Privacy Policy

Bright Future Co-operative

Background to Bright Future and the National Matching Service

This privacy notice is in respect of users of the Tribepad platform which Bright Future (Co-operative) Limited (“Bright Future”) uses to deliver its National Matching Service.

Bright Future is a co-operative and is a member organisation. Bright Future’s core purpose is to provide job opportunities to survivors of modern slavery and operates a National Matching Service to achieve that. Bright Future consists of Business Members who offering job opportunities and Referrer Members who identify candidates for those roles. The purpose of the National Matching Service is to match candidates to suitable job opportunities. Tribepad is the platform that Bright Future uses to match candidates to roles.

Bright Future has engaged Causeway Charitable Services (“Causeway”) to operate the National Matching System, including administering and using the Tribepad platform. In doing so, Causeway acts as the data controller by administering and processing job applications on the system to put candidates in touch with job opportunities. Tribepad acts as the data processor.

In terms of accessing Tribepad, Causeway posts job opportunities from Business Members, and Referrer Members or candidates access the system to view job opportunities and submit applications. Once an application is made, the employer and Referrer Member or candidate are put in direct contact. Before a Referrer Member accesses and uses Tribepad on behalf of a candidate, the Referrer Member is required to obtain the candidate’s consent. By using the Tribepad system, the Referrer Member confirms that appropriate consent has been obtained from the candidate.

Parties under this privacy notice

In these terms when we re refer to “we”, “us” or “Causeway” it means Causeway Charitable Services, who is the data controller. When we refer to “Bright Future” it means Bright Future Co-operative Limited. When we refer to “Tribepad” it means Tribepad Limited. When we refer to “you”, it means the candidate on whose behalf a referrer member is accessing the system.

We are fully committed to complying with Data Protection legislation, including the Data Protection Act 2018 and General Data Protection Regulation (GDPR), which regulates how we process personal information. Here we explain how we collect and use personal data during the matching process.

What personal information do we collect about you? 

In order to match you with job opportunities, we collect and processes personal data relating to candidates. This may include but is not limited to: 

  • Your name, address and contact details, including email address, telephone number and date of birth 
  • Details of your qualifications, skills, experience, employment history, other relevant experience and achievements 
  • Whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process 
  • Proof of your entitlement to work in the UK  
  • Equality monitoring information, including information about your gender, ethnic origin, sexual orientation, sexual identification, age, health and religion or belief. 
  • The outcome and results of any interviews or tests which formed part of the recruitment process 

We collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including tests and/or online tests. 


Data will be stored in a range of different places, including on your application record, and on other IT systems (including email). 

 

Why do we need collect and use personal data about you? 

We need to collect and process data in order to match you with job opportunities and arrange interviews for jobs.

We use this information to:  

  • Communicate with you about job applications made and provide you with alerts about vacancies for roles you have indicated you will be interested in. 
  • Evidence how you meet the requirements of the job being applied for. 
  • Liaise with Referrer Members to arrange interviews and job commencement.

We process personal data because it is necessary to comply with our legal obligations which change throughout the recruitment process: 
Consent:  We use the personal data in your candidate profile to communicate with you and provide you alerts about vacancies for roles you have indicated you will be interested in. 
Contract:  Processing your data is necessary to put you in touch with Referrer Members so you can apply for jobs and start employment.
Legal obligation:  UK law requires an employer to check that candidates are entitled to work in the UK. 

 

How we use your Personal Information  

In providing your details to a Referrer Member, you provide consent to process the personal data that you supply when you first apply for work. However, after this point we will rely on legal and legitimate interests as reason for your processing data. 

Whenever we use information, we will always limit this to only what is needed and ensure that it is used safely and securely. We require anyone we share information with, or who uses it on our behalf, to do so too.  
 

Who has access to your personal information? 

Your information will be shared internally for the purposes of the matching you with job opportunities, arranging interviews, and job commencement where successful.

 

We will only share your details with a recruiting company (being a Business Member) when you confirm you want to apply for that role. When it is shared with the Business Member for those purposes they become a data controller for the purpose of processing your application and the Business Member’s privacy notice will apply.

Tribepad act as a data processor in operating the Tribepad platform on which candidates are connected with job opportunities.  Tribepad uses sub-processors to operate the platform, some of which are outside of the UK and the European Economic Area (EEA). Where it does so, Tribepad ensures that it has in place appropriate contractual safeguards and data security protection regarding your data.

How do we protect data? 

We take the security of your data seriously and have a range of policies, processes and technical measures in place to safeguard personal information.  

Access to systems that hold employment related information is restricted to authorised personnel through the use of unique identifiers and passwords. Your information is stored on systems that are protected by secure network architectures and are backed-up on a regular basis (to a second secure location) for disaster recovery and business continuity purposes; and to avoid the risk of inadvertent erasure or destruction.  

How long will we keep your information? 

We only keep information for as long as it is needed.  

We will hold your data on file for 5 years after you have exited service.

At the end of that period, your data will be deleted or anonymised.

 

Third Party Processing 

We do not share your personal data with third parties, other than as set out in this notice. Specifically, we share your details with Business Members where you apply for a role they are recruiting to, and Tribepad act as a data processor by operating the Tribepad platform.

 

What Rights do you have? 

You have a number of rights relating to the data we hold about you. These include the right to: 

  1. Ask to see the personal information we hold about you   
  2. Withdraw consent   
  3. Ask us to change information we hold about you if it is wrong  
  4. Ask us to delete the information we hold about you  
  5. Ask us to limit the way we use your personal Information   
  6. Complain to the Information Commissioner’s Office   

If you would like to exercise any of these rights or are unhappy with any aspect of how your information has been collected and/or used, please let us know by contacting the Causeway via email data.protection@wearecauseway.org.uk