Contractor Privacy Policy

SHIFT F5 LTD

CONTRACTOR PRIVACY POLICY

Table of Content

1     About this Privacy Policy

2     Who we are and how to contact us

3     The data we collect and process about you

4     How we collect personal data

5     How and why we use your personal data

6     Change of purpose

7     If you fail to provide personal data

8     Disclosures of your personal data

9     International transfers

10    Data security

11    Data retention

12    Your rights in respect of your personal data

13    Changes to your personal data

We, Shift F5 Ltd, are a marketing and recruitment business. As part of our business, we engage individual contractors (Contractors)to perform services for our clients (Clients). We also operate a time sheet portal on our website which enables the Contractors to record time spent working for a Client (the “Time Sheet Portal“).  In this Privacy Policy we refer to ourselves as “we“, “us” and “the Company“.

This Privacy Policy is designed to give you, the Contractor, information as to how we will obtain and process personal data relating to you in connection with your engagement by us (your Engagement). Contractors may be hired by us directly or through a services company.

We will process your personal data as a “data controller”. This means that we have responsibility (on our own or acting jointly with another party) for deciding how we hold and use personal data relating to you.

Please read this Privacy Policy carefully (together with our Data Privacy Policy https://shiftf5.co.uk/privacy-policy which sets out how we handle personal data at the recruitment stage and for marketing purposes and also applies to data submitted through the Time Sheet Portal). From time to time we may also issue other privacy or fair processing notices to you relating to the way in which we collect personal data about you which we will bring to your attention.

We Shift F5 Ltd are a limited company registered in England and Wales under company number 11316175 and have our registered office at 3 Mellor Road, Cheadle Hulme, Cheadle, Cheshire, SK8 5AT

To contact us, please email info@shiftf5.co.uk or telephone us on 0161 388 2635

If you have any questions about this Privacy Policy or our Cookies Policy, including any requests to exercise your legal rights, you may contact our Data Compliance Officer at dco@shiftf5.co.uk

Personal data, or personal information, means any information relating to an identifiable individual. It does not include any data or information which relates to a person that cannot be identified or where the person’s identity has been removed (ie anonymous data). It also does not include information relating solely to a business or other organisation, rather than to a person.

We may collect, use, store and transfer different kinds of personal data about you in connection with your Engagement which we have grouped together as follows:

  • Identity Data: data which identifies you, such as your first name, last name, username, job title, employer, title, date of birth, marital status, gender.
  • Contact Data: contact details including your personal and/or business email address, postal address and telephone number.
  • Profile Data: data we store in connection with your profile on the Time Sheet Portal, including your username and password to access the Time Sheet Portal.
  • CV Data: information submitted as part of a job application and/or the registration process, including qualifications, experience and references and any other information contained on a CV.
  • Application Data: your history of responding to job advertisements and the progress of those applications.
  • Status Data: confirmation of your eligibility to work in the UK, such as a national insurance number, passport or visa information.
  • Time Sheet Portal Data: such information as you may enter into the Time Sheet Portal and may be stored on the Time Sheet Portal in connection with your profile, including hours worked, details of your Engagement and absences.
  • Engagement Data: information relating to your current and any previous Engagements, including the Client you are working for, your agreed wage or fee, the period of your Engagement, hours worked, absences, appraisal and performance and disciplinary records and data and such other information as may be collected during the course of your Engagement and relevant  
  • Pay Data: information which may be collected and processed for payroll purposes, including bank details, national insurance number, information relating to hours worked, rate of pay and such other relevant data as may be required to process payments to you or your services company for your Engagement.

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Time Sheet Portal Data to calculate the averages of hours work and rates paid. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

We do not collect any special categories of personal data or criminal data about you, without gaining your explicit written consent (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data and information relating to criminal convictions and offences).

We predominantly obtain your personal data directly from you either during the application process (please refer to our Recruitment Privacy Policy which sets out how we handle personal data relating to job applicants) and once we have assigned you an Engagement (such as your National insurance number, Date of Birth and Status Data).

Other personal data will be collected during the course of your Engagement, such as the Engagement Data.

We will only collect and process your personal data where we have a legal basis to do so. The legal basis will vary depending on the manner and purpose for which we are collecting your personal information. Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. 
  • Where it is necessary to comply with a legal or regulatory obligation that we are subject to.

We have set out in the table below a description of the ways we plan to use your personal data, and which of the legal bases we shall rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data on the basis of more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you require further detail about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity Types of data Lawful basis for processing including basis of legitimate interest
Processing and managing job applications submitted by you, checking you have the right to work in the UK Identity, Contact, CV, Application and Status Data Necessary for our legitimate interests (to conduct our business and perform our contracts with clients) Consent – we will only proceed with an application and your Engagement if you consent to providing the work required. Necessary for the performance of a contract with you (the contract under which you are engaged to provide services).
Setting you up as a new Contractor on our systems Identity Data, Contact Data, Engagement Data, Status Data, Pay Data. Compliance with a legal obligation Necessary for the performance of a contract with you (the contract under which you are engaged to provide services).
Invoicing the Client that you have undertaken work for Identity Data and Engagement Data Necessary for the performance of a contract with you (the contract under which you are engaged to provide services). Necessary for our legitimate interests (to conduct our business and perform our contracts with clients)
Calculating and processing payments Pay Data Compliance with a legal obligation  
Making payment to limited/ umbrella company Identity, Contact,  Pay Data Necessary for the performance of a contract with you (the contract under which you are engaged to provide services) Compliance with a legal obligation
Preparing and providing to the Client reports and statements Identity, Contact, Pay Data Necessary for our legitimate interests (to conduct our business and perform our contracts with Clients
Setting you up on the time sheet portal on our website, issuing email login details Identity, Contact, Profile, Profile and Time Sheet Portal Data Necessary for the performance of a contract with you Necessary for our legitimate interests (to conduct our business in an efficient manner and perform our contracts with clients)
Monitoring your working hours via the time sheet portal on our website for the purposes of processing payments Identity, Profile and Time Sheet Portal Data Necessary for the performance of a contract with you Necessary for our legitimate interests (to conduct our business in an efficient manner and perform our contracts with clients)

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you require an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.  

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Where we need to collect personal data by law or in order to perform a contract to which you are a party or which otherwise impacts on you, and you fail to provide that data when requested, we may not be able to perform the relevant contract. This may have consequences upon you. For example if we have to cancel our contract with your services company, your Engagement will be terminated. We will notify you if this occurs.  

We may share personal data with Clients (acting as controller) or your limited/umbrella company (acting as controller)

We may share personal data with the third parties set out below for the purposes set out in the table above. These third parties process your personal data on our behalf in connection with the performance of certain services for us. :

Name of Service Provider Platform Types of Personal Data
Keybridge IT Support Provider Identity, Contact, Profile CV, Application, Financial, Marketing and Communications Data
Namesco Website Host Identity, Contact, CV, Profile, Application, Technical and Usage Data. This type of personal data is only shared through the website host as a processor if a data subject sends us a CV through the website
Broadbean Data Analytic Software Identity, Contact, CV and Application Data
MS Dynamics 365 Recruitment Software Identity, Contact, Profile, CV, Application, Financial, Marketing and Communications Data
Daxtra Recruitment Software Identity, Contact, CV and Application Data
Mailchimp Email Marketing Platform Identity, Contact
  • We have entered into a data processing agreements with the service providers listed above.
  • Identity, Contact, CV, Application, Time Sheet Portal Data and Engagement Data may be disclosed to the relevant Client to whom the Engagement relates. Our clients will process your personal data as a data controller, and should direct applicants to their own privacy policies setting out how they process personal data.
  • Identity, Contact and Financial Data will be provided to Giant, our payment service provider.
  • Your personal data may be disclosed to professional advisers (acting as processors or joint controllers) including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services. 
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets may have access to your personal data in connection with such transaction. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
  • HM Revenue & Customs, regulators and other authorities (acting as processors or joint controllers) who require reporting of processing activities in certain circumstances.

We require all our data processors to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions as set out in our data sharing agreements.

In some instances where we share data with third parties, such as the HMRC, those third parties will also be controllers of your data. We shall not be responsible or liable for the way in which other data controllers hold or process your personal data. Please contact those third parties for further information regarding how they will use your data. We shall only share your personal data with third parties in accordance with this privacy policy.

Some of our external third parties may be based outside the Economic European Area (EEA) so their processing of your personal data could involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the EEA.

  1. 10.   Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) in order to develop our business methods and strategy or for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

As a general rule, we will retain your personal data for a period of [six years] following the end of your Engagement. We will keep this under review and may periodically delete some of your personal data which we no longer require for the purposes set out in the table above. For example, your bank details will be deleted promptly at the end of your Engagement.

In some circumstances we may be entitled or required to retain your data for a longer period where we are under a legal obligation to do so or in order to commence or defend legal proceedings in future.

You have certain rights in respect of the personal data that we process about you (where we determine the purpose and means for which that personal data shall be processed):

  • the right to request access to your personal data that we hold and to receive certain information relating to that data;
  • the right to ask us to rectify inaccurate data or to complete incomplete data;
  • a right to receive or ask for your personal data to be transferred to a third party(note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you);
  • the right to request the erasure of personal data where there is no good reason for us continuing to process it (note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request);
  • the right to object to how we process your personal data where we believe we have a legitimate interest in processing it (as explained above) (note that in some cases we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms);
  • the right to restrict processing of your personal data in certain scenarios, for example if you want us to establish the accuracy of the data or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it (note that when processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future; and
  • where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If you withdraw your consent, we may not be able to provide certain services to you.

If you wish to exercise any of the rights set out above in respect of your personal data, please contact our Data Compliance Officer at dco@shiftf5.co.uk  

We may ask you to verify your identity if you make a request to us to exercise any of the rights set out above. We may also contact you to ask you for further information in relation to your request to speed up our response. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance and we shall endeavour to resolve your complaint.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data (such as your contact details) changes during your relationship with us.

No CV? Arrange a Callback

Register your details and one of our experienced consultants will give you a  call to discuss your options and details on current vacancies.

or call on

Tel. 0161 388 2635

Shift F5 – Technology Recruitment