ACIA-logo-icon

Data protection privacy notice ACIN

Introduction 

This is the data protection privacy notice of Afro-Caribbean Insurance Network, also referred to as “we” and “ACIN”. It is relevant to individuals signing up for our membership and for those using our recruitment services, also referred to as “you”. ACIN is determined to respect your privacy and to comply with relevant data protection laws and regulations, including the EU General Data Protection Regulation (GDPR).

In this notice we explain what personal information we will hold about you, how we collect it, and how we will use and may share information about you when you sign up for our membership club and/or during the recruitment process.

Please ensure that you carefully read this notice when you start using our services.

Definitions

In this notice, the following terms have the following meanings:

criminal records information” means personal information relating to criminal convictions and offences, allegations, proceedings, and related security measures;

“personal information” (sometimes known as personal data) means information relating to an individual who can be identified (directly or indirectly) from that information;

“processing” means obtaining, recording, organising, storing, amending, retrieving, disclosing and/or destroying information, or using or doing anything with it;

“sensitive personal information” (sometimes known as “special categories of personal data” or “sensitive personal data”) means personal information about an individual’s race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership (or non-membership), genetics information, biometric information (where used to identify an individual) and information concerning an individual’s health, sex life or sexual orientation;

Who collects the information

Afro-Caribbean Insurance Network, incorporated and registered in England and Wales with company number 12560950 and its registered office at 3rd Floor, 120 Baker Street, London, England, W1U 6TU is the data controller and gathers and uses certain information about you.

Data protection principles

We will comply with the following data protection principles when processing personal information:

1. we will process personal information lawfully, fairly and in a transparent manner;

2. we will collect personal information for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes;

3. we will only process the personal information that is adequate, relevant and necessary for the relevant purposes;

4. we will keep accurate and up to date personal information, and take reasonable steps to ensure that inaccurate personal information are deleted or corrected without delay;

5. we will keep personal information in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the information is processed; and

6. we will take appropriate technical and organisational measures to ensure that personal information are kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.

About the information we collect and hold

When you sign up for our membership club, we will collect personal information from you when you complete our online sign-up form.

The table set out in the Schedule Part I below summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared.

During the recruitment process, we will collect and process both personal information and sensitive personal information about you. Most of this information is collected from you when you fill out an application form via our online platform and/or when you upload your CV. Please refer to the below paragraph for more information about our processing of your sensitive personal information.

The table set out in the Schedule Part II below summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared.

We seek to ensure that the collection and processing of personal information is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

More information on the processing of sensitive personal information

We find it very important to inform you of our reasons for collecting and processing your sensitive personal information and how we use such information. We have therefore included

specific information relating to your sensitive personal information below. Should you have any questions or worries at any stage of the recruitment process about the use of your sensitive personal information, please contact us immediately via e-mail.

The only sensitive personal information we process is your ethnic origin. Our organisation’s goal is to boost ethnic diversity and in order to achieve that goal and to produce figures and statistics for that purpose we need to know your ethnic origin. It is therefore in our legitimate interest to process your ethnic origin. You don’t need to worry that we use your ethnic origin for any other purpose, such as selecting suitable candidates for a role, because we won’t. We also never share your ethnic origin with anyone else outside our organisation and specifically not with our clients. We will not pass on your sensitive personal information to our clients. Therefore, when we, together with our clients (your potential employer) make a selection of candidates for interviews, we will not use (and our client will not even know) your ethnic origin as one of the factors to take into account in that selection process.

When we conduct research and analysis and produce reports about ethnic diversity we use the data we hold about ethnic origin in an anonymized form only.

In addition to the lawful basis for processing, which is our legitimate interest, we also need a special condition for the processing of sensitive personal information. We rely on your explicit consent as that special condition. When you fill out and send the application form, you will have the option to express your consent to the processing of your sensitive personal information by checking a separate tick box.

Where information may be held

Information will be held on our database and other information systems, which may be hosted by third-party service providers.

How long we keep your information

We keep the personal information that we obtain about you when you sign up for our membership club for no longer than is necessary for the purposes for which it is processed. If you choose to quit being a member, we will delete your personal information permanently from our databases.

We keep the personal information that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. How long we keep your information will depend on whether your application is successful and you become employed by one of our clients, the nature of the information concerned and the purposes for which it is processed.

If your application is successful and you are hired by one of our clients, we will only keep records of [your salary, employment details and any other information kept on record of

applications. Personal information that is no longer required will be deleted permanently from our database and systems and any hard copies will be destroyed securely.

Your right to object to us processing your information

Where our processing of your information is based solely on our legitimate interests (or those of a third party), you have the right to object to that processing if you give us specific reasons why you are objecting, which are based on your particular situation. If you object, we can no longer process your information unless we can demonstrate legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims. Please contact us if you wish to object in this way.

Your rights to correct and access your information and to ask for it to be erased

Please contact us if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice. You also have the right to ask for some but not all of the information we hold and process to be erased (the right to be forgotten) in certain circumstances.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or damaged, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also make sure that, where possible, personal information is pseudonymised or encrypted and ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services.

Where we use external organisations to process personal information on our behalf, additional security arrangements need to be implemented in contracts with those organisations to safeguard the security of personal information. In particular, contracts with external organisations must provide that:

1. the organisation may act only on our written instructions;

2. those processing the data are subject to a duty of confidence;

3. appropriate measures are taken to ensure the security of processing;

4. sub-contractors are only engaged with our prior consent and under a written contract;

5. the organisation will assist us in providing subject access and allowing individuals to exercise their rights in relation to data protection;

6. the organisation will assist us in meeting our obligations in relation to the security of processing, the notification of data breaches and data protection impact assessments;

7. the organisation will delete or return all personal information to us as requested at the end of the contract; and

8. the organisation will submit to audits and inspections, provide us with whatever information it needs to ensure that they are both meeting their data protection obligations, and tell us immediately if it is asked to do something infringing data protection law.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

We do not transfer your personal information outside the EEA

We will not transfer personal information outside the European Economic Area (EEA), which comprises the countries in the European Union and Iceland, Liechtenstein and Norway.

How to complain

We hope that we can resolve any query or concern you raise about our use of your personal information. If not, contact the Information Commissioner at https://ico.org.uk/concerns/  or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

How to contact us

We welcome any questions or concerns about the use of your personal information and this notice. Please contact us by e-mail: info@acia.co. 

THE SCHEDULE PART I

membership club

The information we collect

Your name, employer, job title, educational background, date of birth and contact details (e-mail address)

How we collect the information

From you, in the completed sign-up form

Why we collect the information

Legitimate interest: to set up your membership and inform you of events and other information which may be of your interest

How we use and may share the information

To enable us to contact you E-mail address: with third-party service providers, for example marketing services, to send you marketing materials

THE SCHEDULE PART I

recruitment services

The information we collect

Your name, employment history, job title, educational background, date of birth and contact details (address, home and mobile phone numbers, email address

Details of your qualifications, experience, employment history (including job titles, working hours and salary) and interests

Your ethnic origin

Details of your referees

Information regarding your criminal record

How we collect the information

From you, in the completed application form/CV

From you, in the completed application form/CV

From you, in the completed application form

From you, in the completed application form/CV

From the Disclosure and Barring Service (DBS)

Why we collect the information

Legitimate interest: to carry out a fair recruitment process Legitimate interest: to progress your application, inform you of suitable new roles, arrange interviews, inform you of the outcome at all stages and to inform you of events and information which may be of your interest

Legitimate interest: to carry out a fair recruitment process Legitimate interest: to make an informed decision to shortlist for interview and (if relevant) to recruit

Legitimate interest and explicit consent: to produce figures and statistics on ethnicity in the employment context for research and study purposes

Legitimate interest: to carry out a fair recruitment process

To comply with our legal obligations For reasons of substantial public interest (preventing or detecting unlawful acts and protecting the public against dishonesty)

How we use and may share the information

To enable us to contact you to progress your application, arrange interviews and inform you of the outcome Name: to our clients to inform them of your application E-mail address: with third-party service providers, for example marketing services, to send you our newsletter

To make an informed selection decision With our own personnel and with our clients’ HR advisers, talent acquisition consultants and/or recruitment managers

We keep an internal record of the ethnic origin of candidates in order to produce figures and statistics with the ultimate goal of boosting ethnic diversity We do not share your ethnic origin with anyone outside our organisation

To carry out a fair recruitment process Information shared with relevant recruitment personnel and the referee

To make an informed recruitment decision To carry out statutory checks Information shared with DBS and other regulatory authorities as required