For our full Privacy Policy please click here

This site is owned and operated by The 1st Recruitment Group. Your privacy on the Internet is of the utmost importance to us. At 1st Recruitment , we want to make your experience online satisfying and safe.

Because we gather certain types of information about our users, we feel you should fully understand the terms and conditions surrounding the capture and use of that information. This privacy statement discloses what information we gather and how we use it.

Definition of the Information 1st Recruitment gathers and keeps track of.

The 1st Recruitment Group gathers two types of information about users:

Information that users provide through optional, voluntary submissions. Including Tell a Friend and Registration for email alerts:

Information The 1st Recruitment Group gathers through aggregated tracking information derived mainly by tallying page views throughout our sites. This information allows us to better tailor our content to candidates' needs and to help our advertisers and sponsors better understand the demographics of our audience. Under no circumstances does 1st Recruitment divulge any information about an individual user to a third party.

The 1st Recruitment Group Gathers User Information In The Following Processes:

Optional Voluntary Information

We offer the following free services, which require some type of voluntary submission of personal information by users:

1.  Email Alerts

Users are provided with an option to register with the The 1st Recruitment Group site. We store users' name and email address and also preferences in terms of finding out what kind of jobs they are interested in. This information is held securely and is under no circumstances is this information divulged to a third party.

USAGE TRACKING

The 1st Recruitment Group tracks user traffic patterns throughout all of our sites. However, we do not correlate this information with data about individual users. The 1st Recruitment Group does break down overall usage statistics according to a user's domain name, browser type, and MIME type by reading this information from the browser string (information contained in every user's browser).

The 1st Recruitment Group sometimes tracks and catalogs the search terms that users enter in our Search function, but this tracking is never associated with individual users. We use tracking information to determine which areas of our sites users like and don't like based on traffic to those areas. We do not track what individual users read, but rather how well each page performs overall. This helps us continue to build a better service for you.

USE OF INFORMATION

The 1st Recruitment Group uses any information voluntarily given by our users to enhance their experience in our site, whether to provide interactive or personalized elements on the sites or to better prepare future content based on the interests of our users.

The 1st Recruitment Group creates aggregate reports on user demographics and traffic patterns for advertisers, sponsors and partners. This allows our advertisers to advertise more effectively, and allows our users to receive advertisements that are pertinent to their needs. Because we don't track the usage patterns of individual users, an advertiser or sponsor will never know that a specific user clicked their ad. We will not disclose any information about any individual user except to comply with applicable law or valid legal process or to protect the personal safety of our users or the public.

OPT-OUT POLICY

Wherever appropriate we give our users the option to opt out of services provided by this web site.

YOUR CONSENT

By using this site, you consent to the collection and use of this information by The 1st Recruitment Group. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.

DATA PROCESSING AGREEMENT

The Controller is in the business of providing recruitment services and therefore holds and controls personal data, including special category data, pursuant to the provision of those services. 

The Processor is an employer and uses the services of the Controller when recruiting for employment roles/opportunities within their business.  The Processor will, from time to time, have access to personal data about potential candidates to establish whether those individuals would be suitable for an opportunity/role within their business.

The parties agree to follow in their respective operations generally acknowledged international data security principles and undertake to comply fully with the Data Protection Legislation (Jersey) Law 2018 (or equivalent legislation) and to procure that their employees, agents and contractors will act accordingly.

Definitions

“Controller’s Data” means personal data that is held by or the responsibility of the Controller and that is –

(a) being processed by means of equipment operating automatically in response to instructions given for that purpose;

(b) recorded with the intention that it should be processed by means of such equipment; or

(c) recorded as part of a filing system or with the intention that it should form part of a filing system.

“personal data” means any data relating to a living person, from which that individual can, directly or indirectly, be identified or is identifiable.

“processing” means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“special category data” means –

(a) data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership;

(b) genetic or biometric data that is processed for the purpose of uniquely identifying a natural person;

(c) data concerning health;

(d) data concerning a natural person’s sex life or sexual orientation; or

(e) data relating to a natural person’s criminal record or alleged criminal activity.

Duties of Processor

• Unless otherwise required by law, the Processor shall only process the Controller’s Data, on the express written instruction of the Controller and shall only process or use the Controller’s Data as strictly necessary for the performance of their contractual or legal obligations to the Controller.

• The Processor shall ensure that all their employees, agents and contractors are subject to a strict duty of confidence in respect of the Controller’s Data and shall not disclose the Controller’s Data to a third party who is not an employee, agent or contractor of the Processor, without the agreement in writing in advance of the Controller.

• The Processor shall take appropriate security, organisational and technical measures to ensure the security of the Controller’s Data, including specific and appropriate technical measures, such as pseudonymisation or encryption. The Processor shall not downgrade the security configuration of any system processing the Controller’s Data, without the prior consent of the Controller.

• The Processor shall ensure that the Controller’s Data is handled, processed and stored at all times, in such manner as is consistent with the data security classification applicable to the relevant personal data and protect all such data from corruption, unauthorised access and interference whilst either in the possession and control of the Processor or in transit across a network (whether public or private).

• The Processor shall ensure that the Controller’s Data is not stored on any portable medium or device including, without limitation, laptops, PDAs, and memory sticks), except where (a) such storage is strictly required for the performance of the Processor’s obligations under any agreement with the Controller and (b) the storage device used is encrypted.

• The Processor shall not engage sub-contractors and give them access to the Controller’s Data without the prior consent of the Controller and under a written contract.

• The Processor shall advise the Controller immediately if the Processor is requested to undertake an action or task that could infringe on the requirements of the Data Protection (Jersey) Law 2018 or equivalent legislation.

• To the extent required, the Processor shall assist the Controller in fulfilling subject-access requests and enabling individuals to exercise their rights under the Data Protection (Jersey) Law 2018 or equivalent legislation.  This includes individual’s rights to data portability, right of access, right to rectification, right to erasure, right to restriction of processing, right to object to processing and right to not be subjected to automated profiling.

• The Processor shall provide the Controller with all information reasonably necessary to enable the Controller to meet its obligations under the Data Protection (Jersey) Law 2018 or equivalent legislation, including in relation to data security, personal data breaches and preparing any data protection impact assessment.

• The Processor shall submit to audits and inspections by the Controller, as required, for the purposes of the Controller establishing compliance with this agreement and the requirements of the Data Protection (Jersey) Law 2018, or equivalent legislation.

• The Processor shall make available all information necessary to the Controller to demonstrate the Processor’s compliance with its processing obligations and shall maintain a record in writing of all categories of processing activities carried out on behalf of the Controller and make such records available to the Controller on request.

• In the event of any personal data breach relating to or which could compromise the Controller’s Data, the Processor shall immediately notify the Controller, without undue delay, after becoming aware of the breach of all pertinent information relating to the breach including:
• the nature of the personal data breach;
• the categories and approximate numbers of individuals concerned;
• the categories and approximate number of personal data records concerned;
• a description of the likely consequences of the personal data breach; and
• a description of the measures taken, or proposed to be taken, to deal with and mitigate the personal data breach where possible.

• In the event of a personal data breach relating to or which could compromise the Controller’s Data, the Processor shall ensure that it makes any notifications to the Data Protection Authority in Jersey, or equivalent body, as required by law. The Processor shall co-operate with the Controller to investigate and remediate any breach and cooperate with the Data Protection Authority in Jersey and any other relevant supervisory or regulatory bodies and assist with any notifications the Controller considers it appropriate to make, as required.

• Nothing in this agreement relieves the Processor of its obligations under the Data Protection (Jersey) Law 2018, or equivalent legislation, which may leave the Processor liable to administrative fines, penalty or compensation or legal proceedings if the Processor does not act in accordance with those legal requirements.

• The Processor shall return all personal data to the Controller as requested at the end of their contractual relationship, or in the alternative delete such information with the express consent of the Controller and provide a certificate or other confirmation evidencing such action.

Transfer out of the European Economic Area

• The Processor shall not transfer or process the Controller’s Data outside of the Territory of the European Economic Area, without the prior written consent of the Controller. The Processor shall obtain the consent of the Controller in writing (which shall not include by email) before supplying the Services (in whole or in part, whether itself or via a subcontractor or agent) from a country outside the Territory of the European Economic Area. The Processor shall not use servers outside of the European Economic Area.

Liability

• The Processor shall fully and effectively indemnify and keep indemnified the Controller from and against, and agrees to pay on demand, any and all losses, liabilities, damages and expenses (including legal fees on a full indemnity basis) incurred by or awarded against the Controller as a result of any breach of this agreement or the Data Protection (Jersey) Law 2018, or equivalent legislation, in relation to the services provided by the Processor to the Controller. Without prejudice to the foregoing or to any other rights or remedies of the Controller, in the event of any breach the Processor undertakes promptly to remedy the breach (or the circumstances giving rise to the breach) without charge.  The Controller also reserves the right to require that the Processor cease to be engaged in the delivery of services to the Controller and that any breach be rectified by a third party, to the cost of the Processor.
• In the event of any unauthorised use or any misuse of the Controller’s equipment, systems, data or information by the processor or by virtue of actions or inactions of the Processor, the Controller shall have the right (without prejudice to its other rights) to:
• seek adequate compensation for any damage or costs incurred in such instances; and
• require that the Processor cease to be engaged in the delivery of services to the Controller.

Governing Law

• This agreement shall be governed by and construed in accordance with the laws of Jersey and Guernsey. Any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims), including any question regarding its existence, validity or termination, shall be subject to the exclusive jurisdiction of the courts of Jersey and Guernsey.