Privacy Policy

Company Name:WPRG Limited  (“the Company”)
Policy Name:Privacy Policy
Date:October 2022
Version:2

WPRG Limited is committed to good practice, professionalism, and integrity in our recruitment business. We protect the privacy of our clients and candidates and treat all dealings with us in the strictest confidence, whether through our website, our mobile app, on the telephone or through one of our branches.

Candidates who submit their details via this site are assured that we only gather information necessary to aid the recruitment process and to understand the profile of our customers and web site users to monitor and improve our service. By registering your details on this site, you consent to us collecting personal information for the purpose of disclosing this information to potential employers and clients in our recruitment process. Or to contact you with marketing and job alerts. 

This privacy notice provides a framework of understanding about the personal data that are collected by WPRG Limited ("hereinafter called the Data Controller"), as required by law including the provisions of the European Union's General Data Protection Regulation (GDPR).

Data Controller

The Data Controller is WPRG Limited with the registered office in Unit 5 Drakes Courtyard, 291 Kilburn High Road, London, NW6 7JR, (Company Registration Number 04995550).

The personal data collected will be controlled and processed by the Data Controller. Additionally, personal data may be processed or jointly controlled by affiliates of the Data Controller.

This privacy notice applies to:

1.    our job candidates and recipients of our career services,

2.    our associates, who are people we source or place on assignment with one of our clients, or individuals to whom we provide outplacement or career transition services, and

3.    representatives of our business partners, clients and vendors.

This privacy notice does not apply to our head office and country-based staff employees, who are individuals employed by WPRG Limited and who work directly for WPRG Limited and not directly with a WPRG Limited clients.

The privacy notice describes the types of personal data or personal information we collect, how we use the information, how we process and protect the information we collect, for how long we store it, with whom we share it, to whom we transfer it and the rights that individuals can exercise regarding our use of their personal data. We also describe how you can contact us about our privacy practices and to exercise your rights. 

Privacy Notice

•    Information We Collect

•    How We Use the Information We Collect

•    Cookie Policy

•    Legitimate Interest

•    How We Process and Protect Personal Information

•    How long We Store the Information We Collect

•    Information We Share

•    Data Transfers

•    Your Rights and Choices

•    Updates to Our Privacy Notice

•    How to Contact Us

Information We Collect

We may collect personal data about you in variety of ways, such as through our job sites and social media channels; through phone; through job applications; in connection with in-person recruitment; or in connection with our interactions with clients and vendors. We may collect a selection of personal data dependant on the nature of the relationship, including, but not limited to (as permitted under local law):

•    contact information (such as name, postal address, email address and telephone number);

•    information you provide about friends or other people you would like us to contact. (The Controller assumes that the other person previously gave an authorisation for such communication); and

•    through the "Contact Us" feature on our Sites.

In addition, if you are an associate or job candidate, you apply for a position, we may collect the following types of personal data (as permitted under local law):

•    employment and education history;

•    language proficiencies and other work-related skills;

•    Social Security number, national identifier or other government-issued identification number;

•    date of birth;

•    gender;

•    bank account information;

•    payslips or invoice information;

•    citizenship and work authorisation status;

•    benefits information;

•    tax-related information;

•    Driving related documents, driving history, accident history and endorsements;

•    information provided by references; and

•    information contained in your resume or C.V., information you provide regarding your career interests, and other information about your qualifications for employment and where required by law and explicit consent has been provided by you:

•    disabilities and health-related information;

•    results of drug tests, criminal and other background checks.

•    Special categories of data, such as information about ethnic origin, sexual orientation or religion or belief in order to monitor diversity in recruitment

In addition, we may collect information you provide to us about other individuals, such as information related to emergency contacts.

All personal data such as name, address, email address, work history and education are gathered purely for this purpose and held on secure servers. In order to comply with The Conduct of Employment Agencies and Employment Businesses Regulations 2003, we are obliged to hold relevant data for a period of one year after its creation or one year after the date on which we last provided our services to our clients or candidates. After a period of non-usage, we will contact you and ask you if you want to keep your details on our database.

How We Use the Information We Collect

The Controller collects and uses the data gathered for the following purposes (as permitted under local law):

1.    providing workforce solutions and connecting people to work;

2.    creating and managing online accounts;

3.    processing payments;

4.    managing our client relationships;

5.    responding to individuals' inquiries and claims;

6.    operating, evaluating and improving our business (including developing, enhancing, analysing and improving our services; managing our communications; and performing accounting, auditing and other internal functions);

7.    protecting against, identifying and seeking to prevent fraud and other unlawful activity, claims and other liabilities; and

8.    complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies.

9.    where permitted under law and only if you have given your consent, to send alerts regarding available positions and other communications;

10.    where permitted under law and only if you have given your consent, to communicating about, and administering participation in, special events, promotions, programs, offers, surveys, contests and market research;

In addition to the activities listed above, if you are an associate or job candidate and you apply for a position, as permitted under local law, we use the information described in this privacy notice for the following purposes:

11.    providing you with job opportunities and work;

12.    providing HR services to you, including administration of benefit programs, payroll, performance management and disciplinary actions;

13.    providing additional services to you, such as training, career counselling and career transition services;

14.    assessing your suitability as a job candidate and your associate qualifications for positions; and

15.    performing data analytics, such as (i) analysing our job candidate and associate base; (ii) assessing individual performance and capabilities, including scoring on work-related skills; (iii) identifying skill shortages; (iv) using information to match individuals and potential opportunities, and (v) analysing pipeline data (trends regarding hiring practices).

All processing will be carried out based on adequate legal grounds which may fall into a number of categories, including:

1.    explicit consent from the data subject, where required by applicable law e.g. when you tick a box to receive email newsletters

2.    to ensure that we comply with a statutory or contractual requirement (e.g. our client may require your personal data), and/or a requirement necessary to enter into a contract. You are obliged to provide this data and if you do not, we will be unable to provide you with our services e.g. providing you with job opportunities or processing your personal data to ensure that your wages and taxes are paid.

3.    it is essential and necessary for the legitimate interest of the Data Controller e.g. letting the user access the website to be provided with the services offered. Please see our section on Legitimate Interests below to learn more about these interests and when we may process information in this way.

We also may use the information in other ways for which we provide specific notice at or prior to the time of collection.

Legitimate Interest

The Data Controller may process personal data for certain legitimate business purposes, which includes all of the following:

•    to provide a job seeking service;

•    where the process enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our clients, candidates and associates;

•    to identify and prevent fraud;

•    to enhance security of our network and information systems;

•    to better understand how people, interact with our websites;

•    for direct marketing purposes;

•    to provide postal communications to you which we think will be of interest to you;

•    to determine the effectiveness of promotional campaigns and advertising

Whenever we process data for these purposes, we will ensure that we keep your rights in high regard and take account of these rights. You have the right to object to such processing. Please bear in mind that if you exercise your right to object this may affect our ability to carry out and deliver services to you for your benefit.

How We Process and Protect Personal Information

We process the personal data we collect for the purposes defined in this notice and for a period only as long as is necessary for the purposes we collected it. Different laws may also require us to keep different data for different periods of time.

We maintain administrative, technical and physical safeguards designed to protect the personal data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. In order to ensure the appropriate security and confidentiality of the personal data, we apply to the following security measures:

•    Encryption of data in transit;

•    Strong user authentication controls;

•    Hardened network infrastructure;

•    Network monitoring solutions;

How long we Store the Data We Collect

We will keep your personal data for the time period necessary to achieve the purposes described in this Privacy Policy, taking into account applicable statute of limitation periods and records retention requirements under applicable law. Subject to applicable law, we will retain your personal data as required by the company to meet our business and compliance obligations, for example, to comply with our tax and accounting obligations.

We store in our systems the personal data we collect in a way that allows the identification of the data subjects for no longer than it is necessary in light of the purposes for which the data was collected, or for which that data is further processed.

We determine this specific period of time by taking into account:

•    The necessity to keep stored the personal data collected in order to offer services established with the user;

•    In order to safeguard a legitimate interest of the Data Controller as described in the purposes;

•    The existence of specific legal obligations that make the processing and related storage necessary for specific period of times;

Information We Share

We do not disclose personal data that we collect about you, except as described in this privacy notice or in separate notices provided in connection with particular activities. We may share your personal data (i) if you are a job candidate, with clients who may have job opportunities available or interest in placing our job candidates; and (ii) with others with whom we work, such as job placement consultants and subcontractors, to find you a job.

In addition, we may disclose personal data about you (i) if we are required to do so by law or legal process; (ii) to law enforcement authorities or other government officials based on a lawful disclosure request; and (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We also reserve the right to transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).

We use Facebook Audience Manager, to target you with advertising which we think is the most relevant to you from time to time. This feature allows us to target ads to you as part of a specific set of people, based on your preferences. To target similar people to you (lookalikes) we will share with Facebook your name, address, email address and telephone number. You can manage your privacy settings in the privacy tab of your account(s) with such third parties. You can find further details on Facebook Audience Manager description and privacy policy.

Data Transfers

Currently we only work with 1 client based in Italy and outside of the country in which the information originally was collected. If this changes in the future we will immediately advise you, please bear in mind you have the right to object to such processing, we will also update all policies and notices to reflect the change.

Your Rights as Data Subject

When permitted by applicable law, a data subject can exercise under Articles 15 to 22 of the GDPR the following specific rights:

1.    Right of access: A data subject has the right to access their personal data concerning which in order to verify that their personal data is processed in accordance to the law. 

2.    Right to rectification: A data subject has the right to request the rectification of any inaccurate or incomplete data held about them, in order to protect the accuracy of such information and to adapt it to the data processing.

3.    Right to erasure: A data subject has the right to request that the Data Controller erases information about them and to no longer process that data. 

4.    Right to restriction of processing: A data subject has the right to request that the Data Controller restricts the processing of their data.

5.    Right to data portability: The data subject has the right to request the data portability meaning that the data subject can receive the originally provided personal data in a structured and commonly used format or that the data subject can request the transfer of the data to another Data Controller.

6.    Right to object: The data subject who provide a Data Controller with personal data has the right to object, at any time to the data processing on a number of grounds as set out under GDPR without needing to justify their decision.

7.    Right not to be subject of automated individual decision-making: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, if such profiling produces a legal effect concerning the data subject or similarly significantly affects them.

8.    Right to lodge a complaint with a supervisory authority: Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of their habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes GDPR.

You may instruct us to provide you with any personal information we hold about you (Subject Access Request); provision of such information will be subject to:

•    Your request not being found to be unfounded or excessive, in which case a charge may apply; and

•    The supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

Whenever the processing is based on the consent, as under art.7 of the GDPR, the data subject may withdraw their consent at any time. There may be circumstances where we will still need to process your data for legal or official reasons. We will inform you if this is the case. Where this is the case, we will restrict the data to only what is necessary for the purpose of meeting those specific requirements.

If you believe that any of your data that we process is incorrect or incomplete, please contact us and we will take reasonable steps to check its accuracy and correct it where necessary.

If you require more information about the processing of your personal data, please refer to the How to Contact Us section below.

Updates to Our Privacy Notice

This privacy notice may be updated periodically to reflect changes in our privacy practices and legal updates. For significant changes, we will notify you by posting a prominent notice on our Sites indicating at the top of each Notice when it was most recently updated.