Privacy.

Privacy

Content

  1. INTRODUCTION
  2. DEFINITIONS
  3. WHAT KIND OF PERSONAL INFORMATION DOES RED COLLECT?
    1. CANDIDATE DATA
    2. SUPPLIER DATA
    3. WEBSITE USERS
  4. HOW DOES RED COLLECT YOUR PERSONAL DATA?
    1. CANDIDATE and SUPPLIER DATA
      1. Personal data you give to us
      2. Personal data we receive from other sources
    2. WEBSITE USERS
  5. WHY DOES RED COLLECT YOUR PERSONAL DATA AND HOW IT IS USED?
    1. CANDIDATE DATA
      1. Recruitment Activities
      2. Marketing Activities
      3. Equal opportunities monitoring and other sensitive personal data
      4. To help us to establish, exercise or defend legal claims
      5. Conduct Regulations
    2. SUPPLIER DATA
    3. WEBSITE USERS
  6. WITH WHOM DOES RED SHARE YOUR PERSONAL DATA?
  7. HOW DO WE SAFEGUARD YOUR PERSONAL DATA?
  8. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
  9. OUR LEGAL BASES FOR PROCESSING YOUR DATA
    1. Legitimate Interests
      1. CANDIDATE DATA
      2. SUPPLIER DATA
    2. Consent
    3. Establishing, exercising or defending legal claims
  10. HOW CAN YOU ACCESS, AMEND OR TAKE BACK THE PERSONAL DATA THAT YOU HAVE GIVEN TO RED?
  11. HOW DO WE STORE AND TRANSFER YOUR DATA INTERNATIONALLY?
  12. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA ON THE RED WEBSITE?
  13. COOKIES POLICY
    1. What's a cookie?
    2. How do we use cookies?
    3. What cookies do we use?
  14. HOW TO CONTACT US?

INTRODUCTION

 

RED Commerce Limited (company number: 03914762) and its afiliates ("RED", "RED Global", "us") is a global recruitment and staffing business focused on SAP and technology services. We are committed to ensuring that when we collect and use information about Website Users, our Candidates and Suppliers, we do so in accordance with all data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679)), as well as other global legislation where our offices are located.

Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

The Privacy Policy sets out what we do with your personal data, whether we are in the process of helping you find a job, continuing our relationship with you once we have found you a role, providing you with a service, receiving a service from you, using your data to ask for your assistance in relation to one of our candidates, or you are visiting our website. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. For the purpose of the GDPR, the data controller is RED Commerce Limited of 5th Floor, 33 Gracechurch Street, London, EC3V 0BT.

This Privacy Policy was last updated in May 2022. It is important to point out that we may amend this Privacy Policy from time to time. Please check back regularly to keep informed of updates to this Privacy Policy.

This Privacy Policy incorporates the highest standard and applies in relevant countries throughout our international network. This allows us to ensure that we're complying with all applicable data privacy protections, no matter where you are.

 

DEFINITIONS

Candidates – includes applicants for all roles advertised or promoted by RED, including permanent, part-time and temporary positions and freelance roles with RED's Clients, as well as people who have supplied a speculative CV to RED not in relation to a specific job. Individual contractors, freelance workers and employees of suppliers or other third parties put forward for roles with RED’s Clients as part of an MSP offering or otherwise will be treated as candidates for the purposes of this Privacy Policy.

Clients - this covers our customers, clients, and others to whom RED provides services in the course of its business.

Data Controllers – the people who or organisations which determine the purposes for which, and the manner in which, any Data is processed. They have a responsibility to establish practices and policies in line with relevant laws. We are the Data Controller of all Data used in our business.

Delete – while we will endeavour to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so, some of your data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists on an archive system, this cannot be readily accessed by any of our operational systems, processes or member of staff. For the avoidance of doubt, it may be necessary for RED to retain information for legal, regulatory and/or auditing purposes.

General Data Protection Regulation (GDPR) – a European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.

Group Companies - means any holding company of RED Commerce Limited and any subsidiary of RED Commerce Limited or of any such holding company each as defined by section 1159 Companies Act 2006.

Managed Service Provider (MSP) programmes – Client's outsourcing of the management of external staff (including freelance workers, independent contractors and temporary employees) to an external recruitment provider.

Recruitment Process Outsourcing (RPO) services – full or partial outsourcing of the recruitment process for permanent employees to a recruitment provider.

Suppliers – refers to partnerships and companies (including sole traders), and atypical workers such as independent contractors and freelance workers, who provide services to RED. In certain circumstances, RED will subcontract the services it provides to Clients to third party suppliers who perform services on RED's behalf. In this context, suppliers that are individual contractors, freelance workers, or employees of suppliers will be treated as Candidates for data protection purposes. Please note that in this context, RED requires Suppliers to communicate the relevant parts of this Privacy Policy (namely the sections directed at Candidates) to their employees.

Special Categories of Data – refers to sensitive categories of Data about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition, sexual life, or sexual orientation.   It also includes genetic and biometric Data (where used for ID purposes). Special Categories of Data can only be processed under strict conditions and may require the explicit consent of the person concerned.

Website Users - any individual who accesses any of RED’s websites.

 

WHAT KIND OF PERSONAL INFORMATION DOES RED COLLECT?

CANDIDATE DATA

Depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the information listed below to enable us to offer you employment opportunities which are tailored to your circumstances and your interests. In some jurisdictions, we are restricted from processing some of the data outlined below. In such cases, we will not process the data in those jurisdictions:

  • Name;
  • Age/date of birth;
  • Sex/gender;
  • Contact details;
  • Education details;
  • Employment history;
  • Referee details;
  • Immigration status (whether you need a work permit);
  • Nationality/citizenship/place of birth;
  • A copy of your driving licence and/or passport/identity card;
  • Financial information (where we need to carry out financial background checks);
  • Social security number (or equivalent in your country) and any other tax-related information;
  • Diversity information including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability-related information;
  • Details of any criminal convictions if this is required for a role that you are interested in applying for;
  • Details about your current remuneration, pensions and benefits arrangements;
  • Information on your interests and needs regarding future employment, both collected directly and inferred, for example from jobs viewed or articles read on our website;
  • Extra information that you choose to tell us;
  • Extra information that your referees chooses to tell us about you;
  • Extra information that our clients may tell us about you, or that we find from other third party sources such as job sites;
  • IP address; and
  • The dates, times and frequency with which you access our services.

 

 

 

SUPPLIER DATA

We do not collect much data about Suppliers – we simply need to make sure that our relationship runs smoothly. We will collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses, as well as compliance documents such as your company registration document and VAT number. We will also collect bank details, so that we can pay you. 

WEBSITE USERS

We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page and any phone number used to call our customer service number.

 

HOW DOES RED COLLECT YOUR PERSONAL DATA?

CANDIDATE and SUPPLIER DATA

We collect Candidate personal data in two primary ways:

  1. Personal data that you, as the Candidate, you allow us to process on your behalf; and
  2. Personal data that we receive from other sources.

Personal data you allow us to process on your behalf 

RED needs to know certain information about you in order to provide a tailored service. This will enable us to provide you with the best opportunities and should save you time in not having to trawl through information about jobs and services that are not relevant to you.

There are numerous ways you can share your information with us - it all depends on what suits you.

These may include:

  • Entering your details on the RED website or via an application form, as part of the registration process;
  • Leaving a hard copy CV at a RED recruitment event, job fair or office;
  • Emailing your CV to a consultant or being interviewed by them;
  • Applying for jobs through a job aggregator, which may then redirect you to the RED website;
  • Entering your personal details into a RED microsite; or
  • Entering a competition through a social media channel such as Facebook or Twitter.

Upon entering your personal details to any of the following methods you agree for RED to process your personal data as data processors for the methods of recruitment, if you do not wish for us to process your personal data in this manner then please don’t submit personal data through the above methods.

Personal data we receive from other sources

We also receive personal data about Candidates from other sources. Depending on the relevant circumstances and applicable local laws and requirements, these may include personal data received in the following situations:

  • Your referees may disclose personal information about you;
  • Our Clients may share personal information about you with us;
  • We may obtain information about you from searching for potential Candidates from third party sources, such as LinkedIn and other job sites;
  • If you 'like' our page on Facebook or 'follow' us on Twitter or LinkedIn, we will receive your personal information from those sites; and
  • If you were referred to us through an RPO or an MSP supplier, they may share personal information about you with us.

WEBSITE USERS

When you visit our website, there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via the website, for example by using the chat function.

We collect your data automatically via cookies, in line with cookie settings in your browser. If you are also a Candidate of RED, we may use data from your use of our websites to enhance other aspects of our communications with or service to you. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see further below.

 

WHY DOES RED COLLECT YOUR PERSONAL DATA AND HOW IT IS USED?

Having obtained data about you, we then use it in a number of ways.

CANDIDATE DATA

We generally use Candidate data in five ways:

  • Recruitment Activities;
  • Marketing Activities;
  • Equal Opportunities Monitoring;
  • To help us to establish, exercise or defend legal claims; and
  • Conduct Regulations 2003, as amended.

Recruitment Activities

Obviously, our main area of work is recruitment – connecting the right Candidates with the right jobs. We've listed below various ways in which we may use and process your personal data for this purpose, where appropriate and in accordance with any local laws and requirements. Please note that this list is not exhaustive.

  • Collecting your data from you and other sources, such as LinkedIn;
  • Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to recruitment;
  • Providing you with our recruitment services and to facilitate the recruitment process;
  • Assessing data about you against vacancies which we think may be suitable for you;
  • Sending your information to Clients, in order to apply for jobs or to assess your eligibility for jobs (please note, we will not present you for any role(s) without having first obtained your express permission to do so);
  • Enabling you to submit your CV, apply online for jobs or to subscribe to alerts about jobs we think may be of interest to you;
  • Allowing you to participate in specialist online training;
  • Allowing you to participate in the interactive features of our services, when you choose to do so;
  • Carrying out our obligations arising from any contracts entered into between us;
  • Carrying out our obligations arising from any contracts entered into between RED and third parties in relation to your recruitment;
  • Facilitating our payroll and invoicing processes;
  • Carrying out customer satisfaction surveys;
  • Verifying details you have provided, using third party resources (such as psychometric evaluations or skills tests), or to request information (such as references, qualifications and potentially any criminal convictions, to the extent that this is appropriate and in accordance with local laws);
  • Complying with our legal obligations (such as compliance with anti-money laundering legislation); and
  • Processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.
  • Some data may be used by our in-house AI (Artificial Intelligence) that scores profiles to open jobs.  Don’t worry, it does not use any confidential personal data to perform the task.

What is Automated Profiling?

This is when your data is used to make a decision solely by automated means without any human involvement. 

Why do we use it?

We here at RED Global intend to place you within the best possible role. To make this happen we use automated profiling and AI tooling to streamline the process and to get you in front of the recruiter as quickly as possible.

What does it do?

We use this tooling to ensure as little bias as possible and to give you the best chance to succeed. This is achieved by removing any data from the CV that may allow someone to form a biased opinion that we feel should not be used when recruiting someone and presenting the purest version of your CV possible.

Is the entire process automated?

No, once the information has been un-biased this then reaches a recruiter and the information is processed by real human people. No choices with your application will ever come from a solely automated process.

 

Have you got more questions about the process? 

As per UK GDPR and The Data Protection Act 2018 if you have concerns or would like to review how your data is used, please contact the Data Protection Officer using details below.

We may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests. If you want to know more about what this means, please see further below. If you would rather not engage with RED as the Data Processor for recruitment purposes at any stage throughout the process, then you have the right to be forgotten under GDPR and DPA 2018 and the relationship to be terminated. However, if a legitimate or legal interest is taken by RED or third parties, we reserve the right to hold your Personal Data. Please see how further below.

Marketing Activities

We may periodically send you information that we think you may find interesting, or to ask for your help with connecting other Candidates with jobs. In particular, we may wish to use your data for the purposes listed below, where appropriate and in accordance with any local laws and requirements. Please note that this list is not exhaustive. These purposes include to:

  • enable us to develop and market other products and services;
  • market our full range of recruitment services (permanent, temporary, contract, outplacement, MSP programmes and RPO services) to you;
  • send you details of reports, promotions, offers, networking and client events, and general information about the industry sectors which we think might be of interest to you;
  • perform analytics – such as trends, sales intelligence, marketing effectiveness (such as click and open rates) uptake and progress; and
  • display promotional excerpts from your details on RED's website(s) as a case study (only where we have obtained your express consent to do so).

We need your consent for some aspects of these activities which are not covered by our legitimate interests (in particular, the collection of data via cookies, and the delivery of direct marketing to you through digital channels) and, depending on the situation, we'll ask for this via an opt-in or soft opt-in (which we explain further below). Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements.

Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us (for example, by submitting a job application or CV, or registering for a vacancy to be filled), and we are marketing other recruitment-related services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt-out. For most people, this is beneficial as it allows us to suggest other jobs to you alongside the specific one you applied for, significantly increasing the likelihood of us finding you a new position. For other types of e-marketing, we are required to obtain your explicit consent.

If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time. We want to let you know that even if you have opted-out from our marketing communications through our preference centre, it is possible that your details may be recaptured through public sources in an unconnected marketing campaign. We will try to make sure this doesn't happen, but if it does, we're sorry. We'd just ask that in those circumstances you opt-out again.

Equal opportunities monitoring and other sensitive personal data

We are committed to ensuring that our recruitment processes are aligned with our approach to equal opportunities. Some of the data we may (in appropriate circumstances and in accordance with local law and requirements) collect about you comes under the umbrella of "diversity information". This could be information about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs, and/or social-economic background. Where appropriate and in accordance with local laws and requirements, we'll use this information on an anonymised basis to monitor our compliance with our equal opportunities policy. We may also disclose this (suitably anonymised where relevant) data to Clients where this is contractually required, or where the Client specifically requests such information to enable them to comply with their own employment processes.

This information is what is called Special Category of Data and slightly stricter data protection rules apply to it. We therefore need to obtain your explicit consent before we can use it. We'll ask for your consent by offering you an opt-in. This means that you have to explicitly and clearly tell us that you agree to us collecting and using this information.

We may collect other sensitive personal data about you, such as health-related information, religious affiliation, or details of any criminal convictions if this is appropriate in accordance with local laws and is required for a role that you are interested in applying for. We will never do this without your express consent.

Please note that in certain of the jurisdictions in which we operate, different rules apply to this sensitive data.

If you are not happy about this, you have the right to withdraw your consent at any time.

To help us to establish, exercise or defend legal claims

In more unusual circumstances, we may use your personal data to help us to establish, exercise or defend legal claims, if any.

Record Keeping

We may collect your data for internal record keeping.

SUPPLIER DATA

We will only use your information:

  • To store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements;
  • To offer services to you or to obtain support and services from you;
  • To perform certain legal obligations;
  • To help us to target appropriate marketing campaigns; and
  • In more unusual circumstances, to help us to establish, exercise or defend legal claims.

We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests. If you want to know more about what this means, please see below.

We will not, as a matter of course, seek your consent when sending marketing messages to a corporate postal or email address. If you are not happy about this, in certain circumstances you have the right to object.

WEBSITE USERS

We use your data to help us to improve your experience of using our website, we may therefore for example launch a search function and may then analyse your recent job search criteria to help us to present jobs that we think you may be interested in.

 

WITH WHOM DOES RED SHARE YOUR PERSONAL DATA?

Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of people:

  • Any of our group companies;
  • Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;
  • Tax, audit, or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
  • Third party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
  • Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
  • Marketing technology platforms and suppliers;
  • In the case of Candidates: potential employers and other recruitment agencies/organisations to increase your chances of finding employment in such manner as we believe is reasonably necessary;
  • In the case of Candidates: third party partners, job boards and job aggregators where we consider this will improve the chances of finding you the right job in such manner as we believe is reasonably necessary;
  • In the case of Candidates: MSP suppliers as part of our clients' MSP programmes;
  • In the case of Candidates and our Candidates' referees: third parties who we have retained to provide services such as reference, qualification and criminal convictions checks, to the extent that these checks are appropriate and in accordance with local laws;
  • In the case of Website Users: to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes in such manner as we believe is reasonably necessary;
  • In the case of Website Users: to improve our site to ensure that content is presented in the most effective manner for you and for your computer in such manner as we believe is reasonably necessary;
  • In the case of Website Users: to allow you to participate in interactive features of our service, when you choose to do so in such manner as we believe is reasonably necessary;
  • In the case of Website Users: as part of our efforts to keep our site safe and secure;
  • In the case of Website Users: to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • If RED merges with or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.

HOW DO WE SAFEGUARD YOUR PERSONAL DATA?

We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of technical and organisational measures. These include measures to deal with any suspected data breach.

If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately. Details of how to contact us can be found below.

 

HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?

We understand our legal duty to retain accurate data and only retain personal data for up to 6 years and that you are happy for us to do so.  Accordingly, we have a data retention notice, available upon request, and run data removal routines.

We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data include:

  • the nature of the personal data; 
  • our legal obligations;
  • whether an interview or placement has been arranged; and
  • our recruitment expertise and knowledge of the industry by country, sector and job role.

 

We may store and handle your data in the following ways: 

  • We may archive part or all of your personal data, retain it on our financial systems only or delete all or part of the data from our main Customer Relationship Manager (CRM) system. 
  • We may pseudonymise parts of your data, particularly following a request for restriction or erasure of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so.

 

OUR LEGAL BASES FOR PROCESSING YOUR DATA

Legitimate Interests

  • Article 6(1)(f) of the GDPR is the one that is relevant here – it says that we can process your data where it "is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.
  • We don't think that any of the following activities prejudice individuals in any way – in fact, they help us to offer you a more tailored, efficient service, so everyone's a winner! However, you do have the right to object to us processing your personal data on this basis.
  • Please note that in certain of the jurisdictions in which we operate, a different legal basis for data processing might apply in certain cases.

CANDIDATE DATA

If we receive your CV through a third party, job board or professional networking site and we find you a good match for one of our vacancies, we will get in contact and ask for permission to process your data and to invite you to become a candidate.

Once it's looking like you may get the job, your prospective employer may also want to double check any information you've given us (such as the results from psychometric evaluations or skills tests) or to confirm your references, qualifications and criminal record, to the extent that this is appropriate and in accordance with local laws. We need to do these things so that we can function as a profit-making business, and to help you and other Candidates get the jobs you deserve.

We want to provide you with tailored job recommendations and relevant articles to help you with your job search. We therefore think it's reasonable for us to process your data to make sure that we send you the most appropriate content.

We also think that it might help with your job search if you take part in our specialist online training or some of our more interactive services, if you have the time. These are part of our service offering as a business, and help differentiate us in a competitive marketplace, so it is in our legitimate interests to use your data for this reason.

We have to make sure our business runs smoothly, so that we can carry on providing services to Candidates like you. We therefore also need to use your data for our internal administrative activities, like payroll and invoicing where relevant.

We have our own obligations under the law, which it is a legitimate interest of ours to insist on meeting! If we believe in good faith that it is necessary, we may therefore share your data in connection with crime detection, tax collection or actual or anticipated litigation.

SUPPLIER DATA

We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our Suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.

Consent

In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent.

Article 4(11) of the GDPR states that (opt-in) consent is "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her." In plain language, this means that:

  • you have to give us your consent freely, without us putting you under any type of pressure;
  • you have to know what you are consenting to – so we'll make sure we give you enough information;
  • you should have control over which processing activities you consent to and which you don’t.

We provide these finer controls within our privacy preference centre; and you need to take positive and affirmative action in giving us your consent.

We will keep records of the consents that you have given in this way.

We have already mentioned that, in some cases, we will be able to rely on soft opt-in consent. We are allowed to market products or services to you which are related to the recruitment services we provide as long as you do not actively opt-out from these communications.

Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements regarding consenting to receive marketing materials.

As we have mentioned, you have the right to withdraw your consent to these activities. You can do so at any time.

Establishing, exercising or defending legal claims

Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing "is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity".

This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.

 

HOW CAN YOU ACCESS, AMEND OR REMOVE THE PERSONAL DATA THAT YOU HAVE GIVEN TO RED?

One of the GDPR's main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. After the United Kingdom’s departure from the EU in 2020, this has now formed part of the Data Protection Act 2018 and the following still applies. You retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.

To get in touch about these rights, please contact us. We will use our best endeavours to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Right to object: this right enables you to object to RED processing your personal data where RED does so for one of the following four reasons: (i) RED’s legitimate interests; (ii) to enable RED to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; and (iv) for scientific, historical, research, or statistical purposes.

The "legitimate interests" category above is the ones most likely to apply to our Candidates and Suppliers. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:

  • we can show that we have compelling legitimate grounds for processing which overrides your interests; or
  • we are processing your data for the establishment, exercise or defence of a legal claim.

If you are a Website Users and your objection relates to direct marketing, we must act on your objection by ceasing this activity.

Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for our marketing arrangements or automatic profiling), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.

Data Subject Access Requests (DSAR): You may ask us to confirm what information we hold about you at any time, and request us to modify, update or Delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is "manifestly unfounded or excessive". If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.

Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements regarding data subject access requests and may refuse your request in accordance with such laws.

Right to erasure / to be forgotten: You have the right to request that we Delete your personal data in certain circumstances. Normally, the information must meet one of the following criteria:

  • the data are no longer necessary for the purpose for which we originally collected and/or processed them;
  • where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
  • the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
  • it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
  • if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements regarding data subject right to erasure and may refuse your request in accordance with local laws.

We would only be entitled to refuse to comply with your request for one of the following reasons:

  • to exercise the right of freedom of expression and information;
  • to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
  • for public health reasons in the public interest;
  • for archival, research or statistical purposes; or

to exercise or defend a legal claim.

  • When complying with a valid request for the erasure of data we will take all reasonably practicable steps to Delete the relevant data.

Right to restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you give your consent; or (iii) further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest.

The circumstances in which you are entitled to request that we restrict the processing of your personal data are:

  • where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
  • where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
  • where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
  • where we have no further need to process your personal data, but you require the data to establish, exercise, or defend legal claims.

If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.

Right of data portability: If you wish, you have the right to transfer your personal data between data controllers. In effect, this means that you can transfer your RED account details to another online platform. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another online platform. Alternatively, we may directly transfer the data for you. This right of data portability applies to: (i) personal data that we process automatically (i.e. without any human intervention); (ii) personal data provided by you; and (iii) personal data that we process based on your consent or in order to fulfil a contract.

Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority. Details of how to contact them can be found under contacts below.

If you would like to exercise any of these rights or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), please contact us. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Remember, you can ask to unsubscribe from job alerts at any time. Simply reach out to us via the contact details provided below.

 

HOW DO WE STORE AND TRANSFER YOUR DATA INTERNATIONALLY?

In order to provide you with the best service and to carry out the purposes described in this Privacy Policy, your data may be transferred:

  • between and within RED entities;
  • to third parties (including but not limited to advisers or other Suppliers to the RED business);
  • to overseas Clients;
  • to Clients within your country who may, in turn, transfer your data internationally;
  • to a cloud-based storage provider.

We want to make sure that your data is stored and transferred in a way which is secure. We and/or the third parties to whom we may disclose your personal data may store your personal data on a server overseas. By providing personal data you agree your data may be transferred to servers located overseas. We will however only transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

  • by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws, an example of which can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en; or
  • by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
  • transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or
  • where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a Client of ours); or
  • where you have consented to the data transfer.

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA ON THE RED WEBSITE?

The RED entity responsible for processing the personal data of Website Users, Candidates and Suppliers depends on where you use RED's services or supply RED with services.

The RED entity responsible for processing the personal data of Website Users, Candidates and Suppliers in the UK is RED Commerce Limited.

 

COOKIES POLICY

What's a cookie?

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

How do we use cookies?

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

What cookies do we use?

  • volcanic_saved_jobs_id - This is used to store some jobs for users before they register on the website. These jobs can then be logged on the users account when they do register.
  • volcanic_rumble_uid - This cookie name is associated with Volcanic’s CMS platform tracking. It is used to track and record the unique actions of each user on the website. By default, it has no expiry date. The main purpose of this cookie is: Performance
  • _user_logged_in - This cookie name is associated with Volcanic’s CMS platform tracking. It is used to keep the user logged in if they leave the website and return. By default, it expires after the user’s session ends. The main purpose of this cookie is: Performance
  • _oliver_session - This cookie name is associated with Volcanic’s CMS platform tracking. It is used to track the user’s session on the website for Analytics. By default, it expires after the user’s session ends. The main purpose of this cookie is: Performance

HOW TO CONTACT US?

You can get in touch with us at any time

  • in order to access, amend or take back the personal data that you have given to us;
  • if you suspect any misuse or loss of or unauthorised access to your personal information;
  • in order to withdraw your consent to the processing of your personal data (where consent is the legal basis on which we process your personal data);
  • to share any comments or suggestions concerning this Privacy Policy; and
  • any other reason you find under this Privacy Policy.

While we hope that there is no need to do so, if you want to complain about our use of your personal information, please send an email detailing your complaint to our Data Protection Officer at the below address:

RED Commerce Limited

5th Floor

33 Gracechurch Street

EC3V 0BT London

United Kingdom

 

Alternatively, you can send an email to:

Noe Inigo, Data Protection Officer

Email: dataofficer@redglobal.com

 

We take privacy seriously, so we will get back to you as soon as possible.

You also have the right to lodge a complaint with the relevant supervisory authority.

 

Local Supervisory Authority:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Phone: 0303 123 1113

Email: casework@ico.org.uk