Elliott Scott HR Privacy Policy
Privacy Notice
Elliott Scott HR Recruitment is aware of its obligations in Europe to comply with the General Data Protection Regulation (GDPR) and is committed to processing personal data securely and transparently. This privacy notice sets out, in accordance with the GDPR, the types of data we hold. It also describes how we use this information, how long we keep it and other relevant information about your data.
We have prepared a general privacy notice which covers all subject data and includes the use of our website at
www.elliottscotthr.com.
The following categories of subject data are addressed more specifically in the appendices:
1) Candidates
Defined as: active jobseeker, someone we've identified as a potential candidate, someone we've previously placed with a client, a contractor. This includes those who register or apply for an opportunity on our website
www.elliottscotthr.com.
2) Customers, Potential Customers and Suppliers
GENERAL PRIVACY NOTICE
About Us
Elliott Scott HR Recruitment ("ES") is a global recruitment company primarily operating in the Human Resources industry. In addition to permanent placements, ES also provides services such as temporary hiring, contractor recruitment, mapping and other related consulting services.
This policy covers the following legal entities:
Elliott Scott HR Recruitment Limited (UK)
Elliott Scott HR Recruitment Limited (Hong Kong)
Elliott Scott HR Recruitment Pte (Singapore)
Elliott Scott HR Recruitment Inc. (USA)
Elliott Scott HR Recruitment India Private Limited (India)
Data Protection Principles
In relation to all personal data, we will:
- Process them fairly, lawfully and transparently
- Ensuring they are processed and held securely
- Collect your data only for reasons that we explain to you in this notice
- Use them only in the way we tell you
- Share them only as specified in this notice
- Keep your data only for as long as necessary
Data Controller and Data Processor
ES is a recruitment company that provides job search services to its clients and candidates. ES must collect and process personal data in order to provide these services.
In most cases, ES is a data controller, which means that it determines the legal basis and processes to be used when using your personal data. In some cases, ES may only act as a data processor and has an obligation to process personal data only on behalf of the data controller and in accordance with its instructions.
ES data controller contact details are as follows:
Elliott Scott HR Recruitment Limited, Maple Works, 73 Maple Road, Surbiton, Surrey, KT6 4AG
The data protection law gives you certain rights in:
Your rights in relation to your data
Data protection law gives you certain rights in relation to the data we hold about you. These are:
- The right to information. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
- The right of access. You have the right to access the data we hold about you. To do this, you must make a personal data access request.
- The right to correct inaccuracies. If any data we hold about you is incomplete or incorrect, you have the right to demand that it be corrected.
- The right to have information deleted. If you want us to stop processing your data, you have the right to ask us to delete that data from our systems if you believe there is no reason for us to continue processing it.
- The right to restrict data processing. For example, if you believe that the data we hold is incorrect, we will stop processing the data (while we hold it) until we ensure that the data is correct.
- The right to portability. You may transfer the data we hold about you for your own purposes.
- The right to object to the inclusion of any information. You have the right to object to how we use your data when we use it for our legitimate interests.
- The right to regulate any automated decision-making and profiling of personal data. You have the right not to be subjected to automated decision-making that adversely affects your legal rights.
When you have given us consent to the use of your data, you also have an unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data for which you had previously given us consent. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where we are permitted to do so because we have a legitimate reason to do so.
If you wish to exercise any of the rights explained above, please contact the Data Controller details mentioned above.
Automated Decision Making
No decision will be made about you based solely on automated decision-making (where a decision is made about you using an electronic system without human involvement) that has a material impact on you.
General Security
To prevent unauthorized access, maintain data accuracy and ensure the correct use of information, we have put in place appropriate physical, electronic and managerial procedures to protect and ensure the security of the information we collect. Our main systems are controlled by passwords, limited only to those who need access to fulfill the services, and the systems and infrastructure are protected by firewall and against intrusions.
We may use cookies on our website. Cookies are small pieces of information that we store on your computer or mobile device's browser or hard drive. The information stored is intended to allow the website to function properly and provide additional features and benefits, such as automatic login. Most browsers give you the option of preventing the storage of cookies, although doing so may cause you to miss out on some of the benefits of our website. Information collected via cookies on our website about you will only be used to compile aggregate statistics about how visitors navigate our website. These statistics are collected for the purpose of managing and improving the design of our website.
Changes to the Privacy Notice
We may change this Notice from time to time. We suggest that you visit our website regularly to stay up to date on any changes.
We also inform you that our company in Singapore, Elliott Scott HR Recruitment Pte. Limited, has developed and implemented policies and practices to comply with the provisions of the Personal Data Protection Act 2012 (Act 26 of 2012) (the "PDPA").
Our designated Data Protection Officer (DPO) for Elliott Scott HR Recruitment in Singapore is Sylvia Pan:
sp@elliottscottgroup.com or
info@elliottscotthr.com.
Making a Claim
In addition to contacting ES, the supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you believe that your data protection rights have been breached in any way by us, you can lodge a complaint with the ICO at www.ico.org.uk. Otherwise, you must contact the regional data protection authority.
APPENDIX 1 - CANDIDATE PRIVACY NOTICE
Types of Candidate Data We Process
We may store various types of candidate data, including:
- Your personal information, including your name, address, email address, phone numbers
- Your photograph
- Gender
- Marital status
- Information included in your resume, including references, educational background, and employment history
- Current and past job titles, job descriptions, salary levels, pension benefits/entitlements, working hours and other terms and conditions related to your employment
- Passport, driver's license, proof of identification or documentation related to your right to work
- References
- National Insurance number, tax code
- Bank data
- A record of communications with you
- Job offers and employment contracts
How We Collect Candidate Data
For the purpose of providing you with job search services and/or information relating to relevant jobs and candidates, we will only use your personal data in accordance with the terms of this privacy notice.
ES obtained your personal data/sensitive personal data as follows:
- The candidate has registered as a job seeker or applied for a position through our website or directly
- The candidate was referred to us by a client, agency or contact
- The candidate has applied for a position advertised through a third-party job board.
- The candidate responded proactively to an approach via a publicly accessible platform such as LinkedIn.
- The candidate has provided us with payroll and banking information to facilitate the requirements of a contract or temporary position.
- The candidate has provided us with copies of their ID, passport or other documentation required for interview or contractual discussions related to a placement.
Why We Process Candidate Data
ES will collect your personal data and process your personal data for the purpose of providing job search services.
This can also include:
- Assess your suitability for an available position.
- Refer you to potential employers.
- Correspondence with our job openings.
- Updating our databases.
- Conduct interviews, screenings and assessments.
- Manage communications and correspondence.
- Negotiate and agree to employment contracts.
- Conduct pre-employment checks.
- Keep you informed about our services, events and general market and industry information, including research.
- Arrange payments to you.
Legal Basis for the Processing of your Data
Under the GDPR, where we are the Data Controller, we must have a lawful basis for processing all personal data. The GDPR sets out where the processing of personal data can lawfully be carried out:
- To fulfill a contract we are a party to.
- To fulfill legally required obligations.
- To fulfill our legitimate interests.
When we have consent for vital interests and when something is done in the public interest as provided by law.
All processing carried out by us falls under one of the permissible grounds. Generally, we will rely on legitimate interests to process your data to:
- Provide job search and consulting services to candidates.
- Including contacting you about opportunities and sharing your personal details with potential employers.
- Provide information that will aid your job search, such as events, market and industry information, including surveys.
We rely on our contract with you to process your personal data to:
- Make sure you get paid if you are a contractor.
We also need to collect your data to ensure we are complying with legal requirements such as:
- Ensure payment of taxes and national insurance.
- Carry out checks related to your right to work in the region.
As recruiters, we look to place candidates with companies looking for candidates. Primarily, we will share candidate data with companies and clients who are looking to hire permanent, temporary or contract workers, or who we think would be a good fit for you as a candidate and who may not have a position currently available.
Where we are processing payroll for you as a contractor, we will share your information with tax authorities, pension providers and other organizations that we are required to do to process your payment.
International Transfers
ES may transfer the information you provide to us to countries outside the European Economic Area ("EEA") for the purpose of providing job search services. We will take steps to ensure adequate safeguards to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
Protection of Your Data
We are aware of the need to ensure that your data is protected from accidental loss or disclosure, destruction and abuse. We have implemented processes to avoid such situations.
We hold your information on a secure database system located in the UK and managed by a professional third-party IT company. The database is password protected and only those in need have access. For more information, please see our security information under "GENERAL PRIVACY POLICY".
When we share your data with third parties, we provide written instructions to ensure your data is held securely and in compliance with GDPR requirements. Third parties must implement adequate technical and organizational measures to guarantee the security of your data.
How Long Do We Keep Your Data
ES will retain your personal data when we have an ongoing legitimate need to do so, for example to establish long-term relationships with our candidates to help with their long-term careers.
When there is no legitimate basis or we have not had contact with you for a period of 10 years, we will delete or anonymize your personal data.
We must also keep your payroll, holiday pay, sick pay and pension auto-enrollment records for as long as legally required by HMRC and associated national minimum wage, social security and tax legislation.
If you have any questions about how long we keep your personal information, you can contact us using the ES Data Controller contact details provided in the section entitled "GENERAL PRIVACY POLICY".
APPENDIX 2 - CUSTOMER, POTENTIAL CUSTOMER, SUPPLIER
Types of Personal Data We Process
We may have various types of candidate data, including:
- Your personal data, including your name, address, email address, telephone numbers, positions held;
- Communications with you.
How We Collect Personal Data
ES collected your personal data through the following means:
- When we enter into a customer/supplier agreement with you;
- When someone referred you to us;
- When you attended an event;
- Directly from you, for example when approached directly or when replying to a LinkedIn message.
Why We Process Personal Data
ES will collect your personal data and process your personal data for the following purposes:
For customers and potential customers:
- Provide job search services;
- Negotiate and agree on candidate search agreements;
- Contacting you about candidates;
- Develop and manage our services and relationship with you;
- Submit market and industry information, including surveys;
- Issuing invoices and solving payment problems.
For suppliers:
- Negotiate and agree to supply contracts/services with you;
- Manage the delivery of services;
- Dealing with invoices and payments.
Legal Basis for Processing Your Data
Under the GDPR, when we are the Data Controller, we must have a lawful basis for processing all personal data. The GDPR sets out where the processing of personal data can lawfully be carried out:
- To fulfill a contract to which we are a party;
- To fulfill legally required obligations;
- To fulfill our legitimate interests;
When we have consent; for vital interests; when something is done in the public interest as provided by law.
All processing carried out by us falls under one of the permissible grounds. Generally, we will rely on our contract with you to process your data. For example, we need to collect your personal data to:
- Carry out job search or consulting services;
- Communicating with you regarding contract services;
- Manage payment for services.
We may also process your data when there is a legitimate interest, such as:
- Keep you informed about our services, terms and conditions, policies;
- Keep you informed of market and industry information, including research;
- Invite you to industry-related events.
Personal Data Sharing
We may share your personal information with the following types of internal parties and third parties for the purposes described in this policy:
- We freely share your information with our internal team and group companies. Your contact information is held in our global database, which is secure and accessible only to employees - for the purpose of managing your client account and providing contractual, search or consulting services;
- We may share your information with third-party vendors (our vendors) who perform functions on our behalf (including external consultants, business partners and professional advisers such as lawyers, auditors, accountants, third-party technical support providers and third-party travel agencies, IT services third parties and document storage providers);
- We may share your information with a prospective buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer that they should only use your personal information for the purposes disclosed in this Notice.
Transfers Abroad
ES may only transfer the information you provide to us to countries outside the European Economic Area ("EEA") for the purpose of providing you with job search services. We will take steps to ensure adequate safeguards to ensure the security of your information. The EEA is made up of the member countries of the European Union, Norway, Iceland and Liechtenstein.
Protection of Your Data
We are aware of the need to ensure that your data is protected from accidental loss or disclosure, destruction and misuse. We have processes in place to protect you against such incidents.
We store your information on a secure database system located in the UK and managed by a professional third-party IT company. The database is password controlled and only authorized persons have access. For more information, please see our security information under "GENERAL PRIVACY NOTICE".
When we share your data with third parties, we provide written instructions to ensure your data is held securely and in compliance with GDPR requirements. Third parties must implement appropriate technical and organizational measures to ensure the security of your data.
How Long do we Keep Your Data
ES will retain your personal data when we have an ongoing legitimate need to do so, for example to establish long-term relationships with you as a customer, supplier or potential candidate.
Where there is no legitimate basis or there has been no engagement with you for a period of 10 years, we will delete or anonymize your personal data.
If you have any questions about how long we keep your personal information, please contact us using the ES Data Controller contact details provided in the section entitled "GENERAL PRIVACY NOTICE".
Copyright © 2018, Elliott Scott HR Recruitment Limited. All rights reserved.
To download the latest Privacy Policy, go to: Elliott Scott HR Privacy Policy .pdf Size: 230 KB