We have tried to write the following policy in a user-friendly format and language to aid the understanding of our service and systems to our end users.
Introduction – The Student Language Bureau and Data Protection
The General Data Protection Regulation (or GDPR) is the framework for data protection laws in Europe. Due to increasingly technologically driven and globalised data communications, the GDPR addresses personal data transfers for EU citizens to ensure greater data control and security, within and outside the EU.
We are registered with the Information Commissioner’s Office (ICO). We take data privacy very seriously and we are strictly compliant with data protection legislation. We have carefully complied with the Data Protection Act 1998 and now the General Data Protection Regulation. We have strong data security measures in place, and we have never sold or exchanged work-seeker or client data, and we never will.
Our Service – Why we store personal data
We process and store the personal data of candidates and clients that request the use our services. We hold and store this personal data on individuals so we can efficiently retrieve it at the appropriate time to provide the work-finding and employee-finding services you request. This storage and access requirement comes in the following but not exclusive forms of:
Candidate selecting and screening
Advertising and marketing relevant employer opportunities
Internal research to improve our services
Your Data – Why do we collect and why?
Our recruitment service for graduates, students and employers consists of, but not exclusively:
Screening CVs and contacting candidates to assess suitability
Matching candidates to employers that meet their requirements
Organising some or every stage of the recruitment process
Advertising and marketing relevant job and career or training related opportunities
So that we can accurately carry out our recruitment service, we collect the following compulsory and optional information:
First Name and Surname
For employer requirements and location
For employer requirements and skill assessment
For job contact purposes, confirmations and website functionality
For employer requirements, skill assessment and graduating month
For skill assessment
For security clearance and additional language skills
Contact Phone Number
For job contact purposes, confirmations and interviews
CV and Cover Letter
For employer requirements and skill assessment
Industry Career Choices
For insight into the industries you would consider working in
Location Career Choices
For insight into the geographical locations you would consider working in
Qualifications before university e.g. A-levels or equivalent
For employer requirements and skill assessment
Data Storage – Where we safely store your data
In terms of storage and website functionality, your data will never leave the EU unless you apply for a role outside of the EU through The Student Language Bureau. Your personal information is being stored in one or more of the following secure UK based locations either temporarily or until your account is deleted:
Our website server
Our internal database
Our backup server
Our cloud storage account
A data entry service
A cloud based document processor
A cloud based call recording system
For security reasons the providers will only be named on legitimate requests.
The Data Protection Principles – The Care we take when handling your personal data
The Student Language Bureau lawfully process their data in a fair and transparent manner and we do not discriminate by gender, ethnicity or any other protected characteristic or social background. The data collected is exclusively for legitimate work-finding purposes and limited to only what is necessary in relation to it.
Every reasonable step is taken to keep data accurate and up to date, including by the use of email requests or in some cases telephone calls, to ensure that any personal data stored is valid and still relevant to the purposes of which it was collected. The Student Language Bureau do not intend to keep data for longer than is necessary to the services we offer in student, graduate and experienced recruitment. If you decide to create an account, add your personal information and upload a CV or other similar documents then we will keep that information until you request for us to delete it.
We ensure that appropriate security of personal data is in place to protect against unauthorised or unlawful access, accidental loss and destruction or damage. We do so by using, amongst others, the following technical, cyber security and organisational measures:
Separate non-public access servers to store candidate data
Enterprise level secure managed hosting
Enforced strong passwords and password change lockouts
Encrypted backups for all systems
Regular auditing of internal computers and laptops
Password or user permissions protected documents and folders
Industry leading anti-virus and firewall software
All staff trained in safely handling data
All third party services used are The Student Language Bureau compliant
Appointed Data Protection representative
Legal Bases for Processing – We store personal information the correct and legal way
The Student Language Bureau only process your personal data where it has a legal basis for doing so that is with the requirements of the service we offer. Before transferring personal data to any third party (such as past, current or prospective employers, suppliers, customers and clients, persons making an enquiry or complaint and any other third party (such as software solutions providers and back office support)), we will establish prior legal consent either before entering it onto our systems or before making the transfer.
The Student Language Bureau take every possible step to implement measures and procedures that protect your privacy and we ensure that data protection is integral to all processing activities. This includes implementing measures such as:
Only completely necessary data is requested and stored
Personal information is anonymised if it is not required for the purpose of use. Individuals who request their personal data to be removed will have their records anonymised.
Anonymisation (of data) is a type of information sanitisation whose intent is privacy protection. It is the process of either encrypting or removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous.
Privacy Notices – We’ll always tell you and make it clear
It is important that you know exactly what data is being collected and what it is used for. The Student Language Bureau ensures that whenever personal data is collected the individual is clearly notified as to what is going to happen with the data. You will be given at least one of the following notices and will be required to confirm with us that you accept before we process and store your information for our services:
For The Student Language Bureau website registration form, an opt-in tick box that refers to our full T&C’s. The website form will not submit without checking it.
The Student Language Bureau does not intend to further process personal data for any purpose other than that for which the data was initially collected. If this should change in the future for a reason that would benefit the users of The Student Language Bureau’s service, then full consent will be requested from the effected individuals before they carry out any further processing.
Data Processors – Who handles your personal information
We process the majority of our data internally, but additionally The Student Language Bureau use third-party data processors who meet The Student Language Bureau requirements when necessary. For physical registrations that are collected at events, The Student Language Bureau use a third-party data entry company. The companies and their GDPR statements with details of how they process data on behalf of The Student Language Bureau are available by request.
Personal Data Request – Take a look at what we have
If we hold any of your personal data then you or a representative of your behalf can request a copy from The Student Language Bureau. A full copy of your data will be supplied within one month. The Student Language Bureau would also be happy to assist if you would like to rectify any inaccurate or incomplete personal data. See Making Requests at the end of this document.
Data Changes and Deletion – Your right to be forgotten
The Student Language Bureau strongly believe in your right to be forgotten. This is both good for the autonomy and respect of our users, and business efficiency. This is at the core of our values as a company and GDPR.
If you would like your personal data removed then please email your request to firstname.lastname@example.org with confirmation that you would like to be removed entirely, or whether you are happy to remain as a user that does not get contacted in the future (for a specified period or otherwise).
If you would like to be completely removed then a full anonymisation of your record will be put into motion. This process ensures that all personally identifiable data is removed and the profile cannot be identified under any circumstances. If you have given prior consent for your information to be passed on to a recruiter or another third party then we will attempt to reach out and request they follow the same procedure however we can’t enforce or follow-up to prove action from them.
This initial process will be completed within one month of the request made. The Student Language Bureau system encrypted backups date back three months, so after this period the full process will be complete and no record will be left.
Please note that you will be able to re-summit your data again in the future should you wish to.
Deletion and the Conduct Regulations
Employment businesses such as The Student Language Bureau must keep records that are sufficient to show that we have complied with the Legal Acts and the Conduct Regulations of our industry. This includes a regulation that requires us to retain candidate and client records for at least one year following the date we last provided services. What this means is that if you request to be deleted, certain information will be stored in a separate location for a year before we can completely delete it.
Registration of Processing – When and Why data processing might be restricted
You have the right to ask us to stop using your data if you know it to be inaccurate, unlawful or against legitimate interest where the grounds of use override those of yours. In these cases The Student Language Bureau will revert to the anonymisation of your data once you agree. Please see Making Requests at the end of this document.
Data Portability – How you can move your data
You have the right to a copy of your data, and where feasible, The Student Language Bureau will send your personal data to a named third party on the individual’s request. We supply your data in Microsoft Excel format which is considered as a good choice for data portability. We can also supply it in other formats on request. Please contact email@example.com to request your data.
Object to Processing – Your right to ask us to stop
You have the right to object to your personal data being used or profiled by The Student Language Bureau if you feel it’s of public or legitimate interest. You can also object to your personal data being used for direct marketing. Once we receive a request we shall cease using your data, unless we have legitimate grounds to continue which take precedence over your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. To cease using your data we will revert to full anonymisation of your record in all our systems. Please contact firstname.lastname@example.org to request us to stop contacting you.
Enforcement of Rights – Our responsibility to action your requests in a given timeframe
The Student Language Bureau will act upon any requests relating to your personal data within one month. This includes personal data requests, requests relating to rectification, erasure, restriction, data portability or objection or automated decision making processes or profiling. We may extend this period for two further months where necessary, when taking into account the complexity and the number of requests. These timeframes meet the GDPR standards.
If The Student Language Bureau considers any requests unfounded or excessive due to the request’s repetitive nature we may either refuse to act on the request or may charge a £10 fee per request taking into account the administrative costs involved.
Reporting personal data breaches – How we are prepared
In the unlikely event of a data breach, The Student Language Bureau will take steps to contain and recover the breach. If a personal data breach is likely to result in a risk to the rights and freedoms of any individual, The Student Language Bureau will notify the ICO. If a personal data breach presents a high risk to the rights and freedoms of any individual then The Student Language Bureau will tell all affected individuals without undue delay. If a personal data breach happens outside of the UK, The Student Language Bureau shall alert the relevant supervisory authority for data breaches in the effected jurisdiction.
Please email your request to email@example.com at The Student Language Bureau providing the following information. What action you would like to take:
Your data will remain within the The Student Language Bureau systems and contact will not be made until your account is reactivated on a specified date that you set.
Your data will remain within the The Student Language Bureau systems but no email contact will be made.
Your data will remain within The Student Language Bureau systems but contact will not be made without additional prior consent.
Account Data Request
We will supply a copy of the personal data we hold on your account.
Your data will be fully deleted in the form of anonymisation.
Email address/addresses that may be registered
Contact phone number
Your university and year of graduation
You must make your request from the registered email on your account. In the cases where we can’t identify you with certainty we may ask for further identification such as photographic ID.
Please send the above information from your registered email to firstname.lastname@example.org