Corvus job search

Home > Privacy Policy

Corvus Privacy Policy

1.    General.   Corvus fully appreciates that your personal information is important to you and valuable to others: it can influence people’s perceptions of, and decisions about, you. 

2.    Roles and Responsibilities.       As we conduct business with you, Corvus will have a responsibility to protect the information that you share, and we gather, about you.  Just as you have a responsibility to provide us with information that is accurate, we have a responsibility to protect and process information in accordance with the law.  These responsibilities define:

a.    Corvus as the “Data “Controller”;

b.    Our people (employees/workers) who gather, and use, the information operate under the instructions of our Data Controller;

c.     Associates who operate on our behalf are defined as “Data Processors”: they operate in accordance with our written instructions and are contractually required to adhere to the same standards of data protection as our employees/workers;

d.    Others who we are authorised, by you, to share information with are also defined as “Data Processors”;

e.    Those others who also gather information independently, as well as sharing our information, become “Data Controllers” in their own right.

3.    Data Protection.  Corvus has decided to put in place a number of safeguards to protect the information or “data” that it acquires and holds.

a.    Board.      A Board member will hold, within their portfolio of responsibilities, oversight of data protection;

b.    Data Protection Officer (DPO). As a micro-business with thousands of clients, an individual will be appointed as DPO and hold this responsibility as part of their role and responsibilities. This individual will:

                                  i.    Scrutinise our policies, procedures and safeguards.

                                 ii.    Conduct Personal Information Assessments (PIA);

                                iii.    Advise our Directors on data protection measures and risks;

                               iv.    Coordinate training of our people in data protection procedures;

                                 v.    Coordinate electronic and “hard” copy information held by Corvus e.g. files, print-outs, CVs, written job applications, notebooks.

                               vi.    Conduct audits on our policies and procedures to test their effective implementation;

                              vii.    Liaise with the Information Commissioner’s Office or appropriate Supervisory Authority on changes in statutory/regulatory requirements and potential breaches in our safeguards;

c.     Information Systems Manager (ISM).   The ISM will:

                                  i.    Manage Electronic Information systems e.g. Computers and mobile devices capable of processing and storing electronic data;

                                 ii.    Electronic Storage devices, in the office and remotely sited;

                                iii.    Manage electronic safeguards for our systems e.g. Firewalls, software updates, anti-virus etc

                               iv.    Advise the DPO and Board on risks and protective measures;

                                 v.    Coordinate training of our people in data protective procedures with DPO;

                               vi.    Conduct audits on our electronic systems to test their protection and detect unauthorised use/intrusions.

                              vii.    Utilise servers within the EEA, and outside[1], to store your data that meet GDPR standards;

d.    Employees/Workers/Associates.          Individual employees/workers and contracted associates are responsible for adhering to the legislation governing data protection.  They are also responsible for the physical protection of electronic devices, storage media and any documentation that has been used to record a subject’s data categorised as personal or sensitive.  This protection is against theft, unauthorised physical or electronic access, or observation of the information contained thereon.  They are also responsible for the protection of written notes/records against theft, unauthorised physical or electronic reproduction/recording, or observation of the information contained thereon.

e.    Data Subjects.     Corvus will agree with subject’s memorable data and passwords that will, within reason, establish your identity prior to any telephone/electronic exchange of information.  Subjects are to protect this information against compromise and are not to divulge to any other person.  They will not ask you for the full detail but randomly selected characters to confirm its veracity and the other party’s identity as the subject.

f.      Clients.     Corvus will require clients to sign a contract confirming their responsibilities for the protection of data shared with them, authorised by you, in accordance with data protection legislation.

g.    Contact Details for Responsible People.         The contact details of these individuals are shown at Annex A, to maintain the accuracy of our documentation.

4.    Data Processing.  In order to provide our agreed services with you, Corvus will collect your personal details, including but not limited to, those listed at Annex B.  We will always ask for your explicit permission to collect, hold and share data (as applicable). This information is held, used and only shared by us, with clients (or client sectors), to:

a.    Meet our contractual agreement with you;

b.    Maintain our business relationship, where you are a user of our website, a client or candidate;

c.     To enable you to submit your CV for general applications, additional uses and disclosures (as outlined at clause 3) in order to apply for specific jobs or to subscribe to our job alerts.

d.    To match your details with job vacancies, to assist us in finding a position that is most suitable for you and to send your personal information (including sensitive personal information) to clients in order to apply for jobs.

e.    To answer your enquiries;

f.      To fulfil contractual obligations with our clients in specific job roles or sectors to whom have authorised release;

g.    To direct-market products and services, advise you of news and industry updates, events, promotions and competitions, reports and other information related to your employment preferences. Where we do so, you will be able to unsubscribe from such communications;

5.    Consent.  Corvus will gain your consent using a layered approach.  This will involve:

a.    Verbally.   A representative advising you, verbally, that we do need to gather personal and, where applicable, sensitive information to carry out our contract with you or our client.  We will afford you access to our Data Protection Policy, which explains the methods we use to protect your information in each of its forms. We will ask for your assent before we proceed to gather any information.

b.    Written.    You will be asked to give written assent by signing an agreement before we:

                                  i.    Start to gather information;

                                 ii.    Process the information;

                                iii.    Share information, with a specific client or client sector;

                               iv.    Retain the information beyond the initial agreement for your benefit

c.     Electronically.     You will be asked to give electronic assent by confirming agreement with an “opt-in” box before submission of any information or document to our systems.  This will be renewed annually should you wish us to retain relevant information.  We will require this to be submitted from a personal email address, unique to you.

d.    Adhoc.      On those occasions where we wish to share your information with a client or group of clients outside your initial preferences, we will seek your specific authorisation.  This will be either in writing or electronically.

e.    Young People.     Our site is not directed to, nor do we knowingly collect information from young people, or vulnerable adults, under the age of 18

6.    Data Recipients.  Corvus will only release your personal and/or sensitive data to others where it furthers our contractual agreement with you and is in accordance with your specific authorisation.  Any third parties will sign a data sharing agreement with Corvus that safeguards your data, precludes its further sharing without specific authorisation and provides assurances in respect of its privacy and protection.  This includes, but is not limited to, services related to those set out in Clause 4 and those below:

a.    Past Employer/Personal References;

b.    Qualifications;

c.     Criminal reference checking services (as required);

d.    AccessNI clearances (as required);

e.    Verification of the details you have provided from third party sources;

f.      Psychometric evaluations or skills tests.

7.    Statutory/Legal Requests/Requirements.       We may be required to release personal and/or sensitive information to regulatory or law enforcement agencies, if they require us to do so. We will also disclose your information where we are requested and permitted to do so by law to authorised agencies/people.  Where permitted by law, we will advise you that such request/s have been made and met before action is taken to share information.

8.    Transfers of Data Outside UK.  This is controlled by our Data Protection Policy.  

9.    Retention Periods for Data.       Corvus will only retain the information necessary to conduct its contracted business and legal obligations with its client/s. Once information is irrelevant, it will be disposed of/destroyed/electronically erased.  Guidelines for the of information by Corvus are set out below, and if Corvus seeks to continue to hold the information they will advise the subject affected (e.g. a matter is under investigation):

a.    To meet our contractual obligations with you (normally up to 12 months);

b.    To meet statutory or regulatory obligations (normally up to 7 years);

c.     For business purposes (normally up to 2 years).

10.  Other Rights.         Clients have other rights:

a.    Accuracy. A client has the right that any information or data held, related to them, is accurate.  It is the responsibility of the processor to update such information once they become aware that it is inaccurate.  Clearly, until a client, or their agent, makes the processor aware of an inaccuracy, updating cannot be carried out.

b.    Access.    You have the right at any time to ask us for a copy of the information supplied by you that we hold with a Subject Access Request. We will ask you to verify your identity and may ask for more information about your request. We cannot release information that relates to other people or businesses as this would counter their privacy rights.

c.     Erasure.   You may request, at any time, that information related to you is erased/deleted from our site and we will comply so long as it does not prevent us from meeting our statutory or regulatory commitments.  We will record your request and whether you do not wish to be contacted in the future: a record of objectors will be retained in a suppression list to remove the possibility of this occurring.

11.  “Cookies”.            A “cookie” is a commonly used automated data collection tool.  They are small text files that are used to identify when you are browsing a particular website or open a HTML-formatted email.  They can be used to detect what technology makes the website function more efficiently. You can choose to set your web browser to refuse cookies[2], or alert you when cookies are being sent.  These will allow us to:

a.    Tailor information presented to you based on your browsing preferences e.g. language, geographical region;

b.    Collect statistics regarding your visit to our website;

c.     Provide Corvus with business and marketing information;

d.    Improve our customer service: this information will allow us to improve the effectiveness of our website and emails;

e.    Respond to information requests;

f.      To send you emails in response to our request for periodic product/service information or advantage of marketing communications;

g.     We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our Site, register on the Site, subscribe to our mailing list, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address and contact number.

h.     Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they consent to share such information with us. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain Site related activities.

i.      To implement your request to initiate, amend or cancel communication between Corvus and you.

j.      We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers' utilised and other similar information.

12.  Third-Party Data Collection.      Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. We do not permit these third-party websites to collect data about you on our site, nor do we disclose any personal data about you.  These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.

13.  Changes to our Privacy Policy. This privacy policy may be changed by Corvus at any time. If we change our privacy policy in the future, we will advise you of changes or updates to our privacy policy by a prominent notice on our website.  For a period of 30 days before, and at least 30 days after, the implementation date of any change, we will advise clients that there has been a change and refer them to the policy, which will be made available to clients on request.  Continued use of our website or our services after such changes will constitute your acceptance of such changes.

14.  Diversity & Inclusion.     Corvus is an equal opportunities employer and a company committed to diversity. This means that all job applicants and members of staff will receive equal treatment and that we will not discriminate on grounds of gender, marital status, race, ethnic origin, colour, nationality, national origin, disability, sexual orientation, religion or age.  As part of our commitment to equal opportunities we may from time to time use information provided by you for the purposes of equality monitoring and submission to statutory bodies as required under FEAT (NI) Order 1998 and other legislation.  All such information will be used on an anonymised basis.

15.  Queries.   If you have any questions about this Privacy and Cookie Policy, the practices of this site, or your dealings with this Site, please contact us at: hello@corvus.jobs at the below address:

Scottish Provident Building,

7 Donegall Square West,

Belfast,

BT1 6JH.

Tel: +44 (0) 28 9091 8529

Email: hello@corvus.jobs

16.   

 

 

 

 

 

ANNEX A TO

20180111CORVUSPRIVACYPOLV2

 

CONTACT DETAILS FOR RESPONSIBLE PEOPLE

 

1.    Board.      The Board member with responsibility for the governance of data protection is:

XXXXXXXXXXXXXXXXXXXXXXX

Corvus Jobs

Scottish Provident Building,
7 Donegall Square West,
Belfast,
BT1 6JH

Telephone: 028 9091 8529

Email: XXXXXXXXXXXXX

2.    Data Protection Officer.   The Data Protection Officer can be contacted as follows:

Data Protection Officer

Corvus Jobs

Scottish Provident Building,
7 Donegall Square West,
Belfast,
BT1 6JH

Telephone: 028 9091 8529

Email: lesley@corvus.jobs

 

 

 

ANNEX B TO

20180111CORVUSPRIVACYPOLV2

POSSIBLE INFORMATION GATHERED & HELD

 

Serial

Data

Personal

Sensitive

Comments

1

Full Name, and previous names (if any)

ü

 

Previous Names if necessary

2

Date/s of Birth, Marriage/Partnership/Separation/Divorce (if applicable)

 

ü

 

3

Contact addresses, telephone numbers,

ü

 

Home & Work, Current & Previous, last 10 years

4

Email addresses & professional media accounts i.e. LinkedIn

ü

 

Other accounts if linked to job competencies

5

Qualifications, Professional Memberships, Educational/Professional Development

ü

 

Scanned copies of original certificates

6

Current & Previous Employments

ü

 

Last 10 years

7

Gender, Religion, Ethnic Origin (if applicable)

 

ü

Restricted Employments under FEAT(NI)O, Equality Monitoring

8

Proof of Nationality, Passport Number, Expiry Date, Photographic ID

ü

 

Copy of Passport Details Page

9

Proof of Address (2 Items) – if applicable

 

 

Copies retained

10

Visa/s or Residency Permits (if applicable)

ü

 

Copy of documentation

11

Employment & Character References

ü

 

 

12

Curriculum Vitae

ü

 

Current version only

13

Criminal Convictions/Cautions, legally binding restrictive orders

 

ü

Including motoring offences and Conditional Discharges

14

AccessNI Clearance Certificate/s (if applicable)

 

ü

Copy of Certificate

15

Health Information

ü

 

Less Pregnancy-related

16

Disabilities under DDA 1995

 

ü

 

17

Driving Licence/s (if applicable)

ü

 

Mobile positions

18

Results of Psychometric evaluations or competency tests

ü

 

 

19

Social Media Postings

ü

 

Publicly visible

20

National Insurance Number

ü

 

 

21

Photographic Image

ü

 

 

22

Bank Details

 

ü

Company Policy

 

 

 



[1] If stored outside UK and/or EEA, these servers will comply with the GDPR standard or EU Privacy Shield.

[2] Cookies to include web beacons, pixel tags, scripts and similar technologies on our website and emails.