This document sets out how we keep your personal data safe, and describes your rights, in accordance with data protection laws adopted in the UK on 25 May 2018.
CAS Group Ltd is the ultimate holding company of the CAS Recruitment group of companies, operating through its Aviation Recruitment Services and Flight Crew Recruitment Services. We understand that your privacy is important to you and, in our capacity as data controllers, we are committed to protecting and respecting it.
The General Data Protection Regulation (GDPR) describes Personal Data as any information relating to a natural person who can be directly or indirectly identified in particular by reference to an identifier. Sensitive personal data is data which is described in Article 9 of GDPR as that relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. We will not collect sensitive data unless required to do so by law.
It is important to point out that we may amend this Privacy Notice from time to time. Please visit our website if you want to stay up to date as we will post any changes there.
The territorial scope of the regulation covers data subjects in the European Union whether the controller/processor is located in the Union or where member state law applies by virtue of public international law.
Who we are
CAS Group provides consulting, resourcing and recruitment services, primarily to the aviation and aerospace industrial sectors. Our products and services will identify which entity you have a relationship with. You can find out more about us at www.casrecruitment.comIf you have any questions, or want more details about how we use your personal information, you can contact us at email@example.com
The term “recruitment” is used throughout this document and refers to:
Flight Crew Services, which provides clients with flight deck crew on a permanent or contract basis.
Aviation Resourcing Services, which provides skilled manpower across line & base maintenance, aircraft production, interiors, operations, MCC, maintenance & completions and business aviation on both a temporary and permanent basis.
How the Law Protects You
Your privacy is protected by law. This section explains how that works.
Data protection laws say that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside Resource Group. The law says we must have one or more of the following reasons:
1. To fulfil a contract we have with you;
2. When it is our legal duty;
3. When it is in our legitimate interest; or
4. When you consent to it.
A legitimate interest is when we have a business or commercial reason to use your information. But, even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
In the following sections we will describe all the ways that we may use your personal information, and which of the reasons we rely on to do so, including our legitimate interests.
The Data We Collect
In order to provide the best possible employment opportunities that are tailored to you, we need to process certain information about you. We collect details that will genuinely help us to help you, such as your name, age, contact details, educational history, industry-related qualifications, employment history, emergency contacts, right to work status, financial details (including bank account and current remuneration) and National Insurance number. You may also voluntarily share other information with us. Where appropriate, and in accordance with local laws and requirements, we may also collect information related to your health, diversity or details of any criminal convictions.
We may collect details of nominated referees (in which case this will be limited to their contact details).
We may use some of the information provided to email you details of jobs/vacancies which relate to your sector of the aviation and aerospace industry.
If you are found placements outside of your country of residence, we may also require you to provide information to allow us to process documentation on your behalf relating, for example, to National Insurance and local/ national tax matters. This may include photographic proof of identity (usually a scan of your passport or other formal identification documents), your marital status and local social security number.
We generally only need to have your contact details, or the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses), to enable us to ensure that our relationship runs smoothly. If we need any additional personal data for any reason, we will let you know.
We'll collect the details of our contacts within your organisation, such as names, telephone numbers and email addresses. We'll also collect bank details so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.
From referees & emergency contacts
All we need from referees is confirmation of what you already know about the candidate or prospective member of staff, so that they can secure that job they really want. Emergency contact details give us somebody to call on in an emergency. To ask for a reference, we'll obviously need the referee's contact details (such as name, email address and telephone number). We'll also need these details if our candidate or a member of our staff has put you down as their emergency contact so that we can contact you in the event of an accident or an emergency.
From website users
When you visit our website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date, the time, the frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via the website.
How we collect Data
We collect candidates’ personal data in three primary ways:
1. Personal data you give to us, which may include:
i. Entering your details on our website or via an application form, as part of the registration process;
ii. Providing us with a hard-copy CV;
iii. Emailing your CV to us in electronic format;
iv. Applying for jobs through a job aggregator, which then redirects you to our website.
2. Personal data we receive from other sources:
i. Your referees may disclose personal information about you;
ii. Our clients may share personal information about you with us;
iii. We may obtain information about you from third party sources, such as LinkedIn and other job sites
3. Personal data we collect automatically:
i. When you access our website, we collect your data automatically via cookies, in line with cookie settings in your browser. (Please see the section on how we use your personal data.)
We collect client personal data in three ways:
1. Personal data we receive directly from you:
ii. Where you contact us, usually by phone or email;
iii. Where we contact you by either phone or email as part of a business development activity
2. Personal data we receive from other sources:
i. By analysing your online media presence;
ii. From third parties such as candidates
3. Personal a data we collect via our website.
i. We may collect data about the extent to which you access our website.
During the course of our business with you we may ask for details from you relating to contact and payment.
Referees & emergency contacts
Personal data relating to emergency contact details and nominated referees are usually provided by candidates.
IP addresses and cookies
We may collect information, such as through Google Analytics (http://www.google.com/analytics), about your computer, including, where available, your IP address, operating system and browser type. This would be for system administration purposes and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
Similarly, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our website and to deliver a better and more personalised service. They enable us:
a) To estimate our audience size and usage pattern;
b) To store information about your preferences, and so allow us to customise our website according to your individual interests;
c) To speed up your searches;
d) To recognise you when you return to the site.
Our website is run on SAS which utilises cookies for two purposes:
a) Registered members need a cookie to be able to log in. This is strictly necessary as SAS won’t work without it;
b) Visitors who leave a comment on a blog post will also have a cookie set on their computer. This is not “strictly necessary” as it’s a user preference.
When you purchase via the website SSCommerce, it makes use of three cookies:
The first two cookies contain information about the cart as a whole and helps SSCommerce know when the cart data changes. The final cookie contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.
How we use your personal data
Some personal data we collect from you is required to enable us to fulfil our contractual obligations to you or to others. Some data are required by statute or other laws. Other items may simply be needed to ensure that our relationship can run smoothly.
Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.
The main reason for using your personal details is to help you find employment or other work roles that might be suitable for you. The more information we have about you, your skillset and your ambitions, the more bespoke we can make our service.
We've listed below various ways in which we may use and process your personal data (sometimes it will be to comply with local laws). Please note that this list is not exhaustive:
a) Collecting your data from you and other sources, such as LinkedIn;
b) Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to recruitment;
c) Providing you with our recruitment services and to facilitate the recruitment process;
d) Assessing data about you against vacancies which we think may be suitable;
e) Sending your information to clients, in order to apply for jobs or to assess your eligibility for jobs;
f) Enabling you to submit your CV, apply online for jobs or to subscribe to alerts about jobs we think may be of interest to you;
g) Carrying out our obligations arising from any contracts entered into between us;
h) Carrying out our obligations arising from any contracts entered into between us and third parties in relation to your recruitment;
i) Facilitating our payroll and invoicing processes;
j) Verifying details you have provided, using third party resources (such as psychometric evaluations or skills tests), or to request information (such as references, qualifications and potentially any criminal convictions, to the extent that this is appropriate and in accordance with local laws);
k) Complying with our legal obligations in connection with the detection of crime or the collection of taxes or duties;
l) Fulfilling our obligations to engage agencies to carry out relevant national security checks when required to do so;
m) Processing and responding to individual complaints through Corrective Action Reporting;
n) Processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.
We may periodically send you information that is relevant to your relationship with us. Additionally, we may wish to use your data for the purposes listed below:
1. To enable us to develop and market other products and services;
2. To market our full range of recruitment services to you;
3. To use testimonials from you on our website (but only where we have obtained your express consent to do so).
If you are not happy about any of these, you may opt out by writing to firstname.lastname@example.org
Article 22 of the GDPR describes automated profiling and limits the use of this type of decision making to:
1. Where it is necessary for the entry into or performance of a contract;
2. Carry out functions that are authorised by local law;
3. Incidents where we have the individual’s consent.
Although we don’t carry out fully automated decision making, we do use algorithms within our database to identify jobs that match your profile. This would be acceptable as it allows for entry into or the performance of a contract.
You may wish to object to this form of processing; in which case we will revert to only processing your details manually. This could make it more difficult to match you with jobs and, in the worst-case scenario, it may mean we have to stop working with you.
Occasionally we may have to use your personal data to help us to establish, exercise or defend legal claims.
We mainly use client data to assist us with recruiting activities and may:
a) Store your details on our database so that we can contact you in relation to recruitment activities;
b) Keep records of our communications so that we can provide targeted services to you;
c) Contact you to carry out customer satisfaction surveys;
d) Process your data for targeted and appropriate marketing.
We will not seek consent to send marketing literature to a corporate postal or email address. If you are not happy with this, you may opt out by writing to email@example.com
We will only use data supplied by you in the following circumstances:
a) To allow us to contact you in relation to our business agreements;
b) To perform legal obligations;
c) To perform checks, such as due diligence, should this be necessary.
Referees & Emergency contacts
If a candidate of ours has put you down on our form as an emergency contact, we'll contact you in the case of an accident or emergency affecting them.
If you were appointed by a candidate of ours as a referee, we will contact you in order to take up a reference. This is an important part of our candidate quality assurance process and could be the difference between the individual getting a job or not.
Legal bases for processing data
Under Article 6 of the GDPR, the data you supply must be processed under one of six lawful bases:
1. Consent to the processing of personal data for one or more specific purposes;
2. Where necessary, for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
3. processing is necessary for compliance with a legal obligation to which the controller is subject;
4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
We believe that all of our processing of data relating to recruitment activities is in line with our legitimate interests. The only exceptions to this is are for marketing reasons, where we have a lawful basis under soft opt- in consent, and for legal reasons when we have a legal obligation to process your data (see below).
It is reasonable to expect that, if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and use your personal data, offer or provide our recruitment services to you, share that information with prospective employers and assess your skills against our bank of vacancies.
Prior to being accepted for a job vacancy, any prospective employer may also want to check the information you've given us to confirm, for example, your references, qualifications and criminal record.
We will always make sure that we operate in a manner that is satisfactory for both of us, whether we are processing your data to carry out an essential business function (like preparing the payroll or processing invoices) or helping you to find suitable employment.
We believe that contacting our clients about recruitment activities and keeping records of our business meetings and communications, constitute legitimate business interests. We also believe that conducting customer surveys and appropriate targeted marketing are all legitimate interests.
We believe that we have a legitimate business reason to contact you in connection with our business dealings, to perform a legal obligation and/or to carry out business checks (such as in the interest of due diligence).
Referees & Emergency contacts
We believe that contacting referees to request candidate information that enables us to carry out background checks on candidates is a legitimate interest. We also believe that processing emergency contact details is a legitimate interest to us and also of personal interest to the candidate.
A soft opt-in consent is a specific type of consent which applies when, by virtue of your having engaged with us (for example by submitting a job application or CV, or registering a vacancy to be filled), we consider that you would like us to send you information on other recruitment-related services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most, this is beneficial as it allows us to suggest other jobs to you alongside the specific one you applied for, significantly increasing the likelihood of us finding you a new position. For other types of e-marketing, we are required to obtain your explicit consent.If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time by writing to us at firstname.lastname@example.org
Like all businesses, we have a legal duty to provide information relating to crime detection, tax collection or actual or anticipated litigation. In these circumstances we will process your information as a legal obligation.
Special categories of personal data
Sensitive personal data is data which is described in Article 9 of GDPR as that relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. We will not collect sensitive data unless required to do so by law. If you are required to provide this data, we will request your specific consent prior to collecting this information.
However, you may voluntarily offer us information about yourself especially where you may be concerned that it may prejudice you.
Third parties’ disclosure
We employ external agencies, for example, to manage our IT, Web and payroll services. Each of the businesses employed to manage our activities has made guarantees that your data will be securely processed in line with the General Data Protection Regulation.
Primarily we will share your personal data with prospective employers to increase your chances of securing employment. Unless you specify otherwise, we may also share your information with any of our group of companies and associated third parties where we feel this will help us to provide you with the best possible service.
We will delete from our system, or securely archive your personal data, if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for three years. This period may be extended if we believe in good faith that the law or relevant regulators require us to preserve your data for longer. After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.
How we store and transfer your data internationally
In order to provide you with the fullest and best service possible it may be necessary to transfer your data as follows:
a) between and within our business;
b) to overseas clients;
c) to clients within your country who may, in turn, transfer your data internationally.
We want to make sure that your data is stored and transferred in a way that is secure. We will therefore only transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) when it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
a) when we have a data transfer agreement with the recipient, incorporating data sharing contractual clauses;
b) by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data to entities in the United States of America;
c) only transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation;
d) where it is necessary for the conclusion or performance of a contract between us and a third party and the transfer is in your interests for the purposes of that contract; or
e) where you have consented to the data transfer.
To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties with whom we share your personal data to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.
Your rights as a data subject
Under Article 13 of the GDPR, we are bound to provide you with information relating to your rights, which are as follows:
Right to object
If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days.
Right to withdraw consent
Where we have obtained your consent to process your personal data, you may withdraw your consent at any time.
Data Subject Access Requests
You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. We are required to confirm your identity before processing any such request and, where we are legally permitted, we may decline your request, but we will explain the reason why to you.
Right to erasure
You have the right to request for us to "erase" your personal data. We will respond to your request within 30 days and will delete your data unless there is a legal reason for keeping your data which prevents us from agreeing to your request, in which case we will let you know why.
Right of data portability
If you wish, you have the right to transfer your data from us to another data controller. This will be by directly transferring your data to you in a commonly used machine-readable format.
If you wish to legitimately exercise any of your rights, please contact: CAS Group Data Protection Officer:Email: email@example.comPhone +44 (0)191 645 7771
Right to lodge a complaint with a supervisory authority:
You also have the right to lodge a complaint with your local supervisory authority.
The supervisory authority is:
Information Commissioner’s office
Tel: 0303 123 1113 or 01625 545 745*
Fax: 01625 524 510*
*Various call charges apply please check with your landline or mobile provider