Home » Policies » Data Protection Policy

Data Protection Policy

As a recruitment company, Red Box Teachers Recruitment Ltd processes personal data in relation to our own staff, work-seekers and individual client contacts. It is therefore vitally important that we abide by the principles of the Data Protection Act 1998 set out below.

Staff Administration
Advertising, marketing and public relations
Accounts and records
Administration and processing of work-seekers personal data for the purposes of work-finding services.

Home » Policies » Data Protection Policy

Data Protection Policy

Staff Administration
Advertising, marketing and public relations
Accounts and records
Administration and processing of work-seekers personal data for the purposes of work-finding services.

The Data Protection Act 1998 requires Red Box as data controller, to process data in accordance with the eight principles of data protection.

Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate
Not kept longer than necessary
Processed in accordance with the data subjects rights
Kept securely
Not transferred to countries outside the European Economic Area without adequate protection.

Personal data means data which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of or is likely to come into the possession of Red Box Teachers Recruitment Ltd.

Processing data means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organising, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data. It is difficult to envisage any activity involving data, which does not amount to processing. It also applies to any processing that is carried out on a computer.

At Red Box Teachers we need to review data on a regular basis, to ensure it is accurate, relevant and up to date. It is the Admin team who are responsible for doing this under the guidance of the Managing Director.

All Red Box staff must be aware of the business’s data protection and information security policy.

Personal data may only be processed with the consent of the person whose data is held. Therefore if they have not consented to their personal details being passed to a third party this may constitute a breach of the Data Protection Act 1998. By instructing the Company to look for work and by providing us with personal data contained in a CV, work-seekers will be giving their consent to processing their details for work-finding purposes with Red Box Teaching agency. Our single intention for use of individuals’ personal data is to support finding them work. In the event of us needing to use the information for any other purpose, we MUST obtain the Works Seeker’s specific consent.

Caution should be exercised before forwarding the personal details of any individuals on whom personal data is held, to any third party such as past, current or prospective employers, suppliers, customers and clients, persons making an enquiry or complaint and any other third party.

Sensitive Personal Data

Personal data in respect of the following is “sensitive personal data” and any information held on any of these matters MUST NOT be passed on to any third party without the express written consent of the individual:

Any offence committed or alleged to be committed by them.
Proceedings in relation to any offence and any sentence passed.
Physical or mental health or condition.
Racial or ethnic origins.
Sexual life.
Political opinions.
Religious beliefs or beliefs of a similar nature.
Whether someone is a member of a trade union.

Information Security

From a security point of view, only those staff listed in Appendix 1.0, are permitted to add, amend or delete personal data from the Company’s database(s) (“database” includes paper records or records stored electronically). However, all staff are responsible for notifying those listed where information is known to be old, inaccurate or out of date. In addition, all employees should ensure that adequate security measures are in place. For example:

Computer screens should not be left open by individuals who have access to personal data.
Passwords should not be disclosed.
Email should be used with care.
Personnel files and other personal data should be stored in a place in which any unauthorised attempts to access them will be noticed. They should not be removed from their usual place of storage without good reason.
Personnel files should always be locked away when not in use and when in use should not be left unattended.
Any breaches of security should be treated as a disciplinary issue.
Care should be taken when sending personal data in internal or external mail.
Destroying or disposing of personal data counts as processing. Therefore care should be taken in the disposal of any personal data to ensure that it is appropriate. Such material should be shredded or stored as confidential waste awaiting safe destruction.

It should be remembered that the incorrect processing of personal data e.g. sending an individual’s details to the wrong person, allowing unauthorised persons access to personal data, or sending information out for purposes for which the individual did not give their consent, may give rise to a breach of contract and/or negligence leading to a claim against the Company for damages from an employee, work-seeker or client contact.

A failure to observe the contents of this policy will be treated as a disciplinary offence.

Subject Access Requests

Data subjects are entitled to obtain access to their data on request and after payment of a fee. All requests to access personal data by data subjects should be referred to Hayley Anderson whose details are listed in Appendix 1.0 of this policy.

References

Any requests for access to a reference given by a third party must be referred to Jordon Davis or Nicola Anderson (details listed in Appendix 1.0 of this policy) and should be treated with caution even if the reference was given in relation to the individual making the request. This is because the person writing the reference also has a right to have their personal details handled in accordance with the Data Protection Act 1998, and not disclosed without their consent. Therefore when taking up references an individual should always be asked to give their consent to the disclosure of the reference to a third party and/or the individual who is the subject of the reference if they make a subject access request. However if they do not consent then consideration should be given as to whether the details of the individual giving the reference can be deleted so that they cannot be identified from the content of the letter. If so the reference may be disclosed in an anonymous form.

The Human Rights Act 1998

Finally, it should be remembered that all individuals have the following rights under the Human Rights Act 1998 and in dealing with personal data these should be respected at all times.

Appendix 1.0

Please see below the staff members who have responsibility for adding, amending or deleting data.

Katy Lanaway – Manager
Loretta Smith – Manager
Hayley Anderson – Consultant
Nicola Anderson – Finance Administrator
Jordon Davis – Administrator

List those persons responsible for responding to subject access requests.

Hayley Anderson – hayley.anderson@redboxteachers.com

List those persons responsible for responding to reference requests from third parties.

Nicola Anderson – nicola.anderson@redboxteachers.com
Jordon Davis – Jordon@redboxteachers.com

Red Box Teacher Recruitment Limited

Office 33, Terminal House
Station Approach, Shepperton
TW17 8AP