privacy policy

  1. This Policy sets out the obligations of BOOK A CHEF LTD a company registered in England and Wales under number 10347114 whose registered office is at 82 King Street, Manchester M2 4WQ (“the Company”) regarding data protection and the rights of candidates, and business contacts (“data subjects”) in respect of their personal data under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”). The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. This Policy sets the Company’s obligations regarding the collection, processing, transfer, storage, disposal of personal data and data retention (policy). The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company. The Company is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.

  2. The Data Protection Principles

This Policy aims to ensure compliance with the GDPR. The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:

  1. THE RIGHTS OF DATA SUBJECTS

The GDPR sets out the following rights applicable to data subjects (please refer to the parts of this policy indicated for further details):

  1. LAWFUL, FAIR, AND TRANSPARENT DATA PROCESSING


  1. SPECIFIED, EXPLICIT, AND LEGITIMATE PURPOSES



  1. ADEQUATE, RELEVANT, AND LIMITED DATA PROCESSING

The Company will only collect and process personal data for and to the extent necessary for the specific purpose or purposes of which data subjects have been informed (or will be informed) as under Part 5, above, and as set out in Part 21, below.

  1. ACCURACY OF DATA AND KEEPING DATA UP-TO-DATE



  1. DATA RETENTION


 

  1. SECURE PROCESSING

The Company shall ensure that all personal data collected, held, and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction, or damage. Further details of the technical and organisational measures which shall be taken are provided in Parts 22 to 27 of this Policy.

  1. ACCOUNTABILITY AND RECORD-KEEPING


  1. DATA PROTECTION IMPACT ASSESSMENTS


  1. KEEPING DATA SUBJECTS INFORMED


  1. DATA SUBJECT ACCESS



  1. RECTIFICATION OF PERSONAL DATA


 

  1. ERASURE OF PERSONAL DATA



  1. RESTRICTION OF PERSONAL DATA PROCESSING



  1. DATA PORTABILITY



  1. OBJECTIONS TO PERSONAL DATA PROCESSING



  1. AUTOMATED DECISION-MAKING


 

  1. PERSONAL DATA COLLECTED, HELD, AND PROCESSED

The following personal data is collected, held, and processed by the Company (for details of data retention, please refer to clause 8.3.)

 

TYPE OF DATA

PURPOSE OF DATA

Name

To differentiate individuals/unique indicator

Address

To make contact, communicate, a unique marker, required for payroll

House Telephone Number

To enable contact via telephony

Mobile Telephone Number

To enable contact via; telephony; SMS; 

Email Address

To enable contact; receive information; a unique indicator 

Date of Birth

Required to differentiate between candidates, only sourced whilst setting up for payroll purposes

Work History

Used once consent is given to gain interested of a hirer/company

National Insurance Number

Required for payroll purposes

Bank Details

Required for payroll purposes, only used during payment transactions

Passport

Used to confirm identify of an individual

Birth Certificate

Used to confirm/validate identify of an individual

Identification Card

Used to confirm/validate identify of an individual

Driver’s license

Used to confirm/validate the said candidate’s ability to drive should a license/specialist licence be required for the position

Certificate/Qualification Documents

Used to confirm/validate the said candidate’s ability to perform in line with the positions requirements

 

  1. DATA SECURITY - TRANSFERRING PERSONAL DATA AND COMMUNICATIONS

The Company shall ensure that the following measures are taken with respect to all communications and other transfers involving personal data:

  1. DATA SECURITY - STORAGE

The Company shall ensure that the following measures are taken with respect to the storage of personal data:

  1. DATA SECURITY - DISPOSAL

When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of. For further information on the deletion and disposal of personal data, please refer to the Company’s Data Retention Policy - clause 8.3

  1. DATA SECURITY - USE OF PERSONAL DATA

The Company shall ensure that the following measures are taken with respect to the use of personal data:

  1. DATA SECURITY - IT SECURITY

The Company shall ensure that the following measures are taken with respect to IT and information security:

  1. ORGANISATIONAL MEASURES

The Company shall ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:

  1. TRANSFERRING PERSONAL DATA TO A COUNTRY OUTSIDE THE EEA


 

  1. DATA BREACH NOTIFICATION


 

  1. IMPLEMENTATION OF POLICY

This Policy shall be deemed effective as of Friday 25th May 2018. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.