Biotech Personnel is an HR consultancy that specialises in assisting SMEs that are too small to have a senior HR professional. In conducting the business we collect and process personal data, some of which can be attributed to the individual concerned.
There are three ways in which we receive personal information. The first is when we act as the recruitment arm of a client, placing adverts and searching the internet. In such cases, the information is either in the public domain or supplied by the applicant. The second method is when we act as an extension of the client’s HR capability. The client will supply us with personal employee data. The third method is when we conduct remuneration surveys and companies provide data on their employees. Sometimes this can be attributable due to unique job titles for example.
We only collect information that is necessary to support our clients or conduct a survey. This generally excludes so called “sensitive” information although from time to time, we may be privy to medical records when supporting a client. Generally, the data will relate to pay and benefits, contracts of employment or discipline and performance.
The data we hold is used either to help fill a vacancy or to support pay and benefits decisions. We also get involved in capability and job performance issues and will therefore review appraisal and attendance records. Data for remuneration surveys is used to produce anonymous reports that clients use to benchmark their own practices.
Biotech Personnel will never share, sell, rent or trade personal information. All reports that are produced for remuneration surveys will never reveal individual details and when sub-analyses are conducted, there is no attribution to a particular company. Applicant details are shared with the prospective employer.
Biotech Personnel consists of two partners and no employees. Only partners have access to our data and this is kept securely either in a physical filing cabinet in a secure property or electronically in password protected devices. Backup is performed both on a local hard drive and on a secure, encrypted cloud-based platform. When receiving data from clients, we ensure that they have policies in place that satisfy current regulatory requirements such as the GDPR.
For recruitment purposes, this is generally for twelve months. Employee data is held for as long as it may be a legitimate source of information for a client. This is generally at least for six years.