- At GOTO Group we care about your data.
- Our data processing activities are always in line with the General Data Protection Regulation (GDPR)
- We keep to a minimum the information we hold about you
- We use your data to assess your suitability for a role at GoToGroup
- We delete your data when it is no longer needed for these things
- You have privacy rights as an individual
- We are happy to talk to you about how we process and protect your data
What we hold
If you have applied for a job with us then we will hold the following information until such time as your application for a specific role is either successful or unsuccessful:
- The information that you provided on your CV or application form.
- If you attend an interview, we will hold interview notes.
- If your application is successful then your data is processed as per the Fair Processing Notice which will be issued to you at the start of your employment with us.
- If your application is unsuccessful then your CV and interview notes will be stored for 3 months just in case there are any disputes on either side, or if that particular role becomes vacant again.
- If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom.
Note: we do not accept unsolicited CVs; these are deleted immediately. We also do not keep old CVs beyond what we have stated above. CVs go out of date quickly and we have an obligation to have correct data in our systems, as well as having a lawful reason for holding it.
Details of the technical personal data that we process if you visit our website is below
- We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
- Some of our websites, like many others, use Google Analytics, a web analytics tool provided by Google to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.
Using Your Information
The data we hold on you will be with the intention of starting a contract with you or because it is a legitimate thing for a business to do, such as holding interview notes.
We use log files from our servers to assist in our firm”s security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).
The basis for processing this is that we have legal and regulatory obligations to protect our supplier and their information. When used for strategy planning, we do this under legitimate interest.
Transfers of your data
We only transfer data outside of the EEA if it is to a country or organisation that is deemed by the EU to have adequate protection of data. For example, our cloud data providers in the US are all signed up to the Privacy Shield – https://www.privacyshield.gov/list . Data may be required to be shared with governing regulatory bodies when we have a legal obligation to do so.
We have a small number of companies providing services to us. These are our processors and we have confirmed that they all meet the requirements of EU data protection laws.
- The GOTO platform is hosted on a widely-used and recognised secure cloud platform.
- Access to the GOTO platform is controlled by an industry standard Authentication mechanism. With the exception of a handful of anonymous pages (such as the Login page), all areas of the system are protected by requiring Username and Password authentication.
- If a user attempts to access the system with a login/password combination that does not exist in our database, they will not be authenticated and thus refused access.
- The GOTO platform employs a role-based authorisation system. Logged in users are assigned permissions according to their role and are only permitted to view pages pertinent to that role.
- All user interaction with the GOTO System is logged to facilitate security auditing.
Email and Office Documents
- Emails and office documents are hosted and managed on a widely-used and recognised secure cloud platform.
- Access to items is limited to users who have been authenticated by a login/password mechanism.
- Access to emails and documents is further restricted according to role. Logged in users are only permitted to view emails and documents pertinent to their role.
- Geographic restrictions are used where appropriate, for example to prevent access to documents by users who are off-premises.
- Platform, email and document servers are maintained in a secure cloud environment as already stated. Administration access to the cloud environment is restricted to a small number of trusted users and limited by a recognised login/password mechanism.
- Administration access to cloud platforms is logged.
- Specialised servers (such as the server which maintains call recording for example) are hosted on premises.
- On-premises servers are only accessible by a small number of trusted users whose access is limited by a recognised login/password mechanism.
- Access to laptops is limited to company staff, each of which has their own unique set of login credentials.
- Laptops are centrally managed from the secure cloud platform (i.e local accounts are not used at all). This allows access to the device to be disabled from a central location in the event that the laptop is lost for example.
- Geographic restrictions are in place for laptops which are used in secure areas. Such laptops do not have access to the GOTO platform, emails or documents outside of company premises.
If you have particular security requirements, please call us to discuss how we can support you.
Phone calls to and from our offices are recorded to ensure we are dealing with our applicants in the manner that they expect. These recordings are therefore processed under legitimate interest when used for training and quality purposes. It may also be necessary to share recordings with governing regulatory bodies where we have a legal obligation to do so. If you don’t want your call to be recorded, just let us know at the beginning of the phone call.
You have lots of rights in respect of our processing of your personal data. The relevant rights are:
- Request a copy of your personal data and information about our processing of it
- Request that we delete information on you if we do not need to hold it
- Request that we correct any personal data that we hold on you
- Request that we stop processing your data, for certain things, eg marketing although we can still hold it
- Request that we move your data to another organisation’s IT system electronically
If you want to exercise any of these rights, please just contact us on email@example.com
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here:
If you want to talk to us about this, email us at firstname.lastname@example.org