Privacy Notice

C22 Limited T/A Catch 22 (‘the Company’) is a recruitment business which provides work-finding, recruitment and related services to its clients and work-seekers.

The Company must process personal data so that it can provide these services – in doing so, the Company acts as a data controller.

We will only use your personal data in accordance with the terms outlined in our contracts and our privacy notice.

1. COLLECTION AND USE OF PERSONAL DATA

  1. You may give your personal details to the company directly, such as by seeking services from us.
  2. In some circumstances, your personal details may have been provided to us by another person in your company in order for us to offer and / or perform a contractual obligation between Catch 22 and your company.
  3. Your details may have been identified via publicly available sources in relation to your professional history (e.g. LinkedIn or your company website).

In any case the Company must have a legal basis for processing your personal data. We will only use your personal data in accordance with the terms of a contract and our privacy notice.

1.2 PURPOSE OF PROCESSING AND LEGAL BASIS

The Company will collect your personal data and process your personal data for the purposes of providing you with our services.

The legal bases we rely upon when providing and/or offering to provide these services to you are:

Legal Base Example Of Purpose
CONTRACTUAL OBLIGATION To provide our services including work-finding, recruitment and related services;
To assist us / you/your company to establish / exercise or defend legal claims.
LEGITIMATE INTEREST For marketing and public relations in relation to our services;
To improve the services we offer and provide including work-finding, recruitment, training and related services.
CONSENTWhere we have explicitly obtained your consent to share your data with other potential clients e.g. to provide a testimonial and/or reference about our service provision.
PUBLIC INTERESTReview if it applies where we supply into public sector.
VITAL INTEREST OF DATA SUBJECTThis is unlikely, however as we do host events at our offices, in the event of an emergency situation, the limited information we hold on you would be provided to emergency services as necessary.
LEGAL OBLIGATION To comply with law, e.g. HMRC and Tax legislation.

1.3 RECIPIENT/S OF DATA

Where we need to share your personal data, we have contracts and data sharing agreements in place with the recipients that require them to treat your information as confidential and ensure the continued protection of your data whilst in their possession. The Company will process your personal data with the following recipients:

  1. Candidates/workers that are introduced to and/or supplied to your company;
  2. Governing bodies and authorities as required by law;
  3. Our software providers;
  4. Third party suppliers, e.g. business associates and professional advisers, such as external consultants, technical and IT support functions, independent auditors;
  5. The third party, where necessary to protect your vital interest, e.g. emergency services;
  6. Marketing technology platforms and suppliers;
  7. We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or a part of any business restructuring or reorganisation. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

2. OVERSEAS TRANSFERS

The Company may transfer the information you provide to us to countries outside the European Economic Area (‘EEA’). The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.

Whenever your data is shared, inside or outside of the EEA, we will take every step possible to ensure adequate protections are in place to ensure the security of your information.

3. AUTOMATED DECISION MAKING

The company does not use automated decision-making, including profiling. Should the company intend to change this process you will be notified in advance.

4. DATA ACCESS RESTRICTION AND RETENTION

The Company will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.

4.1 WHERE SERVICES HAVE NOT BEEN PROVIDED

If we have not provided you/your company with our services, or had valuable contact with you (or, where appropriate, the company you are working for or with) for two consecutive years, your personal data will be deleted from our systems unless; save where we believe in good faith that the law or other regulation requires us to preserve it.

4.2 WHERE SERVICES HAVE BEEN PROVIDED

Your personal details may be included in several documents created during the course of our contract with you/your company. To comply with legal requirements e.g. HMRC, Agency Workers Regulation and tax legislation, your data will be kept by Catch 22 for 7 tax years directly prior to the last date on which services were provided to you/your company.

Where the Company has obtained your consent to process your personal data and sensitive personal data we will do so in line with the relevant schedule detailed above.

After expiry of that period, your data will no longer be kept by Catch 22.

5. SECURITY PRECAUTIONS IN PLACE TO PROTECT THE LOSS, MISUSE OR ALTERATION OF YOUR INFORMATION

We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, e.g.:

  1. encryption of our services and data;
  2. review our information collection, storage and processing practices, including physical security measures;
  3. restrict access to personal access to personal information;
  4. internal policies setting out our data security approach and training for employees, these include measures to deal with any suspected data breach.

6. YOUR RIGHTS

Please be aware that you have the following data protection rights:

  1. The right to be informed about the personal data the Company processes on you;
  2. The right of access to the personal data the Company processes on you;
  3. The right to rectification of your personal data;
  4. The right to erasure of your personal data in certain circumstances;
  5. The right to restrict processing of your personal data;
  6. The right to data portability in certain circumstances;
  7. The right to object to the processing of your personal data that was based on a public or legitimate interest;
  8. The right not to be subjected to automated decision making and profiling; and
  9. The right to withdraw consent at any time.

Where you have consented to the Company processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by the emailing Data Protection Officer datacontroller@c22.co.uk

7. COMPLAINTS OR QUERIES

If you wish to complain about this privacy notice or any of the procedures set out in it please contact: Quality Manager by emailing quality@c22.co.uk

You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.

C22 Limited T/A Catch 22 (‘the Company’) is a recruitment business which provides work-finding, recruitment and related services to its clients and work-seekers.

The Company must process personal data so that it can provide these services – in doing so, the Company acts as a data controller. We will only use your personal data in accordance with the terms outlined in our contracts and our privacy notice.

1. COLLECTION AND USE OF PERSONAL DATA

a) You may give your personal details to the company directly, such as by seeking services from us, via an online application or submitting your CV.
b) Your details may have been identified via publicly available sources in relation to your professional history (e.g. LinkedIn or a jobs board where you have posted your CV for recruiters to consider you for opportunities).
c) In some circumstances, your personal details may have been provided to us by another person for us to offer our services to you, e.g. a referral from one of our clients.
d) Data may also be collected throughout the course of your engagement or whilst undertaking training with us, e.g. from a referee or from a client you have been assigned to work at.

In any case, the Company must have a legal basis for processing your personal data, which may include sensitive data. We will only use your personal data in accordance with the terms of a contract and our privacy notice.

1.2 PURPOSE OF PROCESSING AND LEGAL BASIS

The Company will collect your personal data and process your personal data, which may include sensitive data, for the purposes of providing you with our services. The legal bases we rely upon when providing and/or offering to provide these services to you are:

Legal Base Example Of Purpose
CONTRACTUAL OBLIGATION To provide our services including work-finding, recruitment, training and related services;
To process payroll;
To assist us / you to establish / exercise or defend legal claims.
Where required for the role to process information in relation to your criminal convictions.
LEGITIMATE INTEREST For marketing and public relations in relation to our services;
To improve the services we offer and provide including work-finding, recruitment, training and related services.
For statistical purposes.
To monitor Equality and Diversity.
To prevent modern slavery by promoting and fulfilling our commitment to Stronger Together (e.g. stronger together questionnaire)
CONSENTWhere we have explicitly obtained your consent to share your data with other potential candidates e.g. to provide a testimonial and/or reference about our service provision.
To monitor Equality and Diversity.
Where required for the role to process information in relation to your criminal convictions
PUBLIC INTERESTDoes Not Apply
VITAL INTEREST OF DATA SUBJECTThis is unlikely, however as we do host events at Third party, where necessary to protect your vital interest and/or where it is
LEGAL OBLIGATION believed that you are in immediate danger, e.g. emergency services, police / GLAA / Modern Slavery Helpline

1.3 RECIPIENT/S OF DATA

Where we need to share your personal and/or sensitive data, we have contracts and data sharing agreements in place with the recipients that require them to treat your information as confidential and ensure the continued protection of your data whilst in their possession.

The Company will process your personal data and/or sensitive data, with the following recipients:

a) Governing bodies and authorities as required by law;

b) Individuals and organisations who hold information related to reference contacts you have provided;

c) Our clients where you are taking part in the recruitment process and/or you accept an offer of an assignment and/or you undertake an assignment;

d) Neutral vendor when applicable;

e) Training provider where you are undertaking any training services provided by us;

f) Individuals or organisations who hold information related to your job role with Catch 22, such as educators and examining bodies;

g) Our software providers;

h) Third party suppliers, e.g. business associates and professional advisers, such as external consultants, technical and IT support functions, independent auditors;

i) Third party company at your request, e.g. landlord or alternative prospective employer where you have requested us to act as a referee for you;

j) The third party, where necessary to protect your vital interests, e.g. emergency services;

k) Marketing technology platforms and suppliers;

l) Pension provider;

m) We may transfer your personal information to a third party as part of a TUPE transfer under The Transfer of Undertakings (Protection of Employment) Regulations 2006;

n) We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or a part of any business restructuring or reorganisation. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

2. OVERSEAS TRANSFERS

The Company may transfer the information you provide to us to countries outside the European Economic Area (‘EEA’). The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.

Whenever your data is shared, inside or outside of the EEA, we will take every step possible to ensure adequate protections are in place to ensure the security of your information.

3. AUTOMATED DECISION MAKING

The company does not use automated decision-making, including profiling. Should the company intend to change this process you will be notified in advance.

4. DATA ACCESS RESTRICTION AND RETENTION

The Company will retain your personal data and/or sensitive data only for as long as is necessary. Different laws require us to keep different data for different periods of time.

4.1 WHERE SERVICES HAVE NOT BEEN PROVIDED

If we have not provided you with our services, or had valuable contact with for two consecutive years, your personal data will be deleted from our systems save where we believe in good faith that the law or other regulation requires us to preserve it.

4.2 WHERE SERVICES HAVE BEEN PROVIDED

Your personal details may be included in several documents created during the course of our contract with you. To comply with legal requirements e.g. HMRC, UK Visas and Immigration, The Conduct of Employment Agencies and Employment Businesses Regulations 2003, Agency Workers Regulation, HSE and tax legislation, your data will be kept by Catch 22 for 7 tax years from the last date on which services were provided to you.

Where the Company has obtained your consent to process your personal data and sensitive personal data we will do so in line with the relevant schedule detailed above.

After expiry of that period, your data will no longer be kept by Catch 22.

5. SECURITY PRECAUTIONS IN PLACE TO PROTECT THE LOSS, MISUSE OR ALTERATION OF YOUR INFORMATION

We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, e.g.:

a) encryption of our services and data;

b) review our information collection, storage and processing practices, including physical security measures;

c) restrict access to personal access to personal information;

d) internal policies setting out our data security approach and training for employees, these include measures to deal with any suspected data breach.

6. YOUR RIGHTS

Please be aware that you have the following data protection rights:

a) The right to be informed about the personal data the Company processes on you;

b) The right of access to the personal data the Company processes on you;

c) The right to rectification of your personal data;

d) The right to erasure of your personal data in certain circumstances;

e) The right to restrict processing of your personal data;

f) The right to data portability in certain circumstances;

g) The right to object to the processing of your personal data that was based on a public or legitimate interest;

h) The right not to be subjected to automated decision making and profiling; and

i) The right to withdraw consent at any time.

Where you have consented to the Company processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by emailing the Data Protection Officer datacontroller@c22.co.uk

7. COMPLAINTS OR QUERIES

If you wish to complain about this privacy notice or any of the procedures set out in it please contact: Quality Manager by emailing quality@c22.co.uk

You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.