Call us on 01702 464 444
GDPR Explained - One to One

GDPR Explained

You are here:

Know your data protection rights

General Data Protection Regulation 

From 25 May 2018 the General Data Protection Regulation will impose greater data protection obligations on organisations whilst giving more rights to individuals in relation to how their personal data is processed.

What is personal data?

Personal data is data that can identify you as a living individual. There is general personal data such as name, address, National Insurance number and online identifiers/location data. There is also sensitive personal data which includes information on physical and mental health, sexual orientation, race or ethnic origin, religious beliefs, trade union membership and criminal records. Sensitive personal data must be protected to a higher level.

How do One to One Personnel as a recruitment business get your personal data? 

You may have applied directly to One to One Personnel or we may have found your details from a jobs board or social networking site and we can process your data as long as we have a legal basis for doing so. There are 6 legal bases for processing data, One to One Personnel will rely on:

  1. Your consent
  2. That the processing is necessary for the performance of a contract with you
  3. That we have a legitimate interest in processing your personal data. Different conditions apply to each of these legal bases

What will One to One Personnel tell you about your personal data?

We will give you a privacy notice when we collect your personal data. This privacy notice will state:

• Our contact details

• Why we are processing your data and what is our legal reason for doing so

• If we are relying on legitimate interests, what those legitimate interests are

• How long we will store your personal data for

• That you have a right to request that we correct any incomplete or inaccurate data about you

• That you have the right to request that we erase your personal data

• That you have a right to complain to the Information Commissioner’s Office (ICO)

• That if you have given consent, you can also withdraw that consent; and whether we will use automated decision-making or profiling to assess your suitability for roles.

What are your data protection rights? 

Right to informed consent - for your consent to be valid you must know what you are consenting to. To give valid consent you must give a positive indication of your consent, such as by ticking a box – One to One Personnel will not accept your silence as consent or use a pre-ticked box. However, consent is not the only legal basis that we can use to process your data. If the One to One Personnel does not need consent to process your data, we will not ask for it.

Right to withdraw consent - if you have given consent you will have the right to withdraw your consent. One to One Personnel will stop processing the data that you gave us, but we may continue to process other data if we are required on another legal reason for doing so.

Right to object - you have the right to object to your data being processed. We will then only process your data if we have a compelling legal ground to do so.

Rights in relation to automated decision making - you have a right not to be subject to a decision based on automated processing unless you have given your explicit consent. However, One to One Personnel will not need your consent if our process is not fully automated.

Right to make a Subject Access Request (SAR) - if you make a SAR then One to One Personnel will respond to you within one month, this can be extended to a further 2 months in certain circumstances. We will not charge you to respond to your SAR unless for example you have made repeated requests for the same information. One to One Personnel could refuse to comply with your request for the same reasons.

Right to data portability - where technically possible, you have a right to have your personal data transferred directly from one organisation to another. However, this does not include having your data passed to another organisation without your knowledge. 

Right of rectification of inaccurate or incomplete data - you have the right to request that One to One Personnel corrects any incomplete or inaccurate data we hold on you. One to One Personnel will respond to your request within one month of your request.

Right to erasure - this is also known as the right to be forgotten. You can request that we remove all your personal data. However, this is not an absolute right – One to One Personnel can keep your personal data if we have a legal reason for doing so. If you ask for your data to be erased, we may ask whether you just do not want to hear from us for a period of time or whether you want your data to be permanently deleted? One to One Personnel will not keep lists of people whose data has been deleted, we may still contact you if later on they find your details on a jobs board or a social networking site. If you have requested for your data to be forgotten, we will tell any third parties that they have passed your data to that you have filed a request to erase. They must also to the same. 

One to One Personnel is required to keep certain records such as ID or right to work checks and payroll records for certain periods of time. These obligations will override any request to erase data or any objection to processing for so long as we must keep the data.

Direct marketing One to One personnel will seek your express consent to send you direct marketing, if we want to tell you about services other than work-finding services we will ensure that we have your permission to send this to you. 

Personal data breaches- if the One to One Personnel suffers a data breach, e.g. a loss of theft or personal data, we will inform the ICO. If there is a high risk to you, we will also tell you.

Further information about data protection can be found on the

This factsheet was produced by the Recruitment & Employment Confederation (REC) the professional body for UK recruitment agencies and businesses. If you believe you are not receiving the rights you are entitled to, in the first instance speak to your One to One Personnel. All REC members are required to abide by a Code of Professional Practice and the REC will investigate complaints received against its members within the scope of the

If you are working for an agency that is a member of the REC and you have a complaint, you can refer it to the REC:

The recruitment industry is regulated by the Employment Agencies Standards Inspectorate (EAS) which is part of the Department of Business, Energy and Industrial Strategy (BEIS). If you believe an agency is non-compliant and wish to report them or would like more information on your rights and entitlements as an agency worker, please ring the ACAS helpline on 0300 123 1100. 

The information contained in this document is provided as general background information and should not be taken as legal advice.