We take your privacy very seriously. Please read this privacy policy carefully as it contains important
information on who we are and how and why we collect, store, use and share your personal data. It
also explains your rights in relation to your personal data and how to contact us or supervisory
authorities in the event you have a complaint.
We collect, use and are responsible for certain personal data about you. When we do so we are
subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU
General Data Protection Regulation (EU GDPR) in relation to services we offer to individuals and our
wider operations in the European Economic Area (EEA).
Key terms
It would be helpful to start by explaining some key terms used in this policy:
We, us, our
Deka Outsourcing Ltd or ‘Deka’ and our group companies.
Personal data
Any information relating to an identified or identifiable individual.
Special category personal data
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership Genetic data.
Biometric data (where used for identification purposes).
Data concerning health, sex life or sexual orientation.
Data subject
The individual who the personal data relates to.
Scope
This privacy policy explains how we process and protect personal data about: candidates who register with us through our website, job boards, social media sites or other sources; for direct employment with us or for roles that we are managing for our clients, or business contacts at our clients and suppliers; and users of our websites; (collectively "you" or “your")
Personal data we collect about you
The personal data we collect about you depends on the particular services we provide to you.
Candidates
When you register as a candidate with us for job-finding services, we collect and process your personal information. This includes your name, contact information, CV details, education and employment history, immigration status, current or previous remuneration and benefits, preferences for future roles, financial information and social security number. Where permitted by law, we may also gather additional details, such as health information (e.g., disability data for workplace adjustments), diversity data (e.g., race, ethnicity, sexual orientation, or religion for equal opportunity purposes), and any unspent criminal convictions (if required by us or our clients). We may also collect data when you interact with our website, such as clicking on email links, opening or forwarding emails, signing up for job alerts or related content or your responses to surveys and promotions. Please note that the above list of categories of personal data we collect is not exhaustive.
How this personal data is collected
We collect most of this personal data directly from you and from third-party sources, such as:
Referees: When you are offered a position.
Previous Employers: To confirm employment history.
Educational Institutions: To validate academic credentials.
Disclosure Services: To check for criminal convictions, if required.
Credit Agencies: To assess financial standing, when necessary.
Public Platforms: Including LinkedIn and social media, to enhance your profile and improve job-matching efforts.
Clients: Who may have reviewed your CV, interacted with you during recruitment, or provided feedback.
Clients
Clients include our customers and others to whom we provide services in the course of our business or whom we reasonably consider would be interested in our services. The information we collect about Clients is minimal and primarily consists of your contact details or those of key contacts within your organisation. This allows us to communicate with you about our services, maintain a smooth working relationship, and, in some cases, provide services to your employees. Additionally, we track your online interactions with candidate profiles and other materials we share to ensure our marketing communications are both relevant and timely. If you share information with us about a candidate (such as confirming their employment or providing a reference), we obtain your details from the candidate and retain a record of the personal information you provide regarding that candidate.
How this personal data is collected
We collect most personal data directly from you or from other limited sources and third parties, for example, from our candidates to the extent that they provide us with your details to act as a referee for them or where they give feedback on a particular assignment.
Website users
Website users include anyone who visits our site that is not a client or a candidate. We collect personal data such as your IP address and other data about your device that we need to provide our website content to you. We also collect data about how you have engaged with our website or apps such as the pages you have viewed during your visit. Additionally, we will also collect information about any enquiries you make through the “contact us” section of our website. We use cookies to collect a lot of this information and you can find out more about this from our cookie policy (www.dekapeople.com/cookie-policy).
We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below. If you do not provide personal data we ask for, it may delay or prevent us from providing our services to you.
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason, e.g.
where you have given consent;
to comply with our legal and regulatory obligations;
for the performance of a contract with you or to take steps at your request before entering into a contract; or for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
What we use your personal data for
Our reasons
Providing our services to you.
To perform our contract with you or to take steps at your request before entering into a contract.
To review your information to understand how our services may assist.
Legitimate interests, it is in our mutual interests for us to assess whether you may be interested in or benefit from our recruitment services, for us to help identify how we can help with your job search to contact and correspond with you as part of providing you with our recruitment services.
To communicate with you in relation to our recruitment services.
Preventing and detecting fraud against you or us.
For our legitimate interest, i.e. to minimise fraud that could be damaging for you and/or us.
Conducting checks to identify our clients and verify their identity.
Screening for financial and other sanctions or embargoes.
Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety law or rules issued by our professional regulator.
Depending on the circumstances:
— to comply with our legal and regulatory obligations
— for our legitimate interests.
To enforce legal rights or defend or undertake legal proceedings.
Depending on the circumstances:
— to comply with our legal and regulatory obligations;
— in other cases, for our legitimate interests, i.e. to protect our business, interests and rights.
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies.
To comply with our legal and regulatory obligations.
Ensuring the confidentiality of commercially sensitive information.
Depending on the circumstances:
— for our legitimate interests, i.e. to protect trade secrets and other commercially valuable information;
— to comply with our legal and regulatory obligations.
Updating client records.
Depending on the circumstances:
— to enable us to continue to provide our services to you;
— to comply with our legal and regulatory obligations;
Credit reference checks via external credit reference agencies.
For our legitimate interests, i.e. to ensure our clients are likely to be able to pay for our services.
External audits and quality checks, e.g. the audit of our accounts.
Depending on the circumstances:
— for our legitimate interests, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards;
— to comply with our legal and regulatory obligations.
To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency.
In such cases information will be anonymised where possible and only shared where necessary.
Depending on the circumstances:
— to comply with our legal and regulatory obligations;
— in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets.
Collecting and processing data in the course of and providing recruitment services to candidates and facilitating the recruitment process including:
- Storing candidates' details on our database.
- Sending candidates' information to our clients, in order to apply for facilitate job applications or to assess suitability for specific roles.
- To enable Candidates to submit their CVs, apply for jobs and to subscribe to alerts about jobs.
We will rely on legitimate interests or the performance of our contract to provide you with our services.
Processing candidates' data to manage payroll and invoicing.
Legitimate interests and the fulfilment of our contract with you in ensuring that you receive any payment due to you.
Verifying the details provided by a candidate, or requesting information including references, qualifications, and criminal convictions.
For other types of data we rely on legitimate interest to verify that the information that you have provided is true and in obtaining your references as part of the process of finding you employment.
We obtain your express consent for criminal conviction checks.
Collecting and processing candidate data in the course of carrying out assessments such as skills tests.
Legitimate interests, mutually beneficial for both us and you to analyse competency for employment.
Contacting clients about our services by storing and updating client details in our database for communication purposes and maintaining records of conversations and meetings to deliver tailored services.
Legitimate interests: it is a mutual interest for us to contact you about our services in order to provide you or your organisation with suitable candidates.
Processing Client data in the course of carrying out our obligations arising from any contracts entered into between us and any third parties in relation to our services, for example any candidates identified as suitable for a role with one of our clients.
Legitimate interests: mutual interests in fulfilling our obligations under agreements with third parties.
Collecting data through personalisation cookies and pixels to create profiles and provide clients with targeted and personalised content, including:
- Customising clients' website experience, such as highlighting relevant roles during visits.
- Tailoring marketing content delivered via the website, email, and other channels, where clients have consented to receive such marketing.
These cookies and pixels track website interactions, such as pages visited, actions taken, and links followed, enabling us to understand clients' preferences and interests, and adjust our communications and content accordingly.
We obtain your consent via the Cookie Preferences pop-upon our website before placing any personalisation cookies or pixels on your device and enabling related functionality.
Please note that if you access our services on multiple devices, you will need to adjust your settings through the Cookie Preferences pop-up on each device.
While we collect your consent before placing personalisation cookies or pixels, we rely on the legitimate interests condition to carry out the personalisation activities that follow.
We may use data collected through personalisation cookies and pixels, such as clients' web-based behaviours (e.g., applications submitted or pages visited), to enhance and refine the client profiles and information we already maintain in our systems.
How and why we use your personal data—Special category personal data
Certain personal data we collect is treated as a special category to which additional protections apply under data protection law:
personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership;
biometric data (when used to uniquely identify an individual);
data concerning health, sex life or sexual orientation.
Where we process special category personal data, we will also ensure we are permitted to do so under data protection laws, specifically, where one of the grounds in the section ‘How and why we use your personal data’ above applies and:
it is “necessary for the purposes of carrying out the obligations and exercising our or your specific rights… in the field of employment and social security and social protection law” in accordance with Article 9(2)(b) of the GDPR;
Or for health or occupational medicine purposes in accordance with Article (9(2)(h)) of the GDPR; orthe processing is necessary to establish, exercise or defend legal claims.
Purpose for Processing Your Personal Data
Reason for Processing
Collecting and analysing candidates' data to assess and ensure compliance with equal opportunities obligations
We process your personal data when it is necessary to monitor and review equality of opportunity or treatment between groups, based on our legitimate interest in promoting equal opportunities.
Processing medical history or health-related data to make reasonable adjustments during the recruitment process
We process this data when it is necessary for health and social care purposes (e.g., assessing a candidate’s working capacity) and when we have a legitimate interest in ensuring inclusivity.
Processing health-related data in the context of occupational health for specific roles (e.g., teaching, nursing, or night work)
We process this data for health and social care purposes (e.g., providing healthcare or treatment) when it is necessary and aligned with our legitimate interest in ensuring role suitability.
Processing criminal convictions data as part of background checks
We will obtain your explicit consent for this processing. In some cases, we may request a Disclosure and Barring Service (DBS) check without consent if required to meet legal obligations.
Assisting with the establishment, exercise, or defence of legal claims
We process your data to comply with legal and regulatory requirements or to pursue our legitimate interests in protecting and defending our rights.
Marketing
We will use your personal data to send you updates (by email, text message, telephone or post) about our services.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
You do, however, have the right to opt out of receiving marketing communications at any time by:
contacting us using the details set out below;
using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will not sell or share your data with other organisations for marketing purposes.
Who we share your personal data with
It may be necessary for us to share your personal data with other parties in various ways for a number of reasons, in order to carry out the recruitment process, provide our services more generally, or to comply with legal or regulatory obligations to you or that we are subject to. These may include:
professional advisers such as HR consultants, recruitment consultants, solicitors in relation to legal issues, accountants in relation to financial issues, advisors, experts, management consultants;
our own employees/colleagues (where appropriate)
others within our business;
your/our regulator(s);
our clients (depending on who you are e.g. a candidate)
medical professionals (e.g. a doctor for occupational health assessments)
suppliers of services required in relation to your potential employment;
We may also share your personal data for the facilitation of payroll and invoicing process as well as keeping a record of any salary increase or bouses that may have been awarded. We may also share your personal data with third parties in order to obtain pre-employment references from other employers, and to obtain employment background checks from third-party providers.
If you are a client we may share your data to provide you with a pool of candidates, to provide you with our services more generally; to provide you with Recruitment Process Outsourcing or Manages Service Provisions, to provide you with consultancy and advisory services and/or to provide services to your employees, such as training.
If you are a Supplier or other third party we may share your information with any of our group companies and associated third parties such as our service providers in order to get in touch with you about our services.
From time to time, we will be required to disclose personal data and exchange information about you, or relating to you, with government, law enforcement and regulatory bodies and agencies in order to comply with our own legal and regulatory obligations.
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.
We or the third parties mentioned above occasionally also share personal data with:
our and their external auditors, eg in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;
other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.
We will not share your personal data with any other third party.
Who we share your personal data with—further information
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
Where your personal data is held
Personal data may be held at our offices third party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal data with’).
Some of these third parties may be based outside the UK/EEA. For more information, including on how we safeguard your personal data when this happens, see below: ‘Transferring your personal data out of the UK and EEA’.
How long your personal data will be kept
We will keep your personal data for as long as we need to in order to fulfil the purpose we collected it for, which may be an ongoing purpose. For example, if you’re a candidate, we will retain your personal data for the duration of our business relationship with you and beyond, as we often support candidates with job placements over many years and potentially throughout their careers.
We keep some personal data for longer than others. To determine the appropriate retention period for personal data, we consider factors such as the purposes for which we process your personal data, including any legal, regulatory, accounting and reporting obligations, the nature and amount of personal data that we hold about you, and the potential risk of harm to you from unauthorised use or disclosure of your personal data.
Where we process your personal data for direct marketing purposes, we will do so until you ask us to stop, and for a short period after this (to allow us to implement your request). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely, so that we can respect your request.
Transferring your personal data out of the UK and EEA
It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.
We will transfer your personal data to our service providers located outside the UK and the USA.
Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:
the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR. A list of countries the UK currently has adequacy regulations in relation to is available here.
in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR. A list of countries the European Commission has currently made adequacy decisions in relation to is available here.
there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
a specific exception applies under relevant data protection law.
Where we transfer your personal data outside the UK or EEA, we do so on the basis of an adequacy regulation or (where this is not available) legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR and/or EU GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK/EEA unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.
Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section on ‘Changes to this privacy policy’ below.
Your rights
You have the following rights, which you can exercise free of charge:
Purpose for Processing Your Personal Data
Reason for Processing
Access
The right to be provided with a copy of your personal data.
Rectification
The right to require us to correct any mistakes in your personal data.
Erasure (also known as the right to be forgotten)
The right to require us to delete your personal data—in certain situations.
Restriction of processing
The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.
Data portability
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.
To object
The right to object:
— at any time to your personal data being processed for direct marketing (including profiling);
— in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims.
Not to be subject to automated individual decision-making
The right to withdraw consent
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time. You may withdraw consent by emailing us at dataprotection@dekaoutsourcing.uk Withdrawing consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.
For more information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below) or see the Guidance from the UK Information Commissioner’s Office (ICO).
If you would like to exercise any of those rights, please:
email us—see below: ‘How to contact us’; and
provide enough information to identify yourself (e.g. your full name, address and customer or matter reference number) and any additional identity information we may reasonably request from you; let us know what right you want to exercise and the information to which your request relates.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being lost accidentally, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information on how to protect your personal data and other information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
How to complain
Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.
You may also have the right to lodge a complaint with the Information Commissioner (the UK data protection regulator) and/or the relevant supervisory authority in your jurisdiction. Please contact us if you would like further information.
Changes to this privacy policy
This privacy notice was published on 23.12.24 and last updated on 19.12.24 The terms and provisions of this privacy policy may be changed, updated and amended from time to time. If we do so during the period of your recruitment, we will inform you of those changes via our website or email.
Updating your personal data
We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed, e.g. your surname or address—see below ‘How to contact us’.
How to contact us
Individuals in the UK
You can contact us by email if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint. Our contact details are shown below:
Contact details:
dataprotection@dekaoutsourcing.uk
Do you need extra help?
If you would like this notice in another format (for example audio, large print, braille) please contact us (see ‘How to contact us’ above)
