This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.
Changes to the data protection law
From the 25th of May 2018, we will be processing your personal data in accordance with the General Data Protection Regulations (GDPR). Up until that point we will continue to process your personal data in accordance with the existing Data Protection Act 1998 (DPA). This notice is written to comply with both the DPA and the GDPR.
Information we may collect from you
You may give us information about you by filling in forms on our Ex-Mil website or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site, subscribe to our service, and participate in discussion boards or other social media functions on our site. It also includes when you enter a promotion or survey, during the course of any other activity commonly carried out on our site and when you report a problem with our site. The information you give us may include (but not be limited to) your name, address, email address and phone number, personal description, job history, qualifications and photographs.
With regard to each of your visits to our site we may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plugin types and versions, operating system and platform.
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers). We also collect information on the methods used to browse away from the page and any phone number used to call our customer service number.
Personal data requested may also contain “special category data” as defined in the GDPR and this may include racial or ethnic origin, sexual orientation and health (ie. whether you are registered disabled). You can decide whether you wish to share this information with us. Not sharing this information does not prevent you from registering or using our services.
Where else may we get your data from?
External CV Databases
As part of our service we may obtain your personal details and CV as from a number of different job boards or CV databases that we have access to. We use these details in order to match client vacancies we have against suitable candidates. As part of our internal processes for this service we will contact you prior to passing on your CV and details to potential employers. As appropriate you may ask us to remove or update the details we have obtained via these sources.
Why do we collect this information?
We collect information about you in order to provide you with the best careers advice possible, tailored to your specific preferences or experience. The information is also necessary for us and employers to match you against any opportunities that they have.
In addition, we sometimes use the anonymous personal data (ie. with all personal identifiers removed) for the purposes of research, industry trend reporting and for our own planning purposes and future developments.
Where we store your personal data
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. These actions have been put in place to ensure safety against unlawful processing, accidental loss, destruction and damage.
Protection of your personal data
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data through the use of security measure like the use of an SSL certificate, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, including all necessary technical and organisational measure to protect your data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access and against all other unlawful forms of processing;
What do we do with your information?
The personal information you provide helps us with providing more tailored advice and opportunities depending on your preferences. Our aim is to provide you with only content relevant to you. You may unsubscribe to these emails or change your profile information at any time either via the site or through the link provided at the bottom of each email.
To be more specific your information may be used in one or more of the following ways:
- For the facilitation of any legal obligations or defend any court actions that we may have.
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
- To allow you to participate in interactive features of our service, when you choose to do so.
- As part of our efforts to keep our site safe and secure.
- Communicate with you in the delivery of our services including client opportunities, sponsored events or employer sponsored competitions.
- Notify you of any changes to terms and conditions or policy changes.
- help us improve our services and it’s delivery to you.
- Conduct market research activities.
- Provide you with relevant advice and career options relevant to you.
- Allow you to better engage with the interactive and personalised services on our websites, apps and systems.
- In an aggregated and anonymised form, use the data to plan new products, manage our relationship with our clients, and also improve existing products.
- Facilitate any social media sharing functionality and authentication.
- Resolve complaints and data access requests in accordance with data protection law.
Additionally information we receive from other sources may be combined with information you give to us for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
Where necessary we may pass data to third parties that help us to process data, as well as to prospective or intended employers or clients for recruitment purposes. Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
We may share your information with selected third parties including:
Business partners, suppliers, clients and subcontractors for: (1) the performance of any contract we enter into with them or you or (2) the purpose of sourcing your employment or engagement with a third party.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site may receive your information.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Ex-Mil or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Automated processing and profiling
We use the information you provide to make automated decisions solely in the capacity of delivering you content based on your stated preferences. Personal data may be matched against vacancies to provide relevance to you in the form of job alerts. However you may change your preferences to amend what content or vacancies are filtered.
No judgements or decisions are made of an individual’s suitability for a particular role solely as a result of any automated processing that may take place.
Legal basis for processing your data
The legal basis for processing under GDPR is outlined below:
Candidate personal data held by us
Contractual necessity (Article 6(1)(b)), legitimate interest (Article 6(1)(f)) and consent Article 6(1)(a)
Client or employer related personal details held by us
Contractual necessity (Article 6(1)(b)), legal obligation (Article 6(1)(c) and legitimate interest (Article 6(1)(f))
On occasion we may process you data on the basis of consent (such as special category data), or the sending of promotional or marketing material not related to job opportunities or where there is a facility to link to your Social network.
It may be necessary for us to process your data in order to fulfil a contract with you such as sending your CV and details to an employer for a particular role you have applied for or are interested in.
In the case of a Client or Supplier we may need to process your personal data for the purpose of fulfilling out contractual obligation with regards to the service or product delivery.
We may also process your data when it is in our legitimate interest to do so and the processing does not impact on any of your data protection rights. Our legitimate interests include:
- ensuring the security and integrity of our services and ensuring that our systems such as websites and apps work properly;
- selling and supplying services to our clients;
- protecting clients, employees and other individuals (including yourself) and maintaining their safety, health and welfare;
- the promotion, marketing and advertising our products and services;
- sending promotional communications tailored to your preferences from our clients in relation to your career;
- understanding our client’s and your behaviour, activities, preferences, and needs to deliver a better quality and custom experience;
- improving existing products and services and developing new products and services;
- the handling client and your contacts, queries, complaints or disputes; and
- fulfilling our duties to our clients, yourself, colleagues, shareholders and other stakeholders.
You have the right to object to the processing of your data under legitimate interest should you feel that such legal basis is not warranted or feel that it overrides any of the rights that you may have.
How long we keep your information for
We will store your data only for as long as necessary. What’s more, we conduct regular data-cleansing and updating exercises to make sure the information we have is relevant and accurate (personal information, CVs and cover letters etc).
Employer/client related personal details: For the length of our relationship with you plus 6 years (Limitation Act (1980) in case the case where there may be a dispute. Some information may be required to be retained longer due to legal obligations (eg. HRMC).
Your rights over your information
You have the right to not have your personal data processed for unrelated marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes, and obtain your consent.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
For emails and alerts from us you can stop receiving these by clicking the unsubscribe link in the emails sent or change your preferences.
By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate.
You can also ask us to give you a copy of the information and to stop using your information for a period of time if you believe we are not doing so lawfully.
To submit a request by email, post or telephone, please use the contact information provided above.
In addition to the above you have the following rights under GDPR:
- The right to ask what personal data is held, subject to a fee (currently £10), free from the 25th May 2018.
- The right to ask to update and correct any out of date or incorrect personal data that we hold free of charge.
- The right to erasure of personal data where consent is the only legal basis for processing and that consent has been withdrawn.
- The right to data portability in the sense that personal data provided directly by the data subject is exportable in an open format like CSV where the legal basis for processing is based on either contract or consent.
- The right to restrict or object to the processing of your personal data where:
- You contest the accuracy of the personal data and the accuracy needs to be verified;
- You object to the processing under legitimate interest ground and consideration needs to be made whether our legitimate interest overrides that of the individuals;
- The processing was unlawful and you request restricted processing over erasure;
You can withdraw consent at any time where consent has been relied upon. If consent is the sole legal basis for processing, we will stop processing the data after the consent is withdrawn. The data will then be placed in a restricted processing mode until you have asked to exercise your right to erasure or the personal data falls outside stated retention period (whichever comes first).
Our communications with you
We will periodically communicate with you by email, post, telephone or device notifications for the purposes of delivering our services to you. The legal purpose for which is under the legitimate interest provision under both GDPR and the Privacy and Electronic Communications Regulations (PECR).
However, should you be concerned about the content of these communications (such as unwanted marketing communications or simply want to change the way we communicate with you please log into your profile on the relevant website and change your preferences, or use the relevant unsubscribe link. Alternatively you can contact us by telephone or letter at the details provided above.
You may contact us for any of the described purpose above. Our main address is:
1 Grove Park,
You can contact us by post at the above address, or by via email at [email protected] or by telephone on 0333 202 6500.
We are not required to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details above asking for the person responsible for data protection.
Changes to this privacy notice
Your right to complain
If you have a complaint about our use of your information you can do so with the relevant supervisory authority within the EU to which you are a resident, whom may refer the complaint to the UK supervisory authority.
Complaints in the UK can be made to the Information Commissioner’s Office via their website at www.ico.org/concerns or write to them at:
Information Commissioner's Office