The Citation Group understand that your privacy and the security of your Personal Data is extremely important. This notice gives you information about what we do with your Personal Data, how we manage it, what we do to keep it secure, and the importance data protection plays in how we operate, as well as your rights in relation to the Personal Data we hold about you.
As a UK based business our handling of your information is controlled by the UK Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (known as UK GDPR). We take great care to protect your Personal Data or anything which might identify you personally such as:
Our data protection approach is supported from the top of the business and is a core competence of how we operate, which we continually strive to improve.
When we say ‘we’ or ‘us’ in this notice, we are referring to the companies that make up the Citation Group. A list of our Group Companies can be found at the end of this notice.
For the purposes of this notice, we are the data controller unless it has been specifically noted otherwise.
This notice relates to the collection and processing of Personal Data for the Citation Group as a data Controller. It does not cover processing we do in relation to the service we provide to our clients as a data processor.
If you are an individual using one of our screening services please refer to our applicant Privacy Notice available here.
This notice applies to the processing of Personal Data collected by us:
Where we use social media or where you click a social media icon on our websites, be aware that these companies are independent to us, they manage their own affairs, and they will be a data controller in their own right. If you have any questions pertaining to how they process your Personal Data, you should review their privacy notices which will be available on their websites.
Finally, our websites may contain links to other websites for your ease and convenience, we are not responsible for them, or how they operate or their security provision.
We may also receive Personal Data from other sources; this includes third parties we purchase data from and is used to help us grow our business. This could include a greater degree of personalisation. Additionally, we may combine these records with other publicly available information to ensure that our records are accurate and up to date.
We may also share information across the Citation Group in order to provide a greater level of service, improve our products and to offer additional services from across the Group.
Typically, the Personal Data we get from third parties includes name, phone number, email address, job title, social media handles and contact preferences.
When you access our websites or use our online platforms, we may use tools such as cookies, beacons, and similar technologies to automatically collect information which may contain Personal Data from your device and usage of our sites and services. The nature of what these tools collect differ between websites but still fall into similar categories. This information may include IP address, application or system identification number, browser you are using, pages you have searched, files you have looked at and actions you have taken including when those actions were taken.
We use this information to help us improve our service and your experience; to improve how you and others view the sites, and to improve functionality, engagement, and performance. This helps us identify opportunities to develop our services further, our compliance with applicable usage terms and for overall security of Citation products, services, and applications. It will be used primarily to identify the uniqueness of each user for security and identification purposes, and to understand which of our generic advertising channels are the most effective.
For further information regarding cookies and other similar technologies please see our Cookies Policy.
Our websites use social media icons such as Facebook and Twitter icons and other social sharing widgets. By using these features, you will be connecting to and sharing information from your browsing session with these organisations. If you are logged into your social media account, it is also possible that they will connect your activity on our site to your social media account.
This is also the case if you access our social media pages on a social media platform. The respective social media company may add your interaction to any information they may already have about you or your interests.
In all cases, in that transfer of data the social media provider is a data controller and are responsible for what they do with your Personal Data. For further information please review the social media providers privacy notices.
We collect and process Personal Data for the following purposes and with the following legal bases engaged:
We may share your Personal Data in the following circumstances:
• To any other person with your consent to the disclosure.
Finally, we may share anonymised or aggregated data gathered in the normal course of the administration and good running of our business with third parties or service providers to enable greater analysis, improvements, industry or service-related trends to be identified and action taken accordingly.
We retain your data for as long as necessary to fulfil the purpose for its collection and processing. In some instances, this may be a set period of time, for instance, as an unsuccessful job applicant we may retain your records for 12 months once the process has concluded. In other instances, and especially where there is a legal obligation to retain your information for a certain period of time, we will do so to comply with the legal requirement; this is typically 6 years.
Once your data is no longer required it will be deleted or, if it is technically not possible to delete, we shall ensure sufficient controls are in place to put it beyond future use.
Our data is typically hosted In the UK and other parts of the EEA, there are however some of our contracted technical service providers that process data in other parts of the world. Where these transfers and any other transfer that may occur in the future are concerned, we ensure that there is a legal bases for the transfer and a lawful transfer mechanism in place prior to any transfer.
Any such transfers are currently done using either a transfer to a country with an adequacy ruling, using European Commission Standard Contractual Terms addendum or International Data Transfer Agreement along with a completed Transfer Risk Assessment.
Under data protection legislation, you have rights as an individual in respect of the Personal Data we hold about you – these are set out in more detail below. If you wish to exercise any of these rights, you can do so by contacting the Data Protection Officer at DPO@citation.co.uk. Please note that you will need to provide us with evidence of your identity for us to complete your request.
These rights include:
We take every reasonable, proportionate and commercially viable precaution to protect personal and commercial data. These are organisational, technical, and physical measures to protect against unlawful or accidental access, disclosure, loss, or alteration.
Whilst we take a robust stance to security, no method of storage and transmission is 100% secure and, in some instances, out of our control. For that reason, you are entirely responsible for password security, controlling access to your devices and accounts, access to your environment in our platforms, signing out and closing down web sessions once completed.
We try to meet the highest standards when collecting and using Personal Data. For this reason, we take any complaints we receive very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It may not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below: –
Data Protection Team
Or you can email us at DPO@citation.co.uk
If you would like to make a complaint about the way we have processed your Personal Data, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns
It is worth noting that the ICO expects an individual to address any complaints with the organisation before contacting the regulator.
We keep our Privacy Notice under regular review and would encourage you to also review this notice regularly. This Privacy Notice was last updated on 11th of April 2023.
Get more information
Our team of of HR experts are all highly qualified, so you can trus you’re always getting trustworthy advice and insights.
Plus, you’ll be covered by our advice guarantee for the duration of your contract.
From care to construction and nurseries to manufacturing, we’ve worked in all sectors, helping futureproof businesses with proactive compliance for over 25 years.
Our human resources consultants work up and down the country. Wherever you are, you’re never far from help and there’s always someone who can help.