Effective from 30th January 2020
www.miltonpark-jobs.co.uk is operated by MP Jobs Ltd (“MP Jobs”). MP Jobs is registered in England and Wales under company number 04269861. MP Jobs registered address is 99 Milton Park Abingdon OXON OX14 4RY.
We take data protection very seriously and understand the importance of protecting your privacy and Personal Information. “Personal Information” is information that identifies you as an individual such as your name, date of birth, email address, IP address and CV.
How do we collect information from you?
Please do not submit such Personal Information to us if you do not wish us to collect it.
Please be aware that we may also infer certain information about you from your expressed search preferences. We also collect from:
- our websites (the “Websites”);
- the software applications made available by us for use on or through computers and mobile devices (the “Apps”);
- cookies (“Cookies”);
- publicly available information; and,
- other tools and applications (our “Online Content”).
What Personal Information do we collect?
Personal Information we collect about you may include the following:
- General identification and contact information: your name; address; email; IP address; telephone details; gender; marital status; family status; date and place of birth; physical attributes including photos.
- Other sensitive information: trade union membership, religious beliefs, political opinions or racial or ethical origin, and criminal record.
- Information enabling us to provide products and services: age, location, whether or not you hold a driving licence that enable identification of job search (for example, post code or job role).
- Marketing preferences: enter a contest or prize draw or other sales promotion, or respond to a voluntary customer satisfaction survey.
- Statistical information: aggregate statistical information about site visitors and users for internal use and for other lawful purposes e.g. Salary averages. We provide this information to customers, advertisers, suppliers and other reputable third parties. Where we provide such information we will provide this in an anonymous format and not include any Personal Information.
- Information from Apps: submit comments to the Site, participate in message boards, blogs, send us emails or any other user generated content facility.
- Publicly available information in relation to professional history: educational background; employment history; skills and experience; professional licenses and affiliations; educational and professional qualifications.
What legal basis do we rely on to process your Personal Information?
On some occasions, MP Jobs processes your data with your consent. For example, we rely on consent when we send promotional material or when you link your MP Jobs account to your Social Network account. You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
The processing is necessary to fulfil a contract
MP Jobs may process your data when we need to do this to fulfil a contract with you, such as to send your CV to an employer or recruiter for a specific job application.
MP Jobs also processes your data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights.
Our legitimate interests include:
- ensuring the security and integrity of our Services and in ensuring that our Websites and Apps operate effectively;
- selling and supplying goods and services to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our products and services;
- sending promotional communications which are relevant and tailored to individual customers;
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and services and developing new products and services;
- handling customer contacts, queries, complaints or disputes; and,
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
The processing is necessary because of a legal obligation that applies
MP Jobs may process your data to comply with our legal and regulatory obligations, e.g. preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies.
Who do we share your Personal Information with?
Our group companies
Recruiters and other agents
In the course of our business to help you search for and get a job, MP Jobs may make Personal Information available to third parties such as recruiters and other intermediaries and agents and other business partners. The amount of information we share with recruiters will depend on the options you select when you create or update your account. If you choose to make your profile public, recruiters will be able to see and your Last Active date ( this is the date you most recently updated your profile or CV, or searched or applied for jobs using the Services ). Depending on your preferences, we may also share your application history (jobs you have applied for and when you applied for them). You can change the information recruiters can see about you at any time by updating your details and preferences in your profile.
Our service providers
This includes external third-party service providers, such as accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
Governmental authorities and third parties involved in court action
MP Jobs may share Personal Information with governmental or other public authorities (including, but not limited to, workers’ compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.
Other third parties
Occasionally, we may share Personal Information with other third parties. We will always do this under contract and in accordance with your instructions.
How we use Personal Information?
We use Personal Information to do some or all of the following:
- Communicate with you as part of our business;
- Send you important information regarding changes to our policies, other terms and conditions, the MP Jobs Website and App and other administrative information;
- Provide improved quality, training and security and manage other commercial risks;
- Carry out market research and analysis, including satisfaction surveys;
- Provide marketing information to you (including information about other products and services offered by selected third-party partners) in accordance with preferences you have expressed. Please be aware you can always change these in your account;
- Personalise your experience on the MP Jobs Website and App by presenting information and advertisements tailored to you and by providing you access to selected services of our group companies;
- Allow you to participate in contests, prize draws and similar promotions, and to administer these activities. Some of these activities have additional terms and conditions, which could contain additional information about how we use and disclose your Personal Information, so we suggest that you read these carefully;
- Facilitate social media sharing functionality;
- Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management;
- Resolve complaints, and handle requests for data access or correction;
- Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence);
- Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners, our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.
International Transfers of Personal Information
Personal Information which you supply to us is generally stored and kept inside the European Economic Area.
How can you manage or delete Personal Information?
When you access our website online, we store some information about you. This is anonymous and used for statistical purposes.
When you create an account and log-in to your “My Account” area, it is protected by your password and may only be accessed by you. You can manage the content and information in your Account at any time, by logging in to your “My Account”.
Your CV can be viewed by Jobsite and MP Jobs customers, or customers of the MP Jobs Group, if you have consented to this within the profile section. This is the default setting. Further, when your profile is searchable your application activity (e.g. number of applications, job titles, locations & salaries) will be visible to MP Jobs, Jobsite and MP Jobs Group customers. Such visibility can also be provided through browser plugins or other software that we or our group companies offer if our customers visit certain social media websites about you. This is also the default setting
Please note that MP Jobs reserves the right to remove from our database, CVs which include any content that we consider to be illegal or offensive. We will respect the choices you make to limit sharing or visibility settings in your “My Account”.
You can de-activate or delete your account at any time, make your profile anonymous or choose to not make your profile searchable. To de-activate, please go to your “My Account”.
However, if you would like to permanently delete your account, you can send an email to our Data Protection Officer (DPO) (see below) with the subject line “Permanently delete my information and account”. Please do not forget to tell us who you are.
It is important for you to protect against unauthorised access to your password and to your computers, devices, and applications. Be sure to sign off when you finish using a shared computer.
MP Jobs is committed to keeping your personal data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold.
Our security measures include:
- encryption of our services and data;
- review our information collection, storage and processing practices, including physical security measures;
- restrict access to personal access to personal information to MP Jobs employees, contractors and agents who need to know that information in order to process it for us and who are subject to contractual confidentiality and processing obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations; and
- internal policies setting out our data security approach and training for employees.
Additional Services for Website and App
Location based services
If you use the MP Jobs App we will ask you if you want to use our geolocation service. This service is provided by Adobe Systems Software Ireland Limited. Based on your mobile phone GPS signal it allows us to identify your location. We will use this information to provide you with job offers close to you and to improve our Products and Services. In no case will we merge such information with any personally identifiable information. We will at no times be able to connect you personally in connection with the respective location. You may at any stage opt out of location tracking by changing the App settings. However, you will also lose the location supported product functionality as well.
For further information about Adobe and their service please visit: www.adobe.com/privacy.html.
If you use the MP Jobs Website or App, you may also consent to push notifications, text messages, alerts, emails or other types of messages directly sent to you outside or inside of the MP Jobs App to your mobile device or desktop browser. If you declare your consent to receive such messages a device token will be generated, which will be associated with your device.
If you enable us, we access the following Services for the limited purpose of helping us to upload or otherwise access your CV, cover letters or any other documents you provide us to assist you apply for jobs. The Services we may use are:
- Google Cloud
We will ask for your consent before using information for any purpose other.
Marketing and Advertising
Online Behavioural Advertising
You have the following rights:
- the right to ask what personal data that we hold about you at any time, subject to a fee specified by law;
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and
- (as set out above) the right to opt out of any marketing communications that we may send you.
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
Children and minors
MP Jobs is not directed towards individuals under the age of eighteen (18), however we are aware due to the nature of some of the job offerings, those between 14 and 18 may use the Services.
Individuals under the age of thirteen (13) are expressly prohibited from using MP Jobs Website and App, unless parental consent is provided and we are notified.
Third Party Privacy Practices
Please note that although we require customers who use our services, such as employers seeking to recruit staff, to agree to use the information made available solely for recruitment-related purposes, we do not control their use of any information that they have access to as part of receiving our services. Please be aware your current employer may be a customer of MP Jobs, or a client of one of our jobboards in our group of companies. Although it is a requirement of our Contract and Terms and Conditions of MP Jobs and other jobboards not to use Personal Information for any purpose other than to obtain a job, we cannot restrict the customers who access profiles on our database and cannot be held responsible for any eventuality. As part of the registration process MP Jobs offers you the option of remaining anonymous.
Who to contact about your Personal Information
The data controller responsible for your information is MP Jobs.
If you have any questions about this policy or our use of your Personal Information you can email: dataprotectionofficerUK@miltonpark-jobs.co.uk or write to the Data Protection Officer, MP Jobs, 99 Milton Park Abingdon OXON OX11 7DT.
If you do not think we are handling your Personal Information adequately, you have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, are available at ico.org.uk.
Please view the “Effective from” date at the top of these terms to see when it was last revised
. What does GDPR stand for?
GDPR is short for the ‘General Data Protection Regulation'. It looks like a law set to overhaul Europe's, and as a result the world's, entire data privacy framework. GDPR comes into force on the 25th May 2018.
2. What are the GDPR requirements?
GDPR is a key piece of legislation for Europe and subsequently, the rest of the world. All organisations and businesses need to consider the legislation in the whole and conduct an analysis of the impact of GDPR on their activities. Some of the most significant requirements are as follows:
Many organisations and businesses will need to appoint a Data Protection Officer. This applies to those companies who regularly and systematically process personal data or monitor data subjects.
- Transparency is vital. You are under a duty to be upfront with customers, employees and others about how their data is processed. This means you have to know what you do and why, and be able to convey that in a clear and comprehensive manner.
- Data Privacy Impact Assessments (DPIAs) will become a fact of life. Where any new or existing data processing activity will result in a high risk to the rights and freedoms of individuals, companies will be required to carry out a systematic review of how best to safeguard those rights.
- Deletion and portability. Businesses and organisations need to be able to delete data when no longer necessary, and transfer it elsewhere if requested by the people it refers to. You will need to ensure that your systems designed to make that possible.
- Privacy by design and default. These are safeguards to ensure the protection of personal data is hardwired into your processes and systems.
- Accountability. Being compliant isn't enough. You have to show that you are abiding by the rules. This includes maintaining an up-to-date register of data processing activities. In the event of a security breach, it also involves being able to give a full account of what happened and the preventative measures you had in place when reporting that breach.
3. What happens if my company is not compliant with GDPR?
Please be aware, whilst MP Jobs is doing everything it can to assist you, as our customer, we are not a law firm and highly recommend you seek legal advice to ensure you are compliant with GDPR.
Most of you have heard the fines have changed:
For serious breaches (e.g. a major security breach where the organisation had woefully inadequate protective measures in place), the maximum administrative fine is up to 4% of global turnover or EUR 20 million, whichever is higher.
For other breaches (e.g. inadequate record keeping or failure to report a breach), regulators will have the power to issue penalties of up to 2% of global turnover or EUR 10 million.
Also, there is a direct right of action for data subjects to claim compensation from the data controller or processor. So, if data has been incorrectly held or used and the individual has suffered damage, firms could find themselves being hit by legal action.
Finally, there is the possible reputational repercussions of non-compliance. Sanctions and major fines issued by the regulator will be information in the public domain. Staying compliant is crucial for any business seeking to maintain their reputation as a safe pair of hands in the digital marketplace.
4. Who does GDPR apply to?
GDPR applies to natural or legal persons, public authorities, agencies or other bodies processing personal data (processing in the course of exclusively personal/household activities is excluded).
How GDPR in detail affects you depends on the nature of your processing activities, but regardless of size and shape of your business, chances are you are in scope.
If you are not sure whether GDPR applies to you, it is best to assume that it does and seek legal advice.
5. How does GDPR impact businesses outside of the EU?
Businesses based outside the EU need to comply with GDPR if they process, manage or store personal data related to data subjects in EU, or if they process personal data on behalf of EU businesses. So, no matter where you are based, if you do business in or with people and organisations in the EU, you need to ensure your business is GDPR compliant.
6. How should my business prepare for GDPR?
Becoming compliant does not happen overnight. This is especially the case if you need to put new procedures in place. Steps you can take include:
- Build awareness. From board level to on-the-ground IT, ensure that decision makers and key staff are aware that the law is changing. All individuals involved in the GDPR-readiness project should be aware of their responsibilities – what they need to do and when. This will help avoid a last minute scramble as the implementation date approaches.
- Map your data. What personal data do you hold? What is its purpose? Where is it stored? Where did it come from and who do you share it with? For this type of fundamental data audit, having the right tool in place to help you map, visualise and manage your data can make life so much easier.
- Appoint or designate a Data Protection Officer. Decide who will take responsibility for compliance and where this role will sit within your organisational structure. For larger organisations this will involve appointing at least one DPO, for smaller organisations, this will involve formally designating a Data Protection Officer, for one-man band businesses, you will need to start to understand GDPR.
- Review your security breach prevention procedures. This will involve a security audit to ensure that the data protection measures you have in place are adequate. Make sure you have the right procedures in place to detect, respond to and report breaches in accordance with the Regulation.
- Review and refresh your consent procedure. Look at how you obtain, record and manage consent. Consider whether any changes will be needed to your existing procedures in good time for GDPR implementation. The same applies to your current privacy notices.
- Give consumers their rights to data. You will have to provide certain information to the individuals if you process personal data about them and you will have to facilitate the ability of individuals to exercise their rights. If a customer asks for a copy of the data you hold on them, will you be able to provide it? What happens if someone asks you to delete or transfer their data to another party? Review your infrastructure and procedures to ensure that if you receive such requests, you are able to comply.
GDPR and MP Jobs Ltd
1. Who is responsible for complying with GDPR?
Initially, MP Jobs is a data controller and we are responsible for the data processing on our websites. Candidates search our website and provide us with GDPR-applicable “consent” (by way of contract, legitimate interest or consent) to allow you our customers to contact the candidate for the specific job listing or to access their CV from our CVDB. When you contact the candidate to help them apply for a job or download their CV from our CVDB you become a data controller. At this point you as data controller are required to comply with GDPR and will also have to ensure that you give the individuals their rights. Particularly, you will have to provide certain information to them and, if you would like to use candidate data for any other purpose than filling a specific vacancy, you will have to obtain your own form of GDPR approval to continue to use the candidates' personally identifiable information.
2. Do we have adequate GDPR consent?
3. What security measures do we have in place?
All production data is stored in a secure web hosting environment with restricted access. We have regular risk reviews, external penetration test on the environments and internal audits.