Who are we?
What does this Policy cover?
We take your personal data seriously. This policy:
- sets out the types of personal data that we may collect about you
- explains how and why we collect and use your personal data
- explains how long we keep your personal data for
- explains when, why and with who we will share your personal data
- sets out the legal basis we have for using your personal data
- explains the effect of refusing to provide the personal data requested
- explains the different rights and choices you have when it comes to your personal data
- explains how we may contact you and how you can contact us.
What personal data do we collect about you?
We collect information necessary to be able to identify appropriate opportunities for you and also any further information needed to assess your eligibility through the different stages of the executive search process. This information may include, identification and visa documents, CVs and work history, educational records and checks, psychometric assessments, salary data, employment references, commentary on fit to role and, where applicable, commentary on progress in role once placed.
We may also collect sensitive personal data about you, in the form of racial or ethnic origin, political opinion, religious beliefs, health and sex life or sexual orientation. We only collect sensitive personal data from you, and further process this data, where you have given your explicit consent.
Where do we collect personal data about you from?
The following are the different sources we may collect personal data about you from:
- Directly from you. This is information you provide when searching for a new opportunity and/or during the different recruitment stages.
- From an agent/third party acting on your behalf. e.g. Interim Management Company.
- By reference or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or a present employer.
- Through publicly available sources. We use the following public sources:
– Company websites
– The Web
How and why do we use your personal data?
How long do we keep your personal data for?
We only retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
When determining the relevant retention periods, we will take into account factors including:
(a) our contractual obligations and rights in relation to the information involved;
(b) legal obligation(s) under applicable law to retain data for a certain period of time;
(c) our legitimate interest where we have carried out a balancing test (see legal basis below);
(d) statute of limitations under applicable law(s);
(e) (potential) disputes;
(f) if you have made a request to have your information deleted; and
(g) guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information where we no longer require your information for the purposes collected.
Who do we share your personal data with?
What legal basis do we have for using your information?
For prospective candidates, interim managers, referees and clients, our processing is necessary for our legitimate interests in that we need the information to be able to assess suitability for potential roles, to find potential candidates and to contact clients and referees.
For clients, we may also rely on our processing being necessary to enable us to fulfil a contractual obligation to you.
What happens if you do not provide us with the information we request or ask that we stop processing your information?
Do we make automated decisions concerning you?
Do we transfer your data outside the UK?
To better match your employee profile with current opportunities we may transfer your personal data to clients and partners in countries outside the UK.
These countries’ privacy laws may be different from those in your home country. Where we transfer data to a country which has not been deemed to provide adequate data protection standards we always have security measures and approved model clauses in place to protect your personal data.
What rights do you have in relation to the data we hold on you?
What do we mean by ‘Rights’?
- The right to be informed.
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Policy.
- The right of access.
- The right to rectification.
You are entitled to have your information corrected if it’s inaccurate or incomplete.
- The right to erasure.
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
- The right to restrict.
You have rights to ‘block’ or suppress further use of your processing information. When processing is restricted, we can still store your information, but may not use it further.
We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
- The right to data portability.
You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
- The right to object to processing.
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted in regard to potential opportunities).
- The right to lodge a complaint.
You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
- The right to withdraw consent.
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent from us to use your personal data for marketing purposes.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
• baseless or excessive/repeated requests, or
• further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
How will we contact you?
How can you contact us?
If you are unhappy with how we’ve handled your information, or have further questions on the processing of your personal data, contact our Data Protection Officer:
Redgrave Group Limited, 4th Floor, 2 Savoy Court, London. WC2R 0EZ