Privacy Policy

January 2024 / Version 13

If you are a member of Impellam Group staff, this Privacy Policy should be read in conjunction with the Impellam Group UK Staff Privacy Policy on the Knowledge Library.

This Privacy Policy may be updated from time to time.  You can check https://www.impellam.com/privacy regularly so that you can read the most up-to-date version.

Introduction

Impellam Group plc (“Impellam”) and its subsidiary companies (see Annex 1) acts as both a recruitment agency and recruitment business as defined under The Conduct of Employment Agencies and Employment Businesses Regulations 2003 (“Conduct Regs”).  

We are committed to protecting the privacy and security of your personal information. We have therefore developed this Privacy Policy to inform you of the data we collect, what we do with your information, what we do to keep it secure, as well as the rights and choices you have over your personal information.

Throughout this document we refer to the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation ((EU) 2016/679) (GDPR 2018), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation.

Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR).  This includes any replacement legislation coming into effect from time to time.

This policy should be read together with our cookie policy that can be found on our website 

1) Information about us

Our Data Protection Officer is Emma Trew. You can contact her at gdpr@impellam.com or via our registered address:

  • Impellam Group plc
  • 800 The Boulevard
  • Luton
  • Bedfordshire
  • LU1 3BA
  • Company Number: 6511961
  • VAT Number: 629032550

This Privacy Policy applies in relevant countries throughout our international network.  Where other countries may approach data privacy differently, we have included country-specific versions of this Privacy Policy, in accordance with our comprehensive list of companies within the Impellam Group, as set out at Annex 1.

2) What does this Privacy Policy cover?

This Privacy Policy sets out what Impellam does with your personal data, whether you are a:

  1. Candidate
  2. Prospective Candidate
  3. Person with whom we contact to provide us with assistance in relation to one of our candidates (e.g., referees and emergency contacts)
  4. Client
  5. Supplier
  6. Temporary Worker
  7. Permanent Worker
  8. You are visiting our Website

 This Privacy Policy is divided into a short-form quick reference section, and a long-form more detailed section on the website. It describes how we collect, use and process your personal data, and how we comply with our legal obligations and regulatory requirements.

We keep our Privacy Policy under regular review and we encourage you to periodically review this page for the latest information on our privacy practices.

3) What is Personal Data?

Personal data is defined by the DPA 2018 and the GDPR 2018 as ‘any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier’. In simpler terms, personal data is any information about you that enables you to be identified (either on its own or when combined with other data we may hold on you). Personal data covers obvious information such as your name and contact details, but it also covers information such as identification numbers, electronic location data, and other online identifiers. 

4) Our Legal Bases for processing your data

Depending on the type of personal data in question and the grounds on which we are processing it, should you decline to provide us with such data or ask us to stop processing it, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship or may have to bring that relationship to a close (i.e. because we cannot continue it without personal data about you).

  • Legitimate Interest

In the course of providing work-finding services to our clients and work-seekers, where Impellam acts as a Data Controller, it will be necessary, and in our legitimate interest to process personal data, as defined by the DPA 2018 and the GDPR 2018.

We will process contact data as part of the Refer a Friend schemes on the grounds of legitimate interests. This is where referrals are made on behalf of work-seekers by members of their social group. Each referral is processed on the basis that there is a legitimate interest in us helping to find work for the referred individual.

  • Establishing, Exercising or Defending Legal claims

Sometimes it will be necessary for us to process personal data and, where appropriate and in accordance with our legal obligations and regulatory requirements, sensitive personal data in connection with exercising or defending legal claims.

The DPA 2018 and GDPR 2018 allows this where the processing "is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity".

This will arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.

  • To Exercise our Rights or Carry out our Employment and Social Security Legal Obligations

For some Candidates, Temporary Workers and individuals it will sometimes be necessary for us to process your sensitive/special category personal data, for the purpose of ensuring compliance with our legal obligations and regulatory requirements.
For example, we may process your medical data to enable us to provide you with adequate support if you suffer from a health condition or disability, for example by sharing medical information about you with an occupational health specialist, in order to determine prognosis and return to work arrangements, and to assess your working capacity more generally. 
The DPA 2018 and the GDPR 2018 allows us to do this where the processing is "necessary for the purposes of carrying out the obligations and exercising [our or your] specific rights… in the field of employment and social security and social protection law", as long as this is allowed by law.
Where processing your personal data is necessary for us to carry out our obligations under our Contract with you, to ensure that you are properly fulfilling your obligations to us, and to ensure that we are fulfilling our obligations to others.
The DPA 2018 and the GDPR 2018 applies where processing of personal data "is necessary for the performance of a contract to which [you are] party or in order to take steps at [your] request … prior to entering into a contract".
Where processing your personal data is necessary for us to carry out our Legal Obligations
In relation to the employment or engagement of Temporary Workers directly by us, as well as our obligations to you under our contract, we also have other legal obligations that we need to comply with. The DPA 2018 and the GDPR 2018 states that we can process your personal data where this processing "is necessary for compliance with a legal obligation to which [we] are subject".
An example of a legal obligation that we need to comply with is our obligation to co-operate with tax authorities, including providing details of your remuneration and tax paid.
Electronic marketing
In addition to the DPA 2018 and the GDPR 2018 requirement for a lawful basis, where we send unsolicited electronic marketing to you we may also require either an opt-in consent or opt-out consent under the Privacy and Electronic Communication Regulations 2003 (“PECR”). That means we are permitted to market products or services to you which are related to the recruitment services we provide to you as long as you do not actively opt-out from these communications. 
Consent
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent under the DPA 2018 and GDPR 2018, or soft opt-in consent (PECR).
The DPA 2018 and the GDPR 2018 states that (opt-in) consent is "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her". In plain language, this means that:
you have to be in a position to give us your consent freely, without us putting you under any type of pressure to give or refuse that consent;
you have to know what you are consenting to – so we will make sure we give you enough information;
where consent is required, you should have control over which processing activities you consent to and which you don’t; and
you need to take positive and affirmative action in giving us your consent – we are likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion. We will keep records of the consents that you have given in this way.
You have the right to withdraw your consent to these activities. You can do so at any time by contacting gdpr@impellam.com .

What Are My Rights?

One of the DPA 2018 and GDPR 2018’s main objectives is to protect and clarify the rights of EU and UK citizens and individuals in the EU and UK with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
To get in touch about these rights, please email gdpr@impellam.com. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we will, where necessary, keep a record of your communications to help us resolve any issues which you raise.
Right to object: 

This right enables you to object to us processing your personal data where we do so for one of the following four reasons: 
(i) our legitimate interests; 
(ii) to enable us to perform a task in the public interest or exercise official authority; 
(iii) to send you direct marketing materials; and 
(iv) for scientific, historical, research, or statistical purposes.
The "legitimate interests" and "direct marketing" categories above are the ones most likely to apply to our Website Users, Candidates, Temporary Workers, Clients and Suppliers. 
If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
we can show that we have compelling legitimate grounds for processing which overrides your interests; or
we are processing your data for the establishment, exercise or defence of a legal claim.
If your objection relates to direct marketing, we must act on your objection by ceasing this activity.
Right to withdraw consent: 
Where we have obtained your consent to process your personal data for certain activities, you may withdraw this consent at any time, and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.
Data Subject Access Requests (DSAR): 
You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. 
We may ask you to verify your identity and for more information about your request. 
If we provide you with access to the information we hold about you, we will not charge you for this unless your request is "manifestly unfounded or excessive". 
If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. 
Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
Right to erasure: 
You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
the data are no longer necessary for the purpose for which we originally collected and/or processed them;
where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
the data has been processed unlawfully (i.e., in a manner which does not comply with the DPA 2018 and the GDPR 2018);
it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for one of the following reasons:
to exercise the right of freedom of expression and information;
to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
for public health reasons in the public interest;
for archival, research or statistical purposes; or
to exercise or defend a legal claim.
When complying with a valid request for the erasure of data we will delete the relevant data.
Right to restrict processing: 
You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either: 
one of the circumstances listed below is resolved; 
you consent; or 
further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important UK, EU or Member State public interest.
The circumstances in which you are entitled to request that we restrict the processing of your personal data are:
where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
where we have no further need to process your personal data, but you require the data to establish, exercise, or defend legal claims.
If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
Right to rectification: 
You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right of data portability: 
If you wish, you have the right to transfer your personal data between data controllers. In effect, this means that you are able to transfer your Impellam account details to another online platform. 
To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another online platform. 
Alternatively, we will directly transfer the data for you. This right of data portability applies to: 
personal data that we process automatically (i.e., without any human intervention); 
personal data provided by you; and 
personal data that we process based on your consent or in order to fulfil a contract.
Right to lodge a complaint with a supervisory authority: 
You also have the right to lodge a complaint with the Information Commissioners Office (‘ICO’). 
Phone: 0303 123 1113
Email: casework@ico.org.uk

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
If you would like to exercise any of these rights, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), please email gdpr@impellam.com 
Please note that we will, where necessary, keep a record of your communications to help us resolve any issues which you raise.
You may ask to unsubscribe from job alerts and other marketing communications from us either by unsubscribing where prompted on any relevant communication from us, or at any time by emailing gdpr@impellam.com  
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data. 

 What Data do you collect about me and how; and how do you use it, share it and retain it?

The short-form information below can be found in more detail in our long-form section by clicking on the link relevant to what type of data subject you are on the website.

 

Data Subject Type

What kind of personal data do we collect?

How do we collect your personal data?

How do we use your personal data?

Who do we share your personal data with?

How long do we keep your personal data for?

Candidates

 

In order to provide employment opportunities tailored specifically to you, we need to process certain information about you.  We will only ask you for details that will assist us, such as your name, age, contact details, education details, employment history, emergency contacts, immigration status, financial information (for the purposes of processing financial background checks), and social security number, and any other relevant information you choose to share with us.

 

Where appropriate and only in accordance with a statutory obligation or to ensure that any employment rights are respected, we will also collect sensitive and special category data related to your health, diversity information or details of any criminal convictions.

 

From you; or third parties; or we collect it automatically.

Data you provide to us may include:

1) submission of your CV either in branch, at a job fair, through an online job board, or online;

2) photos or videos uploaded by you to recruitment technology platforms;

3) applying for a job via a job board provider or job aggregator;

Data provided by a third party may include:

1) references from referees;

2) clients, suppliers and other candidates may share your data with us;

3) if you like us on Facebook or Twitter we may receive your personal data from those sites;

4) if you were referred to us via an RPO or MSP they may share your personal data with us;

5) the Home Office may provide us with nationality and immigration status data where necessary and required;

6) Government databases may provide us with financial sanction and criminal records checks data where necessary and required

We generally use Candidate data in five ways:

Recruitment Activities;

Marketing Activities;

Equal Opportunities Monitoring;

To help us to establish, exercise or defend legal claims;

In appropriate circumstances, we may also use Candidate data in psychometric assessments.

 

Where appropriate and in accordance with our legal obligations and regulatory requirements, we will share your personal data, in various ways and for various reasons.

Some services that we provide require the involvement of third parties.

We have carefully selected these third parties and taken steps to ensure that your Personal Data is adequately protected.  

The third parties may include our clients, suppliers of IT services, pay-rolling services or vetting services.

Candidates with whom we have had no contact - 6 months

Candidates whom we have had contact but have not been placed –   1* year from the later of:

Candidate registration

Consent to represent received for Conduct Regs purposes, which is separate from any data protection consent

Last meaningful contact

*Exception: 5 years for contacted but not placed SRG, C60 and Lorien Candidates

Prospective Candidates

If your information is made available online and we feel we can match it to the services we provide, we will collect and use this information about you to assess how we might be able to help with your job search and to get in touch with us.

We collect your personal data from third parties - for example:

·         via social media,

·         professional networking sites (such as LinkedIn),

·         referral from a member of your social group,

·         job aggregators and job board providers,

·         RPO or MSP suppliers (where they refer you to us) and

·         Software vendors who provide us with publicly available information through their software

 

 

We use Prospective Candidate information in order to work out whether you might be interested in, or might benefit from, our services, and if so, to assess whether and how we may be able to help you out.

If we think we can help you, we will use your information to get in touch with you about our services.

Where we have identified you as a Prospective Candidate we may share your information with any of our group companies and associated third parties such as our service providers in order to get in touch with you about our services.

6 months if no contact made, or 1* year from last meaningful contact.

For prospective candidates referred to us by a member of your social group – we will erase your data after 7 days if no contact has been made following the first contact attempt.

 *Exception: 5 years for contacted but not placed SRG, C60 and Lorien Candidates

Someone who assists us with one of our Candidates

We require a referee's contact details (name, email address and telephone number) to enable us to confirm certain details provided by the Candidate or prospective employee, to facilitate the employment process.

 

Emergency contact information (a name, email address and telephone number) is required in case of an emergency where we would need to contact someone on your behalf.

 

We collect your contact details only where a Candidate or a member of our Staff puts you down as their emergency contact or dependent or where a Candidate gives them to us in order for you to serve as a referee.

We use referees’ personal data to help our Candidates to find employment which is suited to them.

If we are able to verify their details and qualifications, we can make sure that they are well matched with prospective employers.

Where a referee is being asked to give a reference based on their professional experience of a Candidate, and where we think that they may be interested in becoming a Client of ours, we may also use their details to reach out to get in touch in that alternative capacity.

We use the personal details of a Candidate or Staff member's emergency contacts in the case of an accident or emergency affecting that Candidate or member of Staff.

We use the personal data of the dependants or other beneficiaries of Staff to allow that Staff member to access certain benefits or employment rights.

Unless you specify otherwise, we will share your information with any of our group companies and associated third parties such as our service providers and organisations to whom we provide services.

6 months if no contact made, or 2 years from last meaningful contact

Client

If you are a client of Impellam’s we need to collect and use information about you, or individuals at your organisation, in the course of providing you or offering you services such as: (i) finding the right Candidates for you or your organisation; (ii) providing you with a Managed Service Provider (‘MSP’) programme (or assisting another organisation to do so); (iii) providing you with Recruitment Process Outsourcing (‘RPO’) services (or assisting another organisation to do so).

 

We collect your personal data either:

From you; or

From third parties (e.g. our Candidates or Temporary Workers) and other limited sources (e.g. online and offline media).

 

The main reason for using information about Clients is to enable us to introduce ourselves to you and to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly. This will involve:

identifying Candidates who we think will be the right fit for you or your organisation;

providing you with an MSP programme (or assisting another organisation to do so);

providing you with RPO services (or assisting another organisation to do so); and/or

providing services to your employees, such as training courses.

The more information we have, the more bespoke we can make our service.

We will share your data:

primarily to ensure that we provide you with a suitable pool of Candidates;

to provide you with an MSP programme (or assist another organisation to do so);

to provide you with RPO services (or assist another organisation to do so); and/or

to provide services to your employees, such as training courses.

Unless you specify otherwise, we will share your information with any of our group companies and associated third parties such as our service providers to help us meet these aims.

6 months if no contact made, or 2 years from last meaningful contact

Supplier

We need a limited amount of information from our Suppliers to enable the provision of your services to us and the fulfilment of our contractual obligations between us. 

Such details may include contact details of relevant individuals at your organisation so that we can communicate with you, and bank details so that we can pay for the services you provide.

 

We collect your personal data during the course of our work with you.

The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.

 

6 months if no contact made, or 2 years from last meaningful contact

Temporary Worker

If we employ or engage you directly as a Temporary Worker, we need to process certain extra information (in addition to the information collected from Candidates).

We only collect important information such as start dates, bank details and details of previous remuneration, pensions and benefit arrangements.

Where appropriate and in accordance with legal obligations and requirements, we may also collect, by inference, information related to trade union membership, sexual orientation and child care or carer arrangements when you provide us with information about deductions from your salary for trade union membership or childcare vouchers or details about your emergency contact.

 

We collect your personal data either:

From you; or

From third parties.

 

If we employ or engage you directly as a Temporary Worker, the main reason for using your personal details is to

ensure the smooth running of our Temp Relationship, and

to comply with our contractual and other duties to each other, and

to our Clients, as part of our Temp Relationship, and

our duties to third parties such as tax authorities and government agencies.

If we employ or engage you directly as a Temporary Worker, we may share your personal data with a number of additional parties in order to ensure the smooth running of our Temp Relationship.

For example, we may share your personal data with appropriate colleagues within Impellam (this may include colleagues in overseas offices), with a Client and, if appropriate, medical professionals such as your GP or an occupational health specialist.

6 years from the later of:

End of last assignment, or

1 year after last meaningful contact

Permanent Worker

As per Temporary Workers above

As per Temporary Workers above

As per Temporary Workers above

As per Temporary Workers above

2* years from the later of:

Placement date, or

1 year after last meaningful contact

*Exception: 5 years for placed SRG, C60 and Lorien Permanent Workers

Website User

To the extent that you access our website or click through any links in an email from us, we will collect certain data from you. 

We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide.

 

This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is most popular.

 

We collect your IP address, information from social media activity (such as likes, shares and tweets) when you interact with us on social media, information you provide if you report a problem with our website or services, and any additional information which you provide voluntarily and/or which we may ask from you to better understand you and your interests.

 

Information we collect via cookies or similar technology stored on your device (find out more about cookies and how we use them in our Cookie Policy.

We collect your data automatically via cookies when you visit our website, in line with cookie settings in your browser.

If you would like to find out more about cookies, including how we use them and what choices are available to you, please refer to our cookie policy. 

Some of our emails contain a snippet of code, invisible to the naked eye, called a tracking pixel that allows us to understand which of our messages are being opened. If you would prefer that this information was not collected, please disable automatic download of images in your email software or service.

We use your data to help us to improve your experience of using our website, for example by analysing your recent job search criteria to help us to present jobs to you that we think you'll be interested in.

If you are also a Candidate or Client of Impellam, we will use data from your use of our websites to enhance other aspects of our communications with, or service to, you.

If you would like to find out more about cookies, including how we use them and what choices are available to you, please refer to our Cookie Policy.

Please note that communications to and from Impellam’s Staff including emails will be reviewed as part of internal or external investigations or litigation where necessary.

 

Unless you specify otherwise, we will share your information with providers of web analytics services, marketing automation platforms and social media services to make sure any advertising you receive from us is targeted to you.

 

 

How do we store and transfer your personal data internationally?
In order to provide you with the best service and to carry out the purposes described in this Privacy Policy; your data may be transferred:
between and within Impellam entities globally;
to third parties (such as advisers or other Suppliers to the Impellam business);
to overseas Clients where applicable;
to Clients within your country, where applicable, who may, in turn, transfer your data internationally;
to a cloud-based storage provider. 
We want to make sure that your data are stored and transferred in a way which is secure. We will therefore only transfer data outside of the UK / European Economic Area (EEA) where it is in line with applicable law, and we will require that there is an adequate level of protection for your personal data, and that appropriate security measures are in place. 
In such cases where your personal data is transferred outside of the UK / EEA we will require that the following safeguards are observed:
The laws of the country to which your personal data is transferred ensure an adequate level of data protection;
By way of data transfer agreement, incorporating the standard data protection contractual clauses (SCC’s) approved by the European Commission or International Data Transfer Agreement (IDTA) approved by the UK Government; or
Any other applicable appropriate safeguards under the DPA 2018 / GDPR 2018 
To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal information is treated by those third parties in a way that is consistent with, and which respects the law on data protection, This includes:
Mandating by contract that all sub-processors adhere to data protection legislation requirements;
Ensuring that any data transfers are encrypted in transit;
Storing your data on encrypted servers and networks;
Undergoing yearly security audits;


Who is responsible for processing your personal data
You can find out which Impellam entity is responsible for processing your personal data and where it is located within Annex 1 
Cookies and similar technologies
A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that when you revisit website, it can present tailored options based on the information stored about your last visit.  Cookies can also be used to analyse traffic and for advertising purposes.
Cookies are used by nearly all websites and do not harm your system. If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings, or you can change your preferences within our Cookie Settings.  We also provide information about this within our Cookie Policy
 Security of your personal data
We have implemented appropriate technical and organisational controls to protect your personal data against misuse, loss, or unauthorised access. These include measures to deal with any suspected data breach.
If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately by emailing gdpr@impellam.com 
Data Security is of great importance to Impellam and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
Limiting access to our buildings to those that we believe are entitled to be there by use of passes;
Implementing access controls to our information technology;
We use appropriate procedures and technical security measures (including strict encryption, anonymization and archiving techniques) to safeguard your information across all our computer systems, websites and offices.
Impellam is ISO 27001 and Cyber Essentials Certified.

  Automated Decision Making or Profiling
We do not undertake automated decision making or profiling,
We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process.
Some of our brands may offer the opportunity for candidates to undertake a psychometric assessment. This is entirely optional and is used solely to help match candidates more closely to suitable job roles.  

 

ANNEX 1 - Impellam Group Companies:


The list below is subject to amendment and update – please check www.impellam.com for the latest list.
 

Legal Entity

Trading Name (if different)

Location

BarPellam Inc

 

U.S

Bartech Technical Services of Canada ULC

 

Canada

Carbon60 AG

 

Switzerland

Carbon60 Limited

 

United Kingdom

Comensura Limited

 

United Kingdom

Comensura Pty Limited

Comensura Australia

Australia

Corporate Employment Resources Inc

 

U.S

Flexy Corporation Limited

 

United Kingdom

Flexy Services Pty Limited

 

Australia

Guidant Global UK Limited

 

United Kingdom

Guidant Global Belgium NV

Guidant Global Belgium

Belgium

Guidant Global Europe Limited

 

U.S

Guidant Global Germany GmbH;

Guidant Global Germany

Germany

Guidant Global Germany GmbH (France branch)

Guidant Global France

France

Guidant Global Germany (Netherlands branch)

Guidant Global Netherlands

Netherlands

Guidant Global Germany (Norway branch)

Guidant Global Norway NUF

Norway

Guidant Global Germany GmbH – (Poland branch)

Guidant Global Poland

Poland

Guidant Global Germany GmbH – Secursal em Portugal

Guidant Global Portugal

Portugal

Guidant Global Germany GmbH -  Fillal

Guidant Global Sweden

Sweden

Guidant Global Inc

 

U.S

Guidant Global India Private Limited

 

India

Guidant Global Italy SRL

Guidant Global Italy

Italy

Guidant Global Puerto Rico Inc

Guidant Global Puerto Rico

Puerto Rico

Guidant Global Mexico S de R.L de C.V

Guidant Global Mexico

Mexico

Guidant Global Switzerland AG

Guidant Global Switzerland

Switzerland

Guidant Global SG Pte Limited

Guidant Global Singapore

Singapore

Guidant Group Inc

 

U.S

Impellam GmbH

Carbon60; SRG; Lorien

Germany

Impellam Group PLC

 

United Kingdom

Impellam UK Limited

 

United Kingdom

Irish Recruitment Consultants Limited

IRC; Guidant Global Ireland; Lorien Resourcing Ireland; SRG Ireland

Ireland

Lorien Resourcing Limited

 

United Kingdom

Science Recruitment Group Limited

SRG; Synergy

United Kingdom

 


ANNEX 2 – Retention Periods

 

Retention Period (up to)

All types of Candidates with whom we have had no contact

6 months - If no contact made

Candidates we have had meaningful contact with but not placed

 

1* year from the later of:

  • Candidate registration;
  • Consent to represent received (for Conduct Regs purposes) (which is separate from any consent given for data protection purposes)
  • Last meaningful contact.

 

*Exception: 5 years for SRG, C60 and Lorien Candidates

Temporary Workers we have placed

6 years from the later of:

  • End of last assignment; or
  • 1 year after last meaningful contact.

Permanent Workers we have placed

2* years from the later of:

  • placement date; or
  • 1 year after last meaningful contact.

*Exception: 5 years for placed SRG, C60 and Lorien Permanent Workers

Our Own Permanent Employees or Direct Hire Temps

Not Hired - 1 year from registration or consent if not placed.

Hired - 6 years from end of employment

All Others

6 months - If no contact made; or

2 years- from last meaningful contact.

 


ANNEX 3 – Country specific variations to our Privacy Notice 

Australia & New Zealand

Germany

Switzerland

 

ANNEX 4 – Glossary

Candidates – refers to applicants (and those subsequently engaged on temporary assignments, directly or indirectly, by Impellam and/or one of its subsidiary companies)  for any roles advertised by or through Impellam and/or one of its subsidiary companies, whether permanent or temporary positions, whether as freelancers, contractors, flexible employees or through third parties including Suppliers; as well as people who have submitted a speculative CV to Impellam and or one of its subsidiary companies.

 

Clients – covers organisations which engage with Impellam and/or one of its subsidiary companies for it to provide recruitment or other services.

 

Data Controller – is a person, company, or other body that determines the purpose and means of personal data processing.

 

Data Processor – processes personal data only on behalf of the Data Controller.

 

Data Protection Act 2018 - updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

 

Employees – includes employees engaged directly by Impellam (or who have accepted an offer to be employed) as well as certain other workers engaged in the business of providing services to Impellam and/or one of its subsidiary companies.  This includes employees engaged to work on client premises under the terms of managed service agreements or equivalent.

 

General Data Protection Regulation (GDPR) – A European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any related national data protection legislation. 

 

The EU GDPR applies to all 27 member countries https://europa.eu/european-union/about-eu/countries_en of the European Union (EU). It also applies to all countries in the European Economic Area (the EEA), and includes Iceland, Norway, and Liechtenstein. 

 

The UK withdrew from the European Union on 31 December 2020, and the GDPR has now been enshrined under UK GDPR. The UK is expected to substantially follow the GDPR after Brexit but this Policy will be updated to reflect any changes where necessary.

Information Commissioners Office (ICO) - is the UK's independent body and supervisory authority set up to uphold information rights.

Managed Service Provider (MSP) Programmes – Clients’ outsourcing of the management of external staff (including freelance workers, independent contractors and temporary employees) to an external recruitment provider.

Meaningful Contact - When we refer to "meaningful contact", we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services.

Privacy and Electronic Communication Regulation (PECR) – sit alongside the Data Protection Act and GDPR to give people specific privacy rights in relation to electronic communications.

Prospective Candidates – individuals with whom Impellam and/or one of its subsidiary companies has not had prior contact but whom Impellam and/or one of its subsidiary companies reasonably considers would be interested in our services and, in particular, in being considered for any roles advertised or promoted by Impellam and/or one of its subsidiary companies, including permanent, part-time and temporary positions and freelance roles with Impellam and/or one of its subsidiary companies Clients.

Recruitment Process Outsourcing (RPO) Services – full or partial outsourcing of the recruitment process for permanent employees to a recruitment provider.

Special Category or Sensitive Personal Data - the GDPR defines special category data as Personal Data revealing: (1) Racial or Ethnic Origin; (2) Political Opinions; (3) Religious or Philosophical Beliefs; (4) Trade Union Membership; (5) Genetic Data; (6) Biometric Data (where used for identification purposes); (7) data concerning Health; (8) data concerning a person’s Sex Life; (9) data concerning a person’s Sexual Orientation. This does not include personal data about criminal allegations, proceedings or convictions, as separate rules apply. 

Suppliers – covers supplier companies (including sole traders), vendors, umbrella companies, partnerships and limited company contractors who provide services to Impellam and/or one of its subsidiary companies including as sub-contractors.  Suppliers should ensure their employees and workers are made aware of the provisions of this Privacy Policy as applicable.