If we make changes we consider to be important or if we plan to use personal information for a new purpose, we will let you know by updating the Policy on our website and/or contacting you using other methods such as email. Your privacy matters to us so whether you are a new or existing client or a member of staff.
Please do take the time to get to know our practices – and if you have any questions about our privacy practices or your personal information choices please contact us at GDPR@ays.co.uk.
2.50.2. Controllers of personal information
Any personal information provided to or gathered by us is controlled by At Your Service.
As controllers of personal information, we are responsible for the accuracy and security of this information. We will only collect the information we require and are lawfully permitted to collect, and we will use this information in the ways which you would reasonably expect us to.
2.50.3. The information we collect and how we use it
We collect personal information to aid us in delivering and continually improving the quality of our staffing service, as well as fulfilling contractual commitments to both our clients and our members of staff.
When you interact with us, we may ask you for the following information:
- personal and contact details (for example your name, email address, contact number);
- personal and contact details you give us when subscribing to receive emails, newsletters or marketing information from us;
- your IP address;
- information you provide if you report a problem with our website or service.
Additionally, for members of staff:
- during pre-assignment vetting we will request details from you including, your name, your work history, qualifications, contact details (such as email, telephone number and home address), gender, your right to work documents, details required for equality and discrimination legislation checks and your personal preferences, choices and requirements specific to particular requests or services;
- details of your education, employment history, bank details and national insurance number, references, right to work and other information you tell us about yourself (e.g. the information contained within your CV) when you engage with us for the provision of services;
- information from social media activity (such as likes, shares and tweets) when you interact with us on social media;
- additional information which you provide voluntarily and/or which we may ask from you to better understand you and your interests;
- We may also collect sensitive Personal Information about you (including details of your physical or mental health, racial or ethnic origin, criminal allegations or offences, trade union membership and/or other sensitive Personal Information that you may choose to provide to us voluntarily from time to time.
- We receive data from your devices and networks, including location data.
- When you visit or leave our Services (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device will send us data about your location based on your phone settings. We will ask you to opt-in before we use GPS or other tools to identify your precise location.
We do not undertake automated decision making or profiling using your data, and we will notify you if this position changes.
2.50.4. Why do we collect your personal information?
We collect and use your personal information because it is necessary to obtain certain details which includes personal information from you in the work-searching process and it is in our legitimate interests in the course of operating our business, including:
- responding to your queries;
- providing work-finding services and/or information to you;
- transmitting Personal Information between our offices or functions for internal administrative purposes;
- setting you up on a work assignment with a client; and/or
- carrying out direct marketing.
We will only collect, use and handle your Personal Information when:
- it is necessary for our legitimate interests in connection with carrying out our business, as long as, in each case, these interests are in line with applicable law and your legal rights;
- and/or where you have agreed;
- and/or where this is necessary for legal obligations which apply to us.
2.50.5. How we use the information you give us
As a prospective or existing client, we might ask you to provide contact details (for example your name, email address, postal address and telephone number) which we use to establish a relationship with you and provide information about our services.
Additionally, for a member of staff, we undertake the following processing of your personal information on the legal basis that it is necessary to perform our contract with you and to provide the services we have agreed to provide to you. Where we have not entered into a contract with you, we may also carry out this processing because in that pre-contractual stage where we consider it is necessary in our legitimate business interests in order to deal with requests, enquiries or comments you have made to us.
- Submission of details to clients – if you register to apply for a particular role, request to be put forward for a role or if you have asked us to put you forward for suitable roles, we will share some of your personal details including your name, work history and qualifications with our clients offering potential roles which might be suitable for you.
- On-boarding for a work-assignment – If you are offered and accept a work assignment through us, we will need further personal information from you such as NI number, bank details, emergency contact details and some medical information in order to fulfil our statutory and contractual obligations to both you and our client.
- Reporting to clients and managing timesheets, payroll and work performance – We sometimes have to prepare reports for clients relating to the services provided by us for example reports on financial or administrative matters or compliance with legal requirements. Such reports may contain your personal information such as your name, hours worked and pay rate.
- Other lawfully permitted processing – We may also use any personal information that you provide to us for example to other companies within the At Your Service Group or to any other company who you ask us to approach on your behalf for work-searching purposes. If you choose not to provide personal information requested by us, we may not be able to provide you with
the services and/or information you have requested or otherwise fulfil the purpose(s) for which we have asked for the personal information, including placing you in a work-assignment. We will where possible anonymise or aggregate such data for reporting purposes.
- We undertake Pre-Assignment vetting – we collect your personal information which you provide to us when applying for a role or registering for our job-finding services to comply with our (and clients’) legal obligations regarding your right to work and any necessary qualifications for roles,. We may also process your personal information for this purpose where we consider it necessary for performance of the contract with you, or otherwise with your consent
We undertake the following processing of your personal information with your consent:
- Marketing – where legally permitted to do so where you have provided us with your contact details and have agreed to be contacted for marketing purposes, we may contact you by telephone or by post for marketing purposes relating to our services, our website, and/or to research opinion on proposed business developments. Your agreement to the use of your Personal Information for these purposes is optional (see Marketing Opt-out below) and if you fail to provide your agreement, your use of our work-finding services will not be affected.
2.50.6. Information from other sources
To comply with our legal and regulatory requirements to perform background checks (including right to work), we use data provided by third party agencies.
2.50.7. Sharing our data with third parties
Some services that we provide require the involvement of third parties. We have carefully selected these third parties and taken steps to ensure that your personal information is adequately protected. The third parties may include our clients, suppliers of IT services, third party time and attendance services or vetting
We may employ third party companies to process personal information provided by us on our behalf for business functions, including (without limitation) IT support, hosting our data on cloud platforms, legal, accounting, audit, consulting and other professional service providers, and providers of other services related to our business.
Portions of our services may be provided by organisations with which we have a contractual relationship, including subcontractors, and, accordingly, your Personal Information may be disclosed to them. We only provide these organisations with the information that they need to be able to perform their services.
We will have in place an agreement with our service providers which will restrict how they are able to process your Personal Information.
2.50.8. Transfers of data outside the European Economic Area (“EEA”)
Where your information is transferred outside the EEA to other countries in which applicable laws do not offer the same level of data privacy protection, your rights and protections remain with your data. We put measures in place to ensure that all transfers are managed lawfully.
2.50.9. Sharing with other third Parties
We may also provide your information to other third parties such as regulators and law enforcement agencies, where we are required by law to do so, where necessary for the purposes of preventing and detecting fraud, other criminal offences and/or to ensure network and information security.
2.50.10. How long do we keep your data for?
It is our objective to retain your personal information for the length of time required for the specific purpose or purposes for which it was collected, which are set out in this policy. However, on occasion we may be obliged to store some data for a longer time, for example, where a longer time period is required by applicable laws. In this case, we will ensure that your Personal Data will continue to be treated in accordance with this policy.
2.50.11. How secure is your personal information?
We employ appropriate security measures to help protect your personal information and guard against access by unauthorised persons. Information storage is on secure computers in a secure environment, or in secure, locked storage in the case of hard copy information. The information is encrypted wherever possible and we undergo periodic reviews of our security policies and procedures to ensure that our systems is secure and protected. However, the transmission of information via the Internet is not completely secure so we cannot guarantee the security of your information when it is transmitted to our website or from third party websites.
2.50.12. What are my personal information choices?
You can always request access to the personal information we hold about you and we will provide this to you subject to any regulatory requirements or exemptions. Before providing data to you, we will ask you for proof of identity and sufficient information about your interaction with us so that we can locate any
relevant data for you.
- You may request access to or copies of the personal information that we hold about you by emailing us at GDPR@ays.co.uk or contacting your investment manager.
- If you believe that any of the personal information we have about you is incorrect or incomplete, please contact us as soon as possible. We will take steps to seek to correct or update the information.
- You may request that your personal information be deleted however this may not always possible due to legal requirements and other obligations.
- Where we are processing your personal information for the purposes of performing our contract with you, you have the right to request that the personal information we hold about you be transferred to a third-party data controller.
- You may withdraw your consent to receiving marketing information at any time by emailing us at GDPR@ays.co.uk.
If you are unhappy with the way that we have handled your personal information, you can raise your concern to the Information Commissioners Office (ICO) in the UK (firstname.lastname@example.org). Or alternatively please ask us for assistance.
2.50.13. Contact us
2.50.14. General data protection regulations
The company complies with the European Union’s General Data Protection Regulations (GDPR) 2018 (Regulation (EU) 2016/679). For further information on the act please refer to:
This Policy will be regularly reviewed as the General Data Protection Regulation legislation is implemented.
We are committed to:
- ensuring that we comply with the six data protection principles, as listed below
- meeting our legal obligations as laid down by the European Union’s General Data Protection Regulation (GDPR) 2018 (Regulation (EU) 2016/679)
- ensuring that data is collected and used fairly and lawfully
- processing personal data only in order to meet our operational needs or fulfill legal requirements
- taking steps to ensure that personal data is up to date and accurate
- establishing appropriate retention periods for personal data
- ensuring that data subjects’ rights can be appropriately exercised
- providing adequate security measures to protect personal data
- ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
- ensuring that all staff are made aware of good practice in data protection
- providing adequate training for all staff responsible for personal data
- ensuring that everyone handling personal data knows where to find further guidance
- ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly
- regularly reviewing data protection procedures and guidelines within the organisation.
The General Data Protection Regulation (GDPR) 2018 (Regulation (EU) 2016/679) applies to the processing of personal data. The Authorisation to Work Procedure and application of the Baseline Personnel Security Standard involves processing of such data and At Your Service Event Staffing Ltd ensures that data is:
- “processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
At Your Service Event Staffing Ltd is entered in the register as a Data Controller with the Information Commissioners Office.
Staff may only work for the company provided they have been authorised to work. Please refer to our Authorisation to Work Procedure.
We understand that an individual’s refusal to undergo an essential check where there are no alternatives could lead to refusal of employment and that this is consistent with the General Data Protection Regulation (GDPR) 2018.
In such cases individuals will be made aware that it will not be possible for them to be Authorised to Work should they refuse. This is distinct from making a particular check of a condition of employment where it may not actually be necessary. All checks will be carried out uniformly on a non-discriminatory basis and privacy rights, where relevant, will be respected.
Decisions whether or not to employ an individual are not based solely on the terms of our adoption of BPSS. At Your Service has undertaken to make employees and prospective employees aware of requirement for BPSS checks in its job advertisements and in its employee information literature.
At Your Service Event Staffing Ltd does not currently require its employees to have submitted a Basic Disclosure Certificate.
2.50.15. Policy review responsibility
This policy is the responsibility of all staff employed within the Company. However, the updating of this document to ensure current legislation is complied with is the responsibility of the Board of Directors.
Further information can be obtained from the Office Manager.
Date approved: 9th April 2019
Policy review date: 8th April 2020
What are cookies?
Cookies are small text files which a website may put on your computer or mobile device when you first visit a site or page. The cookie will help the website, or another website, to recognise your device the next time you visit. Web beacons or other similar files can also do the same thing. We use the term “cookies” in this policy to refer to all files that collect information in this way. There are many functions cookies serve. For example, they can help us to remember your username and preferences or analyse how well our website is performing. Certain cookies contain personal information – for example, if you click to “remember me” when logging in, a cookie will store your username. Our cookies won’t collect information that identifies you, and will instead collect more general information such as how users arrive at and use our website, or a user’s general location.
What sort of cookies do we use?
Generally, our cookies perform up to three different functions:
1. Essential cookies
Some cookies are essential for the operation of our website. For example, some cookies allow us to identify registered users and ensure they can access their own private pages. If a registered user opts to disable these cookies, the user will not be able to access all of the content that a registration entitles them to.
2. Performance Cookies
We utilise other cookies to analyse how our visitors use our websites and to monitor website performance. This allows us to provide a high quality experience by customising our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages.
3. Functionality Cookies
We use functionality cookies to allow us to remember your preferences. For example, cookies save you the trouble of typing in your username every time you access the site. We also use functionality cookies to provide you with enhanced services e.g allowing you to watch a video online or add comments. We also use or allow third parties to serve cookies that fall into the three categories above. For
example, like many companies, we use Google Analytics to help us monitor our website traffic. We may also use third party cookies to help us with market research, revenue tracking, improving site functionality and monitoring compliance with our terms and conditions and copyright policy.
Can a website user block cookies?
As we’ve explained above, cookies help you to get the most out of our websites.
However, if you do wish to disable our cookies then please follow the instructions in the help section of your preferred browser. Please remember that if you do choose to disable cookies, you may find that certain sections of our website do not work properly.