Data Protection Policy
We're committed to protecting the rights and privacy of your data. Here's how we're handling EU privacy laws, data security practices, and changes to the legal and technological landscape.
Data Protection Policy
25 March 2019
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Davis Nolan Ltd. t/a Next Generation has been compliant with the GDPR as a data controller and processor since it took effect on 25th May 2018.
Please note that we may amend this policy on a regular basis. Please visit this page to keep up to date.
1°) Who is responsible for Data Protection?
Maura O'Hea
mydata@nextgeneration.ie
+353 (1) 6629120
2°) Why do we keep your data?
Davis Nolan Ltd. t/a Next Generation only collect personal information for the purpose of recruitment; that is to provide the best possible employment opportunities for you. We need your contact details to interview you and to get in touch with you during the recruitment process. We also need to know about your education, experience and skills to assess your suitability during the recruitment process. We may also collect any other details that are relevant to the recruitment process.
3°) What personal data do we keep about you?
Your name, contact details, CV, social profile, cover letter, psychometric assessments, referees’ details, Immigration status (whether you need a work permit), extra information that you choose to tell us, details about your current remuneration and benefits and all the elements needed to process your job application. The emails we exchange throughout the process, interview notes and call recordings are also processed (all of our calls are recorded for training, monitoring and compliance purpose).
4°) Who do we share these data with?
Davis Nolan Ltd. t/a Next Generation is an international organisation; this is what enables us to offer the level of services that we do. In order for us to continue operating in this way, we need to transfer or store your data internationally between our entities. These data are accessible by Davis Nolan Ltd. t/a Next Generation’s staff. For the purpose of the recruitment process, we will share your CV with specific clients. We will never share your CV with anyone outside of our organisation without your express written permission. Should a specific client process their data outside of the EEA, we will request your written permission for that specific transfer.
When we share your data with one of our specified clients, we both become controllers of your data.
5°) Where did we find your data?
You applied through our website or directly to us by email. We have our own Talent Community that you can join; we use multiple job boards and CV databases to find candidates; we also use social networks and community websites to look for the right talent, and when needed we cross-reference all these platforms. We comply with all our legal obligations when searching candidates through these platforms.
6°) Where is your data stored and processed?
We use multiple cloud-based systems to carry out our various recruitment tasks.
When you apply or register through this website, your data are stored through the Volcanic.co.uk platform; they store your data on secure servers in the European Economic Area (EEA) (except for data that we gather when you sign up to our email alerts) - see details here. We use an Applicant Tracking System; this is where your data is stored. In practice, their servers are based in the UK. We also use a separate system for internal statistics purpose; their servers are based in the US and they have committed to being compliant with the GDPR requirement.
We use a VoIP phone provider; all our calls are recorded for training, monitoring and compliance purpose. Their servers are AWS in London, UK.
We use Microsoft 365 as email provider; this is a cloud-based application, and Microsoft provides a double layer of encryption.
If you have subscribed to our monthly newsletter, your data are stored through the Volcanic.co.uk platform and then process through MailChimp (view their privacy policy here). You can unsubscribe at any time by clicking on the unsubscribe link or by contacting us through mydata@nextgeneration.ie
7°) How long do we keep your data?
We keep your data for 24 months from your last interaction with us or through us, or until you tell us to delete your data, whichever is the shortest.
If you have joined our Talent Community, we keep your CV for 24 months, or until you tell us to delete your data, whichever is the shortest. If you’re in the Talent Community and we’ve contacted you about a job, then the retention period starts from our last interaction.
If you’re hired as a daily rate contractor, a PAYE contractor through us, or a Davis Nolan Ltd. t/a Next Generation employee then the legal retention periods apply.
8°) How do we protect your data?
Candidates’ data is extremely important to us as a business. We endeavour to treat your data the same way we would like ours processed. From Day 1, our employees are made aware of data protection and their responsibilities, and regular refresher training is carried out throughout the year.
We endeavour to only use software and systems that have committed to be GDPR compliant.
Our passwords are reset automatically every 90 days and we have systems in place to detect unusual behaviours that could lead to a potential data breach. We also have a number of procedures that restrict remote accessibility of data.
All of our systems’ providers have committed to being GDPR compliant and offer various level of encryption and pseudonymisation.
9°) Under the GDPR you have the right to:
Be informed
Access the data we hold about you
Restrict the processing of your data
Rectify the data we hold about you
Erasure (right to be forgotten)
Data portability
Object to the use of your data
Automated decision-making and profiling
8°) How can you exercise your rights as a Data Subject?
Email our Data Protection Champion, Maura O'Hea at mydata@nextgeneration.ie or +353 (1) 6629120 with the right you wish to exercise in the subject line.
Please be aware that you may be asked for a proof of identity, which will not be kept after processing your request. We may also need to ask for more information about your request to process it. This is to protect your data and ensure that we are not releasing/amending or deleting them on false premises.
Under the GDPR we have 30 days to comply with your request unless we have a legal obligation preventing us to do so; in which case we will share that reason with you.
10°) I have a question that is not covered in this document:
Please contact our Data Protection Champion, Maura O'Hea at mydata@nextgeneration.ie or +353 (1) 6629120.
11°) What data do you collect when I visit your site?
When you access our website, we will also collect certain data from you. If you would like more information about this, please click here to view our Website Privacy & Cookies Policy.
CLIENT DATA:
The data we collect about our Clients is very limited. We only need to have your contact details or the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses) to ensure that our relationship runs smoothly. We also hold information relating to your engagement with Candidate profiles. We may also hold extra information that someone in your organisation has chosen to tell us.
All of our calls inbound and outbound are recorded for training, monitoring and compliance purpose.
When you access our website, we will also collect certain data from you. If you would like more information about this, please click here to view our Website Privacy & Cookies Policy.
SUPPLIER DATA:
We collect very little data about our Suppliers. We'll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We'll also collect company bank details so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.
All of our calls inbound and outbound are recorded for training, monitoring and compliance purpose.
When you access our website, we will also collect certain data from you. If you would like more information about this, please click here to view our Website Privacy & Cookies Policy.
