Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes effective on 25th May 2018. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. For the purposes of data protection legislation in force from time to time the data controller is HIA Legal Limited.
Who we are and what we do
We are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003. We collect the personal data of the following types of people for the purposes of carrying out our core business and ancillary activities:
- prospective and placed candidates for permanent or temporary roles;
- prospective and live client contacts;
- supplier contacts to support our services;
- employees, consultants, temporary workers.
What we collect from you
We collect Personal Data directly from you (via email, website forms, phone and email or otherwise) as well as from other available sources to the extent relevant and permitted under the GDPR legislation. This information facilitates our ability to support your job search. Subject to this applicable law we may collect the following information:
- name and job title;
- contact information;
- links to your professional profiles available in the public domain;
- your competences, skills, experience and education, e.g. your CV, third party references;
- your preferences, e.g. preferred country of employment, areas of interest and preferred ways to be contacted by us;
- other information relevant to marketing information and roles;
- other information, such as information found from public sources as well as information depending on the position you are applying for, and where necessary for our recruitment activities. This will only be in the case of legitimate interest (please see Our Legitimate Business Interests below).
Our Legitimate Business Interests
As a recruitment business and recruitment agency we introduce candidates to clients for permanent, temporary or contract employment. The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process. In order to support our candidates’ career aspirations and our clients’ resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.
When you access our services online, our web servers automatically create records of your visit. These records typically include IP-address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type, language and other such information. When you use our services or otherwise interact with us over telecommunications networks, certain additional information, such as your mobile telephone number, may be transmitted to us by the telecommunications operator as a standard part of that communication.
Purposes of the processing and the legal basis for the processing
We will collect, use, store and otherwise process your Personal Data for the purposes of our recruitment or resourcing activities. Additionally, your personal data may be processed for other purposes you have consented to such as marketing information or other information we think will be of legitimate interest to you. We may also use your personal data to carry out our obligations arising from any current or future contracts between you and us.
Our legal basis for the processing of personal data is our legitimate business interests, described above. We will also rely on contract, legal obligation and consent for specific uses of data. We will rely on legal obligation if we are legally required to hold information to fulfil our legal obligations. We will rely on consent for particular uses of your data, if legally required (e.g. permission to introduce you to a client, processing your data for internal marketing communications). Whenever necessary and subject to statutory record-keeping requirements, we will remove and/or anonymise Personal Data that is no longer needed. If there has not been any recent activity between yourself and us, we may remove your profile after a reasonable time in compliance with the GDPR legislation.
If you do not consent to us storing your personal data, please do not submit your Curriculum Vitae for any roles advertised on our website or other advertising forum. We are unable to process your application without receipt of consent to process and store your personal information.
In further detail, we will process your Personal Data for the following purposes:
- communicating with you in the context of recruitment activities;
- managing recruitment and resourcing activities, including activities related to organisational planning;
- to develop and improve our recruitment processes, websites and other related services (using, where feasible, aggregated anonymous information);
- in order to comply with legal obligations imposed on us.
When you apply for a job using our website you will be asked to tick a box indicating that you consent to us storing the personal data you have provided. By providing consent to our storage of your personal data you are also providing consent to us contacting you if we receive details of a role which specifically matches your career aspirations. We will only do this where you, the potential candidate, meet a detailed brief provided by one of our clients, and where you have provided explicit consent to us storing and using your data.
If you contact one of our recruitment consultants regarding your job search you are giving your consent to us processing your personal data for lawful purposes.
By sending a CV to one of our recruitment consultants you are giving consent to us processing and storing that information. We will not share your information with any third party without your explicit consent.
Due to the nature of legal recruitment, a significant number of candidates reconnect with our organisation periodically. It is not uncommon for this to occur years after we have placed them in a role. For this reason, your consent includes explicit consent to retain your personal details until such time as you wish us to remove your records from our database or refrain from further engagement.
Transfer of your Personal Data
We will not sell, lease, rent or otherwise disclose your Personal Data unless you have given explicit consent or we are required by law to do so. We may share your Personal Data if you have given your informed consent for us to do so.
We do not undertake automated decision making or profiling. We do however use our systems to search and identify personal data in accordance with the parameters set by a person. A person will always be involved in the decision-making process.
Security and controlling your personal information
We are committed to ensuring that your information is secure. Once we have received your information, in order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Retention of your data
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and while you are happy for us to do so. The criteria we use to determine whether we should retain your personal data includes:
the nature of the personal data;its perceived accuracy;our legal obligations;whether an interview or placement has been arranged; andour recruitment expertise and knowledge of the industry by country, sector and job role.
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so.
You may choose to restrict the collection or use of your personal information in the following ways:
whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you consent to your information to be used by us for direct marketing purposes;if you have previously agreed to us using and or storing your personal information you may change your mind at any time by writing to or emailing us at email@example.com or HIA Legal, 9 Wimpole Street, London W1G 9SR.
The GDPR provides you with the following rights:
- to request correction of the personal information that we hold about you where information is incomplete or no longer accurate;
- to request erasure of your personal information where there is no good reason for us continuing to process it or where you have exercised your right to object to processing;to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) or where we are processing your personal information for direct marketing purposes;
- to request the restriction of processing of your personal information where, for example if you want us to establish its accuracy or the reason for processing it;
- and to request the transfer of your personal information to another party, if practicable.
The Data Protection Act 1998 and the GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete. For any of the above please write to HIA Legal Limited, 9 Wimpole Street, London W1G 9SR, or by email to firstname.lastname@example.org .
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25th May 2018.