Privacy.

Last Reviewed: 24/02/2025

1. Introduction.

BOM Group Limited is committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which we will use or process any information which we collect from you or which you provide to use and by which you may be identified (‘’personal data’). When you engage with BOM Group Limited we will make decisions about how your personal data will be processed.

The person responsible for data protection across the group companies is the Cyber Security Director who may be contacted by email at privacy@bom.co.uk.

2. Context.

Your privacy is very important to us. We want you to understand how we use your personal data, how we secure your personal data, and your rights in relation to your personal data. Please read this Privacy Notice carefully to understand our views and practices regarding your personal data and how we will treat it.

If you have any questions about this Privacy Notice or the use of your information, please contact us at privacy@bom.co.uk.

3. Who are we and what we do.

We are a managed service provider who also provide products and services for customer consumption. We collect the personal data of the following types of people to allow us to undertake our business;

  • Prospective customers
  • Existing customers
  • Supplier contacts to support our services
  • Employees, consultants, temporary workers. We collect information about you to carry out our core business and ancillary activities

How we obtain your Personal Data at BOM Group Limited, Public Information you give us or we may collect from you. We may collect information about you when you fill in forms on the
company website or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, to download information, to enter our database, subscribe to our services, attend our events, participate in discussion boards or other social media functions on our site or enter a competition, promotion or survey.

The information you give us or we collect about you may include:

  • Information contained in your CV or job application such as your name, address, private and corporate e-mail address and phone number
  • Information contained in any documents that you send to any of us for identity verification purposes such as your passport or driving licence
  • Financial information, compliance documentation
  • Links to your professional profiles available in the public domain e.g. LinkedIn or Twitter
  • Information that you provide about yourself when negotiating or entering into a contract with us
  • Information we collect about you when you visit our websites. With regard to each of your visits to our website we will automatically collect the following information:
    • Information that you provide by filling in forms on any of our websites. This includes information provided to us at the time of registering to use any of our website (where applicable)
    • Subscribing to any of our services (where applicable)
    • Technical information relating to your visits including, but not limited to, traffic data, location data, weblogs, other communication data and the resources that you access
    • Information when you respond to a survey and/or when you report a problem with our website
  • Information we obtain from other sources. This is information that we obtained about you from other sources such as LinkedIn

Our prospective employee’s information is checked with credit reference agencies, organisations who process criminal checks (with your prior consent), state authorities such as driver and vehicle licensing authorities, and any other pre-engagement or pre- employment screening providers prior to the start of employment. This may include information about you from them for the purposes of pre- employment. Special Categories of Data Diversity We may ask you for some ethnicity and diversity information to support our own equal opportunities monitoring, to the extent permissible by law. This could be information about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs and/or social-economic background. Providing this information is entirely voluntary and will not adversely affect your employment. It will be used for statistical analysis and equality monitoring only. In the UK we are required to comply with the Equality Act 2010 and therefore have a legitimate interest in understanding the composition of our workforce. If we ask you to provide diversity data which requires your explicit consent to processing, we will always ask for your consent first.

4. Why we hold your Personal Data and how we use it.

We want to support individuals throughout their career and to support customer needs and strategies and build strong and trustworthy relationships along the way. If you are a candidate, we may use information held about you:

  • To process your application to work with us
  • To process payments for or to you
  • To carry out credit assessments and identity verification, right to work, criminal record and background reference checks
  • To send you marketing information about reports and insights, events and other content

In addition, or if you are a client or other third party, we may use information held about you in the following ways:

  • To carry out our obligations arising from any contracts entered into between you and us
  • To notify you about changes to any of our services
  • For client service, customer satisfaction, product analysis and market research purposes
  • To ensure that content from our websites is presented in the most effective manner for you and for your computer
  • To provide you with information or services that you expressly request from any of us
  • To meet any of our obligations under any applicable laws or regulations
  • To carry out any obligations or provide you with any other services, functionality or content
  • To help us establish, exercise or defend legal claims
  • To send you information about any of the Company’s activities which are pertinent to your engagement of our services
  • For direct marketing purposes

You can unsubscribe from receiving any marketing communications from us at any time through the unsubscribe link in our emails. Alternatively, you may change your marketing preferences at any time by contacting us at privacy@bom.co.uk. We do not use your personal data to make automated decisions.

5. The legal basis for processing your Personal Data.

To the extent that we collect your personal data from the United Kingdom or Europe, and depending on the purpose for which we hold and process your data, we will rely on one or more of the following legal grounds to process your data:

a) Legitimate Interests – We will rely on legitimate business interests to process your personal data to carry out normal business dealings. For pre-employment workflow to carry out preengagement and pre-employment screening services (except where we are required to obtain explicit consent to carry out a check). The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process. Legitimate Interests means the interests of the Company in conducting and managing our managed services and ancillary solutions or as part of Human Resource management. For example, we have an interest in ensuring that the information provided in your CV and/or job application is correct and that you have the necessary skills and experience to meet our requirements or to provide authorised BOM Group Limited employee/contractor access to customer data to meet our obligations as set out in customer Master Service Agreements Legitimate Interests can also apply to the processing of data that is in your interests. For example, we only wish to employ the right, suitably qualified, members to ensure the right skills and knowledge is in place to deliver contracted services. Where you have requested information about our services via our website we also rely on legitimate interest to inform you about similar services and products. When we process your personal data, we make sure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

b) Necessary for the performance of a contract – We will rely on a contract if you are appointed to undertake an assignment on behalf of a client (whether as a contractor or temporary worker), however, written authorisation must be provided prior to any confidential information or service is provided. Your personal data will be processed as necessary throughout the assignment in order to perform the contract. For example, when the delivered service has been concluded. We will also make sure you comply with your obligations under the contract. We will also rely on the contract if we are negotiating or have entered into a contract to provide services to you or receive services from you or your organisation.

c) Necessary for compliance with a legal obligation – We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations. For example, if you are a limited company contractor engaged on an assignment HMRC requires that we submit regular reports to them detailing the payments which we make to you and other information as set out in The Income Tax (Pay as You Earn) (Amendment No.2) Regulations 2015.

d) Consent – Should we want or need to rely on consent for processing activities, we will request consent verbally, by email or by an online process for the specific activity we require consent for. Your responses will be recorded on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular activity at any time by emailing privacy@bom.co.uk.

6. Who do we share your Personal Data with?

We may share your personal data with:

  • Clients and/ or their appointed agents in relation to the assignments you are engaged to perform
  • Third parties to enable the completion of pre-employment screening checks. We will notify you in advance of the pre-employment checks we will undertake and seek your permission
  • If you are engaged as a contractor your personal data may be provided to the relevant tax authorities as required by law
  • If you agree to us sending you documents electronically for signing, your email address and a copy of the relevant document will be sent to you via DocuSign with whom we have appropriate arrangements in place to protect your personal data and comply with data protection laws. We may disclose your personal data to third parties
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce our website terms of use and other agreements, or to protect the rights, property or safety of the Company, our customers, and others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction
  • In the event that any of us sell or buy any business or assets, in which case each of us may disclose your personal data to the prospective seller or buyer of such business or assets
  • In the event that any of us outsource any of our business functions under which we collect or store your information in which case we will ensure that any such service provider adheres to at least the same obligations of security with regard to your information as undertaken by us
  • Where any of us use your information to carry out credit assessments we will need to share your information with credit reference agencies to assess your eligibility to register with us to verify your identity
  • Each of us may share your information with our associates, UK and overseas law enforcement agencies or regulatory authorities and other relevant bodies for crime prevention purposes

7. Where do we store your Personal Data?

We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Notice. All information that you provide to us in physical form such as documents will be stored securely at our offices or at a secure storage facility. All information you provide to us electronically is stored on our secure servers. If you agree to us sending you documents electronically for signing your email address and a copy of the relevant document will be sent to you via DocuSign with whom we have appropriate arrangements in place to protect your personal data and comply with data protection laws. Unfortunately, sending information to us via post, email or the internet is not completely safe and secure.

Although we will do our best to protect your personal data, we cannot guarantee the security of your information sent to us by any of these means and any information sent to us in this way is at your own risk. Once we have received your information, we will each use strict procedures and security features to try to prevent unauthorised access and require our suppliers to do the same.

8. How long will we store your Personal Data?

We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention policy and run data routines to remove data that we no longer have a legitimate business interest in maintaining. We segregate your data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data includes:

  • The nature of the personal data
  • Its perceived accuracy
  • Our legal obligations

If you cease to actively engage with us, we will retain your data for as long as it is needed and in accordance with local record keeping requirements. In the UK, this is as follows:

  • If you are a candidate seeking a permanent or fixed term engagement we will retain your personal data for a two (2) years after the date we last had meaningful contact with you.
  • If you are a contractor worker, we will retain details for seven (7) years after the end date of your employment in order to comply with applicable accounting and tax laws and to assist in the event of HMRC raising any queries regarding your tax status.

We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (“CRM”) system.

9. Your Rights Where we process your personal data for marketing purposes.

We will do so until you ask us to stop by contacting us via sales@bom.co.uk or at the address below. Our websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

You have the right to:

  • Request correction of personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it
  • You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below)
  • Object to processing of your personal data including where we are processing your personal data for direct marketing purposes
  • Request the restrictions of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it
  • Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted at: https://ico.org.uk/concerns/

If you want to contact us to exercise any of your rights, you can write to BOM Group Limited, Clue House, Central Park Industrial Park, Petherton Road, Bristol, BS14 9BZ or contact us by email at privacy@bom.co.uk.

10. Subject Access to information.

You have the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete. A subject access request should be sent to privacy@bom.co.uk.

11. Cookies.

A cookie is a bite-sized piece of data that is stored on your computer’s hard drive. Almost all websites use them and they do not harm your system. We use them to track your activity on our websites and to distinguish you from other users. This helps us to provide you with a good experience when you browse our websites and also allows us to improve functionality, analyse traffic and for advertising purposes. For more information about how and why we use cookies, see our Cookie Policy on our websites. For more general information about cookies, including how to disable them, see aboutcookies.org.

12. Changes to our Privacy Notice.

Any changes we may make to our Privacy Notice in the future will be publicised on this page and may be notified by email.

13. Contact Questions.

Comments and requests regarding this Privacy Notice are welcomed and should be addressed to privacy@bom.co.uk.