Company Name: Flourish Education Ltd
Flourish Education is a recruitment business which provides work-finding services to its clients and work-seekers. We specialise in the educator sector, working with schools, colleges and nurseries to supply teachers and non- teaching staff. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.
The data controller of this website is Flourish Education Ltd. The registered office and operating office address is Seven House, 18 High Street, Longbridge, Birmingham, B31 2UQ
Data Protection Officer
The Data Protection Officer is:
Mr Grant Taylor
Director of Flourish Education
Tel: +44 121 423 3557
Where we got your information
You may give your personal details to us directly, such as on application or registration forms or via our website (we collect information from our users at several different points on our website.) or we may have sourced your personal data/sensitive personal data by the following means:
This information came from a publicly accessible source. The Company is the sole owner of the information collected on this site. We will not sell or rent personal data to others - your details will not be passed onto third party companies for marketing purposes.
What we need and why we need it
The Company must have a legal basis for processing your personal data. This is for the purposes of providing work-finding services to candidates (temporary, long-term, permanent and day-to-day) and recruitment services to clients and/or information relating to relevant roles or suitable candidates. We will only use your personal data in accordance with the terms of the following statement:
We request information from you either face to face or via our online registration and contact forms. As a candidate you must provide personal data, contact details and information regarding the type of work you are seeking; your skills, qualifications and experience. As a client you must provide personal data, contact details and information regarding role descriptions and candidate specifications. This information is used to communicate with you as part of our business and enable us to provide you with work-finding or recruitment services. If we have trouble processing your application or enquiry, this contact information is used to get in touch with you. The Company does not use this information for any other purpose.
1. Collection and use of personal data
a. Purpose of processing and legal basis
The Company has collected your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with work-finding or recruitment services. The legal bases we rely upon to offer these services to you are:
We may use personal data to do some or all of the following:
Flourish Education may make personal data available to our service providers and data processors.This includes external third-party service providers, such as accountancy and payroll software, IT systems and support - Technical Drive. Personal data is securely stored both on our CMS (content management system) which has web support and hosting provided by - ScorchSoft; and within our document and recruitment management system (securely stored on our internal servers) - MatchMaker.
Candidate personal data is shared (with your consent) with potential employers in order to arrange interviews and secure a placement. Your personal data is required by law and/or a contractual requirement (e.g. our client may require this personal data), and/or a requirement necessary to enter into an employment contract. You are obliged to provide the personal data and if you do not the consequences of failure to provide the data may/can lead to a termination of contract.
The Company does not transfer information you provide to us to countries outside the European Economic Area (“EEA”) for the purposes of providing you with work-finding services. We will take steps to ensure protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
How long we hold your data
Your personal data is stored securely and protected on our secure internal servers and private third party hosting provider.The Company will retain your personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least 2 years from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.
We must also keep your payroll records, holiday pay, sick pay and pension’s auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
Where the Company has obtained your consent to process your personal and sensitive personal data such as name, email, contact number, address, DBS, ethnicity, medical history, we will do so in line with our retention policy. Upon expiry of that period the Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal data and sensitive personal data.
When candidates register online; create an account and log-in to their 'Candidate Login' area, it is protected by their password and may only be accessed by them. They can manage the content and information in the Account at any time, by logging in to the 'Candidate Login'.
When clients are provided with an online account and log-in to their 'School Login' area, it is protected by their password and may only be accessed by them. They can manage the content and information in the Account at any time, by logging in to the 'School Login'.
Please be aware that you have the following data protection rights:
The right to be informed – of how and why your personal data is being used - typically through a privacy notice
The right of access to your personal data. If a person asks for this, they cannot be charged for it
The right to rectification - if your personal data is inaccurate or incomplete
The right to erasure – i.e. to request the deletion or removal of personal data in certain circumstances
The right to restrict processing – e.g. to prevent the data from being processed if it is inaccurate and in certain other circumstances
The right to data portability – which allows an individual to move, copy or transfer personal data easily from one IT environment to another
The right to object –e.g. an individual can stop the processing of their personal data for direct marketing purposes
Related to automated decision making and profiling – this right provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention
Where you have consented to the Company processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by contacting the company. We have data withdrawal forms that we ask you complete so we can keep accurate records of this. All records must go through the Data Protection officer (DPO) to ensure that the record keeping is accurate.
You may withdraw consent and opt out from any employment or promotional information that we may send to you by using the unsubscribe function at the bottom of an email or contacting us on the Contact Page of our website. Any further queries should be directed through our contact form. We don’t penalise individuals who wish to withdraw consent.
Concerns or Complaints
If you wish to complain about this privacy notice or any of the procedures set out in it please contact: Emma Vincent, Compliance Administrator E:email@example.com T:01214243557
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site - view our Cookies Policy.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. Please note that in a few cases some of our website features may not function if you remove cookies from your browser.
We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
We may share aggregated demographic information with our clients. This is not linked to any personal information that can identify any individual person.
Outgoing External Links
This website contains links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. We encourage you to be aware of this when you leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website.
Flourish Education takes every precaution to protect our users’ information. The Company has achieved Cyber Essentials certification.
Office Firewalls and Internet Gateways
We have firewalls at the boundary between our internal networks and the internet. There is a firewall device on the network that is in place. All passwords on all our internet routers or hardware firewall devices are at least 8 characters in length and difficult to guess.
We have disabled all the software that we do not use on our laptops, computers, servers, tablets and mobile phones. All laptops, computers, servers, tablets and mobile devices only contain necessary user accounts that are regularly used in the course of our business. Administrators use passwords of at least 8 characters - typically is a mixture of numbers and symbols, the longer the better."auto-run" or "auto-play" disabled on all of our systems.
All operating systems and firmware on our devices is supported by a supplier that produces regular fixes for any security problems. All software licensed in accordance with the publisher’s recommendations. High risk or critical security updates for operating systems and firmware installed within 14 days of release. Any applications on our devices that are no longer supported and no longer receive regular fixes for security problems are removed.
Users only provided with user accounts after a process has been followed to approve their creation. Users can only access laptops, computers and servers in our organisation (and the applications they contain) by entering a unique user name and password.
We ensure that staff members only have the privileges that they need to do their current job. When a staff member changes job role we also change their access privileges. When an individual staff member leaves our organisation, we stop them accessing any of our systems by changing or removing their passwords.
We have a formal process for giving someone access to systems at an “administrator” level. We ensure that administrator accounts are not used for accessing email or web browsing. We review who should have administrative access on a regular basis.
All of our computers, laptops, tablets and mobile phones protected from malware by having anti-malware software installed. It is installed on the server and updates daily. Anti-malware software is it set to scan visited web pages and warn about accessing malicious websites.
We will report any unlawful data breach of any information we hold, or if any of our third party data processors inform us of issues, we will also report this to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen.
The Company uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure and for this reason the Company cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet. If you have any questions about the security at our website, you can send an email to James Hancocks, Marketing Manager: James@flourisheducation.co.uk