Privacy Policy
Effective from 1st July 2023
www.the-hospitalitynetwork.com is operated by A2H Solutions Ltd. A2H Solutions is registered in England and Wales under company number 14011193. A2H Solutions Ltd registered address is Hallowes Close, Redhill, RH1 4EB.
At the-hospitalitynetwork.com, we are committed to protecting the privacy and confidentiality of candidate data collected and handled on behalf of our customers as an aggregator. This privacy policy outlines how we collect, use, and handle candidate data on behalf of our customers in compliance with the applicable data protection laws in the United Kingdom. Please read this policy carefully to understand our practices regarding candidate data.
Data Collection and Use:
1.1 Collection of Candidate Data: As an aggregator, we collect candidate data on behalf of our customers for recruitment and selection purposes. This may include, but is not limited to, personal details, educational background, work experience, skills, and any other information provided by candidates during the application process.
1.2 Customer Responsibility: Our customers are responsible for determining the purposes and legal basis for processing candidate data. They are also responsible for ensuring they have obtained the necessary consents or meet other lawful grounds for processing candidate data.
1.3 Purpose of Data Use: We process candidate data solely on behalf of our customers for recruitment and selection purposes as specified by them. This includes assessing candidate qualifications, evaluating their suitability for available positions, and facilitating communication between candidates and our customers.
1.4 Legal Basis: Our processing of candidate data is based on our customers' instructions and compliance with their contractual agreements with us.
1.5 All transactions are integrated using Stripe and subject to Stripe's Terms of Use and Privacy Policy.
www.stripe.com/gb/privacy
www.stripe.com/payment-terms/legal
Please see their relevant Privacy Policies, Terms of Service additionally to this policy.
At the-hospitalitynetwork.com, we are committed to protecting the privacy and confidentiality of personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the United Kingdom. This privacy policy outlines the differences between a data processor and data controller under the GDPR legislation to provide clarity on the roles and responsibilities associated with each.
Definitions:
1.6 Data Controller: A data controller is an entity that determines the purposes and means of processing personal data. They are responsible for complying with data protection laws, safeguarding individuals' rights, and ensuring the lawful processing of personal data.
1.7 Data Processor: A data processor is an entity that processes personal data on behalf of a data controller. They act solely on the instructions of the data controller and are responsible for implementing appropriate technical and organizational measures to protect personal data.
Roles and Responsibilities:
2.1 Data Controller's Responsibilities: As a data controller, it is our responsibility to:
a. Determine the purposes and means of processing personal data.
b. Comply with data protection laws, including obtaining necessary consents and providing individuals with information about data processing.
c. Implement appropriate security measures to protect personal data.
d. Respond to individuals' requests to exercise their rights under data protection laws.
e. Maintain records of data processing activities and fulfill reporting obligations to relevant supervisory authorities.
2.2 Data Processor's Responsibilities: As a data processor, it is our responsibility to:
a. Process personal data on behalf of the data controller and in accordance with their instructions.
b. Implement appropriate technical and organizational measures to protect personal data.
c. Assist the data controller in fulfilling their obligations under data protection laws.
d. Cooperate with the data controller in addressing individuals' requests to exercise their rights.
e. Only engage subprocessors with the explicit consent of the data controller and under a written agreement that ensures data protection obligations.
Data Processing:
3.1 Data Controller's Processing: As a data controller, we collect and process personal data for specified purposes, including but not limited to recruitment, marketing, or customer relationship management. We determine the lawful basis for processing and ensure compliance with data protection principles.
3.2 Data Processor's Processing: As a data processor, we process personal data on behalf of the data controller for the purposes determined by the data controller. We follow their instructions regarding data processing, implement appropriate security measures, and retain data only for the period specified by the data controller.
Data Subject Rights:
4.1 Data Controller's Responsibilities: As a data controller, we are responsible for responding to individuals' requests to exercise their rights under data protection laws, including the right to access, rectification, erasure, restriction, objection, and data portability.
4.2 Data Processor's Support: As a data processor, we assist the data controller in responding to individuals' requests and provide necessary information and technical support to fulfill their obligations under data protection laws.
Data Sharing and Disclosure:
5.1 Data Controller's Authority: As a data controller, we may share personal data with third parties if required by law, with the individual's consent, or for legitimate purposes specified by the data controller.
5.2 Data Processor's Limitations: As a data processor, we only process personal data on behalf of the data controller and do not share or disclose it to third parties unless instructed by the data controller or required by law.
Data Security:
6.1 Data Controller's Responsibility: As a data controller, we implement appropriate security measures to protect personal data, including technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction.
Data Retention:
2.1 Retention Period: We retain candidate data on behalf of our customers for as long as required to fulfill the purposes outlined by our customers or as necessary to comply with legal obligations.
2.2 Customer Instructions: We follow our customers' instructions regarding the retention and deletion of candidate data. If candidates wish to exercise their data subject rights or have their data deleted, they should contact the relevant customer who collected their data.
Data Security:
3.1 Data Protection Measures: We implement appropriate technical and organizational measures to protect candidate data against unauthorized access, disclosure, alteration, or destruction. We take reasonable steps to ensure the confidentiality and security of candidate data while it is within our control.
3.2 Customer Responsibility: Our customers are responsible for ensuring the security and protection of candidate data while it is under their control, including during data transmission to us.
Data Sharing and Disclosure:
4.1 Customer Access: Candidate data collected and processed on behalf of our customers is accessible to authorized personnel within our customers' organizations. They are responsible for ensuring appropriate access controls and compliance with applicable data protection laws.
4.2 Third-Party Sharing: We do not share candidate data collected on behalf of our customers with third parties unless required by law or with the explicit consent of our customers.
4.3 Subprocessors: We may engage subprocessors to assist in providing our services. These subprocessors are bound by contractual obligations to ensure the confidentiality and security of candidate data.
Candidate Rights and Queries:
5.1 Data Subject Rights: Candidates should exercise their data subject rights, such as access, rectification, erasure, restriction, objection, or data portability, by contacting the relevant customer who collected their data. We will assist our customers in responding to candidate requests as necessary.
5.2 Customer Inquiries: Candidates with questions or inquiries regarding the handling of their personal data should contact the relevant customer who collected their data.
Updates to this Privacy Policy:
We may update this privacy policy from time to time to reflect changes in our practices or as required by applicable laws. We encourage candidates to review this policy periodically for any updates.
Please view the “Effective from” date at the top of these terms to see when it was last revised.
Contact Us:
For inquiries or concerns related to our privacy practices or the handling of candidate data as an aggregator, please contact us at: [email protected]
We will address your concerns promptly and work with our customers to ensure compliance with The Site is operated by A2H Solutions Ltd. We are registered in England and Wales under company number 14011193 and have Our registered office at Hallowes Close, Redhill, Surrey, RH1 4EB.