Our Privacy Policy

Your personal data and privacy matters

Personal data means any information about an individual from which that person can be identified.

Your personal data and privacy is important to us.

We are committed to safeguarding your personal data and protecting your privacy.

This privacy policy explains how we achieve that by describing:

• How this privacy policy is structured?
• How this privacy policy applies to you?
• Who we are?
• When this privacy policy does not apply?
• Whether we have a Data Protection Officer?
• How you can get hold of us and our DPO?
• Who is involved in our collection, handling and use of your personal data?
• What personal data about you we collect?
• Where we source your personal data from and how?
• Whether you have to provide the information that we have requested from you?
• What we do with your personal data?
• Other use related information
• Who we share your personal data with?
• What the legal grounds for our collection, handling, use and sharing of your personal data are?
• Where we send your personal to for storage or other specific purposes?
• How we look after your personal data?
• How long we will keep your personal data for?
• What your legal rights are in respect of the activities listed above?
• Your FAQs answered?

1. How this privacy policy is structured?

We have set out this privacy policy in a layered format, so that you can click through to the specific areas listed above individually rather than having to scroll through them.

When you click on the hyperlinked sections listed above, you will first be shown an “at-a-glance” short notice, which sets out the key information relating to that section.  You will be able to expand that section further to reveal more detailed information.

2. How this privacy policy applies to you?

This privacy policy applies to:

• Website Users - any individual visitors to, and users of, our websites whose personal data is collected by us in the course of the Website Users’ use and navigation around our websites;
• Candidates – applicants for any type of job or engagement via us whose personal data is collected in the course of our services;
• Referees – referees of Candidates whose personal data is collected in the course of our verification of a Candidate; and/or

• Corporate Staff – individuals who work for, or are engaged by, our customers, clients or suppliers whose personal data is collected in the course of our work with them.

We refer to the above groups of individuals collectively as “you” unless the context dictates otherwise.

This privacy policy replaces any privacy policy that we have previously issued from Ekkiden.

Any notices or statements relating to data, data protection, fair processing and/or privacy that we may issue at the time of collecting personal data about you will supplement this privacy policy.  They are not intended to override it.

We may change this privacy policy from time to time to reflect changes in the law and/or our personal data handling activities and data protection practices.

We encourage you to check this privacy policy for changes whenever you visit our website, as we may not always notify you of the changes.

It is important that the personal data we hold about you is accurate and current.

Please keep us informed if your personal data changes during your relationship with us.  

3. Who we are?

We are the Ekkiden group of companies which is ultimately owned by Ekkiden Group (company no. XXX) of Avenue Louis-Casaï 18, 1209 Geneva, Switzerland.

We provide technological consultancy services, hiring candidates on a permanent contract in technical or organizational projects providing services in IT/Digital or Engineering/Sciences across the world.

We will typically be the primary data controller of your personal data.  However, as we are part of a group of companies involved in providing the services described above, other companies wholly controlled by us may be the data controller of your personal data, instead of us.

We will let you know which member of our group of companies is the controller of your personal data at any given time. Where we do not let you know, you can assume that the data controller is Ekkiden Group.

This privacy policy is issued by Ekkiden Group and on behalf of all other members of our group of companies from Ekkiden Group or Elca Informatique SA and only applies where any such members act as the data controller of your personal data.

The applicable data controller will be referred to as “we”, “us”, “our” from now on within this privacy policy.

4. When this privacy policy does not apply?

There are instances where Ekkiden Group or other members of the group act on behalf of a client to process personal data rather as the data controller. For example, where processing interview feedback or timesheets.   

The privacy policy or privacy notice of the client will apply in those instances and NOT this privacy policy. 

Where we are a data processor, we will refer you to the applicable data controller and their privacy policy if you have any data protection-related queries. 

5.Do we have a Data Protection Officer?

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. 

If you have any questions about this privacy notice, including any requests to exercise your legal rights relating to your personal data, please contact the DPO using the details set out below. 

6. How to get hold of us and our DPO?

You can contact us and our DPO for any data related query or make a complaint about how your personal data is being handled using the details below:

• email address: dataofficer@ekkiden.com ;
• Phone number: +33 (0) 6 31 74 44 91;
• postal address: Avenue Louis-Casaï 18, 1209 Geneva, Switzerland, marking it for the attention of the “Data Protection Officer”; or
• via the Contact Us section on our website.

If you wish to make a request to access your personal data or to have your personal data removed please use the details below

• email address (for any member of the Ekkiden Group) -  dataofficer@ekkiden.com 

7. Who is involved in the collection and handling of your personal data?

The applicable data controller will largely be the entity involved in the collection and handling of your personal data. The following other parties may be involved, however:

• Third party service providers – we may instruct third parties to assist us to collect and handle your personal data on our behalf.  Those third parties will carry out those activities in accordance with this privacy policy.

A list of the current third party service provides that we use when we use them and what we use them for is set out in Appendix 1.  We will update this list from time to time; and

• Third party hyperlinks & connectors – our website and/or services may include links to third party websites, plug-ins and applications, such as in the form of banner advertisements. 

Clicking on those links, or enabling those connections, may allow third parties to collect or share data about you.  We do not control these third parties and are not responsible for their data protection compliance.  When you leave our website, or connect to a third party from us, it is your responsibility to familiarise yourself with their privacy policy or notice, as we accept no responsibility for, and have no control over, them or any information or data collected by or for them.

8. What personal data do we collect?

Personal data means “any information relating to an identified or identifiable individual”. 

It does not, therefore, include data where the identity has been removed (anonymous data).

---------------------------------------------------------------------------------------------------------------------------------

We will collect and handle, process, use, store, share and transfer (generically referred to as handling) the different kinds of personal data about you that is listed under the name of the category of individual that applies to you. Please note, that even though a type of data may be collected, it does not mean that it is collected or retained.

In some countries, we are restricted from processing some of the personal data set out below. 

--------------------------------------------------------------------------------------------------

CANDIDATES:

• Identity Data, which includes your title, first name, last name, maiden name, date of birth, gender, photograph, national insurance number (or equivalent in your country), nationality and other information relating to residency and citizenship which may be required to establish a right to work in a given country, marital status and number of dependents;

• Contact Data, which includes your billing address, delivery address, email address and telephone numbers, emergency contact details and contact details history;
• Historical Data, which includes educational history and credentials, employment history, skills and qualifications, and results from any other background and disclosure checks in countries where it is lawful to carry out such checks;
• Employment-related Data, which includes your current remuneration, pension and benefits, what role you are looking for,  what work-related areas interest you, third party references (if taken) and interview and assessment feedback created either ourselves or by our client following an interview or assessment;

Verification Data, which includes a copy of your driving licence, passport, identity card or another form of identification and referee details;

• Financial Data, which includes your bank sort code and account number and tax-related information;

• Diversity Data, as may be collected for governmental reporting purposes, which may include racial or ethnic origin, religious or other similar beliefs and physical or mental health, including disability-related information;
• Technical Data, which includes your internet protocol (IP) address, MAC address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, mobile phone location data and other technology on the devices you use to access our website and our services;
• Profile Data, which includes your usernames and passwords, your interests and preferences and other insights or determinants that we have gained from our analysis and profiling of you;
• Usage Data, which includes how you use and navigate around our websites and what you browse within them and any CCTV footage collected when you have attended our premises.  We will also keep records of your contact with us and any feedback and survey responses that you have submitted; and
• Marketing Data, which includes your preferences in receiving marketing from our third parties and us and your communication preferences.
• Other Data -  The above list of personal data is not exhaustive.  You, your referees or third-party sources may tell us extra information that we have not listed above.
• Special Category of Personal Data - During the recruitment process, we will make a copy of your passport or your identification documents, which is considered to be a Special Category of Personal Data as it can reveal your racial or ethnic origin.  We are required to obtain your explicit consent to handle this type of your personal data. You should have been provided with a Consent Form to allow us to do so. Please contact us if you have not been provided with the Consent Form. We do not any collect any other Special Categories of Personal Data, such as religious beliefs, sexual orientation, political opinions, trade union membership, health and genetic information or biometric data about you.

--------------------------------------------------------------------------------------------------

WEBSITE USERS: 

• Technical Data;
• Profile Data;
• Usage Data – but not CCTV footage; and
• Marketing Data.

--------------------------------------------------------------------------------------------------

REFEREES and CORPORATE STAFF:

• Identity Data; and
• Contact Data.

--------------------------------------------------------------------------------------------------

In respect of Candidates and Website Users only, we also handle the following types of data:

• Aggregated Data, such as statistical or demographic data for any purpose.  Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy; and

• Anonymised Data, which is data created from your personal data where your identity has been removed. 

We do not intentionally collect personal data relating to children.

----------------------------------------------------------------------------------------------------  

9. Where do we source your personal data from and how?

-------------------------------------------------------------------------------------------------

CANDIDATES:

We generally collect your personal data directly from you.  For example, we collect all of your personal data when you:

• deal with us in person, by telephone, letter, fax, email or via our websites;
• register with us;

• submit any other information to us, such as a CV;
• if you complete psychometric assessments or other assessments;
• subscribe to job alerts emails;
• subscribe to our publications;
• enter a competition, promotion or survey; and/or

• give us some feedback.

We also use the following channels to collect your personal data:

•  Thirdparties –

• your Identity and Historical Data from:

- pre-employment screening and background checking organisations;

- your referees;

- your past educators and employers and relevant education authorities;

We will obtain your consent to contact such third parties in order to collect this type of your personal data. You should have been provided with a Consent Form to allow us to do so.  Please contact us if you have not been provided with the Consent Form.

- governmental and regulatory bodies such as tax and social security authorities;

- the third party suppliers, including recruitment and employment agencies, job board providers and job aggregators and our managed service providers who are within our supply chain;

• your Technical, Profile and Usage Data from our analytics providers, such as Google Analytics, Hubspot, Recruiterflow and various job boards
• all of your personal data where you were referred to us through a third-party employment agency;

• Publicly available sources – we may receive personal data about you from public sources as set out below:

• your Identity and Historical Data from social media sites, such as LinkedIn, Twitter and Facebook;
• your Identity, Contact Data from company and commercial registrars or electoral registers based inside the EU; and

• your Identity, from qualification and membership lists of professional bodies.

WEBSITE USERS: we will collect all of your personal data via our third-party service providers, such as Google Analytics, Hubspot, Recruiterflow and various job boards.

As you use our websites, we may automatically collect your Technical Data.  We collect this personal data by using cookies, server logs and other similar technologies.

You may also receive Technical Data about you if you visit other websites employing our cookies. 

Please see our Cookies Policy for further details.

REFEREES: we will collect all of your personal data from a Candidate.

CORPORATE STAFF: we will collect your personal data directly from you except where you have previously been a Candidate where we will have also collected personal data in such capacity.

10.What happens if you have not provided the information that we have requested from you?

If you don’t provide certain information to us, we may not be able to carry out the services for you.

We’ll make it clear to you which personal data is optional to provide and which personal data without which we cannot work with you.

11. What do we do with your personal data?

We will only use your personal data when the law allows us to.  Most commonly, we will use your personal data in the following circumstances:

• where we need to perform the contract, we are about to enter or have entered into with you;
• where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests; and

• where we need to comply with a legal or regulatory obligation.

We have set out in Section 13 a description of what we will specifically do with your personal data and our legal justification for doing so.

We set out below some general examples of what we do with your personal data.

--------------------------------------------------------------------------------------------------

CANDIDATES:  your personal data will be collected and handled by us in order to:

• provide consultancy and/or related intermediary services to or for you;
• match your details against projects/assignments which we feel may be appropriate for you in order to assess your suitability for them;
• allow you to submit your CV, apply for specific jobs or to subscribe to our job alerts so that we can notify you when relevant job vacancies arise;
• apply for projects/assignments on your behalf by sending your data to clients;
• facilitate the recruitment process from there, if the client wishes to progress with you;
• inform you about any relevant industry developments, send you details of any events, promotions and competitions, and to communicate any other relevant information;
• answer your enquiries or questions;
• statistical analysis;
• diversity monitoring;
• comply with our regulatory commitments;
• pursue or defend a legal claim;
• regulatory monitoring purposes – to prevent or detect crime, where the law requires us to carry out such monitoring; and
• to provide you with further information which may be of interest to you in regard to the employment market and opportunities.

--------------------------------------------------------------------------------------------------

WEBSITE USERS: your personal data will be collected and handled by us in order to:

• to improve our customer service and to make the way we operate more useful to you (which includes tailoring our websites to suit your requirements better);
• let you know about our services across all areas of our business;

Marketing preferences – where you tell us you are happy to receive information from us or have purchased products or services from us, we will send you communications which may include the following:

o    e-newsletters and hard copy newsletters;

o    emails about the services we offer and new product launches;

o    reminders when your products or services may be due for renewal; and

o    opportunities to participate in market research.

Depending on the contact preferences you select, we will communicate with you by post, telephone, SMS, email or other electronic means such as via social and digital media.  We may use your Usage Data to help ensure that this messaging is personalised and relevant to you;

• Cookies– a cookie is a simple text file that is stored on your computer or mobile device by a website’s server.  Each cookie is unique to your web browser. It will contain some anonymous information, such as a unique identifier and the site name.  We may use your Technical Data to allow us to show you adverts while you are online that are relevant to you.  Sometimes, we will use cookies to do this, and you can find out more about this and how to turn off cookies by reading our Cookies Policy.

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies.  If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly;

--------------------------------------------------------------------------------------------------

REFEREES: we will use your personal data purely to verify a Candidate.

--------------------------------------------------------------------------------------------------

CORPORATE STAFF: we will use your personal data only to pursue our contractual relationship with your employer or engager.  

12.Other use related information

• Opting out/withdrawing consent – you can ask those third parties or us to stop sending you promotional or marketing messages at any time  by contacting us at any time.
• Change of purpose – we will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If you would like us to explain how the handling of the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.  

13.Who do we share your personal data with?

We may share your personal data with the following entities for the purposes set out in Section 13:

• any of our group companies;
• prospective employers or engagers;
• other consultancy companies or intermediaries involved in managing the supply of consultants;
• pre-employment screening and background checking organisations;
• your referees;
• your past educators and employers and relevant education authorities;
• your professional bodies;
• governmental and regulatory bodies such as such as tax and social security authorities;
• the third party suppliers, including other consultancy agencies, and our managed service providers who are within our supply chain;
• those types of entities listed in Appendix 1; and
• third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.  Alternatively, we may seek to acquire other businesses or merge with them.  If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, which includes this privacy policy.

14.  What are the legal grounds for our collection, handling, use and sharing of your personal data?

COLLECTION, HANDLING AND USAGE:

1.Purpose/Activity: Background Checks, Job Search and placement.

 Type of Personal Data: Personal data described in Section 8 above.

 Legal Basis for collection, handling and usage:

Legitimate Interest. We believe it is reasonable to expect that if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and otherwise use your personal data to offer or provide our consultancy services to you, share that information with prospective customers and assess your skills against our bank of vacancies. Once it's looking like you may get the job, your prospective customer may also want to double check any information you've given us (such as the results from psychometric evaluations or skills tests) or to confirm your references, qualifications and criminal record, to the extent that this is appropriate and in accordance with local laws. We also believe that you will expect us to have an ongoing relationship over a number of years and will continue to hold your data providing that we retain reasonable periodic contact with you or until you inform us otherwise. We need to do these things so that we can function as a profit-making business, and to help you and other Candidates get the jobs you deserve.

2.Purpose/Activity: Background Checks.

 Type of Personal Data: Verification Data

 Legal Basis for collection, handling and usage: Legitimate Interest.

We believe it is reasonable to check the credentials and qualifications of candidates within applicable local laws provided that personal data is kept secure and only shared with the client who is making a decision whether or not to engage or employ an individual.

However, you do have the right to object to us processing your personal data on this basis. If you would like to know more about how to do so, please see Section 29 below.

3.Purpose/Activity: Background Checks.

Type of Personal Data: Verification Data

Legal Basis for collection, handling and usage: Legitimate Interest.

SHARING:

1.Entity with whom personal data is shared: Entities within the Elca Informatique Group and Ekkiden Group.

What personal data is shared: Personal data described in Section 8 above.

Purpose of sharing: In connection with our recruitment service provision.

Legal Basis for sharing: Legitimate Interest.

2.Entity with whom personal data is shared: Tax, audit and other authorities.

What personal data is shared: Personal data described in Section 8 above.

Purpose of sharing: To comply with our legal and regulatory requirements in relation to taxation and financial compliance.

Legal Basis for sharing: Legal Compliance. 

3.Third Entity with whom personal data is shared: Third Party Service Providers to us including without limitation:

• External consultants, professional advisors and business associates
• Outsourced IT and document storage providers
• Software as a services providers
• Job board and aggregators

• Insurers and providers of insurances.

What personal data is shared: Personal data described in Section 8 above.

Purpose of sharing: In connection with our consultancy service provision.

Legal Basis for sharing: Legitimate Interest.

4.Entity with whom personal data is shared: Referees and other individuals and organisations who hold information related to reference or application to work and to project research.

What personal data is shared: Verification Data.

Purpose of sharing: Verification of information provided to ensure you are successful in any roles that our candidates are successful in obtaining.

Legal Basis for sharing: Legitimate Interest.  

1. Entity with whom personal data is shared:If our group merges with or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility), we may share your personal data with the (prospective) new owners of the business or company.

What personal data is shared: Personal data described in Section 8 above.

Purpose of sharing: To ensure continued provision of consultancy and associated services to you.

Legal Basis for sharing: Legitimate Interest.

6.Entity with whom personal data is shared: Marketing technology platforms and suppliers.

What personal data is shared: Personal data described in Section 8 above.

Purpose of sharing: In connection with our recruitment service provision.

Legal Basis for sharing: Legitimate Interest.

1. Entity with whom personal data is shared:Potentialcustomers of ours who can offer your role within their organsation.

What personal data is shared: Personal data described in Section 8 above.

Purpose of sharing: To assist you in gaining a new role.

Legal Basis for sharing: Legitimate Interest.

1. Entity with whom personal data is shared:Payroll providers

What personal data is shared: Personal data described in Section 8 above.

Purpose of sharing: In connection to our consultancy service provision

Legal Basis for sharing: Legitimate Interest.

9.Entity with whom personal data is shared: Third-Parties that assist us in the provision of our pre-employment screening process

What personal data is shared: Personal data described in Section 8 above.

Purpose of sharing: We believe it is reasonable to check the credentials and qualifications of candidates within applicable local laws provided that personal data is kept secure and only shared with the client who is making a decision whether or not to engage or employ an individual. However, you do have the right to object to us processing your personal data on this basis. If you would like to know more about how to do so, please see Section 29 below.

Legal Basis for sharing: Legitimate Interest.

15.Where do we send your personal data to for storage or other specific purposes?

We will not typically transfer your personal data outside the EEA. 

The personal data we collect from you may be transferred outside the EEA either by us and/or by any of the third parties to whom your personal data may be disclosed to as listed in Section 13.  Such transfers will occur only where they are necessary as part of the recruitment and/or related intermediary services we provide, e.g. where you apply for a vacancy or position outside the EEA, or where the transfer is authorised by law.

We, our third party data storage providers and/or the third parties to whom we may disclose your personal data may store your personal data on a server overseas.

If we do transfer your personal data outside the EEA, we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply, or we are authorised to do so.

We will provide you with details of the safeguards that we have implemented if you would like to know what they are.

16. How will we look after your personal data?

We hold your personal data in a combination of secure computer storage facilities and paper-based files.

We put in place an appropriate level of security around your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage to it.

We shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of harm that might result from, unauthorised or unlawful processing accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to your personal data including:

• locks and security systems;
• usernames and passwords;
• virus checking;
• auditing procedures and data integrity checks; and
• recording of file movements.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions and via the access controls listed above.  They are also subject to a duty of confidentiality.

We have agreed on security-related measures with the third parties we share your personal data with to ensure that it is treated by those third parties in a way that is consistent with how we safeguard your personal data.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority where we are legally required to do so.

If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately by contacting us.

17.How long will we keep your personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We will appropriately and securely dispose of your personal data when it is no longer required.

To determine the appropriate retention period for personal data, we consider the following factors:

• amount and nature of the personal data;
• it's sensitivity;
• the potential risk of harm from unauthorised use or disclosure of the personal data;
• the purposes for which we handle your personal data;
• whether we can achieve those purposes through other means; and
• the applicable legal requirements.

Based on those factors, we have determined that the following retention periods should apply in respect of personal data of the following categories of individuals (unless the law or any data supervisory authority or regulator requires otherwise):

• Hired Candidates– where we hire you, we will keep your personal data for as long as you are employed of Ekkiden Group or transferred to an Elca company. 

We will continue to process your personal data in the usual manner for up to 2 years from the last meaningful contact we had with you (or such longer period which we believe in good faith circumstances and the law allows for legitimate interest to continue). Meaningful contact may include an employee contacting you directly by phone or you may receive an email from us reminding you that we hold your personal information and asking you to let us know if you are no longer interested in hearing about new opportunities.    

After this time your personal data will no longer be immediately accessible from our live systems or will be archived. As a result, you will not receive marketing from us, and your information will not be readily accessible by our employees. If after a further year you or we have not re-established communication your personal data that we hold will be deleted other than basic identification information, information relating to projects which you have been engaged on through us, records of any payments made to you or tax which we have deducted. We hold this information for 7 years from the end of your last contract with our group. We hold this information in case there is a legal claim or tax investigation.    

•  Non-hired Candidates– If we did not manage to place you we will continue to process your personal data in the usual manner for up to 2 years from the last meaningful contact we had with you (or such longer period which we believe in good faith circumstances and the law allows for legitimate interest to continue).  

After this time your personal data will no longer be accessible from our live systems. As a result, you will not receive marketing from us, and your information will not be readily accessible by our consultants. If after a further year you or we have not re-established communication your personal data that we hold will be deleted.

In either of the case where we have placed a candidate or not, where we believe that the holding of your personal data no longer constitutes a legitimate interest, we will delete it to the extent necessary.

• Website Users– we will keep your personal data for 2 years after your last use of, or navigation around, any of our websites;
•  Referees– we will keep your personal data for as long as the Candidate for whom you were a referee is employed by a company of our group.  If they move on from that position, we will keep your personal data for a further 2 years after that date; and
•  Corporate Staff– we will keep your personal data for as long as the entity that you work for is connected to us in any way.  Where we end our relationship with that entity for any reason, we will keep your personal data for a further 7 years after that date.

Personal data relating to criminal convictions and offences (UK ONLY) – we do not believe that we will handle any of this type of personal data.  When carrying out the criminal convictions checks, we will only handle binary information as to whether or not a Candidate has a criminal conviction within the category of offences for which we have conducted such a check.  The categories that we typically search for are theft, fraud, breach of trust and financial crimes.  Where we discover that a Candidate has such a criminal conviction, we will withdraw that individual from any of our recruitment processes and will destroy that binary information immediately.

In some circumstances, you can ask us to delete your personal data.  Please see the Right of erasure below for further information.

We will keep and use Anonymised Data indefinitely without further notice to you.

18. Keeping your personal data up to date

We take reasonable steps to ensure that your personal data is accurate, complete and up to date.

We may contact you from time to time to check that the personal data is still correct.

Please let us know of any changes to your details as soon as you reasonably can so that we can uphold our commitment to accuracy, completeness and currency.

19. What are your legal rights in respect of your personal data that we handle?

We set out below a list of the legal rights that all individuals have under data protection laws in relation to our handling of your personal data.  They don’t apply in all circumstances:

• Right to be informed – about your personal data and details of the handling and processing of that personal data and information, including the safeguards used to protect any of your personal data in the event that we transfer it outside the EEA;
• Right of access – to your personal data and to obtain information about how we handle and process it;
• Right to have inaccuracies corrected – this is a right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
• Right of erasure – of your personal data, which is also known as the “right to be forgotten”;
• Right to restrict handling and processing – of your personal data, which includes requesting us to suppress your personal data file;
• Right to move, copy or transfer– your personal data to another organisation, also known as “data portability”;
• Right to object – to the handling and processing of your personal data for certain purposes, in particular to personal data processed for direct marketing purposes and to personal data that is handled and processed for certain reasons based on our legitimate interests;
• Right to withdraw consent – you may withdraw any consent or permission that you have previously provided to us in relation to our handling and processing of your personal data, such as for the purposes of marketing by electronic means;
• Rights in relation to automated decision making – where such automated decision making has a legal effect on you or otherwise significantly affects you; and
• Right to complain – in all circumstances, you may complain to:

- us in relation to the handling of your personal data; or

- the regulatory body which enforces data protection law in your locality. Click here for a list of contact details.

Procedure to exercise your legal rights

• Contact us – Contact us if you wish to exercise any of your legal rights, please contact us.  In this instance, we’ll explain first whether or not the right you wish to exercise applies.  We will then facilitate your request in accordance with the procedure below if it does apply.
• Fees – you will not have to pay a fee to access your personal data or to exercise any other rights that apply.  We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.  Alternatively, we may refuse to comply with your request in these circumstances.
• Our request for further information – we may need to request certain information from you to help us confirm your identity and ensure that your right to access your personal data (or to exercise any of your other rights that apply).  This is a security measure to ensure that any personal data is not disclosed to any person who has no right to receive it.  We may also contact you to ask you for further information in relation to your request to speed up our response.
• Response time – we will respond to all legitimate requests as soon as we can.  It should not take longer than a month to do so.  Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests.  In this case, we will notify you and keep you updated.

20.Your FAQs answered

Who can I ask about this policy? To ask us anything in relation to this privacy policy or any personal data that we may hold, please simply please contact us.

Can I request that you stop using my personal data?  You have legal rights in respect of your personal.  Please refer to Section 19 for more information on what legal rights you have and how you can exercise them.

What should you do if your personal data changes? You should tell us by speaking to your consultant so that we can update our records.

Do you have to provide your personal data to us? We’ll make it clear to you which personal data is optional to provide and which personal data without which we cannot carry out our operations.  If we do not tell you, please ask us.

Appendix 1 - Third party service providers

• Data storage providers – we store all of our data with at least two different data storage providers;

• Visitors to our websites – when someone visits our websites, we use a third party service, Google Analytics, Hubspot, Recruiterflow and various job boards to collect standard internet log information and details of visitor behaviour patterns.  We do this to find out things such as the number of visitors to the various parts of the site.  This information is only processed in a way which does not identify anyone. We do not typically make and seek to prevent third parties from making any attempt to find out the identities of those visiting our website, where possible. If we do want to collect personally identifiable information through our website, we will be upfront about this.

We will make it clear when we collect personal information and will explain what we intend to do with it.