top of page

ROCOCOMO

PRIVACY NOTICE, 2022

R

Privacy Notice, Introduction

In accordance with the General Data Protection Regulation (EU) 2016/679, this document is Rococomo Limited’s privacy notice, which explains how Rococomo collects and uses your personal data when you engage with us as a candidate in your job search and career management.  

 

For the purposes of simplicity, “we” and “us” refers throughout to Rococomo Limited, and “you” refers to any person whom we deal with in the capacity of job-seeker or candidate.  

The rights of individuals as detailed in the GDPR and the according responsibilities owned by Rococomo also apply to individuals working at our clients, potential clients and suppliers, who are further protected by the EU ePrivacy Directive/Regulation.  Just like candidates, these individuals have the right to change their preferences in how we communicate with them and to opt out of communication entirely, as well as to access, edit, delete, port or restrict the processing of any personal data which is held about them.

 

Personal data, or personal information, refers to any information about an individual by which they can be identified.  It does not include data where the identity has been removed (anonymous data). 

 

Rococomo is a “data controller”, meaning that it we are responsible for the keeping and use of personal information.  We decide what personal information is going to be kept and the use to which the information will be put.  Data controllers are subject to legal responsibilities, and we are required by data protection legislation to inform you of the information contained in this privacy policy. 

 

The topics covered herein include: 

  1. How we expect to communicate with you 

  2. How data is collected about you 

  3. The types of data that are collected and held  

  4. The reasons this data is collected and what it is used for 

  5. How your data is shared and who it is shared with 

  6. How long your data is held and why 

  7. Your rights to access, port, edit and restrict your data

  8. Your right to have your data deleted

  9. Your rights related to automated decision-making 

  10. Where your data is stored and how it is protected 

  11. What we will do if your data is breached

 

Please contact us at GDPR@rococomo.com if you have any questions about this notice, or if you would like to change your preferences regarding how we communicate with you, or specify how your data is collected, used, processed, shared or stored.  You can contact us at any time to request access to or correction or deletion of your data, and where you have given us permission to collect, process and share your personal data, you have the right to withdraw your consent, at any time, either wholly or in part.  On verifying your identity, we will endeavour to comply with your requests within 72 hours, or otherwise explain any reason why we cannot.

For more information about GDPR, please click here

This policy may be changed by Rococomo at any time and those individuals affected will be notified by email.

 

2, How Data Is Collected About You

 

Rococomo may collect your data in various different ways: 

  1. We might receive your data directly from you - e.g. over the phone, by email and text, or in person. 

  2. We may find your data on LinkedIn, Creative Pool, Twitter and other public professional sites. 

  3. We may advertise job openings, which you apply for, providing personal and professional information as part of this application. 

  4. An individual or company known to you may approach us with your name and details and suggest an introduction because they believe Rococomo can help you in finding a new role or in managing your career.  

 

Rococomo does not buy data and does not subscribe to CV libraries.

 

1, How We Expect To Communicate With You 

Rococomo will only ever use your personal data to contact you on an individual basis, and with information that is believed to be specifically relevant and of interest to you - e.g. to answer your enquiries, to provide feedback on an interview you’ve attended, to tell you about a new role which would suit your skill-set and preferences, to invite you to catch up on your career plans. 

Rococomo may also contact you to ask for referrals or introductions to people you know. 

Rococomo’s default communication channels are email, telephone and SMS; but we will communicate with you according to your preferences - to include Skype, WhatsApp, Facebook Messenger, WeTransfer and other IoT communication channels.  These are therefore all channels through which your personal data may be communicated to us.  You may at any time choose to amend the channels we are permitted to communicate with you via.  

If you opt out of communicating with us through these channels, you may still receive invitations or general updates via public forums such as LinkedIn or Creative Pool. 

Rococomo will not send you generic marketing emails or mailers, aside from occasions where legal/regulatory bodies require us to share information on a mass scale, e.g. in the case of future updates to this policy.

3, The Types of Data That Are Collected 

 

These are the different types of personal data we may collect and hold about you: 

  1. Your name.

  2. Your personal and professional contact details - to include, but not limited to, your email, phone number and home address.

  3. Data available in the public domain - such as links to your LinkedIn profile page, online blog/portfolio.

  4. Proof of your Right to Work - for example, copies of identifying documents such as a passport and visa.

  5. Information related to your experience, qualifications and availability, to include: current and past remuneration, notice period, skills, achievements, preferences in employment type; and supporting documents such as certificates, CVs, portfolios, case studies, presentations, written references.

  6. Information pertaining to your employment applications and engagements, to include: dates and details of the companies your information and documents are sent to by Rococomo, feedback from these companies, outcome of interviews attended, dates and details of employment/engagements entered into and related documents such as contracts, offer letters and starter packs. 

  7. Financial documentation - e.g. timesheets, invoices. 

  8. And, on occasion, information regarding characteristics which are protected under the Equality Act 2010 may be recorded.  Characteristics which are protected include: age, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, colour, nationality, ethnic or national origin, religion/belief or lack of religion/belief, sex/gender and sexual orientation.

 

4, Why This Data Is Collected, What It Is Used For

 

We will only collect and use your data when the law allows us to.

 

Your data is collected and used for the following reasons: 

  1. For use by Rococomo in helping you find employment, in managing your career, and in maintaining a relationship with you over the long-term.  Your data and related documents help us to understand the specifics of the role, remuneration, company and career path you are looking for and which you are qualified to undertake.  This information is input into our database to enable you to be searchable against suitable vacancies. 

  2. Much of the data collected is required to be recorded by regulatory bodies when we engage with you as a job-seeker - such as the Employment Agency Standards Inspectorate (name, contact information, professional experience, supporting documents etc.), or by the Home Office (Right to Work) or by HM Revenue and Customs (financial records). 

  3. Additionally, many of Rococomo’s client agencies require in their Terms of Business that similar types of data be collected and recorded about candidates/job-seekers who are introduced to them by Rococomo.

  4. Rococomo will not ask you for information regarding characteristics which are protected under the Equality Act 2010 unless legally required to do so (e.g. we are required to ask for your date of birth if you are under 22).  Rococomo will only collect and process information regarding protected characteristics under very limited circumstances: firstly, where it is required by law to do so; secondly, where you request that such data be collected - for example, if you have restricted mobility and request meeting locations which are easily accessible to you.  Rococomo will not discriminate positively or negatively on the basis of any protected characteristics, nor will it be wilfully complicit in discrimination perpetrated by its clients.

 

5, How Your Data Will Be Shared And Who With

 

There are various different parties Rococomo may share your personal data with: 

   1. Rococomo’s clients: ​​

  • Your personal data and documents will be shared with prospective employers (Rococomo’s clients) with your permission and for the purposes of introducing you for possible employment opportunities.  Rococomo requires its clients to respect the security of your data and to treat it in accordance with the law. 

  • Your data and documents will be shared via email, telephone conversations, SMS, WhatsApp, Skype and similar digital channels, as dictated by the communications preferences of the prospective employer.  

  • Permission will be sought from you every time a new introduction is made and your data and/or documents are shared.  A new introduction does not include instances where a prospective employer asks for your details to be shared with a different person within their business, or where you are referred within their business for a different role to the one you were initially put forward for, or because they request an additional copy of your details as part of an ongoing conversation.  If, however, a prospective employer requests Rococomo to re-share your data/documents when there has been a lapse in the application conversation for six months or more, permission will be sought from you to ensure you are still interested in pursuing the application, before Rococomo complies.

   2. Rococomo’s partners: ​​​

  • Rococomo has working relationships with several trusted recruitment companies, where the nature of these relationships, like our client relationships, are contractually agreed.  From time to time Rococomo may suggest to you an introduction to one of these trusted partners, where they have a role or opportunity which could be of interest to you, or a specialist area of knowledge which is relevant to your employment search.  With your permission, your personal data and documents will be shared as part of these introductions.  Rococomo requires its recruitment partners to respect the security of your data and to treat it in accordance with the law. 

  • Rococomo may also make known to you companies or individuals who are not affiliated with Rococomo, but which are perceived to be in a field of interest that is of interest to you, and which may be able to assist or advise you in furthering your career or developing an enterprise you are undertaking or offer services which would be relevant to you.  Any introductions will be made only with your permission and personal data will be shared only at your request.  These introductions will be made solely for the purpose of goodwill, and the introduction will not precipitate any financial transaction between Rococomo and the company/individual which you are being introduced to.  Rococomo cannot offer any guarantees as to the quality of service these companies or individuals offer, nor accept any liability on their behalf, nor make any assurances as to the security of your data with these companies or individuals. 

   3. Third party service providers, regulatory bodies: 

  • ​Your personal data and documents may be shared with trusted third parties, without your permission, where we have retained them to provide services related to Rococomo’s business functions, such as IT and accountancy.  We do not allow these third party service providers to use your personal data for their own purposes.  We only permit them to process your personal data for specific purposes related to the service they are providing. 

  • Your personal data and documents may be shared with trusted third parties, with your permission, where we have retained them to provide services that you or our clients have requested, such as reference qualification and verification of the details that you have provided from third party sources, psychometric evaluations or skills sets. 

  • We may also disclose personal information to regulatory or law enforcement agencies, if they require us to do so, e.g. your data may be viewed, copied or removed from Rococomo’s possession at any time by Employment Agency Standard Inspectors or HMRC auditors.  Rococomo will be guided by these enforcement agencies as to whether you are notified about your data being shared in this way.

 

How your permission is gained to share your data: 

  • Permission to share your data will often be sought and granted via a telephone call or via SMS.  If you would like written confirmation over email of what has been agreed in a phone call or SMS exchange, please ensure to specify this by email to Rococomo and email confirmation will be supplied for each and every introduction made.  

  • Rococomo will never act upon “implied consent”.  That is, if you have applied for a role via a job board, or shared your details with Rococomo with a request for assistance in finding a job or mentioned an interest in a particular company, Rococomo will not take this to mean that we can send your CV to any or all of our clients or contacts.  Rather, Rococomo will only share your data and documents on the basis of your “explicit consent”, where you have given permission for your data and/or documents to be shared with a specific contact or company for an understood purpose (e.g. to apply for a live role, for a general chemistry introduction etc.).  As detailed above, your express permission will be sought every time Rococomo wishes to share your data and/or documents for the first time with a contact or company. 

Sharing data which pertains to characteristics protected under the Equality Act:

  • Information regarding characteristics protected under the Equality Act 2010 will be shared only at your request, and only to the extent of the specific details that you wish to be shared.  For example, if you have dyslexia you may ask for this to be disclosed in order that a prospective employer may have the opportunity to make reasonable adjustments to allow you to complete reading or written tasks.  Another example might be if you have restricted mobility, Rococomo can request that a prospective employer arrange your interview at a location which you can easily access.  You are under no legal obligation to disclose any disability to either a recruiter or a prospective employer. 

  • The process of applying for a role typically requires sharing a written CV, which may contain information that allows prospective employers to make assumptions about protected characteristics, such as your gender, age, nationality, ethnicity etc., and which creates the possibility of both direct discrimination and unconscious bias.  If you would prefer to apply for roles with a CV which conceals information about protected characteristics, Rococomo will actively support you in this. 

 

Sharing data which is in the public domain: 

  • Data which is available in the public domain, such as your online LinkedIn profile or online portfolio, may be shared by Rococomo, without your knowledge or permission, with Rococomo’s clients and recruitment partners; with a view to approaching you thereafter to offer you an introduction to this client or recruitment partner, who may have a role or opportunity which could be of interest to you. 

6, How Long Your Data Is Held And Why

 

During the period of time where you are actively looking for a new role, Rococomo will frequently add to and update your data.  But when you are no longer looking for a new role, Rococomo will retain your data.  The period of time Rococomo stores your data depends on the reasons it is being held: 

 

  1. Data held for regulatory purposes: 

Data which is required to be collected and recorded for regulatory purposes is subject to stipulations and/or guidelines as to how long it is retained.  For example, Home Office guidelines recommend that copies of Right to Work documents are retained for two years beyond the end of your employment/engagement.  The EASI requires data (including your name, contact information, date of birth, professional experience and supporting documents) to be recorded for one year following your last job-seeking engagement with Rococomo.  HMRC requires financial records to be retained for six years, which will include the details of any employment/engagement secured on your behalf

   2.  Data held because it has been shared with third parties: 

As a data controller Rococomo has a duty to ensure that any of your information which has been shared with third parties can be corrected or deleted at your request.  In order to be able to inform you of what information has been shared and to request edits or deletions by third parties, Rococomo needs to maintain a copy of this information, together with details of who it was shared with and when.  This information will primarily pertain to your employment applications, engagements/employments and introductions with Rococomo’s clients.  This information will be retained for either six years from Rococomo’s last communication with you, or until the UK’s interpretation of GDPR is further clarified with respect to how this aspect of the regulation should be implemented, whichever is longer.

   3.  Data held for the purposes of managing your career over the long-term: 

When working with you to manage your career, there are benefits to be gained in being able to refer back to records of previous feedback, salary levels and introductions to prospective employers.  There are also advantages in keeping copies of documents which support your experience and qualifications - enabling us to cross-reference over time to spot errors, or to share these documents back to you in instances where you have lost yours.  Whilst the documents we hold may fall out of date, they may in fact be the most up-to-date version in existence, for example, if you have not searched for a new role for several years.  In order to avoid out-of-date information being used in an incorrect or detrimental way, Rococomo endeavours to date-stamp wherever possible the data which we collect and record, and those items which are not automatically dated will be checked with you to be verified/corrected during the processes of helping you to find a new role  Therefore, beyond the requirements explained above, Rococomo endeavours to hold your data only for as long as it is reasonable to do so: - 

  • Data pertaining to your name, contact details, information available in the public domain, characteristics protected under the Equality Act 2010: will be retained for up to six years of Rococomo’s last communication with you 

  • Information related to your experience and qualifications, together with supporting documents, and information and documents relating to your employment applications and any employment/engagements secured for you by Rococomo: will be retained for up to six years from Rococomo’s last communication with you 

  • Copies of your Right to Work documents: will be retained for a minimum of two years after the end of an employment/engagement which Rococomo has secured for you, or up to six years after Rococomo’s last communication with you, whichever is longer

  • Financial documentation, including timesheets and invoices pertaining to employment/engagements undertaken: six years from the date of creation/issue

 

Rococomo is not under any obligation to you to store your data for any period of time.  Beyond our adherence to legal and contractual compliance, Rococomo may delete your data and/or documents at any time, without requesting your permission or informing you either in advance or afterwards.  If you request that Rococomo retain your data, for example due to a legal claim you are pursuing, then we will endeavour to comply. 

 

7, Your Rights To Access, Port, Rectify, and Restrict Processing Of Your Data

If you request access to the data we hold on you, we may ask you to verify your identity and we may ask you for more information about your request.  We will then share with you a copy of all data held on you within a timeframe of 72 hours. 

 

Unless otherwise requested, your data will be transferred to you over email, in a combination of attachments, copy-pastes and screen-grabs, i.e. such that it is easily portable from Rococomo’s IT environment into a Windows or Apple environment and can be readily reused by you.

 

You may also request that Rococomo provides copies of the data it has shared with third parties (clients and contacts where introductions have been made with your permission on your behalf).  This information will also be shared with you over email, within a timeframe of 72 hours, once your identity and the nature of your request have been verified. 

 

If you attest that any of your personal data held by Rococomo contains errors or omissions, this will be verified and corrected or deleted within 72 hours.  If you attest that any of the personal data that has been shared contains errors or omissions, Rococomo will contact the third parties to request that the data they have retained is corrected or deleted.  Rococomo will request that these third parties provide written confirmation when they have corrected or deleted your data as appropriate. 

 

If you request that processing of your data is restricted, either because of inaccuracies or because you oppose erasure for a legal claim, or for another reason, Rococomo will respond to this request within 72 hours.  At your request, Rococomo will also contact third parties to restrict their processing of your data as well, and ask for written confirmation from these parties to confirm when they have complied. 

 

If files holding your data also contain the personal data of other individuals or confidential data of Rococomo’s clients, suppliers or partners, Rococomo will explain to you that providing you with full copies of these files would prejudice the rights of these third parties, and we will endeavour to find a way to share the specific information held in these files which pertains to you.  

 

8, Your Right To Have Your Data Deleted

Where your personal data is held by Rococomo:

At your request, any or all data held on you by Rococomo will be deleted, within 72 hours, aside from where the following exceptions apply: 

  1. Where your file holds financial information relating to financial or tax matters which we need to keep for periods of up to six years. 

  2. Where data held about you is required to be retained for a longer period of time than has passed, due to the regulations of the Employment Agency Standards Inspectorate, Home Office, or another legal body. 

  3. Where you have accepted an engagement or employment with a Rococomo client which stipulates that information held about you must be held by Rococomo for a longer period of time than has passed in order to fulfil compliance with their Terms of Business.  In this instance, Rococomo will contact the relevant client to explain your request and ask for permission to delete your data earlier than otherwise allowed.  Whilst it is likely that your request will be fully accommodated, it may take longer than 72 hours to achieve whilst we liaise with the relevant third parties. 

  4. Where your data is required to be retained or processed for the exercise or defence of legal claims.

  5. Where files holding your data also concern the personal data of other individuals, and the rights of these individuals would be compromised by deleting the files. 

Where your data cannot be immediately deleted at your request, Rococomo will explain the reasons why, and commit to restricting access and use of this data to no other purposes but to fulfil tax and compliance obligations, as above.  In these cases your data will be deleted at the earliest possible time.

 

Where your personal data is held by third parties:

  • Rococomo is a data controller, meaning that in the event that you request your data be deleted (either wholly or selectively) by a third party which we have shared it with, we are responsible for instructing the relevant third party(s) to correct or delete the applicable data, and to request that they provide written confirmation when they have done so and to provide any reasons why they cannot and an explanation of the earliest time your data can be deleted.  

  • If you request that Rococomo delete information we hold which pertains to your employment applications and introductions - to include dates and details of the companies, recruitment partners and any third parties your personal data and documents have been shared with by Rococomo - then Rococomo must also necessarily contact the third parties it has shared your data with to instruct them to delete all of your data.  Otherwise, we will be left without a record of where we have shared your data and we cannot fulfil our obligations as a data controller to contact third parties to request your data be accessed, corrected or deleted at a future date. 

  • Rococomo is not responsible for any information shared by you with a third party which engages or employs you, even if your initial introduction to this employer was made by Rococomo.  We can only be held responsible for requesting the correction or deletion of data which Rococomo has provided directly to third parties, and we cannot request access to or correction or deletion of any personal data/documents held by a third party, where the information was: 

  1. Supplied directly by you to the third party, or 

  2. Supplied by another third party, or 

  3. Where the data/documents are available in the public domain.

 

9, Your Rights Related To Automated Decision-Making 

Rococomo stores your data in a database which is searchable by a variety of means, including keywords, attributes, tags, job titles, salary levels, sector experience and so on.  However, these search functions are to support human decision-making processes, rather than to replace them.  Rococomo does not undertake automated profiling or decision-making.  

 

10, Where Your Data Is Stored And How It Is Protected

Your data is stored in both the EU and the US in cloud-based systems, including Zoho Recruit, Dropbox, iCloud Drive and Google Cloud Platform.  Where your data is stored and processed in the EU, the relevant companies are compliant with EU regulations and GDPR.  Where it is stored and processed in the US, it is held by companies which are certified compliant with the EU-U.S. Privacy Shield Framework, ensuring compliance with EU data protection requirements. 

 

Your data is also stored and processed on portable and handheld devices such as MacBooks, iPhones and reMarkable paper tablets.

 

All reasonable measures are undertaken to keep your data safe and secure, to include passwords, security software and, where possible, encryption at rest and in transfer.  Rococomo also endeavours to function paperlessly with regard to personal data, and any personal data which is collected in hard copy will be transferred to electronic soft copy on password-protected devices for storage and processing, and the original paper copies securely destroyed.

 

11, What We Will Do If Your Data Is Breached

 

There are different ways your data might be breached:

 

  1. Human Error 

  • Breach: A document or information about you is accidentally sent to the wrong person or sent without your permission.  

  • Action: When the error is discovered, we will immediately contact the recipient to retract the information and request that they delete it. We will contact you to explain what happened and apologise, and do our best to follow any course of action which will mitigate any embarrassment or inconvenience to you.  We will record the nature of breach in order to review the frequency of breaches and assess how this may prevented in future.  If this breach is likely to result in a risk to your rights and freedoms, we will report it to the ICO.

 

   2.  Theft/hack of an electronic device 

  • Breach: A device containing information about you is stolen or hacked. 

  • Action: As soon as the theft or hack is realised, the device will be erased (remotely if it is not in our possession) and cloud-based storage systems disconnected.  If there is any evidence that security systems were breached and data was accessed by a third party, you will be informed. The breach will be recorded for audit purposes and if it is likely to result in a risk to your rights and freedoms, we will report it to the ICO.

 

   3.  Hack of a cloud-based storage system 

  • Breach: A cloud-based storage system containing your data is hacked. 

  • Action: If it is discovered that a cloud-base storage system has been hacked, systems will be taken offline.  Rococomo will liaise with the relevant providers to understand the extent of the breach and what data has been comprised.  You will be informed of the breach and any information which is known about the hack.  The breach will be recorded for audit purposes and if it is likely to result in a risk to your rights and freedoms, we will report it to the ICO.

   4.  Infringements of GDPR by a Third Party

  • Breach: A client or third party which Rococomo has shared your data with is discovered to have flouted the principles of GDPR in storing, processing or sharing your data - e.g. keeping your data longer than reasonably necessary, contacting you without your permission, sharing your data without your permission etc. 

  • Action: Rococomo will contact you to make you aware of the extent of this breach/infringement.  Rococomo will contact the third party in writing to discover the extent of the breach and to request deletion of any of your data which has been provided by Rococomo (excluding data received from you or from other sources).  If deemed appropriate, Rococomo will sever working relationships with this third party, and report them to the Information Commissioner’s Office.  

© 2022 Rococomo Limited, all rights reserved 

END OF DOCUMENT

bottom of page