Website privacy statement
The Company will collect the personal details that you provide to us on our website for the purposes of providing you with services and/or information. In providing such services and/or information to you we will only use your personal data in accordance with the terms of the following statement.
This statement sets out below:
1. How the Company collects your personally identifiable information through the website.
2. How the Company uses this information.
3. Who the Company may share the information with and for what purpose(s).
4. What choices are available to you regarding collection, use and distribution of your information.
5. The kind of security procedures that are in place to protect the loss, misuse or alteration of information collected through the Company’s website
6. How you can correct any inaccuracies in the information collected through the website.
Information Collection and Use
The Company collects information from our users at several different points on our website. The Company is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others with exception of any applications submitted through the Jobseekers section of the website, or any of the attached microsites. Information received via applications through the website will be dealt with in accordance with our Data Protection Policy. You can view this here.
We request information from you on our online registration forms. Here you must provide contact information and information regarding the type of work you are seeking and your skills, qualifications and experience. This information is used to enable us to provide you with work-finding services, and we will use this information to contact you in regards to your job search. If we have trouble processing your application, this contact information is used to get in touch with you. We will make it clear how we will use your personal data.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
- Remembering settings, so you won’t have to re-complete an entire form if there is a mistake, using a cookie named brewster_pratap_session.
- Security, to help ensure forms you submit on our site is not intercepted or altered, using a cookie named XSRF-TOKEN.
- Measuring how our website is used so we can improve your experience (see Google Analytics below).
Our cookies aren’t used to identify you personally. You can manage and/or delete them as you wish, refer to your web browsers help documentation and settings for details on how to do this, the information is usually found under privacy/security settings.
We use Google Analytics to collect information about how many people use this site and how they use it. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.
Google Analytics sets cookies named _ga, _gid & _gat
You can opt out of Google Analytics cookies by visiting this page on Google.
We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
We may share aggregated demographic information with our clients. This is not linked to any personal information that can identify any individual person.
The Company may transfer only the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you with work-finding services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. We will inform you before any personal data is transferred.
Sale of business
If the Company’s business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
This website contains links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. We encourage you to be aware of this when you leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website.
The Company takes every precaution to protect our users’ information. Our IT Infrastructure consists of several Virtualised Servers performing various security roles; Domain Controllers. Remote Desktop Servers, Secure Gateway Servers and an Application Server. Each of these systems are all running Microsoft Server 2012 R2 and have a dedicated IT Engineer from our third party provider allocated to regularly maintain and apply both critical and security updates to each server.
All of these servers have a high level business grade endpoint protection solution installed offering both Antivirus and Malware protection. Additional to this, the endpoint protection software has Data Loss Prevention configured restricting staff members from copying company data, which can include stakeholders personally identifiable information to USB, Portable media, personal email accounts and cloud ctorage solutions. The DLP rule also monitors activity via business email covering information sent out the business which contains set information e.g.: Identifiable data such as multiple email address, contact details and banking details. This DLP rule is set to alert management if staff members attempt to send this kind of information with an alert and block policy.
All staff user accounts are configured to utilise Microsoft complexity policies encouraging staff to regularly change passwords to the system. This security policy is applied at both device authentication level and document storage level. NTFS security permissions are applied to regulate access privileges at document folder level, and these are restricted to required access dependant on the staff members role.
Further security measures are applied to the CRM solution. Each user has a dedicated application log on password that is NOT synchronised to Active Directory ensuring a secondary level of security is applied when accessing client data. Again these are encouraged to be changed at regular intervals.
Our main network is protected by and an Advanced Security Firewall – Sophos UTM. This firewall has restrictions applied that ensures access to the network is restricted to the static IP address allocated to BPRG via their ISP. This Firewall has Intrusion Protection rules configured and Denial of Service protection enabled ensuring that the BPRG data perimeter is secured. This Firewall also offers web content filtering both at a restricted access level from the management – meaning websites that they do not want staff accessing, and also at a known threat web site level. This database is managed via the Sophos Centrally managed portal and updated via the central solution.
Additional to this, each third party provider have individual user accounts applied to the network which are controlled by our IT Provider. The third parties can only connect into the network via a secure VPN though the Sophos Firewall and each account can only be enabled and disabled through the IT provider as and when required meaning external access is only available with management permission. Finally we have multiple Wireless networks configured and each are restricted for business requirements. All Wireless SSID passphrases are regularly changed and a separate Guest SSID is applied fully segregated from their internal network. This guest SSID is applied via a token generated passphrase which is only valid for the timeframe that the guest is within the premises. Once this device leaves the building it cannot re access the network ensuring that no connections are available without knowing who is utilising our Wi-Fi.
Only employees who need the information to perform a specific job (for example, recruitment consultants, our accounts clerk or our administrative team) are granted access to your information.
The Company uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure and for this reason the Company cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.
If you have any questions about the security at our website, you can send an email to Victoria Long
Correction/Updating Personal Information
If your personally identifiable information changes (such as office address), we will endeavour to provide a way to correct, update or remove the personal data provided to us. This can usually be done by emailing Victoria Long at firstname.lastname@example.org
Notification of Changes
This policy was last updated 14/05/2018
Complaints or queries
The Company tries to meet the highest standards when collecting and using personal information. We take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you wish to complain about this policy or any of the procedures set out in it please contact Victoria Long