At Corvus, we’re committed to protecting and respecting your privacy.
This policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Every effort has been made to make this policy clear and concise. If anything is unclear, please contact the Data Protection Officer (DPO) whose details are outlined below.
Data Protection Officer
Name: Lesley Armstrong
The Company acts as the Data Controller and the Data Processors are Firefish Software CRM and Corvus Assured CRM. The Client refers to businesses we recruit for and the Candidate refers to candidates on our CRM.
How do we collect information from you?
We obtain information about you when you use our website, apply for a job, make enquiries about our services, register to receive our newsletters and from third party websites such as Job Board CV libraries. We collect Client personal data either directly from you when you contact us proactively, where we contact you, either by phone or email, or through our consultants' business development activities more generally or from third parties (e.g. our Candidates) and other limited sources (e.g. online and offline media). We may use information held about you to provide you with news about jobs, updates, things we think you might be interested in, or any changes to our business. We also in certain processes require you to make videos and provide images, these will be used for no other purpose than that explicitly related to you. We respect you and your data, so we won't do evil things like selling your email address to marketers. If you want us to stop contacting you, then please email us and we'll stop.
We collect anonymous statistical information about our users’ systems and browsing habits using systems like Google Analytics.
On what basis do we process your data?
We process data under Legitimate Interest and in some area’s contractual necessity or legal obligation. We only process and use your data in the manner required to successfully assist you in your next career move or in hiring your next member of staff. We will collect information, as outlined below, without which we would be unable to work on your behalf in recruiting activity. We firmly believe that our legitimate interests in processing your data is in line with your own legitimate interests in your search for a new job or a new team member.
What type of information is collected from you?
How is your information used?
We may use your information to:
- Ascertain suitability for roles we are recruiting
- To carry out obligations arising from any roles we’re recruiting for such as forwarding your CV or personal details where necessary to our clients
- Corvus Assured® your information will be uploaded to platform to build a personalised profile for clients to review
- Contact you by phone, email or text for updates on your current employment and to ensure our records are accurate
- Ask for your views or comments on the services we provide
- Notify you of changes to our services
- Send you communications which you have requested and that may be of interest such as latest vacancies or news
- We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We’ll hold your personal information on our systems for as long as is necessary for the relevant activity, or for a period of 24 months.
How is your data stored?
Your data is centrally stored using a Processor. The Processor uses a highly secure, encrypted connection to a cloud-based service to access this data. Information we collect such as bank details, fair employment, ID etc are only visible to the DPO.
Information will only be held outside of the Controller in the following circumstances:
- Upon the point of an application being made to the Client, the Client becomes responsible for legal processing. The Company will record this information and can be made available to the Candidate upon request.
- When the Candidate becomes employed by the Company to provide contractor services, payroll will be held on a third-party payroll management system.
Who has access to your information?
- We will not sell or rent your information to third parties
- We will not share your information with third parties for marketing purposes
- We may transfer your personal information to a third party (our clients) as part of a successful offer of employment to enable them to arrange the necessary contracts to be drawn up. However, we’ll take these steps with the aim of ensuring that your private rights continue to be protected.
- Corvus staff
- You can update your own data using the candidate portal on our website
- When using the Corvus Assured® process, the specific client who you’re in a recruitment process for will have access to your information. All information uploaded will be approved by you (candidate) before the client can see this information.
What are your rights?
This applies to anyone who has personal identifiable data held by Corvus.
- You can request where your data is held and how it is being processed by submitting a Subject Access Request to the DPO
- You can request for your information to be forgotten and erased from our records
- You can request for a copy of information being held and for any of it to be updated with correct information you supply
- At any stage you can request to change the level of permission you have given us i.e. if you had initially subscribed to all forms of marketing but would now only like to be contacted regarding employment opportunities
- As standard, any request to the above rights should be fulfilled within 30 days of request.
How is data erased?
When this happens a 5-stage process takes place, outlined below:
- The data is archived from the Processor’s records meaning it cannot be used. Within 30 days all archived data will fully deleted or anonymised where we have a statutory requirement to retain it.
- Hard copies should not exist but where this has happened the hard copies will be shredded
- An internal check of all email accounts will identify any mail logs that need to be deleted A hard drive check will identify any local machines that need to have the data deleted
- Confirmation of this will be sent to the source of the request upon completion if applicable
In conjunction with each individual, Corvus Assured® will co-operate to securely store and/or delete employer and candidate data held in conjunction with our IT policies, including our GDPR policy. We can manually delete candidate personal data at any time.
Links to other websites
What we will do if data is breached?
If a breach of data happens this will be promptly communicated to affected parties within 48 hours by email and for any serious breach that could lead to significant impact on the individual a phone call will be made within 24 hours of the Company being made aware of any breach.
Diversity & inclusion
Corvus is an equal opportunities employer and a company committed to diversity. This means that all job applicants and members of staff will receive equal treatment and that we will not discriminate on grounds of gender, marital status, race, ethnic origin, colour, nationality, national origin, disability, sexual orientation, religion or age. As part of our commitment to equal opportunities we may from time to time use information provided by you for the purposes of equality monitoring and submission to statutory bodies as required under FEAT (NI) Order 1998 and other legislation. All such information will be used on an anonymised basis.
Scottish Provident Building,
7 Donegall Square West,
Tel: +44 (0) 28 9091 8529