The following policy outlines how Scarlet Fraser collects, protects and acts as a responsible data controller and processor of data owned by its data subjects. When we talk about Scarlet Fraser within this policy, we are referring to Scarlet Fraser Associates Limited and Scarlet Fraser Consulting Limited.
Scarlet Fraser and the services it renders acts as an Employment Agency, Employment Business and Consulting business to support you and its other customers for recruitment and selection, personnel management and for employment purposes in respect of opportunities that support both your career options and the growth of personnel within your business throughout the entirety of your career within the sectors that Scarlet Fraser operates.
The sectors we currently operate in are Technology, Business and Technical Transformation (Change) and Business Intelligence. We collect and process your personal information for certain legitimate business purposes which include some or all of the following;
We understand that your career and interest in the industries we operate in can span many years and your needs change over time. The length of time between your career changes, the types of opportunities that are relevant to you or the staffing and consulting needs within your business capacity can evolve in both short and long term, therefore keeping accurate up to date information as well as historical transaction interactions with our business are essential in providing our services to you and improving these over time to be most suitable to these changes.
For these reasons we maintain basic information and records of your data for the maximum amount of time that our services may be of benefit to you at any point in your current or future career.
However, as a responsible data controller we look to ensure we keep the most relevant and up to date details about you. Therefore, if we do not have any reasonable and responsive contact with you for a period of seven years then we shall delete your details from our organisation.
When it comes to your Personal Identifiable Information, the data we keep can involve some or all of the following;
We also store data that attains to your opportunity preferences and personal situation and although these are not considered PII are used to process your data to provide you with the best service possible. These can include some or all of the following;
If you enter or have previously entered into an employment contract or a contract for Supply of Services with ourselves or one of our customers then the data we hold on you may be different to that above and we will inform you upon successful placement how this may change.
If you would like to know more then please refer to our rights procedure at the end of this document.
We use your data through both manual and automated processes to perform actions such as some or all of the following;
Scarlet Fraser collect data from various direct and indirect sources. We may have collected your data from some or all of the following sources:
In all instances that Scarlet Fraser collect your data from third parties, social media, events and communities we do so in accordance with the policies and procedures of the data source. We also advise you to revise the data privacy policies and agreements of such providers.
If you want to know more about how we collected your data, then please refer to your rights section at the end of this document.
At Scarlet Fraser we use the latest and most secure technologies to protect your data and the information we hold. All Scarlet Fraser systems are provided by reputable, trusted providers such as Microsoft using cloud technologies providing tested secure environments with multi-layer security and authentication. Even our internal document storage is cloud based to protect and prevent against any data breaches.
Our web systems and networks are certified and secured with the latest trusted technologies including SSL and TLS and hosted on dedicated servers and networks to protect your data and reduce risks of data breaches and cyber-attacks.
Our consultants are trained on GDPR practices, our policies and procedures that promote being responsible and vigilant in protecting our customers data. These policies include hardware protection and best practices to restrict and prevent access to personal data particularly in high risk areas, anonymisation where applicable and response to data threats and breaches.
As a staffing and consulting business, to provide you with the best and most appropriate career opportunities we may be required to share some or all of the details we hold on you with interested parties such as;
Where possible and applicable we anonymise, tokenise and encrypt your data. In addition, when sharing with third parties, we share as little information as is needed for them to provide the relevant service to meet your needs and that benefit you based on the information you have provided and shared with us. These are also subject to contractual agreements that protect your data.
As a data controller, the data Scarlet Fraser hold is the owned by you, the data subject. Therefore, you have a number of rights and obligations beyond this statement of what data we hold your access, consent and obligations around it, we have outlined these below. If you have any questions on how we use your data or would like to take action under your rights below, including Subject Access Requests, please refer to our SAR process at the bottom or this document.
There are a number of ways in which you consent to Scarlet Fraser to collect, process and keep your data under the practices shared above. Scarlet Fraser always prefer to gain direct written and opt-in consent from you. Though we collect and process your data for the legitimate purposes outlined at the start of this document please also find below the ways in which you provide your consent to Scarlet Fraser processing and using your data;
For Scarlet Fraser to provide an efficient and effective service that benefits you in the best way possible we need to ensure the data we control is relevant and as up to date as reasonably possible. Therefore, when applying or interacting with Scarlet Fraser you are making a declaration that the information you provide for the uses and processes listed within this document are to the best of your knowledge correct, accurate and true. In doing so you also acknowledge that deliberately giving false or misleading information you are liable not only to be withdrawn or dismissed by Scarlet Fraser or our customers but also may be liable to legal proceedings against damages caused to Scarlet Fraser business.
As a responsible data controller, Scarlet Fraser provide you with the right to be informed of whether we hold or process your data, that we do so in a fair and transparent way and to have access to the data we hold on you as an individual.
If you would like to raise a Subject Access Request (SAR) please see our procedure at the bottom of this document.
As the data subject and owner, you also have rights to port the personal information we hold on you, to object to Scarlet Fraser holding your data or processing it and to rectify inaccurate and incorrect data we control. You also hold the right to request for the data we hold to be erased however, this does not provide an absolute ‘right to be forgotten’, as there may be some instances where we are required to maintain basic details and data on you as a subject that will enable us to protect both you and our customers and provide an efficient service. Examples of such legitimate interest can include some or all the following;
Scarlet Fraser will provide erasure when it meets some or all the following criteria;
If you wish to make a request under any of these rights, please see the Subject Access Request procedure provided at the end of this document.
The nature of our business means that Scarlet Fraser maintains human intervention throughout all decision-making processes. Automated processing only occurs when we perform text and keyword searching of your profile in relation to identifying you with a potential career opportunity. However, our consultants are trained in recruitment best practices that reduces risk and bias of automated processing. Any processing is also a logical and mathematical approach that analyses your potential suitability to a career opportunity based upon the text within your profile and the preferences you have provided us.
If you would like to understand more about our automated processing procedures and the methods we use to reduce and eliminate risk of legal or similar effect decisions we take on you as an individual please raise a request via the Subject Access Request procedure provided at the end of this document.
As a responsible data controller Scarlet Fraser provide you with the rights to request information on the data we hold and how we use it in accordance with the rights and purposes outlined in this document. In addition, Scarlet Fraser take protecting your data that we hold as a priority and to protect you against fraudulent access to your data we have created and outlined our Subject Access Request procedure here within to handle all request procedures you may have regarding your data.
Although Scarlet Fraser will still respond to requests made outside this procedure, such as those made on social media, verbally or via other methods, in most cases those responses will refer you to this procedure below.
All Subject Access Requests and requests to the data we hold on you as an individual under any of the rights outlined in this document must be sent to one of the following;
By email: firstname.lastname@example.org In writing: Scarlet Fraser Associates Limited, 207 Regent Street, 3rd Floor, London W1B 3HH or Scarlet Fraser Consulting Limited, Shalford Dairy, Wasing Estate, Aldermaston, Reading, Berkshire RG7 4NB
The request must reference SAR as well as your full name and a clear outline of your request, under which rights you wish to make the request and under what grounds you believe the request should be granted.
In order to protect your data, Scarlet Fraser will only grant requests made with the full name of the data owner we have on record and where verification of your identity in the form of a valid photographic ID has been provided before we grant requests. This allows us to verify that the request is a legitimate request made by the data owner.
We recommend in order to protect your identity data that you send the identity document via a secured mailing service and/or within an encrypted and secure zip folder.
If you require support on how to create a secure zip folder, please follow the link below:
All Subject Access Requests will receive a response from Scarlet Fraser within 72 hours acknowledging the request and the necessary actions Scarlet Fraser will take to grant or respond to the request. All requests will be responded and resolved within 30 days from the date upon which we receive acceptable and valid proof of identity from the data owner.
As a UK registered business, Scarlet Fraser nominated Lead Supervisor Authority (LSA) is the Information Commission’s Office (ICO). If you wish further information on your rights, the guidelines provided by the ICO then please refer to: Website: www.ico.org.uk Postal Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If you have any further questions around our privacy statement, please contact Scarlet Fraser.