to protecting and safeguarding your personal data. As part of this commitment we have compiled this Privacy Notice, which provides you with details of how we collect and use your data.
This Privacy Notice covers contractors operating Personal Service Companies (referred to as “contractors”), PAYE associates, job applicants (including internship and work experience applicants), client contacts (including contacts at prospective clients and at Managed Service Providers (“MSPs”), referred to as “clients”), supplier contacts (including prospective suppliers and other third parties, referred to as “suppliers”), referees and website users.
If you are a member of APR staff, you should refer to the APR Employee Privacy Policy, which is made available to staff separately.
We may update this Privacy Notice from time to time and will make an up to date copy of the Privacy Notice available to you.
The types of personal data we collect
Contractors
In order to provide opportunities to you and to allow us to manage the engagements you, through your company, undertake with clients, we will capture and process personal data about you. The types of data that we process include the following:
- Detailed identification information (eg name, previous names, title, current and previous postal addresses, email addresses, phone numbers, National Insurance number, tax details, IP address).
- Personal and physical characteristics (eg gender, marital status, date of birth, next of kin and emergency contact details, mother’s maiden name, nationality, where appropriate physical disabilities and specific access needs).
- Company information (eg company documentation, VAT information, bank account details).
- Contract details with us (eg contracts, contract dates, timesheets, fees paid, invoices, expenses reimbursed, client feedback).
- Screening information and documentation (eg right to work documentation, identification documentation, proof of address, credit checks, probity checks, criminal records checks, details of civil proceedings such as CCJs and bankruptcy).
- Educational and professional details (eg CV, education history, qualifications, employment history, skills and experience, references, professional certifications and memberships).
- Correspondence (eg emails, letters, notes from meetings and telephone conversations).
PAYE associates
In order to provide a work-finding service to you we will capture and process personal data about you. The types of data that we process include the following:
- Detailed identification information (eg name, previous names, title, current and previous postal addresses, email addresses, phone numbers, National Insurance number, bank account details, tax details, IP address).
- Personal and physical characteristics (eg gender, marital status, date of birth, next of kin and emergency contact details, mother’s maiden name, nationality, where appropriate physical disabilities and specific access needs).
- Contract details with us (eg contracts, contract dates, timesheets, pay amounts, pension contributions, expenses reimbursed, client feedback).
- Screening information and documentation (eg right to work documentation, identification documentation, proof of address, credit checks, probity checks, criminal records checks, details of civil proceedings such as CCJs and bankruptcy).
- Educational and professional details (eg CV, education history, qualifications, employment history, skills and experience, references, professional certifications and memberships).
- Correspondence (eg emails, letters, notes from meetings and telephone conversations).
Job applicants
In order to consider you for a position with us we will capture and process personal data about you. The types of data that we process include the following:
- Detailed identification information (eg name, title, postal address, email addresses, phone numbers).
- Personal and physical characteristics (eg gender, ethnicity, religion, sexual orientation, marital status, date of birth, where appropriate physical disabilities and specific access needs).
- Your application (eg CV, covering letter, IP address, assessment results and interview notes).
- Educational and professional details (eg education history, qualifications, employment history, skills and experience, references, current level of remuneration and benefits, professional certifications and memberships).
- Correspondence (eg emails, letters, notes from meetings and telephone conversations).
Clients
In order to provide services to a client (including an MSP) we will capture and process personal data about members of our client’s workforce. The types of data that we process include the following:
- Identification information (eg name, title, job title, work address, email address, phone number).
- Correspondence (eg emails, letters, notes from meetings and telephone conversations).
Suppliers
In order to maintain our relationship with a supplier we will capture and process personal data about members of the supplier’s workforce. The types of data that we process include the following:
- Identification information (eg name, title, job title, work address, email address, phone number).
- Correspondence (eg emails, letters and notes from telephone conversations).
Referees
In order to obtain personal, professional and academic references for individuals seeking employment with us or making use of our work finding services we will capture and process personal data about you. The types of data that we process include the following:
- Identification information (eg name, title, job title, work or postal address, email address, phone number, relationship to the individual for whom we are requesting the reference).
- Opinions you provide in your reference for the individual.
- Correspondence (eg emails, letters and notes from telephone conversations).
Website users
In order to run and maintain our website we will capture and process personal data about you. The types of data that we process include the following:
- Information about your use of our website including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data.
- Information provided voluntarily by you, for example when you register for information.
- Information that you provide when you communicate with us through our website or by any other means.
Where we obtain your personal data from
Our sources of personal data about you include the following:
Contractors: You; your previous employers; personal and professional referees; your accountants; recruitment agencies; credit reference agencies and criminal records bodies; third party referrals; third party sources such as LinkedIn and job boards; regulators; HMRC; Companies House; our clients.
PAYE associates: You; your previous employers; personal and professional referees; recruitment agencies; credit reference agencies and criminal records bodies; third party referrals; third party sources such as LinkedIn and job boards; regulators; HMRC; our clients.
Job applicants: You; your previous employers; personal, professional and academic referees; recruitment agencies; credit reference agencies and criminal records bodies; third party referrals; third party sources such as LinkedIn and job boards.
Clients: You; your employer; third party referrals; third party sources such as LinkedIn.
Suppliers: You; your employer; third party referrals; third party sources.
Referees: Our employees; contractors; PAYE associates; job applicants.
Website users: You.
Why we need to use your personal data
Contractors
We need to process your personal data to enter into and meet our obligations under a contract with you. For example, we need to process your personal data to provide you with a contract, source and manage assignments for you and pay your Personal Service Company.
We also need to process your data to ensure we are complying with our legal obligations. For example, we are required to check your entitlement to work in the UK and provide information relating to your Personal Service Company to HMRC.
In other instances, we have a legitimate interest in processing your personal data. For example, this allows us to:
- Assess data about you against assignments which we think may be suitable for you;
- Contact you when suitable assignments arise with our clients;
- Carry out screening checks;
- Maintain accurate and up-to-date records of projects secured and contact details (including details of who to contact in the event of an emergency), and records of your contractual rights;
- Facilitate our invoicing process;
- Process business travel expense claims;
- Manage our relationship with you;
- Ensure effective business administration;
- Market our products and services to you, keep you updated on any relevant industry news and update you on any events or other information we feel may be relevant or of interest to you;
- Provide references on request; and
- Respond to and defend against legal claims.
PAYE associates
We need to process your personal data to enter into and meet our obligations under a contract with you. For example, we need to process your personal data to provide you with a contract, provide work finding services to you and manage these engagements, pay you in accordance with your contract and to administer pension entitlements.
We also need to process your data to ensure we are complying with our legal obligations. For example, we are required to check your entitlement to work in the UK and to deduct tax.
In other instances, we have a legitimate interest in processing your personal data. For example, this allows us to:
- Assess data about you against vacancies which we think may be suitable for you;
- Contact you when suitable opportunities arise with our clients;
- Carry out screening checks;
- Maintain accurate and up-to-date records of projects secured and contact details (including details of who to contact in the event of an emergency), and records of your contractual rights;
- Facilitate our invoicing process;
- Process business travel expense claims;
- Manage our relationship with you;
- Ensure effective business administration;
- Market our products and services to you, keep you updated on any relevant industry news and update you on any events or other information we feel may be relevant or of interest to you;
- Provide references on request; and
- Respond to and defend against legal claims.
Job applicants
We need to process your personal data to take steps at your request prior to entering into a contract with you. We also need to process your data to enter into a contract with you.
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work in the UK before employment starts.
We have a legitimate interest in processing personal data during the recruitment process and in keeping records of the process. Processing data from job applicants allows the organisation to manage the recruitment process, assess and confirm a candidate’s suitability for employment, measure the effectiveness of our diversity practices and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
We process health information if we need to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.
If your application is unsuccessful we will keep your data for a limited period of time after the recruitment exercise is completed. After that we may keep your personal data on file in case there are future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.
Clients
We need to process your personal data to ensure the contractual arrangements between us and our clients can be properly implemented, so that we can deliver the services under the contract between us and our clients, and so that we can market our products and services.
Suppliers
We need to process your personal data to ensure the contractual arrangements between us and our suppliers can be properly implemented, so that we can make use of suppliers’ services and so that the relationship can run smoothly.
Referees
We need to process your personal data in order to take up references as part of our quality assurance processes.
Website users
We need to process your personal data to provide our services to you and to help us improve your experience of using our website.
In addition to this we may use the information for one or more of the following purposes:
- To provide information to you that you request from us relating to our services.
- To provide information to you relating to other products or services that may be of interest to you. Such additional information will only be provided where you have consented to receive such information.
- To inform you of any changes to our website or services.
If you have previously made use of services from us we may provide you with details of similar services, or other goods and services, that you may be interested in.
We will never give your details to third parties to use your data to enable them to provide you with information regarding unrelated goods or services.
Consent
There may be times when we need to obtain your explicit consent to collect and use your personal data (eg where we need to perform a criminal records check as a result of a condition imposed upon us by a client). If we ask for your consent to process your personal data, you may withdraw your consent at any time.
Our lawful basis for processing your data
We rely on several legal grounds (called lawful bases) to legitimise the processing of your data. The most relevant lawful bases are because processing is in our legitimate interests, because you have consented to us doing so, because it is necessary for the performance of a contract to which you are a party, and to comply with employment law and other legal obligations.
Where we rely on legitimate interests as a reason for processing data, we have considered whether or not those interests are overridden by your rights and freedoms and have concluded they are not.
If you fail to provide certain data when requested, we may not be able to perform the contract we have entered into with you.
Who we share your data with
We may share your personal data, where appropriate, internally and with organisations including the following:
Contractors
- Payment processors and our bank.
- Relevant professional bodies such as the Institute and Faculty of Actuaries (IFoA).
- Travel and accommodation booking service providers.
- IT service providers.
- Suppliers who undertake background screening on behalf of us (credit checking agencies, criminal checking bureaus, fraud prevention agencies etc.).
- Past and prospective employers.
- Personal and professional referees.
- Recruitment agencies and intermediaries.
- Tax, audit or other authorities.
- Our legal, tax, accounting, IT and other advisors.
- Our insurers.
- Other companies providing products or services to us.
- Our clients and MSPs operating on behalf of our clients.
- Your Personal Service Company.
- If we merge with or are acquired by another business or company in the future, or are in meaningful discussions about such a possibility, we may share your personal data with the (prospective) new owners of the business.
- Competent authorities – i.e. tribunals, courts, police forces, and regulators such as Financial Reporting Council (FRC), Prudential Regulation Authority (PRA) The Pensions Regulator (TPR), or the Financial Conduct Authority (FCA).
- Any third party if required by any regulatory or legal authority.
PAYE associates
- Payroll and payment processors and our bank.
- Relevant professional bodies and societies such as the Institute and Faculty of Actuaries (IFoA).
- Travel and accommodation booking service providers.
- IT service providers.
- Pension administrators.
- Suppliers who undertake background screening on behalf of us (credit checking agencies, criminal checking bureaus, fraud prevention agencies etc.).
- Past and prospective employers.
- Personal and professional referees.
- Recruitment agencies and intermediaries.
- Tax, audit or other authorities.
- Our legal, tax, accounting, IT and other advisors.
- Our insurers.
- Other companies providing products or services to us.
- Our clients and MSPs operating on behalf of our clients.
- If we merge with or are acquired by another business or company in the future, or are in meaningful discussions about such a possibility, we may share your personal data with the (prospective) new owners of the business.
- Competent authorities – i.e. tribunals, courts, police forces, and regulators such as Financial Reporting Council (FRC), Prudential Regulation Authority (PRA) The Pensions Regulator (TPR), or the Financial Conduct Authority (FCA).
- Any third party if required by any regulatory or legal authority.
Job applicants
- Payment processors and our bank.
- IT service providers.
- Past employers.
- Personal, professional and academic referees.
- Recruitment agencies.
- Our legal, IT and other advisors.
- Other companies providing products or services to us.
- Competent authorities – i.e. tribunals, courts, police forces, and regulators such as Financial Reporting Council (FRC), Prudential Regulation Authority (PRA) The Pensions Regulator (TPR), or the Financial Conduct Authority (FCA).
- Any third party if required by any regulatory or legal authority.
Clients
- IT service providers.
- Tax, audit or other authorities.
- Our legal, tax, accounting, IT and other advisors.
- Our insurers.
- If we merge with or are acquired by another business or company in the future, or are in meaningful discussions about such a possibility, we may share your personal data with the (prospective) new owners of the business.
- Competent authorities – i.e. tribunals, courts, police forces, and regulators such as Financial Reporting Council (FRC), Prudential Regulation Authority (PRA) The Pensions Regulator (TPR), or the Financial Conduct Authority (FCA).
- Any third party if required by any regulatory or legal authority.
Suppliers
- IT service providers.
- Tax, audit or other authorities.
- Our legal, tax, accounting, IT and other advisors.
- If we merge with or are acquired by another business or company in the future, or are in meaningful discussions about such a possibility, we may share your personal data with the (prospective) new owners of the business.
- Competent authorities – i.e. tribunals, courts, police forces, and regulators.
- Any third party if required by any regulatory or legal authority.
Referees
- IT service providers.
- Tax, audit or other authorities.
- Our legal, IT and other advisors.
- Competent authorities – i.e. tribunals, courts, police forces, and regulators.
- Any third party if required by any regulatory or legal authority.
Website users
- IT service providers.
- If we merge with or are acquired by another business or company in the future, or are in meaningful discussions about such a possibility, we may share your personal data with the (prospective) new owners of the business.
- Competent authorities – i.e. tribunals, courts, police forces, and regulators.
- Any third party if required by any regulatory or legal authority.
In some instances we outsource the processing of your information to third party service providers. Where this happens we oblige them to protect your information with appropriate security measures in line with the GDPR regulations and prohibit them from using your information for their own purposes.
We reserve the right to disclose any information we have concerning you if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property.
When we might transfer your personal data across borders
We avoid transferring your personal data to countries outside the European Economic Area (EEA) wherever possible. Where it is not possible to avoid transferring, we will only do so where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- By way of a data transfer agreement incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data to processors in jurisdictions without adequate data protection laws; or
- By signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
- Transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation.
In operating our website, it may become necessary to transfer data that we collect from you to locations outside of the EEA for processing and storing. By providing your personal data to us, you agree to this transfer, storing and processing. We do our utmost to ensure that all reasonable steps are taken to make sure that your data is stored securely.
How long we retain your data
We will retain your personal data in accordance with our internal data retention policy which sets out the time period for which different categories of data are kept. We determine the length of time we keep data for based on the minimum retention periods required by law or regulation. We will only keep your personal data after this period if there is a legitimate business reason to do so.
We will delete your personal data when it is no longer required for these purposes. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to avoid further processing or use of your personal data.
How do we safeguard your personal data
We are committed to taking reasonable and appropriate steps to protect the personal data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.
If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately.
Unfortunately, the sending of information via the internet is not totally secure and on occasion such information can be intercepted. We therefore cannot guarantee the security of data that you choose to send us through this website and sending such information is entirely at your own risk.
Third party links
On occasion we include links to third parties on this website. Where we provide a link it does not mean that we endorse or approve that site’s policy towards visitor privacy. You should review their privacy policy before sending them any personal data.
Use of cookies
Cookies provide information regarding the computer used by a visitor. We may use cookies where appropriate to gather information about your computer in order to assist us in improving our website.
We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally; it is statistical data which does not identify any personal details whatsoever.
Our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our website.
You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For further information see our Cookie Policy.
Your rights
Under data protection legislation, you have the right to:
- Request that we provide you with a copy of the personal data we hold about you.
- Request us to correct any information we hold about you that is incorrect or out of date.
- In certain circumstances request that we restrict the processing of your personal data.
- Object to processing of personal data that is likely to cause, or is causing, damage or distress.
- Request us to erase your personal data, where we no longer have a lawful basis or valid business reason for holding it.
- Object to decisions being taken by automated means.
- Withdraw your consent where we have obtained your consent to process personal data.
- Request that we send all or some of the personal data we hold about you to another organisation.
We will honour such requests, withdrawals or objections in line with the applicable data protection rules, but these rights are not absolute and will depend on the lawful basis we are using for processing your personal data. We will usually, in response to a request, ask you to prove your identity and provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.
You also you have the right to lodge a complaint with a supervisory authority. Details of your local supervisory authority are as follows: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone 0303 123 1113.
In addition, it is important that the personal data we hold about you is accurate and up to date. Please keep us informed if any of your personal data changes during your relationship with us.
You have the right to opt out of our marketing activity at any time using our contact details above.