Please note that this Site is also governed by the Terms and Conditions of Use. We urge you to review the Terms and Conditions of Use before proceeding further on this Site.
For the purposes of data protection legislation in force from time to time, the data controller is CMD Recruitment of 4 Lancaster House, Lancaster Park, Bowerhill, Melksham, SN12 6TT
Our nominated Data Protection Officer is Dan Barfoot
We are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003 (our business). We collect the personal data of the following types of people to allow us to undertake our business;
We collect information about you to carry out our core business and ancillary activities.
This is information about you that you give us by filling in forms on our site www.cmdrecruitment.com or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, to enter our database, subscribe to our services, attend our events, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site.
The information you give us or we collect about you may include your name, address, private and corporate e-mail address and phone number, financial information, compliance documentation and references verifying your qualifications and experience and your right to work in the United Kingdom, curriculum vitae and photograph, links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, business Facebook or corporate website.
Regarding each of your visits to our site we will automatically collect the following information:
We use information held about you in the following ways:
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into a placement agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligations.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce you to a client (if you are a candidate).
Our legitimate interests in collecting and retaining your personal data is described below:
Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this processing at any time.
Use of our website;
We will use this information:
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by our team when carrying out recruitment searches.
We will share your personal information with selected third parties including:
We will disclose your personal information to third parties:
The lawful basis for the third-party processing will include:
Your personal information is located on a server(s) operated by Purple Penguin Media Limited. CMD Recruitment provides you with the means to access, update, edit or delete the Registration Information and other personal information you have provided to us at any time on your own by going to your user account and changing or deleting your Registration Information and other personal information as desired. If you decide at any time that you do not want to receive any updates you have subscribed to just send an email message to email@example.com indicating your preference not to receive updates. If you are unsure whether we have a record containing your personal information and would like to confirm whether or not we do, please send an email to firstname.lastname@example.org indicating all email addresses which you may have given us.
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.
Where CMD Recruitment considers it appropriate, CMD Recruitment uses encryption and/or authentication tools among other methods to protect certain web-based personal information. E-mails you send us are not necessarily secure when they are transmitted to us. If your communication is sensitive or includes confidential information such as a credit card number, you may want to provide it by post or via the telephone instead.
If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately. Details of how to contact us can be found here.
This Site may contain links to other sites, including those of our business partners, vendors and advertisers. While we try to link only to sites that share our high standards and respect for privacy, please understand that we are not responsible for the content of, or the privacy practices employed by, other sites.
CVs are accessed by our consultants who seek to find you employment with third parties (“Third Parties”). Consultants are not permitted to disclose information outside our organization or beyond the Third Party, as applicable. Recruiters are also required to have entered into an agreement with Third Parties that requires such Third Parties to use your CV solely for the purpose of filling a job within the Third Party for which the information was provided and not disclosing your CV outside the organization. However, although CMD Recruitment deals only with reputable organizations, we cannot guarantee that all Employers and Third Parties will adhere to the limitations we impose on them. If at any time you would like your CV removed from our Website, you may do so by using the “delete CV” function.
Although we use all reasonable means to protect your personal information, CMD Recruitment is not responsible for any improper use of your personal information that is beyond our reasonable control.
Your CV when uploaded is converted into various formats for our use only. These conversions are handled by an external datacentre server stack. Once conversion is complete your CV is then automatically deleted from that service. We are committed to ensuring that your information is secure. To prevent unauthorized access or disclosure, the data company have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information. We may disclose your information if necessary to protect our legal rights or if the information relates to actual or threatened harmful conduct or potential threats to the physical safety of any person. Disclosure may be required by law or if we receive legal process. If these servers are breached, we are not responsible for this and cannot be held liable.
We will delete your personal data from our systems if we have not had any meaningful contact with you for two years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services. If you are a Candidate we will consider there to be meaningful contact with you if you submit your updated CV onto our website. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication or click through from any of our marketing communications or promotional content.
One of the GDPR’s main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means you retain various rights in respect of your data, even once you have given it to us.
To get in touch about these rights, please contact us. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). We may keep a record of your communications to help us resolve issues which you raise.
This right enables you to object to us processing your personal data where we do so for one of the following four reasons:
our legitimate interests;
The “legitimate interests” and “direct marketing” categories above are the ones most likely to apply to our Website Users, Candidates, Clients and Suppliers. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
If your objection relates to direct marketing, we must act on your objection by ceasing this activity.
Where we have obtained your consent to process your personal data for certain activities (for example, marketing arrangements or profiling), you may withdraw consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.
You may ask us to confirm what information we hold about you at any time, and request us to modify, update or Delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
We would only be entitled to refuse to comply with your request for one of the following reasons:
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to Delete the relevant data.
You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either:
The circumstances in which you are entitled to request that we restrict the processing of your personal data are:
If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
You have the right to transfer your personal data between data controllers. This means that you are able to transfer your CMD account details to another online platform. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another online platform. Alternatively, we may directly transfer the data for you.
This right of data portability applies to:
You also have the right to lodge a complaint with your local supervisory authority. If you would like to exercise any of these rights or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), you can contact us here.
We may keep a record of your communications to help us resolve any issues which you raise.
You may ask to unsubscribe from job alerts at any time. For details of how to do this please contact us here.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.
Our Data Processor Bullhorn is committed to addressing EU data protection requirements applicable to them as a data processor. Bullhorn has worked extensively with local EU counsel to provide that their Master Subscription Agreement and related agreements contain appropriate provisions for personal data they store and balances the risks and responsibilities between data controllers and data processors.
Bullhorn has the ability to fulfil commitments as a data processor to CMD Recruitment as data controller, as is part of their compliance with GDPR where data controllers are using a third-party to process personal data.
Bullhorn has the distinction of being one of the first applicant tracking systems (ATS) to be SOC 1 audited, and one of the first non-financial industry-based software-as-a-service (SaaS) companies to utilise the SSAE 16/18 framework to provide security review. Bullhorn undertakes an independent third party annual SOC 1, Type 2 audit that reviews certain of its internal controls and processes. The audit covers internal governance, production operations, change management, data backups, and software development processes. It evaluates that we have the appropriate controls and processes in place and that they are actively functioning appropriately in accordance with related standards.
GDPR includes certain requirements on data controllers for the portability of personal data. The data that CMD Recruitment stores in Bullhorn remains ours.
The SOC program offers independent verification that Bullhorn’s security practices offer a recognised standard of security measures. The program is designed to cover key elements of data processing and integrity while maintaining auditing practices within business and operational processes. Bullhorn has integrated its SOC controls into its operating procedures, which span the organisation, teams or functions that provide service or support to clients on their platform. The key components of the SOC controls environment include:
Bullhorn, Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Bullhorn, Inc. is committed to subjecting all personal data it receives from data exporters in any European Union (EU), Switzerland or European Economic Areas (EEA) member state, under the Privacy Shield Framework, to its applicable Privacy Shield Principles.
CMD Recruitment do not store and transfer your data internationally.
Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” In plain language, this means that:
We will keep records of the consents that you have given in this way.
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
You can remove your account and all your data from our system, simply login and click here.
26 April 2018
Dan Barfoot – Company Director
CMD Recruitment Limited
4 Lancaster House, Lancaster Park, Bowerhill, Melksham, SN12 6TT