BUZZ GROUP Recruitment Privacy Notice
1. About This Privacy Notice
This Privacy Notice explains how we use personal data and your rights under data protection laws.
We are Buzz Group Limited, which includes our subsidiary, Buzz County Clubs Limited.
We operate the BuzzBingo.com, buzzbingojobs.com and badabingo.co.uk websites.
We are registered with the ICO, registration number Z8801135.
We are incorporated and registered in England and Wales with company number 00794943.
Our registered office is Unit 1, Castle Marina Road, Nottingham, NG7 1TN .
2. Contacting Us
For any questions, concerns, comments or to exercise your data protection rights, please contact our Data Protection Office at:
Unit 1
Castle Marina Road
Nottingham
NG7 1TN
DPO@buzzbingo.com
3. What types of personal information do we collect?
We collect personal information when you interact with us and use our services. This information is provided to us by you when you register for the first time and when you make use of our products or get in touch with us. Sometimes third parties or publicly available sources provide us information about you.
Information you provide to us:
At registration:
• Your personal details, such as your name, email address, postal address, telephone or mobile number, gender, gender identity, pronoun preferences and date of birth;
• Information about eligibility to work in the UK
• Photographic identification and proof of address documents (to carry out due diligence);
• Your account login details, such as your username and password;
We may collect the following categories of personal data relating to employees, officers, authorised signatories and other associated individuals of our merchants and vendors:
• Work History (including position, department and title history and salary and benefits from previous employment)
• Equal opportunities monitoring information, including information about ethnic origin, sexual orientation, health and religion or belief.
• Whether an individual has a disability for which we would need to make reasonable adjustments during the recruitment process
• Education and Training History
• Information about criminal convictions and offences (see below for further details)
• Military service
• Nationality
• Information on government-issued cards (e.g national identification card, Passport, work permit, driving license, other licenses, etc)
• Certificates and Qualifications
• Signatures
• Your Curriculum Vitae (CV)
• Bank Account Details
• Business Address
• Business Email Address
• Business Telephone number
• Job title
We collect this information in a number of ways, for example data might be contained in application forms, online application ‘branching’ questions, CVs or ‘right to work’ documents.
This list of personal data types collected by Buzz Bingo is not exhaustive and further information may be requested from you when Buzz Bingo considers fair and necessary to do so.
Special categories of data
Personal data collected by Buzz Bingo may include so called “special categories of data”, such as health data. We will only collect, use and disclose Sensitive Data, and transfer it across borders, if we have received your explicit consent or as permitted by law.
We have in place additional measures to protect your sensitive personal data and its confidentiality.
4. Why do we collect your Personal Data and on what basis?
We collect only the required information during the recruitment process to ensure that we have adequate information about you as an individual to assist in our recruitment process.
Under data protection laws, we also need to identify a specified lawful basis upon which we are processing your personal information. We rely on different bases for different processing activities, as detailed below
A) Contractual – when it is necessary for the performance of a contract to which you are a party. Our terms and conditions, which you have accepted at registration, set out the terms of the contract and the services we will provide:
To make our services available to you as part of our contract
• for "service administration purposes", such as password reminders, service messages, such as site maintenance, updates to our Privacy and Cookies Policy or Terms of Use.
B) Under legitimate interests - It is necessary to process your data for the purposes set out below, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). To determine if we can process your data on this basis, we shall consider a number of factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you.
To contact and interact with you
• Contact job applicants and employees about our services, for example by phone, email or post or social media;
• Respond to your queries and complaints.
For Recruitment Purposes
• Documenting information collected from job applicants as part of the application process, authentication and verification
• Evaluating the respective suitability of applicants
• Contact job applicants about their application for example by phone, email or post or social media;
• Evaluating job applicants / candidates for their qualification and suitability for a particular role, background screening (if you are offered a position with us)
• Defining a salary and other basic contract information for a new hire
• We may also need to process data from job applicants to respond to and defend against legal claims.
C) Under the legal obligation – when it is necessary in order to comply with mandatory legal obligations to which we are subject under relevant legislation. l
• to determine where you are accessing the services from;
• to make sure we offer our services to eligible persons;
• crime detection, prevention, and prosecution;
• to verify your identity;
• to carry out appropriate checks (by conducting online searches using a third party identity provider).
• To communicate with employee contacts in case of an emergency.
For some roles, we are obliged to seek information about criminal convictions and offences. Where we do seek this information, it is because it is necessary to comply with a regulatory requirement to establish whether an individual has committed an unlawful act or been involved in dishonesty or other improper conduct and for the purposes of preventing and detecting unlawful acts
D) Under your consent
Recruitment and Human resources
For our initiation or fulfilment of our employment agreement with applicants and employees in terms of data retention and processing information
Where you have given your consent:
• we provide references to third parties you have requested
• we will process data as described in any future consent given
We also like to hear your views to help us to improve our services, so we may contact you for market research purposes. You always have the choice about whether or not to take part in our market research.
E) Special categories of data
Where we process special categories of data, this is for equal opportunities monitoring purposes as permitted by the Data Protection Act 2018 (UKGDPR). We will only process such data if:
• you have given us your explicit consent;
• it is necessary for the purposes of carrying out the obligations and exercising specific rights of Buzz Bingo or of the data subject in the field of employment and social security and social protection law;
• it relates to personal data which you have made public;
• it is necessary for the establishment, exercise or defence of legal claims;
• it is necessary for reasons of substantial public interest, on the basis of relevant legislation, as applicable to us.
5. Cookies and similar technologies
Buzz Bingos’ websites and Apps use cookies for various purposes:
a. to identify the Account Holder's preferred language, so it can be automatically selected when the Account Holder returns to the Website;
b. for analysis of the Website traffic, so as to allow Buzz Bingo to make suitable improvements to the functionality of the website.
More information can be found in our Cookie Policy online.
6. When do we share your personal information?
We do not share your personal information to third parties outside the Buzz Group for marketing purposes. However, there are circumstances when we share your personal data with third parties that provide services to you on our behalf, and with other third parties in the course of complying with our legal obligations. Other examples of when we share your personal information include when we enter any kind of merger or business sale. Even when it is shared, we ensure that your personal information will only be used for the purposes outlined in this policy.
With other companies within Buzz Group
We may share the personal data we collect with other companies in the Buzz Group for the following purposes:
• responding to your enquiries and complaints;
• facilitating the secure access to online platforms
• updating, consolidating, and improving the accuracy of our records
• undertaking transactional analysis;
• undertaking risk analysis;
• testing new systems and checking upgrades to existing systems;
• crime and fraud detection, prevention, and prosecution, as well as ensuring compliance with regulatory requirements and our T&Cs;
• Modelling, statistical and trend analysis, with the aim of developing and improving products and services.
With third parties
We may share personal data with third parties in the following circumstances:
• when ordered to do so by any regulatory body and/or under any legal provision contained in the governing law;
• we may instruct and authorise the Financial Institution with which an Account Holder's account is held to disclose any information as may be requested by the Regulator in respect of an Account Holder's account;
• in order to establish, exercise or defend our legal rights;
• for the control and management of the recruitment process, we may transfer your personal data to third parties, including but not limited to so-called talent delivery platform
• with service providers to enable us to provide our services, such as companies that help us with technology services, storing and combining data and providing relevant online advertising for other job vacancies within the company.
• with external auditors who may carry out independent checks as part of our accreditations
• to an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you to. If the transfer or sale goes ahead, the organisation receiving your personal data can use your personal data in the same way as us; or
• to any other successors in title to our business.
7. Do we transfer your data outside the EEA?
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. For instance, the computer servers used to host a website could be located outside the EEA – this is not unusual given that the internet is a global environment. Your personal information could be held at a destination which offers a different level of data protection than in the EEA, including Australia, Serbia, India, US. To ensure your personal information remains safe when transferred like this, we will take all reasonable steps to maintain a suitable level of protection in line with this Policy and our obligations under data protection laws.
Where any of our processing activities require your personal data to be transferred outside of the EEA, we will only make that transfer if:
• We have put in place appropriate safeguards to protecting your personal data, such as the contractual Model Clauses adopted by the European Commission or a relevant data protection authority; or
• the country to which the personal data is to be transferred has an adequacy decision from the European Commission, confirming that the third country provides adequate protection for your personal information; or
• you explicitly consent to the transfer; or
• the transfer is necessary for one of the reasons specified in the data protection laws, such as the performance of a contract with you.
8. How long will Buzz Group keep my data?
We will only retain your information for as long as is reasonably necessary to carry out the purposes outlined above and to satisfy our legal obligations. While you are an applicant, we will usually need to retain your information to meet our legal and contractual requirements.
If your application for employment is successful, your personal data obtained during the recruitment process will be transferred to your personnel file and retained for the duration of your employment and for the relevant periods after the end of you employment as determined by relevant legislation.
If your application for employment is unsuccessful, we will store your personal information for a period of 6 months after the end of the relevant recruitment process. If you agree to allow us to keep your personal data on file, we will hold your date on file for a further 6 months in the event of future employment opportunities arising. At the end of that period, or if you withdraw your consent, your data is deleted irretrievably.
There are several reasons which we retain your information, these include:
• To comply with legal obligations under relevant legislation (for example, anti-money laundering regulations, or licensing regulations);
• To establish or defend legal claims (for example negligence claims) which could be made against us.
9. Your rights & choices over your personal information
We appreciate that by law and subject to certain conditions, you have a number of rights concerning the personal information we hold about you. If you wish to exercise these rights, you should contact our Data Protection Officer using the details set out above in Section 3. These rights include the right to access, amend and erase the personal information we hold about you, the right to object to the processing of your data, the right to withdraw consent, and the right to data portability. You also have the right to complain to your data protection authority if you are concerned with how we process your information. In addition, you have certain rights relating to automated decision-making and ‘profiling’. Further information and advice about your rights can be obtained from the UK data protection authority, (the Information Commissioner’s Office or “ICO”) or from your country’s data protection regulator.
Right to access and rectify the information we hold about you
According to the DPA 2018 (UKGDPR), customers are permitted to make Data Subject Access Requests (DSAR). These requests can be made when you would like to gain access to all of the information we hold about you. To process this request, we will require a valid form of I.D. This is a safety measure designed to ensure that personal data is disclosed to the correct individual.
You can make a DSAR via our online form
When you submit this request, all personal data that we hold about you will be shared with you directly.
There are some exceptions and conditions under which DSARs can be refused. In such cases, you will be notified of the decision and justification.
Right to delete your data
In some circumstances, you can ask us to erase personal information we hold about you (‘the right to be forgotten’). This includes when:
• the information is no longer necessary in relation to the purpose for which it was collected (as explained in our privacy notice);
• if you previously gave consent to the use of your information, but decide to withdraw it and we cannot justify another legal ground for using it under data protection law;
• we process your information based on our legitimate interests and we cannot demonstrate overriding legitimate grounds to continue processing the information;
• we don’t have a lawful ground under data protection law to process your information;
• the data has to be erased to comply with a legal requirement;
This right is subject to mandatory retention periods under EU/local laws.
Right to restrict processing
You have the right to ask us to restrict (‘block’ or ‘suppress’) the processing of your personal information. When processing is restricted, we can still store your information, but will not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future. This right is available to you when:
• you dispute the accuracy of the personal information (while we verify matters);
• the processing is unlawful, and you object to the erasure of the information and request that we restrict processing instead;
• we no longer need the data, but you require it to establish, exercise or defend a legal claim; and
• we process your information for our legitimate business interests but you object (i.e. while we verify the grounds for continued processing).
Right to Data Portability
You have the right to receive personal information you provide to us, in a ‘commonly used machinereadable format’. This allows you to obtain and reuse your information for your own purposes across different services. For example, if you decide to switch to a different provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability. This is not a general right however, and only arises when the processing of your information is:
• based on your consent or where it is necessary for the performance of a contract, and
• when the information is processed by solely by automated means.
Right to object
Based on your situation, you can object to the processing of your personal information, that is:
• based on our legitimate business interests (including profiling); or
• done for research and statistical purposes.
You also have the right to object to the use of your personal information for direct marketing purposes (including profiling), such as when you receive emails from us notifying you about other Buzz Group services which we think will be of interest to you.
Right to withdraw consent
When we rely on your consent as the basis to process your personal information – such as for sales and marketing communications (see section 5D) – you have the right to withdraw your consent at any time. We’ll always strive to make it easy for you to withdraw consent by choosing an “unsubscribe” option in every communication you receive from us. If you find this isn’t the case, then just get in touch with our Data Protection Officer in the ways outlined above in Section 3, and we’ll try to fix things ASAP.
Rights related to automated decision making, including profiling
We sometimes use systems to make automated decisions based on your personal information. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the products, services or features we may offer you now or in the future, or the ability to use our services.
We may use automated decision making in the following situations:
• Registering - when you send in an application, we check that the role is relevant for you, based on what we know. We also check that you meet the conditions required. This may include checking age, residency, proof of work, qualification, etc;
Data protection law seeks to safeguard individuals against harm that may arise from decision-making - including profiling - that takes place without human intervention. You have the right not to be subject to a decision - including profiling - when it is based on the automated processing of your personal information and it has a legal effect or a similarly significant effect on you.
Please note that the right does not apply when the processing is:
• necessary for entering into or for the performance of a contract with you; or
• when it is authorised by law; or
• when it is based on your explicit consent.
10. Security of your data
Buzz Group is committed to protecting the personal information you entrust to us. We take all reasonable steps to ensure that all information collected through our websites is handled securely and in line with this Policy and strict data protection standards. Accordingly, we have adopted robust procedures and technologies to protect your data from unauthorised access and improper use.
All information sent to and from Buzz Group sites is encrypted using 256 bit Transport Layer Security (TLS) technology.
Your credit card details are encrypted and sent only to our PCI DSS compliant Payment Service Provider. Buzz Group is dedicated to protecting our customers confidential information and, as part of doing so, Buzz Group is certified towards the Payment Card Industries Data Security Standard.
The security of Buzz Groups systems and applications are tested several times per year by third-party security experts. Furthermore, Buzz Group has an Intrusion Detection System that monitors all network traffic 24/7 for signs of attacks or intrusions.
Buzz Group has a dedicated fraud department and advanced systems in place to detect and prevent suspicious activity, to ensure that Buzz Groups websites remain secure. Any account involved in suspicious activity will be suspended and investigated to the fullest extent. Should you have any doubts about any activity on your account, such as unrecognized transactions in the transaction history or surprising changes in the balance, please contact us immediately using the contact details in section 2.
11. Complaints
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated by contacting our Data Protection Officer, using the contact details in section 2.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the UK data protection authority, the Information Commissioner’s Office, the “ICO”, or your national data protection regulator.
12. Changes to Buzz Group Recruitment Privacy Notice
This Privacy Notice may be updated from time to time to reflect changes in the way we process your information or the way in which our data processing is regulated, so you may wish to check it each time you submit personal information to us. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to submit personal information to Buzz Group or use Buzz Group services in any way. Otherwise, by continuing to do this, you will be deemed to have accepted the changes to the Privacy Notice. You can also delete your Buzz Group account at any time.
If significant changes are made to the Privacy Notice, for instance affecting how we would like to use your personal information, we will provide a more prominent notice (including, for certain services, notification of Privacy Notice changes by email).
Last updated: 19/12/2022