At Staff Heroes, we respect your privacy and are committed to protecting your personal data. This privacy notice tells you about how we look after your personal data when you visit our website or use our app or otherwise communicate with us and it tells you about your privacy rights and how the law protects you.
This privacy notice aims to give you information on how Staff Heroes collects and processes your personal data through your use of our website and app or otherwise when you communicate or interact with us.
This website is not intended for children and we do not knowingly collect data relating to children.
PLEASE READ THIS POLICY CAREFULLY BEFORE USING STAFF HEROES LTD’s SERVICES
Protecting your data, privacy and personal information is very important to Staff Heroes Ltd (“Staff Heroes”, “our”, “us” or “we”).
When visiting Staff Heroes’ website at https://www.staffheroes.co.uk/ or any of its affiliated websites from time to time (our “Website”), using our application: “Staff Heroes” (our “App”) or using any of the services offered via the Website or the App (the “Services”), you acknowledge, and where applicable consent to, the practices described in this policy.
Our Website contains links to third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
Staff Heroes Ltd is the controller and responsible for the Website.
Information we may collect
Where you are an employee (a “Hero” or collectively, “Heroes”) or an employer (“Employer”), we may collect and process the following data about you:
Information that you provide to us. You will be asked to provide us with your information when you:
– fill in forms on our Website, App or correspond with us by phone, email or otherwise;
– register to use our Services;
– use the Services;
You must have obtained clear permission from the individuals whose data you provide us with before sharing that data with us.
As a Hero, the information you will be asked to provide to us for these purposes may include your name, address, date of birth, email address, phone number, national insurance number, nationality, employment history, student loan details, bank name and sort code, employment references, student loan details, bank name and sort code.
As an Employer, the information you will be asked to provide to us for these purposes may include your business contact name, business name, business type and size, business contacts position in the business, contact phone number, trading address, credit card details (only applicable for credit card payment customers), information relating to the job e.g. dress code, address, duties and shift manager.
Information we collect about you.
With regard to your use of the Service as a Hero or an Employer, we may collect information including (but not limited to) the date on which you signed up to the Service, date you last viewed the Website or App, the number of jobs taken using our Service or number of job seekers you have taken on using our Service, your average rating as determined by Employers or Heroes, date your profile was deactivated, email interactions on the Website or App or otherwise in respect of the Services;
With regard to each of your visits to our Website or App we may automatically collect the following information:
-device-specific information, such as your hardware model, operating system version, unique device identifiers, and mobile network information;
-technical information about your computer, including where available, your IP address, login data e.g. username and password, operating system and browser type for system administration and analytical purposes; and
– details of your visits to our Website, the App, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website, App (including date and time), length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs),
Information we receive from other sources. When using our Services, we will be in contact with third parties who may provide us with certain information about you in order to enable your use of the Services. This includes (but is not limited to) information from your referees, Job Board, Experian, HMRC, councils and governmental departments, and the UK Government Disclosure and Barring Service.
Information we may collect about others. We may collect and process data about others that you provide us with, including (but not limited to) information that you provide by filling in forms on our Website or App, or that you provide to us by email. This information might include, but is not limited to, opinions, ratings and reviews you provide us with on other users you have interacted with, whether Heroes or Employers.
How we use your information and justification of use.
Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information:
– Consent: where you have consented to our use of your information (you are providing explicit, informed, freely given consent, in relation to any such use and may withdraw your consent in the circumstance detailed below by notifying us);
– Contract performance: where your information is necessary to enter into or perform our contract with you;
– Legal obligation: where we need to use your information to comply with our legal obligations;
– Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights; and
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you or a third party.
We use information held about you (and information about others that you have provided us with) in the following ways:
APPLICABLE TO ALL USERS
APPLICABLE TO HEROES
Staff Heroes and each Employer act as a data controller in their own right, which means both independently determine the purpose and means of processing the personal data of the relevant job seeker. Where an Employer receives personal data relating to a job seeker it will be responsible for how it processes personal data.
APPLICABLE TO EMPLOYERS
We will not sell your personal data (or any other data you provide us with) to third-parties; however, we reserve the right to share any data which has been anonymised and/or aggregated. You acknowledge and accept that we own all right, title and interest in and to any derived data or aggregated and/or anonymised data collected or created by us.
We may use information for marketing products and services to you in the following ways:
We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us.
Disclosure of your information
We may disclose your personal information to insurers, pension providers, our service providers and business partners, including Airtable, Zapier, Mailparser, Gmail, Job Board, Intercom, Chaser, Tax Agility, Experian, Stripe, Xero, Twilio, Signable, Txtlocal, DropBox, Portico, Recruitee our network of Employers and third party employers (with your consent) (to assist us in performing any contract we enter into with them or you, including providing the Website, App and the Services it enables), analytics providers, (to assist us in the improvement and optimisation of the Website and App) and/or a member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
In addition, we may also disclose your personal information to third parties in the following circumstances:
Security over the internet
No data transmission over the internet can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
Sensitive information between your browser and our Website and App is transferred in encrypted form using secure socket layer (“SSL”) or equivalent cryptographic protocols using certificates issued by a trusted third party authority.
All information you provide to us is stored on our or our subcontractors’ secure servers, and accessed and used subject to our security policies and standards.
We use hosted servers (such as Amazon Web Services) in the course of our business, including for the permission of marketing and sales activity. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential, ensuring it is secure and strong, and for complying with any other security procedures that we notify you of. We ask you not to share your password with anyone.
Exports outside the EEA
Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the European Economic Area (EEA) in which data protection laws may be of a lower standard than in the EEA. Regardless of location or whether the person is an employee or contractor, we will impose the same data protection safeguards that we deploy inside the EEA.
Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals, we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient, unless we are permitted under applicable data protection law to make such transfers without such formalities.
How long we retain your personal data
We will hold the above information for as long as is necessary in order to conduct the processing detailed in the table above, deal with any specific issues that may raise, or otherwise as is required by law or any relevant regulatory body.
Once your account is terminated or deactivated, we shall delete the personal data relating to your account within Staff Heroes. Some personal data may need to be retained for longer than this to ensure Staff Heroes can comply with applicable laws and internal compliance procedures, including retaining your email address for marketing communication suppression if you have opted not to receive any further marketing.
If information is used for two purposes, we will retain it until the purpose with the latest period expires but we will stop using it for the purpose with a shorter period when that period expires.
We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Under the General Data Protection Regulation (EU) 2016/679, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at firstname.lastname@example.org.
In certain circumstances, you have the following rights in relation to your personal data:
Staff Heroes will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use Staff Heroes’ Services, or at least those aspects of the Services which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Services.
Where you request Staff Heroes to rectify or erase your personal data or restrict any processing of such personal data, Staff Heroes may notify third parties to whom such personal data has been disclosed of such request. However, such third party may have the right to retain and continue to process such personal data in its own right.
Changes to this policy
For the purpose of the relevant data protection legislation, the data controller is Staff Heroes Ltd. (company no 09916375), with registered address at Vox Studios, 1 – 45 Durham Street, London, England, SE11 5JH.
Our data protection officer is Laurent Gibb