AppRAPID Privacy Policy AppRAPID (trading as ‘Rapid’) is a subsidiary of Neway International Ltd. This privacy policy will explain how our organization uses the personal data we collect from you when you use our website. We are a recruitment business which provides work-finding services to its clients and work-seekers. We must process personal data (including sensitive personal data) so that we can provide these services – in doing so, AppRapid acts as a data controller. Contents: •Why we are collecting your data? •What data do we collect? •What are your data protection rights? •How do we collect your data? •How will we use your data? •How long do we keep your data? •How do we store your data? •Overseas Transfers •Marketing •What are cookies, how do we use and manage cookies? •Privacy policies of other websites •Changes to our privacy policy •Complaints or queries •How to contact the appropriate authorities Why we are collecting your data? We will collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with work-finding services. This includes for example, contacting you about job opportunities, assessing your suitability for those opportunities, updating our databases, putting you forward for job opportunities, arranging payments to you and developing and managing our services and relationship with you and our clients. In some cases we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards. We must have a legal basis to process your personal data and the legal basis we rely upon to offer our work-finding services to you are: •your consent; •where we have a legitimate interest, •to comply with a legal obligation that we have •to fulfil a contractual obligation that we have with you. By law, we have obligations to ensure that the candidates we place into vacancies are suitable for those positions and that the vacancies are suitable for those candidates. We have a duty of care to look after the best interests of our customers and to do that we need to collect and process relevant information. We have certain legal and contractual requirements to collect personal data (e.g. to comply with the Conduct of Employment Agencies and Employment Businesses Regulations 2003, immigration and tax legislation, and in some circumstances safeguarding requirements.) Our clients may also require this personal data, and/or we may need your data to enter into a contract with you. If you do not give us personal data we need to collect we may not be able to continue to provide work-finding services to you. What data do we collect? We collect analytical data on all usage within the app for the improvement and adjustments to the service. This will include: •Your name, date of birth and contact details, including telephone number, email address and postal address •Your right to work status (and to take copies of your passport/other allowable documents) •Your skills, experience and qualifications (where relevant), including education •CV and references •Details about the type of work you are looking for •Your next of kin •Whether you require any reasonable adjustments in the recruitment process •Questions about your work seeking activity, to help us make sure we are protecting your welfare and your rights. •Your national insurance number and bank details in order to pay you for any work you do •Salary/Pay Details of work you have done with us •For some roles, we may use assessments as part of the recruitment process, including language and numeracy skills tests or Health and Safety and Food Safety assessments for example, and these results will be held on file. •Sickness/absence records •Correspondence records (for example, disciplinary and grievance notes where relevant) We also collect sensitive personal data (‘Special Category’), which includes: •Disability/health conditions relevant to the role •Criminal convictions, if any What are your data protection rights? AppRAPID would like to make sure you are fully aware of all of your data protection rights. All individuals have the following rights regarding their personal information (also called ‘personal data’) 1.The right to be informed – You have the right to know what information we hold about you, what we are using it for, who we are sharing it with, how long we are keeping it, and on what basis we are processing the data. While we always prefer to process data based on your explicit consent, as a recruitment organisation we also have a ‘legitimate interest’ in processing your data to ensure we are matching you to suitable vacancies. There are also times when we have to process your information because we are required to by law. 2.The right of access – If you would like to see the records we hold on file for you.. 3.The right to rectification – If you believe we are holding incorrect information, you can ask us to correct it. 4.The right to erasure – You can ask us to remove your information from our records. As long as there is no legal requirement for us to keep them (for example, HMRC require us to keep payroll records for 6 years), we will remove your details. This will mean that we won’t be able to contact you with any work opportunities in future. 5.The right to restrict processing – Instead of asking to be removed, you can ask us to stop processing it – so you can ask us to stop contacting you about work opportunities, for example. 6.The right to data portability – If you want to take your data to another organisation,. 7.The right to object – You have the right to object to your data being processed on the basis of legitimate interests, direct marketing, and processing for statistical purposes. We will stop processing your information immediately unless there are legal reasons for us not to do so. 8.The right not to be subject to automated decision-making (including profiling) – You have the right to object to automated decision-making. AppRapid uses automated decision-making in the recruitment process only as results for some of online testing, who are generated automatically. However, if you wish to challenge the result you have achieved, the result can be check manually on request. 9.The right to withdraw consent at any time. Where you have consented to us processing your personal data and sensitive personal data you have the right to withdraw that consent at any time by contacting Cristina Vaida on cristina@newayinternational.co.uk or Magda Adamkiewicz on complianceandsr@newayinternational.co.uk . Please note that if you withdraw your consent to further processing that does not affect any processing prior to the withdrawal of consent, or which is required on a legal basis. There may be circumstances where the Company will still need to process your data for legal or official reasons. Where this is the case, we will tell you and we will restrict the data to only what is necessary for those specific reasons. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us on the above email addresses of Cristina Vaida or Magda Adamkiewicz. All requests must be made in writing and will be dealt with within 30 days. How do we collect your data? You directly provide AppRapid with most of the data we collect. We collect data and process data when you: ●Register online or place an order for any of our products or services. ●Voluntarily input your information into the AppRapid App, our website or provide feedback on any of our message boards or via email. ●Use or view our website via your browser’s cookies. AppRapid may also receive your data indirectly from the following sources: ●The parent company Neway International Ltd How will we use your data? AppRapid collects your data so that we can: ●Process your registration and manage your account. ●It will be used for the purposes of progressing your application for work, or to fulfil legal or regulatory requirements if necessary. The information we ask for helps us to assess your suitability for work. You don’t have to provide the information we ask for, but it might affect our ability to provide you with work if you don’t. ●Analytics which we will use internally to improve our services and products AppRapid will process your personal data and/or sensitive personal data with the following recipients: •Clients (whom we may introduce or supply you to) - In order for our client organisations to consider workers for opportunities within their businesses, we need to share worker information with them. We have contracts in place with these organisations that require them to treat worker information as confidential before we share worker information with them. •Workers - In order to perform our recruitment services (such as arranging interviews, for example) we often need to share client contact information (such as name, job title and contact details) with workers. •Auditors & Inspectors - from time to time we may be audited by third parties to ensure that we are operating a legally compliant and ethical business. These third parties may include: oGovernment regulatory and enforcement audits oIndependent social compliance audits oClient audits oFormer employers whom we may seek references from oOther - If we would like to share your data with anyone not covered in this privacy notice (such as sharing references/testimonials with potential companies, for example), we will only do this where we have a legitimate reason to do so and where required will ask for your specific consent to do so. How long do we keep your data? We keep the information for either the minimum period we are required to keep it by law; or for as long as you give us consent to keep the information; or as defined in our Records Retention Schedule, see Appendix. Once this time period has expired, we will delete your data using industry standard methods to ensure that your data is securely removed. How do we store your data? AppRapid securely stores your data digitally, encrypted both at rest and in transit within the United Kingdom. Overseas Transfers We will not transfer the information you provide to us to countries outside the UK for the purposes of providing you with work-finding services. Marketing AppRapid would like to send you information about products and services of ours that we think you might like, as well as those of our parent company - Neway International Ltd You have the right at any time to stop AppRapid from contacting you for marketing purposes or giving your data to other members of Neway International Ltd - If you no longer wish to receive these communications please contact us. What are cookies, how do we use and manage cookies? We may obtain data about you from cookies. These are small text files that are placed on your computer by websites that you visit, to collect standard Internet log information and visitor behaviour information. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. When you visit our websites, we may collect information from you automatically through cookies or similar technology For further information, visit allaboutcookies.org. AppRapid uses cookies in a range of ways to improve your experience on our website, including: ●Keeping you signed in ●Understanding how you use our website There are a number of different types of cookies, however, our website uses: ●Functionality – AppRapid uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used. ●Advertising – AppRapid uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. AppRapid sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website. You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result. Privacy policies of other websites The AppRapid website contains links to other websites. Our privacy policy applies only to our website and be aware that we’re not responsible for the privacy practices of such other sites. When you leave our site we encourage you to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by AppRapid website. Changes to our privacy policy AppRapid keeps its privacy policy under regular review. We will post any changes on the statement with revision dates. If we make any material changes, we will notify you. This privacy policy was last updated on 1 December 2020. Complaints or queries If you have any queries or wish to complain about this privacy notice or for further information regarding these rights, or any other of our data protection policies or practices please contact the Neway Office, or contact directly Senior Managers: Cristina Vaida on cristina@newayinternational.co.uk and/or Magda Adamkiewicz on complianceandsr@newayinternational.co.uk; Data Protection Officers. Write to us: Neway International Limited. Registered in England No. 04843833. Registered office: Crescent House, Angel Hill, Bury St Edmunds, IP33 1UZ How to contact the appropriate authority You also have the right to raise your complaint or if you feel that AppRapid has not addressed your concern in a satisfactory manner, you may wish to contact the Information Commissioner’s Office. Address: Information Commissioner's Office Wycliffe House, Water Lane Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Fax: 01625 524510 https://ico.org.uk/concerns/ APPENDIX - Records Retention Schedule AppRapid must retain certain records containing your personal and sensitive personal data for periods that are defined in law. For these, and for other records containing your personal and sensitive personal data we will retain this information in either or both paper and electronic form for the periods specified in this schedule. Data record types with statutory retention periods Accident books, accident records/reports Statutory retention period: 3 years from the date of the last entry (or, if the accident involves a child/ young adult, then until that person reaches the age of 21). (See below for accidents involving chemicals or asbestos). Statutory authority: The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR) (SI 1995/3163) as amended, and Limitation Act 1980. Special rules apply concerning incidents involving hazardous substances (see below). Accounting records (including VAT records, Company Accounts) Statutory retention period: 3 years for private companies, 6 years for public limited companies. Statutory authority: Section 221 of the Companies Act 1985 as modified by the Companies Acts 1989 and 2006. Income tax and NI returns, income tax records and correspondence with HMRC Statutory retention period: not less than 3 years after the end of the financial year to which they relate. Statutory authority: The Income Tax (Employments) Regulations 1993 (SI 1993/744) as amended, for example by The Income Tax (Employments) (Amendment No. 6) Regulations 1996 (SI 1996/2631). Medical records and details of biological tests under the Control of Lead at Work Regulations Statutory retention period: 40 years from the date of the last entry. Statutory authority: The Control of Lead at Work Regulations 1998 (SI 1998/543) as amended by the Control of Lead at Work Regulations 2002 (SI 2002/2676). Medical records as specified by the Control of Substances Hazardous to Health Regulations (COSHH) Statutory retention period: 40 years from the date of the last entry. Statutory authority: The Control of Substances Hazardous to Health Regulations 1999 and 2002 (COSHH) (SIs 1999/437 and 2002/2677). Medical records under the Control of Asbestos at Work Regulations: medical records containing details of employees exposed to asbestos and medical examination certificates Statutory retention period: (medical records) 40 years from the date of the last entry; (medical examination certificates) 4 years from the date of issue. Statutory authority: The Control of Asbestos at Work Regulations 2002 (SI 2002/ 2675). Also see the Control of Asbestos Regulations 2006 (SI 2006/2739) and the Control of Asbestos Regulations 2012 (SI 2012/632) Medical records under the Ionising Radiations Regulations 1999 Statutory retention period: until the person reaches 75 years of age, but in any event for at least 50 years. Statutory authority: The Ionising Radiations Regulations 1999 (SI 1999/3232). Records of tests and examinations of control systems and protective equipment under the Control of Substances Hazardous to Health Regulations (COSHH) Statutory retention period: 5 years from the date on which the tests were carried out. Statutory authority: The Control of Substances Hazardous to Health Regulations 1999 and 2002 (COSHH) (SIs 1999/437 and 2002/2677). Records relating to children and young adults Statutory retention period: until the child/young adult reaches the age of 21. Statutory authority: Limitation Act 1980. Retirement Benefits Schemes – records of notifiable events, for example, relating to incapacity Statutory retention period: 6 years from the end of the scheme year in which the event took place. Statutory authority: The Retirement Benefits Schemes (Information Powers) Regulations 1995 (SI 1995/3103) Statutory Maternity, Paternity and Adoption Pay records, calculations, certificates (Mat B1s) or other medical evidence Statutory retention period: 3 years after the end of the tax year in which the maternity period ends. Statutory authority: The Statutory Maternity Pay (General) Regulations 1986 (SI 1986/1960) as amended. Wage/salary records (also overtime, bonuses, expenses) Statutory retention period: 6 years. Statutory authority: Taxes Management Act 1970. National minimum wage records Statutory retention period: 3 years after the end of the pay reference period following the one that the records cover. Statutory authority: National Minimum Wage Act 1998. Records relating to working time (including 48 hour Opt Out form and Annual Leave Records) Statutory retention period: 2 years from date on which they were made. Statutory authority: The Working Time Regulations 1998 (SI 1998/1833). Work-seeker records (including application forms/CV, ID checks, details of offered assignments, references and interview notes) Statutory retention period: one year from (a) the date of their creation or (b) after the date on which we last provide you with work- finding services. Statutory authority: The Conduct of Employment Agencies and Employment Businesses Regulations 2003 and The Gangmasters (Licensing Conditions) Rules 2009 Records relating to dealings with other licence holders Statutory retention period: one year from creation or, where they have been supplied by another person, from last supply. Statutory authority: The Gangmasters (Licensing Conditions) Rules 2009 Data Record types with non-statutory retention periods Application forms and interview notes (for unsuccessful candidates) Retention period: One year. Assessments under health and safety regulations and records of consultations with safety representatives and committees Retention period: permanently. Inland Revenue/HMRC approvals Retention period: permanently. Money purchase details Retention period: 6 years after transfer or value taken. Pension scheme investment policies Retention period: 12 years from the ending of any benefit payable under the policy. Pensioners' records Retention period: 12 years after benefit ceases. Pensions Auto-Enrolment (including auto-enrolment date, joining date, opt in and opt out notice and contributions paid) Retention period: 6 years after benefit ceases Hirer Records (including Client Details, Terms of Business, Assignment / Vacancy Details) Retention period: six years from (a) the date of their ceases or (b) six years after we last provide you with services. Personnel files and training records (including Terms of engagement, Right to Work, Medical Questionnaire and Disciplinary Records) Retention period: 2 years after employment ceases. Annual Appraisal / Assessment Records for Permanent staff Retention period: 6 years after employment ceases. Redundancy details, calculations of payments, refunds, notification to the Secretary of State Retention period: 6 years from the date of redundancy Senior executives' records (that is, those on a senior management team or their equivalents) Retention period: permanently for historical purposes. Statutory Sick Pay records, calculations, certificates, self-certificates Retention period: The 3 years after the employment ceases.