SOFT RECRUIT SOFTWARE LIMITED
GDPR Privacy Policy
INTRODUCTION
This GDPR privacy policy describes how Soft Recruit Software
Limited meets its obligations under the General Data Protection
Regulation in relation to the processing of personal data.
This policy statement provides full details on the following;
- How we handle personal data.
- What personal data we collect/hold.
- How and why we collect/hold personal data.
- How we use personal data.
- How we secure personal data.
- What third parties have access to personal data.
- Customers legal rights concerning personal data.
1. PERSONAL DATA COLLECTION
1.1 We may collect and process personal data in the
following ways:
- When contacted directly via our websites or via our customer
services department to request information about our products and
services.
- When third party agencies log personal data under consent to
our cloud based platform
- By requesting a product or a service directly from us.
- By replying to a direct marketing campaign.
- When permitted contact details are transferred from one of our
authorised agents or other third parties.
- When permitted companies or business partners transfer personal
data to us.
- When permitted personal data is secured via other sources.
Note:
(a) Never provide
personal data on behalf of someone else unless they have reviewed
this Privacy Policy.
(b) Persons under 16
years of age should not provide any personal data without consent
from a parent or guardian.
Personal data: This is data supplied to us when a data subject,
or agency provides personal data via our website/s or our cloud
based platform, or by corresponding with us by phone, email or
otherwise, and is provided entirely voluntarily. The data may
include a person’s name, contact details (such as phone number,
email address and postal address), enquiry details and an opinion
of our products.
We may automatically collect personal data from our web servers
as part of standard details relating to browser and operating
systems, additional personal data may be automatically collected
from our website, to include pages visited and the date of visit.
Personal data may also be automatically collected for security
reasons, e.g. to identify attacks on our website, this may include
data relating to the Internet protocol (IP) address assigned by an
internet service. We may collect some of this information using
cookies – see Cookies in Section 7 for further information. We
may also collect personal data that is shared as part of a
person’s public profile on a third party social network.
We may also receive certain personal data from other contract
agencies and/or recruitment agencies within the Irish Jurisdiction.
This information may include:
Personal data collected from the data subject by recruitment
agency and/or other third party. It is a contract requirement to
provide all personal data requested on this form, failure to
provide such personal data may preclude us from completing the
contract. The personal data collected may include a person’s
name, postal address, contact information, telephone number, email
address, or any other personal information.
Please see Section 2 for further details outlining how we use
personal data and for details of the purposes for which we use the
personal data we obtain from these sources and the legal basis on
which we rely to process such information. The remaining provisions
of this policy also apply to any personal data we obtain from these
sources.
2. HOW PERSONAL DATA MAY BE USED
Use of personal data under EU data protection laws must be
justified under one of a number of legal grounds and we are
required to set out the grounds in respect of each use in this
policy. An explanation of the scope of these grounds is listed
below:
2.1 Where valid consent is provided
We may use and process personal data where consent is agreed for
the following purposes. (Please note that consent will be agreed
via a consent form in relation to any such use and may be withdrawn
at any time. Please see withdrawing consent in Section 6 for
further details).
- to contact via email, text message, post or telephone with
marketing information or for other products and services we
provide.
- to share personal data with our authorised agents/partners for
the purposes of filling recruitment vacancies/posts.
- to supply brochures and other materials specifically requested
from us.
- to share personal data with our authorised agents/partners or
our recommended third-party partners to provide
marketing/recruitment information about their products and
services.
2.2 Where we are required to perform a contract
We may use and process personal data where it is necessary for
the performance of a contract.
2.3 Where required to comply with Legal Obligations
We may use personal data to comply with our legal obligations in,
(a) assisting an Garda Síochána, or any other public authority or
statutory authority for the purposes of criminal or other related
investigations, (b) so as to enable legitimate identification in
complying with our legal obligations, and (c) to verify the
accuracy of the data that we hold.
2.4 Where there is a Legitimate Interest
We may use and process personal data where it is necessary for us
to pursue our legitimate interests as a business, and where our
reasons for using it outweigh any prejudice to data protection
rights, as follows:
- for market research in order to ensure continued improvements
in the products and services that we provide.
- to administer our websites and for internal operations,
including troubleshooting, testing, statistical purposes.
- for analysis, and profiling to inform our marketing strategy,
and to enhance and personalise a customer or visitor experience.
- for marketing activities (other than where we rely on consent)
e.g. to tailor marketing communications or send targeted marketing
messages via social media and other third-party platforms.
- for the prevention of fraud and other criminal activities.
- to correspond and communicate in legitimate matters.
- for network and information security in order for us to take
steps to protect data against loss or damage, theft or
unauthorised access.
- to comply with a request in connection with the exercise of a
person’s rights, e.g. where we are asked not to contact a person
for marketing purposes.
- for reviews, accuracy or other improvements of our databases
and IT /cloud based platform systems, e.g. by combining systems or
consolidating records we or our group companies hold.
- to enforce or protect our contractual or other legal rights or
to bring or defend legal proceedings.
- for general administration including managing queries,
complaints, or claims and to send service messages to our
customers.
3. THIRD PARTIES WHO MAY PROCESS PERSONAL DATA
3.1 Healthcare Service Providers
We may share data with other Healthcare Service Providers. These
Companies, may use personal data in similar ways to that outlined
in Section 2 of this policy document.
Our cloud based platform/websites may also contain personal data
supplied from third parties for the purposes of recruitment
processing activities. Third party agencies who operate/use our
cloud based platform for the purpose of logging personal data
acknowledge that we will transfer this data to healthcare service
providers.
When we use social plug-ins on our websites from social networks
such as Facebook, Twitter and Google+, we integrate them as
follows:
Social plug-ins are deactivated on our websites (i.e. no data is
transmitted to the operators of these networks). To use one of
these networks, click on the respective social plug-in to establish
a direct connection to the server of the respective network.
A user account holder on the network, who has activated the
social plug-in, can be associated to the network visit to our
websites/cloud based platform.
When a social plug-in is activated, the network transfers the
content that becomes available directly to the user’s browser,
which integrates it into our websites. In this situation, data
transmissions can also take place that are initiated and controlled
by the respective social network. Connection to a social network,
the data transfers taking place between the network and a user
system, and user interactions on that platform are governed solely
by the privacy policies of that network.
The social plug-in remains active until deactivated or deleted in
cookies.
3.2 Contracted suppliers and Healthcare service providers
We may disclose personal data to our third-party service
providers, agents, subcontractors and other organisations for the
purposes of providing services to us or directly to a customer on
our behalf. Such third parties may include cloud services providers
(such as hosting and email management) or advertising agencies,
administrative services or other third parties who provide services
to us.
When we use third party service providers, we only disclose to
them any personal data that is necessary for them to provide their
service and we commit to ensuring valid Data Protection Agreements
are in place with all third parties so as to ensure all personal
data is secure and only used in accordance with our specific
contract terms and conditions.
3.3 Third parties who provide products and services
Personal data which we collect may be transferred to third
parties with customer consent.
Such data is shared in a secure manner, using a consistent
security protocol. When we share data with other parties we ensure
that they only use the data for the purpose it was collected.
4. STORAGE OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
(EEA)
Data provided to us may be transferred to countries outside the
EEA. By way of example, this may happen where any of our group
companies are incorporated in a country outside of the EEA or if
any of our servers or those of our third-party service providers
are from time to time located in a country outside of the EEA.
These countries may not have similar GDPR data protection laws.
If we transfer data outside of the EEA in this way, we will
ensure that appropriate security measures are taken with the aim of
ensuring that data privacy rights continue to be protected as
outlined in this policy. These steps include imposing contractual
obligations on the recipient of personal data or ensuring that the
recipients are subscribed to ‘international frameworks’ that
aim to ensure adequate protection of personal data.
The use of our services whilst outside the EEA, may involve the
onward transfer of data outside the EEA in order to provide those
services.
5. HOW LONG DO WE KEEP PERSONAL DATA
When we collect/receive personal data, the length of time we
retain it is determined by a number of factors including the
purpose for which we use that data and our obligations under GDPR
and related laws. We do not retain personal data for longer than is
necessary.
We may need personal data in the bringing or in defence of a
legal claim, in which case we will retain personal data for a
period of seven years after the last occasion on which we have used
the personal data as specified in Section 2 of this policy
document.
The only exceptions to this are; (a) where the law requires us to
hold personal data for a longer period or (b) when requested to
have the data deleted if we do not need to hold it in connection
with any of the reasons permitted in Section 6 of this policy
document.
6. DATA SUBJECTS RIGHTS
6.1 Rights as a ‘Data Subject’
A data subject, has the right of access (Art. 15 GDPR), right to
rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR),
right to restriction of processing (Art. 18 GDPR) and right to data
portability (Art. 20 GDPR). A person’s rights as a Data Subject
include the following:
- Information on the type of personal data we hold and what we do
with that information.
- To request how long we hold personal data.
- Rectify any inaccurate personal data we hold.
- To erase personal data we hold.
- Prevent us from using personal data in certain cases, including
if you believe that the personal data we hold is inaccurate, or
our use of personal data is unlawful.
- To receive personal data in a structured, commonly used and
machine-readable format and to have that data transmitted to
another data controller.
The right of consent to the processing of personal data by us may
be revoked at any time. The legality of processing personal data
before revocation remains unaffected. We may further process such
data pursuant to another applicable legal basis, e.g. for the
fulfilment of our legal obligations.
A data subject has the right to object at any time to the
processing of personal data (Art 21 GDPR). In such circumstances we
will only process personal data if we can prove compelling
legitimate reasons that outweigh a person’s interests, rights and
freedoms, or for the establishment, exercise or defense of a legal
claim.
If a person believes that the processing of personal data
violates legal requirements, that person has the right to lodge a
complaint with the Offices of the Data Protection Commissioner
(Art. 77 GDPR).
7. SECURITY / COOKIES / LINKS / SOCIAL PLUGINS
We at all times use technical and organisational security
measures to protect the personal data supplied and managed by us
against manipulation, loss, destruction and access by third
parties. Our security measures are continually improved in line
with technological developments.
Unfortunately, the transmission of data via the internet is not
completely secure. We will do our utmost to protect personal data,
however we cannot guarantee the security of all data whilst in
transit to our website, transmission is at the user’s own risk.
Where we have given (or where chosen) a password which enables
access to an account, the user is responsible for keeping this
password confidential. Do not share this password with any other
person.
7.1 Use of 'cookies'
By clicking on to a link of an offer or by activating a social
plug-in, personal data may reach providers in countries outside the
European Economic Area (EEA) that, from the point of view of the
European Union ("EU"), may not guarantee an "adequate level of
protection" for the processing of personal data in accordance with
EU standards. Please be aware of this alert before clicking on a
link or activating a social plug-in and thereby triggering a
transfer of data.
7.2 Statement on the use of cookies, the analysis of usage
data and the use of analysis
We use cookies and similar software tools such as HTML5 Storage
or Local Shared Objects (together "cookies") to identify a
person’s interests and particularly popular areas of our websites
and use this data to improve the design of our websites and make
them even more user-friendly. For the same purposes we use the
analysis tools Adobe Analytics and Google Analytics, cookies may
also be used here.
7.3 Functions and use of cookies
Cookies are small files that are placed on a desktop, notebook or
mobile device by a website visited. From this we can, for example,
recognise whether there has already been a connection between a
device and our websites, or which language or other settings the
user prefers. Cookies may also contain personal data.
By using our cloud based platform/websites, the user agrees to
the use of cookies.
A user may visit our website without consenting to the use of
cookies. The user can refuse such use and delete cookies at any
time by making the appropriate settings on the user’s device.
7.4 Links to other websites
Our website may contain links to other websites run by other
organisations which we do not control. This policy does not apply
to such websites and Apps so we encourage reading of their privacy
statements. We are not responsible for the privacy policies and
practices of other websites and Apps (even to those using links
that we provide) and we provide links to those websites solely for
user information and convenience. We specifically disclaim
responsibility for their content, privacy practices and terms of
use, and we make no endorsements, representations or promises about
their accuracy, content or thoroughness. Disclosure of personal
data to third party websites is at the user’s own risk.
In addition, if linked to our website from a third-party website,
we cannot be responsible for the privacy policies and practices of
the owners and operators of that third-party website and recommend
that all users check the policy of all third-party websites.
7.5 Social plugins
We use so-called social plugins (buttons) of social networks such
as Facebook, Google+ and Twitter.
When visiting our website, these ‘buttons’ are deactivated by
default, i.e. without intervention they will not send any data to
the respective social networks. These ‘buttons’ are activated
by clicking on them. They remain active until deactivated or
deleted.
After their activation, a direct link to the server of the
respective social network is established. The contents of the
‘button’ are then transmitted from the social network directly
to the user’s browser and incorporated in the website.
After activation of a ‘button’, the social network can
retrieve data, independently of whether interaction with the
‘button’ took place. When logged on to a social network, the
network can assign a visit to the website of the user account. A
social network cannot assign a visit to websites operated by our
other group companies unless and until activation.
8. Newsletter
Data provided in subscribing to a newsletter offered on our
website will only be used in order to provide the newsletter,
unless agreed for further use. Subscription to the newsletter can
be withdrawn at any time using the unsubscribe option provided.
9. Contact Us
Customers may contact our offices with any questions or
suggestions regarding the processing of personal data or if they
wish to amend/update their personal data, please contact the
offices of;
Soft Recruit Software Limited
172 Rathmines Road Lower,
Rathmines,
Dublin 6.
The Soft Recruit Vendor Management System has made managing our
agency bookings far easier. We now have instant visibility on all
placements without having to search through multiple emails from
agencies. Well done to all the team in Soft Recruit for such a
great system. 
