Privacy Policy

PLEASE READ THIS PRIVACY POLICY CAREFULLY

(Last updated 09^st May 2024)

WHO WE ARE

We are Orbis Consultants LTD (“Orbis”), Company Registration No. 09749682, VAT No. 171647009, Registered Office: 1 St. Katharine’s Way, London, United Kingdom, E1W 1UN.

Our Group means our subsidiaries, our ultimate holding company and its subsidiaries, and our associated companies as defined in section 1159 of the UK Companies Act 2006 (our “Group”).

We are the Data Controller for the purposes of UK General Data Protection Regulation (UK GDPR) (Regulation (EU) 2016/679) or any successor legislation or applicable data protection and privacy legislation in force from time to time which apply to a party relating to the use of personal data.

WHAT WE DO

We are a recruitment agency and recruitment business (our “Services”).

We collect the personal data of the following categories of data subjects to allow us to undertake our business activities:

• Prospective and placed candidates for permanent or temporary roles;
• Prospective and current/live client contacts;
• Supplier and third-party contacts engaged to support our services;
• Prospective, current and former employees, consultants, contractors and workers.
• We collect information about you to carry out our business activities.

INFORMATION WE COLLECT FROM YOU

We will collect and process the following data about you:

• Information you give us (“Submitted Information”): This is information you give us about you by filling in forms on the website www.weareorbis.com (our “Site”), or by corresponding with us (for example, by e-mail, chat or telephone). It includes information you provide when you subscribe to any of our Services, share data via the social media functions, enter a competition, promotion or survey, send an application for a vacancy and when you report a problem with our Site. If you contact us, we will keep a record of that correspondence.
• The information you give us may include your name, address, e-mail address and phone number.
• Information we collect about you and your device. Each time you visit our Site we will automatically collect the following information:
  • 1. Information about your computer (e.g. your IP address, browser, operating system, etc.) for statistical purposes;
  • the MAC address of the Device’s wireless network interface, the type of browser you use, and time zone setting (Device Information);
  • details of your visits to our Site including, but not limited to traffic data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access (Log Information).

COOKIES

We use cookies to distinguish you from other users of our Site. This helps us to provide you with a personalised experience when you browse our Site and also allows us to improve the Site. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy.

USES MADE OF THE INFORMATION

We use information held about you in the following ways:

• Submitted information: to provide and tailor Services directly to you; communicate with you;
• Device information: to determine how many people use the Site on particular browsers and different devices so that we can ensure adequate technical support for each type of device and browser.
• To present site content effectively to you.
• Provide information, products and services that you request, or (with your consent) which we think may interest you.
• Carry out our contracts with you.
• Allow you to use our interactive services if you want to.
• Tell you our fees/charges.
• Third Party Information: to monitor performance of the Service; to protect you and other people from fraud or misuse of the Services.
• Legitimate interests – such as to communicate with you; for web analytics so we can provide, improve and tailor services to you; to provide appropriate technical support and security for our websites; or for fraud prevention.

We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this policy for as long as it is combined.

INFORMATION YOU GIVE US OR WE MAY COLLECT ABOUT YOU

• Personal contact details such as name, title, address, telephone numbers, private and corporate email addresses;
• Date of birth;
• Emergency contact information;
• Gender;
• National Insurance number;
• Evidence of UK residential address;
• Current salary information or hourly/daily rate;
• Recruitment information – including copies of right to work documentation, references, and other information included in a CV or cover letter or as part of the application process;
• Employment history – including job titles, work and education history, working hours, training records and professional memberships;
• Disciplinary and grievance information;
• Information obtained through electronic means, such as an electronic access device;
• Bank account details, payroll records and tax status information;
• Pension and benefits information;
• Information about your use of our information and communications systems;
• Links to your professional profiles available in the public domain, e.g. LinkedIn, Twitter, Facebook or corporate website;

We may also collect the following “special categories” of more sensitive personal information:

• Information about your health, including any medical conditions and health and sickness records;
• Information about criminal convictions and offences;

Please note that phone calls may be recorded from time to time solely for internal quality and training purposes. Recorded phone calls will be stored for a maximum period of sixty days and only limited staff members have authorization to listen to the recordings for quality and training purposes.

INFORMATION WE OBTAIN FROM OTHER SOURCES

This is information we obtain about you from other sources such as:

• Job board websites and online CV libraries
• LinkedIn
• Corporate websites
• Facebook/Twitter or similar platforms
• Business cards
• Personal recommendations
• Third party employment agencies
• Background check providers

In this case you will be informed (unless an exemption applies under GDPR which means that sending the privacy notice will be impossible or disproportionate) of the fact that we hold personal data about you, the source the personal data originates from and whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.

We work closely with third parties including companies within our Group and companies under common ownership, business partners, sub-contractors in technical, professional, payment and other services, advertising networks, analytics providers, search information providers, credit reference agencies, and professional advisors. We may receive information about you from them for the purposes of our recruitment services and ancillary support services.

Purposes of the processing and the legal basis for the processing

We use information held about you in the following circumstances:

• Where it is necessary for entering into or performing a contract with you;
• Where we need to comply with a legal obligation;
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
• Where you have given us consent to use your personal data;
• To provide you with the information, products and services that you request from us or we think will be of interest to you if we believe it is relevant to your career or to your organisation;
• To provide you with information about other services we offer.

Our legal basis for the processing of personal data is our legitimate business interests (or those of a third party), although we may also rely on contract, legal obligation and consent, for specific uses of data.

We will rely on the contract ground if we are discussing, or negotiating, or have entered into a placement or an agreement with you or your organisation or any other contract of service or contract for services, contract to provide services to you or receive services from you or your organisation.

We will rely on the legal obligation ground if we are legally required to hold information on you to fulfil our legal obligations. For example, for reasons related to HMRC or employment law.

We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent if legally required. Examples of when consent may be the lawful basis for processing include obtaining your permission before introducing you to a client for a vacancy (if you are a candidate).

LEGITIMATE BUSINESS INTEREST

Our legitimate interests in collecting and retaining your personal data are described below:

As a recruitment business and recruitment agency we introduce candidates to clients for permanent employment, temporary placements or independent contractor services. The exchange of personal data of our candidates and our client contacts is an essential part of this process.

In order to support our candidates’ career aspirations and our clients’ resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.

To maintain, expand and develop our business we need to record the personal data of prospective candidates, employees and client contacts. If we discover your CV on a job board, CV database or other location in the public domain, we will rely on legitimate interests when adding your information to our database. We will also consider the use of your personal data in this manner to be within your reasonable expectations.

Once we have added your personal information to our database, we may contact you from time to time via phone or email with details of vacancies which we believe may be of interest/suitable to you. If you have applied for a specific role which was unsuccessful, we may also contact you from time to time with alternative roles. You have the right to inform us at any time should you not wish to receive this kind of communication (see the section on Your Rights below).

To deliver our services we may need to use your data for the following purposes:

• Determining whether you are suitable for a vacancy either within our organisation or with one of our clients;
• Determining any terms and conditions on which we will engage with you;
• Checking legal right to work status in the UK or other applicable jurisdiction;
• Processing payments to you or your company. If you are an employee, also making all required deductions for tax and national insurance;
• If you are a candidate supplying services in through an Umbrella company, liaising with your chosen Umbrella;
• Contract administration purposes and business management, including compliance auditing and accounting.
• Making decisions about your continued engagement or employment;
• Making arrangements for the termination of our working relationship;
• Dealing with any legal disputes which may arise;
• To ensure compliance with legal and regulatory requirements;
• Complying with health and safety obligations;
• Monitoring and managing sickness absence;
• Ascertaining fitness to work;
• Liaising with your pension provider;
• Conducting performance reviews and managing performance;
• Gathering evidence for possible grievance or disciplinary hearings;

CONSENT

Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.

PERMITTED DISCLOSURES

You agree that we have the right to disclose your personal information to any member of our Group, which means our subsidiaries, our ultimate holding company and its subsidiaries, or any affiliated companies of Orbis as defined in section 1159 of the Companies Act 2006.

We may also disclose your personal information to third parties:

• In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
• If Orbis  or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
• In order to:
  • Enforce or apply our Terms of Use, Terms and Conditions of our Site and other agreements or to investigate potential breaches; or
  • Protect the rights, property or safety of Orbis, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

The lawful basis for the third party processing will include:

• Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
• Satisfaction of their contractual obligations to us as our data processor;
• For the purpose of a contract in place or in contemplation;
• To fulfil their legal obligations.

WHERE WE STORE YOUR PERSONAL DATA

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. These staff may be engaged in the fulfilment of your request, order or reservation, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using industry leading encryption technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Sites, you are responsible for keeping this password confidential. We strongly recommend you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access and will always make sure that security measures are in place to protect your personal data. Measures are also in place to discover any breaches and to enable us to notify the ICO.

YOUR RIGHTS

Under data protection legislation, you have the right to request access to information about you that we hold (this is called a “Data Subject Access Request” or “DSAR”). To make a request for your personal information see the Contact section below.

• You can ask us to correct your information if it is incorrect;
• ask us to delete the information that we hold about you in certain circumstances, for example, where we no longer need the information;
• opt-out of us processing your personal information for marketing purposes;
• ask us to send you, or another organisation, certain types of information about you in a format that can be read by computer;
• the right to complain to a supervisory authority;
• restrict certain processing of your information, for example, if you tell us that the information is inaccurate we can only use it for limited purposes while we check its accuracy.
• make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/.

We will always inform you (before collecting your personal information) of how we plan to use that personal information. You can exercise your right to prevent such processing by checking certain boxes on the Site when you submit your information. You can also exercise the right at any time by contacting us via email to gdpr@weareorbis.com.

Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.

DATA RETENTION

This data will be retained in our records for no longer than is necessary to:

1. to provide you with the services you have requested;
2. to comply with statutory guidance;
3. to support a claim or defence in court.

Details of retention periods are available on request. See Contact section below.

CHANGES TO PRIVACY POLICY

If we change our Privacy Policy, we will post the changes on this page. If we decide to, we may also email you. We recommend that you check this page regularly to keep up-to-date.

CONTACT

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to Orbis, 1 St. Katharine’s Way, London, United Kingdom, E1W 1UN or emailed to gdpr@weareorbis.com.