Privacy Policy

This Website is operated by Star Medical Contracts Ltd and Outico Ltd, who act as Joint Data Controllers. Both parties have their  registered offices at 4 Kelso Place, Upper Bristol Road, Bath, BA1 3AU.

As part of the Uniphar Group, the Joint Controllers fully respect your right to privacy, and will not collect any personal information about you on this website or any of the websites we operate without your clear permission. Any personal information which you volunteer to us will be treated with the highest standards of security and confidentiality, strictly in accordance with the relevant Data Protection Acts. The Joint Controllers may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

Contact details:

If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us, please contact:

Data Protection Officer 

4045 Kingswood Road

Dublin

D24 V06k

Email: DPO@staroutico.com

When we refer to “Personal Data” in this Data Protection Statement we mean any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

1. OUR DATA PROTECTION STATEMENT

Under the General Data Protection Regulation (the “GDPR”), we are required to explain to you why we are asking for information about you, how we intend to use the information you provide to us and whether we will share this information with anyone else. We must also explain your rights under the GDPR and related data protection laws in relation to our processing of your Personal Data. For your convenience we have divided our Data Protection Statement into sections. This general section is applicable to everyone. The other sections set out specific information relating to the following individuals:

 

  • “Candidates” – recruitment candidates, contractors and temps
  • “Business Contacts” clients of our recruitment and outsourcing services and other suppliers and consultants to the Star business
  •  “General Contacts” – including visitors and users of our website

We treat the protection of your personal data seriously and when we collect and process your Personal Data, we will do so in accordance with the GDPR and relevant local data protection laws (the “Data Protection Laws”).

2. ABOUT US

This Data Protection Statement applies to the following affiliated companies: 

Star Medical Contracts Ltd.  4 Kelso Place, Upper Bristol Road, Bath, United Kingdom, BA1 3AU.

Star Medical Ltd. 4 Kelso Place, Upper Bristol Road, Bath, United Kingdom, BA1 3AU.

Star Medical Irl. 4045 Kingswood Road, Citywest Business park, Dublin, Ireland, D24 V06k.

Outico Ltd. 4 Kelso Place, Upper Bristol Road, Bath, United Kingdom, BA1 3AU.

Point of Care Health Ltd.  4045 Kingswood Road, Citywest Business park, Dublin, Ireland, D24 V06k.

Clinical Cube Ltd. 4045 Kingswood Road, Citywest Business park, Dublin, Ireland, D24 V06k.                                          

Star Europe Ltd.  Middenweg 6, 4782 PM Moerdijk, Netherlands.

 

References to “We”, “Us” the “Company” and “Star” shall apply to the company in the group that is processing your Personal Data.  

Established in 2002, we are a leading data analytics, outsourcing, recruitment, brand engagement, communications, and resourcing provider to the pharmaceutical, medical device and healthcare industries.

We are part of the Uniphar Group, the largest wholesaler and service provider for the pharmaceutical and healthcare sectors in Ireland.

This Data Protection Statement describes how we process Personal Data in order to fulfil the objectives specified above.  It includes detailed information about the types of Personal Data that we process, and how we use, manage and protect that Personal Data.

3. WHO THIS DATA PROTECTION STATEMENT APPLIES TO?

This Data Protection Statement applies to the Personal Data we process about the following Data Subjects:

Candidates - Includes any person who engages with us to help them to find a job or applies for a role we have advertised or someone we have placed with a Business Contact whether on a permanent or a contract basis or someone we identify as a potential job seeker.  Candidates include those applying for jobs directly with Star.

Business Contacts - This includes suppliers, partners, shareholders, and other business contacts of Star including customers of our outsourcing and resourcing services.

General Contacts - This includes all other individuals whose Personal Data we process that are not covered in the other sections above including:

  • website users; and
  • details of next of kin/emergency contact details and referees


We process all Personal Data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds for processing Personal Data.

 

4. LAWFULNESS OF PROCESSING

When Star processes Personal Data any one of the following legal grounds will generally apply.  Further detail about the lawful basis for our processing activities in included in the relevant sections of this Data Protection Statement.

CONSENT

For certain processing activities we may rely on your consent. Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at info@staroutico.com

LEGITIMATE INTEREST

At times we will need to process your Personal Data to pursue our legitimate interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights. 

 

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.

You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at info@staroutico.com and we will review our processing activities.

LEGAL OBLIGATION

If we have a legal obligation to process Personal Data, we will process Personal Data on this legal ground.

 

5. SECURITY

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws.  In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.  Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential.  Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

6. SECURITY

Personal Data is shared in certain circumstances as follows:

 

  • to business partners and sub-contractors for the performance of any contract relating to services provided by Star, including email, chat, ticketing, CRM, ATS, payment processors, data aggregators, hosting service providers;
  • to Business Contacts in the case of Candidate Personal Data
  • to Business Contacts in the case of Personal Data relating to referees, next of kin/emergency contacts
  • to Candidates for the purposes of contacting Business Contacts
  • for the purposes of third-party screening and verification, including doctors or testing companies (for example, criminal record checks / pre-employment screening services and assessments)
  • to other companies in the Star group of companies, and including Uniphar PLC, for the purposes of administration, marketing and provision of our services. 
  • to any party acquiring an interest in the Star company
  • to tax, audit or other authorities, if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation or in order to enforce or apply any contract that we have;
  • to official authorities to protect our rights, property, or safety, or those of other persons (including you);
  • to payment service partners for the processing of payments to and from Star, to screen for fraud and carry out other related activities;
  • to our post or courier partner to complete delivery of papers;
  • to providers of services to Star including IT consultants and hosting companies, marketing, legal and finance;
  • to analytics and search engine providers that assist us in the improvement and optimisation of our Website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google
  • to Star’s insurance brokers and providers where required for administering claims;
  • to our email distribution partner and service providers in the case of marketing and newsletters; 

In certain circumstances your Personal Data may be transferred outside the EEA. In each case this is carried out under legally approved mechanisms to lawfully transfer Personal Data across borders, including Standard Contractual Clauses approved by the European Commission.

7. RETENTION

We only keep your Personal Data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.

 

Further information is set out in the relevant sections of this Data Protection Statement.

 

8. YOUR RIGHTS

You have various rights relating to how your Personal Data is used.

You can ask for access to the Personal Data we hold on you

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we have recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.

We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.

You can ask to change Personal Data you think is inaccurate

You should let us know if you disagree with something included in your Personal Data.

We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.  

You can ask to delete Personal Data (right to be forgotten)

In some circumstances you can ask for your Personal Data to be deleted, for example, where: 

  • your Personal Data is no longer needed for the reason that it was collected in the first place
  • you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
  • there is no lawful basis for the use of your Personal Data
  • deleting the Personal Data is a legal requirement

Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.

Please note that we can’t delete your Personal Data where:

  • we are required to have it by law
  • it is used for freedom of expression 
  • it is used for public health purposes
  • it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
  • it is necessary for legal claims. 

You can ask us to limit what we use your Personal Data for

You have the right to ask us to restrict what we use your Personal Data for where:

  • you have identified inaccurate Personal Data, and have told us of it
  • where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether

When Personal Data is restricted it can’t be used other than to securely store the Personal Data and to handle legal claims and protect others, or where it’s for important public interests.

You can ask to have your Personal Data moved to another provider (data portability)

You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

You can make a complaint

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of Data Protection Law took place.

 

9. TRANSFERS OUTSIDE THE EEA

In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.

If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission or the Privacy Shield in the case of transfers to the USA. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.

10. USE OF THIRD-PARTY WEBSITES

Websites that you access via a link on the Star website are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect Personal Data from you, which will be used by them in accordance with their own Data Protection Statements, which may differ from ours. Please check the Data Protection Statements on those websites before you submit any Personal Data to them. 

 

11. COOKIES

Please see our separate cookie policy available here.

12. AMENDMENTS TO THIS DATA PROTECTION STATEMENT

We will post any changes to this Data Protection Statement on the Website and when doing so will change the effective date at the top of this Data Protection Statement. 

In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

13. QUESTIONS OR COMPLAINTS

Thank you for reading our Data Protection Statement.  Please Contact Us if you have any questions.  If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached

The Supervisory Authority in Ireland may be contacted as follows:

Online Form:     https://forms.dataprotection.ie/contact

Address:              21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Tel:                       +353 578 684 800 or +353 761 104 800

 

The Supervisory Authority in the UK may be contacted as follows:

Information Commissioner Office

Contact Information:   https://ico.org.uk/global/contact-us/

Live Chat:                           ico.org.uk/livechat

Helpline:                             0303 123 1113

 

The Supervisory Authority in the Netherlands may be contacted as follows:

Post: Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ DEN HAAG

Telephone:  (+31) - (0)70 - 888 85 00

 

 

 

  1. OVERVIEW

In addition to our General - Data Protection Statement this Candidate Data Protection Statement provides further information about the Personal Data we process in relation to Candidates.

Please see the General - Data Protection Statement for information on:

  • Contact Details
  • Our Data Protection Statement
  • About Us
  • Who this Data Protection Statement applies to?
  • Lawfulness of Processing
  • Security
  • Disclosure of Personal Data
  • Retention
  • Your Rights
  • Use of Third-Party Websites
  • Cookies
  • Amendments to this Data Protection Statement
  • Questions or Complaints

 

For the purposes of this Candidate – Data Protection Statement, a Candidates includes any person who engages with us to help them to find a job or applies for a role we have advertised or someone we have placed with a Business Contact whether on a permanent or a contract basis or someone we identify as a potential job seeker. Candidates include those applying for jobs directly with Star.

As a recruitment business we connect Candidates looking for a job with organisations seeking to hire Candidates on a permanent or contract basis.

We specialise in the recruitment and placement of Candidates, providing contract and permanent employment solutions across a range of industries including pharmaceutical, medical device and healthcare.

  1. SOURCES OF CANDIDATE DATA

We receive Personal Data about Candidates from a variety of sources. Usually a Candidate provides us with certain information directly, for example, when the Candidate sends us their CV, applies directly for a position advertised on a Star website, or interacts with our communications (e.g. websites and advertisements).

We may also receive Personal Data about a Candidate when:

  • the Candidate applies to a position advertised on a third-party job’s website;
  • the Candidate may be sourced from publicly accessible platforms such as LinkedIn;
  • the Candidate may be sourced from third party CV providers such as jobs websites that provide CV search facilities and where users have made their CV data available to registered customers of these sites; and
  • the Candidate’s nominated referees or other individuals may provide us with Personal Data relating to the Candidate.

 

  1. CATEGORIES OF CANDIDATE PERSONAL DATA

The list below sets out the general categories of Personal Data that we collect in relation to Candidates.

Contact Data - may include a person’s email address, phone number, postal address, other communication details (e.g. Skype)

Identification Data - may include a person’s name, date of birth, driver’s license, national tax identification number and passport information

Professional Data - may include profession, company, department, employment history, skills/ experience, membership of professional bodies

Education Data  - may include degrees, certificates and diplomas awarded, languages, educational history, qualifications

CV Data - may include Contact Data, Identification Data, Professional Data, Education Data and information about achievements and hobbies

Financial Data - includes payment and bank details, tax information, social security and salary expectations

Test Data - includes the Candidate tests answers and results for any job application

Health Data - includes health information including information about any disability or illness.

Application Data - includes Personal Data provided as part of an application for a permanent or contract position advertised by Star as an employment business.  It includes Contact Data, Identification Data, Professional Data, Education Data and Test Data.

Media Data - includes video data and recordings from any interview with the Candidate including, Contact Data, Professional Data, Education Data, Health Data, Application Data and Communications Data.

Legal Data - includes criminal record and credit checks undertaken where required as part of the application process.

Position Data - includes information on salary/rate of pay, working hours and job description

Emergency Contact Data - may include the name and contact details provided by a Candidate in case of an emergency.

Communications Data - may include Personal Data included in communications with us over email, text, phone or letter.

Marketing Data - may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.

Web Data - may include information provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

 

4. OUR PROCESSING ACTIVITIES

We can only collect your Personal Data if we have a lawful basis for doing so.

We have set out below, the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.  A separate data protection notice is provided to Candidates who work for Star as on a contract basis.

 

Purpose/Activity

Type of Personal Data

Lawful basis for processing

Candidate Sourcing

  • to advertise roles on the Star website
  • to create a record/file for the Candidate on our system and to associate all notes and tracking throughout the job search, interview, placement, onboarding and contracting process
  • to keep up to date information about Candidates in relation to their job search process and their requirements, in order to assess their suitability for current or future vacancies
  • to maintain our Candidate database
  • screening and identification of Candidates for available positions
  • to communicate with Candidates about jobs that might be of interest to them
  • to receive and review Candidate applications
  • to understand current and expected salary, notice period and availability, current and required locations in order to enhance and impact the success of the matching process and ensure the Candidate is provided with the most relevant opportunities
  • CV Data
  • Communications Data
  • Marketing Data
  • Legitimate interest
  • Consent

 

Candidate Applications

  • responding to Candidate queries
  • receiving and reviewing Candidate applications received from Candidate directly
  • communications with Candidate re application
  • setting up interviews with the Candidate
  • engaging with Business Contacts in relation to the Candidate
  • CV Data
  • Communications Data

 

  • Consent
  • Legitimate Interest

 

Candidate Interview

  • to arrange and undertake Candidate Interview
  • recording notes of Candidate Interview
  • to communicate with the Candidate following interview
  • CV Data
  • Communications Data
  • Media Data

 

  • Consent
  • Legitimate Interest

 

Candidate Screening

  • to identify if the Candidate is fit to work
  • to assess the Candidate
  • CV Data
  • Health Data
  • Test Data
  • Consent
  • Assessment of Working Capacity

Candidate Placement in Permanent Position

  • to maintain relationship with Candidate
  • to ensure database is maintained
  • Contact Data
  • Role Data
  • Communications Data
  • Marketing Data
  • Consent
  • Legitimate Interest

 

Candidate Finance Activities

  • to ensure salary expectations are met
  • to undertake financial audits
  • to communicate salary/fee arrangements between Business Contact and Candidate
  • Contact Data
  • Role Data
  • Financial Data
  • Consent
  • Legitimate Interest
  • Contract

 

Candidate IT Activities

  • to facilitate insights into activities and develop new services
  • back-up and storage of Candidate data
  • to make improvements and efficiencies in the services
  • Contact Data
  • Identification Data
  • Professional Data
  • Education Data
  • Communications Data
  • Marketing Data
  • Consent
  • Legitimate Interest

Website Delivery

  • to respond to web forms completed by you;
  • to promote our products and services;
  • to administer the Website;
  • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to ensure the safety and security of our website and our services.
  • Contact Data
  • Web Data

 

  • Consent
  • Legitimate Interest

 

Marketing activities

  • to respond to any requests from you
  • to send newsletters and other information that maybe of interest
  • to inform you of events or webinars that might be of interest
  • to deliver and organise our conferences, seminars, events
  • to develop the relationship with Candidates
  • to tailor our products and services to better identify the right Candidates and present the right opportunities at the right time and meet Candidate needs more effectively
  • to personalise marketing information
  • to segment and distribute targeted marketing

 

  • Marketing Data
  • Contact Data
  • Web Data
  • Consent
  • Legitimate Interest

 

 

5. RETENTION OF CANDIDATE PERSONAL DATA
In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests.  We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

 

Our retention policy is as follows:

Purpose of Processing

Retention Period 

Candidate Sourcing

As agreed with data subject 

Candidate Applications

1 year

Candidate Interview

1 year

Candidate Placement

7 years

Candidate Finance

7 years

 

1. OVERVIEW

In addition to our General - Data Protection Statement this Data Protection Statement for Business Contacts provides further information about the Personal Data we process in relation to Business Contacts.

Please see the General - Data Protection Statement for information on:

  • Contact Details
  • Our Data Protection Statement
  • About Us
  • Who this Data Protection Statement applies to?
  • Lawfulness of Processing
  • Security
  • Disclosure of Personal Data
  • Retention
  • Your Rights
  • Use of Third-Party Websites
  • Cookies
  • Amendments to this Data Protection Statement
  • Questions or Complaints

 

For the purposes of this Business Contacts – Data Protection Statement, a Business Contact includes suppliers, partners, and other business contacts of Star including customers of our outsourcing and resourcing services.

 

2. SOURCES OF BUSINESS CONTACT PERSONAL DATA

We will only ever source Personal Data relating to Business Contacts in a way that would be generally expected. We receive Personal Data about Business Contacts from a variety of sources, as follows:

  • the Personal Data is often provided by the Business Contact as part of the relationship;
  • the Personal Data may be collected from public sources;
  • the Personal Data may be collected indirectly from another person within the company of the Business Contact;
  • the Personal Data may be collected through our website;
  • the Personal Data may be collected indirectly from a website or from a third party.

 

a) CATEGORIES OF BUSINESS CONTACT PERSONAL DATA

The table below sets out the general categories of Personal Data that we collect in relation to Business Contacts:

Personal Data Category

Description

Contact Data

may include a person’s name, email address, phone number, postal address, other communication details (e.g. Skype)

Communications Data

may include Personal Data included in communications with us over email, phone or letter.

Marketing Data

may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.

Financial Data

may include payment details

 

b) OUR PROCESSING ACTIVITIES – BUSINESS CONTACTS

The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data that we collect.

In limited circumstance we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen we will notify you of this new purpose.

 

Purpose/Activity

Type of Personal Data

Lawful basis

Managing payments and administration of the contract

  • to process payments to and from our business.
  • to fulfil our legal/contractual obligations
  • to manage/respond to complaint/issue
  • to generate placement activity on our systems for invoicing purposes
  • to communicate payroll and other financial information to Business Contact

 

  • Contact Data
  • Communication Data
  • Financial Data
  • Contract
  • Legitimate Interest
  • Legal Requirement

Service delivery activities

  • to inform update and discuss Candidates that may be of interest with Business Contacts
  • to organise and schedule interviews between Candidates and Business Contacts
  • to discuss the placement and on-boarding of a Candidate
  • to consider Candidate for placement

 

 

  • Contact Data
  • Communication Data
  • Financial Data
  • Contract
  • Legitimate Interest

Website Delivery

  • to respond to web forms completed by you;
  • to promote our products and services;
  • to administer the Website;
  • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to ensure the safety and security of our website and our services.
  • Contact Data
  • Web Data
  • Communication Data

 

  • Consent
  • Legitimate Interest

 

Marketing activities

  • to keep in contact with Business Contacts and review hiring requirements
  • to personalise marketing communications
  • to respond to any requests from you
  • to send newsletters and other information that maybe of interest
  • to inform you of events or webinars that might be of interest
  • to deliver and organise our conferences, seminars, events
  • to follow up with attendees of our events/webinars; and to ask for opinions about our products or services.

 

  • Marketing Data
  • Contact Data
  • Web Data
  • Consent
  • Legitimate Interest

 

 

3. RETENTION OF BUSINESS CONTACT PERSONAL DATA

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests.  We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Our retention policy for Business Contact Personal Data is as follows:

Purpose of Processing

Retention Period

Managing payments and administration of the Contract

7 years

Service Delivery

7 years

Website Delivery

refer to cookie statement

Marketing Activities

As agreed with data subject, whilst legal basis remains 

 

1. OVERVIEW

In addition to our General - Data Protection Statement this Data Protection Statement for General Contacts provides further information about the Personal Data we process in relation to General Contacts.

Please see the General - Data Protection Statement for information on:

  • Contact Details
  • Our Data Protection Statement
  • About Us
  • Who this Data Protection Statement applies to?
  • Lawfulness of Processing
  • Security
  • Disclosure of Personal Data
  • Retention
  • Your Rights
  • Use of Third-Party Websites
  • Cookies
  • Amendments to this Data Protection Statement
  • Questions or Complaints

 

For the purposes of this General Contacts – Data Protection Statement, a General Contact includes:

 

  • website users
  • details of next of kin/emergency contact details
  • Candidate referees

 

2. SOURCES OF GENERAL CONTACT PERSONAL DATA

We will only ever source Personal Data relating to General Contacts in a way that would be generally expected. We receive Personal Data about General Contacts from a variety of sources, as follows:

  • through access to and use of the Star Website
  • from Candidates in the case of next of kin/emergency contact details and referees
  • from Business Contacts in the case of next of kin/emergency contact details/referees

 

3. CATEGORIES OF GENERAL CONTACT PERSONAL DATA

The table below sets out the general categories of Personal Data that we collect in relation to Business Contacts:

 

 

Personal Data Category

Description

Contact Data

may include a person’s email address, phone number, postal address, other communication details (e.g. Skype)

Identification Data

may include a person’s name, date of birth, driver’s license and passport information.

Communications Data

may include Personal Data included in communications with us over email, phone or letter.

Marketing Data

may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.

Web Data

may include information provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

 

 

4. OUR PROCESSING ACTIVITIES – GENERAL CONTACTS

The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data that we collect.

In limited circumstance we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen we will notify you of this new purpose.

 

 

Purpose/Activity

Type of Personal Data

Lawful basis

Use of Next of Kin/Emergency Contacts

  • to communicate with the contact in the event of emergency
  • to ensure the safety of Candidate
  • to communicate with Business Contact in the event of an emergency
  • Contact Data
  • Communication Data
  • Legitimate Interest

Use of Referrals

  • to assess the candidate
  • to contact the referee
  • to discuss candidate with the Business Contact
  • Contact Data
  • Communication Data
  • Legitimate Interest

Management of Corporate Affairs

  • to take minutes at board meetings
  • to contact shareholders/investors
  • to enter into partnerships and other commercial relations
  • to undertake appropriate due diligence

 

  • Identification Data
  • Contact Data
  • Communication Data
  • Financial Data
  • Contract
  • Legitimate Interest
  • Legal Obligation

Website Delivery

  • to respond to web forms completed by you;
  • to promote our products and services;
  • to administer the Website;
  • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to ensure the safety and security of our website and our services.
  • Contact Data
  • Web Data
  • Marketing Data

 

  • Consent
  • Legitimate Interest

 

 

  1. RETENTION OF GENERAL CONTACT PERSONAL DATA

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests.  We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Our retention policy for Business Contact Personal Data is as follows:

Purpose of Processing

Retention Period

Use of Next of Kin/Emergency Contacts

 

Whilst the data subject remains as an employee of the organisation

Website Delivery

As agreed with data subject, whilst legal basis remains