This Policy reflects the requirements of the European Data Protection Regulation (“GDPR”) as it came into effect on May 25, 2018. This provides you with all the necessary information on the personal information Rixxo Limited holds on its job applicants, volunteers, temporary workers, subcontractors and employees.
Rixxo provides this information in pursuit of a transparent relationship with all people we work with and adhering to the values of the business.
Rixxo holds personal details on applicants, volunteers, temporary workers, subcontractors and employees; including name, address, personal and professional email addresses and contact numbers, as well as availability details, skills and work requirements. We also hold information on next of kin or emergency contacts as provided.
In addition to this we keep information that relates to pay, tax, pension, professional accreditations and performance related information.
Sensitive personal data, such as information in respect of criminal convictions, related to a protected characteristic or a health matter for example, must not be passed on to any third party without the express written consent of the individual.
The types of data held:
These details are processed for recruitment and payroll purposes and includes processing carried out on computer including any type of device, including server, desktop, laptop, tablet or any mobile device.
Personal data is only to be processed with the consent of the person whose data is held.
Therefore, if they have not consented to their personal details being passed to a third party, this may constitute a breach of the Data Protection Act 1998. By applying for a job and/or providing us with personal data, people will be giving their consent to processing their details for recruitment purposes. Personal data used for any other purpose requires the consent of the person(s). Personal data on candidates may be stored to allow Rixxo to notify people of future job openings.
Caution should be exercised before forwarding the personal details of any individuals on whom personal data is held, to any third party such as past, current or prospective employers, suppliers, customers and clients, persons making an enquiry or complaint and any other third party.
Rixxo holds a ‘Lawful Basis For Processing Personal and Sensitive’ as set out by the Information Commissioner’s Office (ICO) in relation to the GDPR regulations set out here.
Data is stored securely within Rixxo’s document storage systems, accounting and HR software.
Personal data is reviewed on a regular basis to ensure that it is accurate, relevant and up to date and Rixxo employees shall be responsible for doing this by logging into Rixxo’s HR software.
HMRC requires that payroll details are kept for three tax years and invoice related details for six tax years. Pension details are required to be stored for 75 years.
Rixxo is also required to maintain records in relation to grants funded by Government Organisations for a period of up to 40 years.
Rixxo holds information on organisations, including contact names, addresses and telephone numbers. It also stores details about temporary and permanent jobs for recruitment and invoicing purposes. As stated above, invoice details are kept for six years in compliance with our legal obligations.
We may have to share your data with third parties, including third-party service providers and other entities in the group.
We require third parties to respect the security of your data and to treat it in accordance with the law.
We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
We process your personal data involving transferring your data outside the European Economic Area (EEA) as some of our external third parties are based outside the EEA, so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
"Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group. The following activities are carried out by third-party service providers: IT services, such as Marvel Business Solutions Ltd extended payment plans, and payment processing providers, market research, product fulfilment and data analytics. The activities for which we use third-party service providers may change from time to time in order for us to meet the needs of the business.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may need to share details relevant to staff socials, events or similar, but will request permission before doing so. We may also need to share your personal information with a regulator or to otherwise comply with the law.
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us by emailing firstname.lastname@example.org.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.