Being transparent and providing accessible information to individuals about how we will collect, use, retail and disclose their personal data is important for our organisation. The following are details on how we collect data and what we may do with it. In providing our business services, we will be acting as a data processor, and not a data controller under data protection law in the UK and we provide the information in this privacy notice as best practice. The terms under which we operate as a data processor are as set out in our Service Level Agreement with our Recruitment Agencies. Such Service Level Agreement may be amended from time to time to comply with applicable laws.
Using Your Personal Information
Who is collecting your information?
This privacy notice explains how Total Back Office Solutions Ltd (TBOS) (We, Us, the Company), together with TBOS Contracting Solutions Ltd, uses personal information in order to carry out our business services.
Why has your information been collected?
We collect information from Recruitment Agencies who have engaged our services in order to provide the services outlined in the applicable Service Level Agreement.
How is your information collected?
Recruitment Agencies will provide us with information about their Agency and internal staff as well as necessary information about Temporary Workers, Permanent Workers and Clients so that we may carry out back office services for them on their written documented instructions and in our capacity as a data processor.
How will we use the information about you?
Personal information supplied to us by Recruitment Agencies may be used in a number of ways. For example to:
- Pay Temporary Workers for their time worked
- Invoice their Clients for Temporary and Permanent placements
- Chase their Clients for payment of these invoices,
- Complete bookkeeping in respect of invoices,
- Process payments to suppliers,
- Complete Management Reporting for the Recruitment Agency (including VAT returns, PAYE Year End paperwork, Year End Accounts, Corporation Tax calculations).
There are a number of additional services that we provide to Recruitment Agencies which may involve using your personal information, including:
- Running staff payroll,
- Arranging invoice finance,
- Form Recruitment Agencies,
- Prepare, amend and review contracts,
- Prepare additional forecasts and analysis within Management Accounts,
- Set up Pension auto-enrolment,
- Applications for foreign tax,
- Acting as Registered Office
- Share changes
Who will we share your information with?
We may process information provided by Recruitment Agencies that can be linked to specific individuals (personal data). We process such information in our capacity as a data processor on behalf of Recruitment Agencies.
We will not use, disclose, or transfer across borders any information provided that may identify an individual, except to the extent necessary to perform the contracted services, to help prevent fraud, or if required to do so by law (for example for HMRC) or in connection with a merger, acquisition or sale (including any transfers made as part of insolvency or bankruptcy proceedings) involving the Company or as party of a corporate reorganisation, stock or asset sale or other change in corporate control. We may also need to share your personal information with a regulator or to otherwise comply with the law.
What is the legal basis for the processing?
The information that we process will be processed in order to fulfil our contract with the Recruitment Agencies we cater for. This will include some personal data.
Although we do not currently do so, we may in future from time to time process data for purposes which require consent from the data subjects. In this event, we will ensure that explicit consent has been freely given by the data subject signing our consent form. These tasks will only be carried out where explicit consent has been freely given. If your consent is needed, we will contact you directly and explain your options.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How can I stop TBOS processing my data?
TBOS currently operates on the basis that it processes personal information in its capacity as a data processor and on the instructions of the data controller. TBOS may decide in the future to process personal data as a data controller and if it does so it may seek your consent to do so depending on the purposes for which the data is collected. If it does so, at any time after consent has been given, the data subject has every right to withdraw their consent. In order to do this an email should be sent to firstname.lastname@example.org outlining the wish to withdraw consent. After this time, your data will not be used for activities for which consent is required.
Where consent is withdrawn, we may still need to process your data in order to meet our contractual and legal obligations.
Details of transfers to third country and safeguards
We will not transfer across borders any information provided that may identify an individual, except to the extent necessary to perform the contracted services.
In any event, transfers will only take place where there has been an adequate level of protection put in place.
Transfers of data will only occur to countries who have met the required adequacy criteria as determined by the EU Commission. Alternatively, a transfer may take place where the appropriate safeguards are in place such as; a legally binding and enforceable instrument between public authorities or bodies, binding corporate rules in accordance with the GPR, standard data protection clauses adopted by the Commission, or approved codes of conduct.
Identity and contact details of the Data Protection Officer
We are not required to have an internal Data Protection Officer, however for queries regarding our Data Protection Policies or procedures please contact us in one of the following ways:
Address: 1 Waterside, Station Road, Harpenden, Hertfordshire, AL5 4US
Tel: 0345 504 6333
How long will be keep your data for?
Data, including personal data and confidential information, shall be retained for a period of 6 years following the expiration of the contractual relationship or last contact on file.
This retention period may vary where required by the relevant anti-money laundering regulations or any other applicable laws or regulations.
What are your rights concerning your data?
You have the right to request a copy of the information that we hold about you from the data controller of your personal data. If you are uncertain who the data controller is of your personal data, please email or write to TBOS at the contact details above.
We want to make sure that your personal information is accurate and up to date and will seek to ensure to do so in our capacity as a data processor on behalf of the applicable data controller of your personal information. You may ask us on behalf of the applicable data controller to correct or remove information you think is inaccurate. If you would like us to correct or remove some or all of your information on behalf of the applicable data controller, please email or write to TBOS at the contact details above and we will in turn liaise with the data controller of your personal information to check its accuracy and correct it where necessary.
Any data subject has the right to object or demand that the processing of their personal data be stopped by making a request to the applicable data controller. If you are uncertain who the data controller is in respect of your personal information, please email or write to TBOS at the contact details above.
All requests for the above must be submitted in writing.
What if I have a complaint about the way my data has been handled?
Individuals have the right to lodge a complaint with the relevant supervisory authority where their data has been processed in a way that does not comply with the GDPR. The supervisory authority is required to inform the individual of the progress of their complaint.
Where the relevant supervisory finds that the individual has suffered material or non-material damage, that individual has the right to compensation from the controller of that data or the processor of that data depending on the nature and circumstances of the breach.
Where the relevant supervisory authority fails to deal with the complaint properly, the individual has the right to an effective judicial remedy against the supervisory authority.
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
Details of any automated decision making, including the logic used and potential consequences for the individual.
We do not partake in any means of automated decision making.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information
For further information on how your information is used, how we maintain the security of your information, and your rights to access information we hold on you, please contact:
Total Back Office Solutions Limited (TBOS)
1 Waterside, Station Road
Hertfordshire AL5 4US
Tel: 0345 504 6333