At EKOS Limited, we’re committed to protecting and respecting your privacy.
This Policy explains why we collect your personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this occasionally at http://www.ekos-consultants.co.uk/privacy-policy/ to ensure that you’re happy with any changes.
Any questions regarding this Policy and our privacy practices should be discussed with the Corporate Services Manager and/or your line manager.
Who are we?
EKOS is an Economic and Social Development consultancy. We are a private limited company, registered in Scotland (SC145099). The registered address is 93-97 St George’s Road, Glasgow, G3 6JA.
How do we collect information from you?
We may obtain information about you from you direct or from previous employers.
This may be (but is not limited to) your CV when you apply for a job with EKOS and from references from previous employers.
What type of information is collected from you?
The information we collect might include (but is not limited to):
- personal information (such as name, address, email address);
- your previous employment history (such as names and addresses of previous employers, how long you worked with previous employers, the hours worked, your post, roles and salary information);
- other relevant information which will assist us in the recruitment process.
How is your information used?
This information is used to assist those involved in the recruitment process to ascertain if there is a suitable candidate for the post advertised.
However if you are unsuccessful, we will retain your information for one calendar year from the cessation of the recruitment process, after which time your information will be securely destroyed.
Who has access to your information?
Those involved in the recruitment process will have access to the personal information, together with the Directors and the Corporate Services Manager for administration purposes.
We will not share your information with third parties unless we receive your express consent and will only share your personal information if we are under a duty to disclose in order to comply with any legal obligation (such as HMRC and Disclosure Scotland).
The lawful basis on which we process this information
The lawful basis on which we process this information is under Article 6.1A (Consent) of EU GDPR.
In the event that we require to process information under Article 9 (Processing of special categories of personal data), we will only process in compliance with Article 9.2A and Article 89.1.
Your rights available under GDPR can be viewed at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
How you can access and update your information
You have the right to ask for a copy of the information EKOS holds about you.
The accuracy of your information is important to us. If you change address, or any of the other information we hold is inaccurate or out of date, please email firstname.lastname@example.org.
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it is treated securely.
Recruitment files are kept in a locked cabinet and recruitment information on internal servers can only be accessed by those involved in the recruitment process, the Directors and the Corporate Services Manager. All such data is password protected.
We protect our servers by the use of firewalls and Eset Endpoint Security, which includes anti-virus, anti-spyware, anti-phishing and device control.
Our internal email sits on an Office 365 platform and has 256-bit encryption. All data is backed up to 256-bit encrypted servers in the cloud (UK based) and a portable hard drive. Internal procedures are in place to ensure security of portable drives.
Any sensitive information is encrypted and protected using 128 Bit encryption on SSL.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
We do not analyse your personal information to create a profile.
We are concerned with protecting the privacy of vulnerable groups. If you are a vulnerable adult, please obtain your parent/guardian’s permission beforehand whenever you provide us with personal information.
All staff who are responsible for line managing vulnerable adults are PVG checked, as are those who process personal information for these groups.
Transferring your information outside of Europe
We will not transfer your information outside of Europe.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in April 2018.