Updated: 20th December 2022
Cobalt Search Ltd (company number 11489467, hereafter named as Cobalt), is a recruitment business that provides work-finding services to its candidates and talent finding services to its clients. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.
Cobalt is committed to protecting the privacy of our candidates, clients, and users of our website. We want to provide a safe and secure user experience. We will ensure that the information submitted to us via our website or through any other channel is only used for the purposes set out in this policy.
You may give your personal details to Cobalt directly, such as in an email, in response to a job advertisement or via our website, or we may collect them from another source such as a Job Board, Social Media channels (such as LinkedIn) or CV Database. Cobalt will only use your personal data in accordance with following terms:
- Express Consent – your permission to process your personal data to enable us to find employment on your behalf.
- Legitimate Interest – it will be necessary to process your data for the performance of a contract and to provide work seeking services
- Contractual Obligation – certain recruitment agreements that we have with some clients require us to store certain information for set time periods
- Legal Obligation – we are required to store information under a Legal Obligation for statutory organisations including HMRC
The information we collect and how we use it
Cobalt may collect your personal details, including but not limited to your name and contact details (together with your e-mail address) and other relevant information from your CV, work history and/or your LinkedIn profile and from telephone, face to face and video interviews. On occasions this may also include sensitive personal information such as details of criminal convictions and ethnic origin.
This information is held, used, and disclosed by us as follows:
- To provide our services to you;
- To maintain our business relationship, where you are a user of our website, a client or candidate;
- To enable you to submit your CV for general applications, to apply for specific jobs or to subscribe to job alerts. Please see the separate section on your CV below which outlines additional uses and disclosures;
- To match your details with job opportunities, to assist us in finding a position that is most suitable for you and to send your personal information (including sensitive personal information) to clients to apply for jobs;
- To answer your enquiries;
- To direct-market our products and services, advise you of news and industry updates, events, promotions and competitions, reports, and other information. Where we do so, you will be able to unsubscribe from such communications should you so wish;
- To fulfil contractual obligations with our clients;
- In regard to job opportunities outside the European Economic Area (EEA), we will notify you in the event we wish to transfer your data to explore job opportunities for you and will give you the opportunity to withhold your consent to data transfer. Cobalt applies equal rigour to the security of
data held and processed globally.
- To trusted third parties where we have retained them to provide services that you or our clients have requested, such as referencing, verification of the details you have provided from third party sources, psychometric evaluations or skills tests. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality as Cobalt;
- To third parties who perform functions on our behalf and who also provide services to us, such as professional advisors, IT consultants carrying out testing and development work on our business technology systems, research and mailing houses and function co-ordinators. These third parties comply with similar undertakings of privacy and confidentiality as Cobalt;
- If Cobalt or its business merges with or is acquired by another business or company, we may share personal information with the new owners of the business or company and their advisors and if this happens, you will be sent notice of such event;
- We may also release personal information to regulatory or law enforcement agencies if they require us to do so. We will also disclose your information where we are permitted and requested to do so by law;
- We may also seek your consent to collect, hold, use and disclose your personal information for any other purpose not listed above; and
- Our website may also use a website recording service which can record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Data collected by this service is used to improve our website usability. The information collected is stored and is used for aggregated and statistical reporting and is not shared with anybody else.
Curriculum vitae ("CV")
We give you the option of submitting your CV via any advertisement placed by Cobalt or by providing your CV to one of our consultants. You can do this either to apply for a specific advertised job or for consideration for positions as and when they come up. Your CV will be stored in our applicant tracking system and will be accessible by all Cobalt employees for such purposes as business development and to enable them to provide their recruitment services to you.
You can update your CV at any time, simply by following the same procedure to submit a new CV. Your old CV will automatically be archived provided the submission details remain the same (for example you submit both CVs using the same email address or you advise the relevant contact of your new submission).
The Company will retain your personal data only for as long as is necessary. Our data retention policy
- Applicant tracking system CVs
- Will be retained for no longer than 24 months
- Candidates will be contacted between 18 and 23 months to ask for updated CV
- File containing all personal data will be deleted/updated as required
- Paper CVs
- Retained for no longer than 6 months
- CV will be shredded
- Handwritten interview notes
- Retained for no longer than 6 months
- Notes will be shredded
- Retained for no longer than 36 months
- All emails will be archived annually in December; the first archive will be December
Where Cobalt has obtained your consent to process your personal data, we will do so in line with our retention policy. Upon expiry of that period, Cobalt will seek further consent from you. Where consent is not granted, or if no response is received, Cobalt will cease to process your personal data and sensitive personal data.
Aggregate information about Cobalt online visitors
We gather information and statistics collectively about all visitors to our websites, for example, which area users access most frequently, and which services users access the most. We only use such data in the aggregate form. This information helps us determine what is most beneficial for our users and how we can continually improve our online services to create a better overall experience for our users
We may also undertake marketing profiling to help us identify services or jobs which may be of interest to you.
Please note that clicking on links and banner advertisements may result in your transferral to another website – where data privacy practices may be different to that of Cobalt. Visitors should consult the other websites’ privacy policies as we are not responsible for, and have no control over, information that is submitted to or collected by these third parties.
You have the right at any time to ask us for a copy of the information supplied by you that we hold. We may ask you to verify your identity and for more information about your request. We also have the right to charge an administrative fee for this service. Where we are legally permitted to do so, we may refuse your request and will give you reasons for doing so.
If you would like to make a request for information, please contact our Data Protection Officer. You also have the right to ask Cobalt to stop using your information. However, if this involves a request for deletion of your file, please be aware that we may not be required or able to do so, particularly where your file also holds information about our clients or financial information that we need to keep for periods of up to six years, i.e., that relate to tax matters. Where we are unable to comply with your request, we will provide reasons for failing to do so.
Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Therefore, by browsing our website and communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
Cobalt is an equal opportunities employer and a company committed to diversity. This means that candidates, clients, and members of staff will receive equal treatment and that we will not discriminate on grounds of gender, marital status, race, ethnic origin, colour, nationality, national origin, disability, sexual orientation, religion, or age.
As part of our commitment to equal opportunities we may from time-to-time use information provided by you for the purposes of diversity monitoring. All such information will be used on an anonymised basis.
Please be aware that you have the following data protection rights:
- The right to be informed about the personal data we process on you;
- The right of access to the personal data we process on you;
- The right to rectification of your personal data;
- The right to erasure of your personal data in certain circumstances;
- The right to restrict processing of your personal data;
- The right to data portability in certain circumstances;
- The right to object to the processing of your personal data that was based on a public or
- The right not to be subjected to automated decision making and profiling; and
- The right to withdraw consent at any time.
Where you have consented to Cobalt processing your personal data and sensitive personal data, you have the rights listed above. To exercise any of these rights you will be required to put your request in writing to our Data Protection Officer.
Cobalt will ask for proof of identification before the request can be processed and will inform the individual of the identification documents it requires. Requests will normally be responded to a request within a period of one month from the date it is received. In some cases, such as where there is a large amount of the individual’s personal data, the company may respond within three months of the date the request is received. Cobalt will respond in writing to the individual within two weeks of receiving the original request to tell him/her of the expected time frames.
Personal data breaches
A Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
All data breaches will be referred to the Data Protection Officer.
- Personal data breaches where the Company is the data controller:
Should Cobalt establish that a personal data breach has taken place, the company will take steps to contain and recover the breach. Where a personal data breach is likely to result in a risk to the rights and freedoms of any individual then the company will notify the ICO.
Where the personal data breach happens outside the UK, the company will alert the relevant supervisory authority for data breaches in the effected jurisdiction.
- Personal data breaches where Cobalt is the data processer:
The company will alert the relevant data controller as to the personal data breach as soon as they are aware of the breach.
- Communicating personal data breaches to individuals:
Where Cobalt has identified a personal data breach resulting in a high risk to the rights and freedoms of any individual, the company will tell all affected individuals without undue delay.
Cobalt will not be required to tell individuals about the personal data breach where:
- The company has implemented appropriate technical and organisational protection measures to the personal data affected by the breach, to make the personal data unintelligible to any person who is not authorised to access it, such as encryption;
- The company has taken subsequent measures which appropriate to ensure that the high risk to the rights and freedoms of the individual is no longer likely to materialise;
- It would involve disproportionate effort to tell all affect individuals. Instead, the company will make a public communication or similar measure to tell all affect individuals.
All individuals have the following rights under the Human Rights Act 1998 (HRA) and in dealing with personal data these should always be respected:
- Right to respect for private and family life (Article 8)
- Freedom of thought, belief and religion (Article 9)
- Freedom of expression (Article 10)
- Freedom of assembly and association (article 11)
- Protection from discrimination in respect of rights and freedom under the HRA (Article 14)
Complaints or queries
If you have any questions about this policy or any of the procedures set out in it, you can contact us at email@example.com, on 01235 614 015, or by writing to us at the registered office address below:
Data Protection Officer
Cobalt Search Ltd.
42 Lytton Road
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.