• GDPR / Privacy Policy for b3 jobs ltd

  • At b3 jobs ltd, we endeavour to securely hold all personal data collected regarding candidates and clients. We implement systems and policies to protect all user data and to ensure ongoing compliance with the Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR).

    Information Collection and Use

    b3 jobs ltd will only collect, access and process your information in relation to recruitment activities and finding you employment. We will use your information to discuss your job search with you, match you to suitable vacancies and to also contact you about jobs which match your preferences via the contact methods that you provide us with.

    Personal information collected could include (but not limited to):

    • Your name

    • Your contact details

    • Your CV

    • Salary information, job search preferences, notice period

    • Information regarding what b3 jobs has actioned on your behalf e.g. interviews, job applications etc.

    • Any additional information relevant to your job search which you provide us with e.g. reason for looking for a new job, right to work in the UK, products to avoid etc.

    b3 jobs ltd will never sell your personal information in any way to anyone else.

    We will only share your personal information with your express permission e.g. sending your CV to a client in order to apply for a job, releasing your contact details so that a job offer can be sent to you etc. We will only send your CV to a job once we have discussed the role with you, you have accepted the role matches your preferences and that we have your express written consent to do so. We may also share further information (as listed above) with our client in order to support your application.

    We may use information for generating statistics on our in-house database. This is for internal purposes only in order to improve both our customer service and recruitment services.

    We may be required to share personal information if requested by official authorities or law enforcement agencies.

    Your details may also be occasionally accessible by external service providers such as our database software and IT systems providers in order to carry out essential database maintenance.  These companies are fully GDPR compliant and your details will remain confidential at all times.

    We do not ask for nor store any of the following information:

    Race or ethnic origin
    Political beliefs
    Tarde union membership
    Religious or philosophical beliefs
    Physical or mental health (other than food allergies)
    Sexual life or sexual orientation
    Date of birth
    Gender
    Marital / family status
    Nationality
    Bank details

    Marketing emails

    If you have opted-in to a mailing list, you will receive occasional communications with industry news and any other information we find relevant to you. We will never send you spam and we will always provide an option to opt-out.

    Your CV

    We may acquire your CV through different means including you submitting your CV through the b3 jobs website either as a generic application or for a specific role, sending your CV to one of our consultants directly, applying for a job via an online job board other than the b3 jobs website (e.g. FoodMan Jobs, Jobsite) or if you have uploaded your CV onto an online CV database such as CV Library and appear in one of our Consultant’s searches.

    Once we obtain your CV then it will be uploaded onto our internal database and will be accessible by all of b3 jobs’ staff involved with recruitment.

    If you have a new CV, you can update it using the same procedure as outlined above.

    Request for information and deletion

    You may request at any time to see a copy of the information held by us and we will aim to provide this to you within 4 weeks - normally much quicker.  You may also wish to amend the data that b3 jobs hold on you and likewise you may also wish to have your information deleted from our database. (In some cases, full data removal may not be possible if it is needed for official purposes such as financial records.)  Should you wish to take up any of these options then please email food@b3jobs.co.uk or call 01435 866000.

    Cookies

    This b3 jobs website uses cookies to identify repeat visitors. Cookies are small data files that certain websites (including this one) write to your hard drive when you visit them. Please note that we only use cookies to enhance your browsing experience. Your personal details, such as your name or phone number, are not stored in a cookie.

    Equality & diversity

    b3 jobs is committed to promoting equality and diversity in all its activities and will not discriminate on the basis of age, sex and sexual orientation, race, religion and belief, family status, disability, political views and nationality (although we do check right to work status).

    Changes to privacy statement

    We may edit this statement and/or our privacy policies and practices at any time without notice. However, should any changes be of any major significance, then we will endeavour to notify visitors through appropriate means such as email notification or announcement on the website.

    Other websites

    This privacy policy only applies to b3 jobs ltd. If you upload your personal details or CV onto a third party website, then you must refer to that particular sites’ privacy policy which may differ from our own. b3 jobs ltd does not have control over the information collected or processed by third-party entities.

    Data breach policy

    A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

    A personal data breach may mean that someone other than the data controller gets unauthorised access to personal data. But a personal data breach can also occur if there is unauthorised access within an organisation, or if a data controller’s own employee accidentally alters or deletes personal data.

    b3 jobs ltd understands that data breaches can occur from:

    • access by an unauthorised third party;

    • deliberate or accidental action (or inaction) by a controller or processor;

    • sending personal data to an incorrect recipient;

    • computing devices containing personal data being lost or stolen;

    • alteration of personal data without permission; and

    • loss of availability of personal data.

    Dedicated person

    Marcus Brasier (Managing Director) is allocated the responsibility for managing a data breach.

    If any staff within b3 jobs ltd become aware of a potential security incident, they must escalate this to Marcus Brasier, who will then action a plan to determine whether a breach has occurred.

    Response Plan

    • If a suspected security breach has occurred, we will take the following steps:

    • We will determine whether any personal information is at risk by determining what information has been accessed

    • If a theft of a device occurred, we will work out what information was held by the device holder

    • If an external security breach occurred, we will liaise with our IT service provider and/or data processor to determine if and what data has been accessed

    • We will attempt to identify how many and which individuals the information relates to

    • An internal meeting will be held to discuss and determine whether there is risk posed to the individuals identified

    • If it’s likely a risk is involved to individuals concerned, then we will notify the ICO within 72 hours

    • If a risk is unlikely and we do not need to report the data breach to the ICO, then we will create a full detailed record of the incident and keep this on our internal computer system for future reference

    Reporting a breach

    If b3 jobs decide that that it is necessary to report a data breach then we will send the ICO a description of the nature of the personal data breach including, where possible:

    • the categories and approximate number of individuals concerned; and

    • the categories and approximate number of personal data records concerned;

    • the name and contact details of our data protection officer or other contact point where more information can be obtained;

    • a description of the likely consequences of the personal data breach; and

    • a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.

    If we do not have full details of the breach fully within the 72 hours, we will initially inform ICO of the breach with all available information at that time. We will then prioritise the investigation, give it adequate resources and expedite it urgently. We will then submit further information as soon as possible.

    Informing individuals about a breach

    If a breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform those concerned directly and without undue delay.

    If a risk of damage is possible, we will contact individuals is to help them take steps to protect themselves from the effects of a breach.

    We will inform individuals in clear and plain language, the nature of the personal data breach including, where possible:

    • the categories and approximate number of individuals concerned; and

    • the categories and approximate number of personal data records concerned;

    • the name and contact details of the data protection officer or other contact point where more information can be obtained;

    • a description of the likely consequences of the personal data breach; and

    • a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.

    Recording breaches

    We will ensure that we record all breaches, regardless of whether or not they need to be reported to the ICO.            

    We will document the facts relating to the breach, its effects and the remedial action taken. This is part of our overall obligation to comply with the accountability principle and allows us to verify our organisation’s compliance with its notification duties under the GDPR.

    As with any security incident, we will investigate whether or not the breach was a result of human error or a systemic issue and see how a recurrence can be prevented – whether this is through better processes, further training or other corrective steps.

    Contact details

    If you have any questions or suggestions regarding this statement or believe we are not properly adhering to it, please contact us at mail@b3jobs.co.uk or call us on 01435 866000.