- 1. Introduction
- 2. Data we collect
- 3. Legal bases for Processing Personal Data
- 4. The location of Personal Data we may hold
- 5. How do we safeguard your Personal Data?
- 6. Data Accuracy
- 7. Data Minimisation
- 8. Data Retention
- 9. Your legal rights
- 10. Cookies and similar technology
- 11. Links to other websites
- 12. Changes to this privacy statement
- 13. How to contact us
- 14. Complaints
For the purposes of applicable Data Protection legislation (General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), Action for Burns & Children is the Controller of your Personal Data. Contact details are provided in Section 13.
For the purposes of this Privacy Notice, Personal Data is defined as any information that could be used to identify a living individual.
2. DATA WE COLLECT
a. What Personal Data do we collect?
The Personal Data we collect is the personal contact information that individuals provide to us, or that we obtain, as part of a candidate search on behalf of a client. The Personal Data collected can, therefore, belong to either Client or Candidate. Data collection relating to other individuals (such as employees or suppliers) will be covered in individual contracts and as such will not be covered at length in this Privacy Notice. This information is generally limited to contact details including name, email address, contact telephone number(s), job title, company, and contact history with the company. Any additional information we hold on an occasional basis may include telephone call notes, interview notes, curriculum vitae, remuneration, and location information.
If you would like a more detailed description of the Personal Data that we collect in this way, please click here.
Action for Burns & Children requires at least minimal contact data to be processed in order to carry out executive search assignments on behalf of our clients. If you do not want us to process any of your personal data, we will not be able to contact you or consider you for any executive search assignments. We only collect basic Personal Data about you, which does not include any Special Category of information such as racial or ethnic origin, political opinions, religious or other similar beliefs, trade union memberships, physical or mental health, sex life, or criminal record or proceedings. If we do seek to collect Sensitive Personal Data, we will ask for consent to process this Personal Data for the uses proposed at the time of asking, unless an alternative legal basis for Processing applies. If this information is provided unsolicited and it is not required for business operations, the Personal Data will be erased.
Details of your visits to any Action for Burns & Children website (a “Site”) including, but not limited to, Traffic Data, weblogs and other communication Data and the resources you access may also be collected.
b. Where and who the information we collect is from
We collect Personal Data directly from communication with you or from third parties, such as Social Media platforms and industry contacts. The information we process belongs either to candidates, clients, or our suppliers.
For more information about where we obtain Personal Data from, please see here.
c. Why we use Personal Data
We use your Personal Data to assess your suitability for confidential executive search assignments on behalf of our clients or prospective clients only. We will not collect Personal Data from you that we do not need in order to provide and oversee this service.
We may also monitor IP addresses for security purposes, trend analysis, site administration, user movement tracking and broad demographic information gathering for aggregate use. For more information about IP monitoring and website cookies see section 10.
d. Reasons we share Personal Data
We may share your details internally to other members of staff working on the same or similar projects, so we can better assist our candidates and clients.
We may disclose your personal information to third parties if the information is required for business operations. The third parties that your information may be sent to include our clients and any third-party profiling companies as requested by our clients in the advanced stages of a search. We will always seek to inform you before your information is shared with a third-party and where possible we will inform you of the name and location of the company we are sharing your Personal Data with. If the client we are working with has requested to remain confidential, we will be unable to share the name due to contractual agreements, however we will always provide the maximum amount of information possible before sharing any of your Personal Data.
We have a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to enforce or apply our terms and conditions or any other agreements; or to protect the rights, property, or safety of Action for Burns & Children, our customers or others.
3. LEGAL BASES FOR PROCESSING PERSONAL DATA
In Processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases:
- The Processing is necessary in connection with any contract that you may enter into with us;
- You have consented to the Processing of your Personal Data;
- We have a legitimate interest in carrying out the Processing, which is not overridden by your interests, fundamental rights, or freedoms. Where we rely on this legal basis, our legitimate interests are:
- our legitimate interest in the management and operation of our business;
- our legitimate interest in the provision of services to our clients; and
- our legitimate interest in the provision of information to our clients and candidates.
4. THE LOCATION OF PERSONAL DATA WE MAY HOLD
Personal Data may be held in a number of different places in line with the operations of a typical business. More information about where your Personal Data may be held can be found here.
Due to the international nature of our business, the Personal Data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our clients. We are a Global company who work with all relevant companies regardless of geographical location. Therefore, we are not able to predict where your data may be transferred to. We will include contractual clauses in our agreements with both international staff and clients to ensure that your data is offered an adequate level of protection, wherever it is transferred to.
5. HOW DO WE SAFEGUARD YOUR PERSONAL DATA?
We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law. These include measures to deal quickly and efficiently with any suspected data breach; encryption on all digital devices; and contractual agreements and processes to increase data safety and awareness.
We take every reasonable step to ensure that your Personal Data that we Process will be kept accurate and up to date. Any inaccurate Personal Data will be erased or rectified. Occasionally, we may contact you to confirm the accuracy of your Personal Data.
7. DATA MINIMISATION
We take every reasonable step to ensure we are only Processing Personal Data required for the purposes set out in this Policy. Data that is unnecessary for our Processing purposes will be removed without undue delay.
8. DATA RETENTION
We will keep copies of your Personal Data only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law permits or requires a longer retention period. When determining the relevant retention periods, we will take into account factors including:
- Our contractual obligations and rights;
- Our legal obligation(s) under applicable law to retain data for a certain period of time;
- The legitimate interests in retaining Personal Data on individuals; and
- Our market analysis with regards to the benefit we can provide individuals from retaining their Personal Data.
We estimate that the average turnover time for a role is around 3-5 years. Therefore, we will retain data for this period of time before contacting you to check the data held is accurate and that you are still happy for us to retain your data.
9. YOUR LEGAL RIGHTS
Subject to applicable law (GDPR), you may have a number of rights regarding the Processing of your Personal Data, including:
- the right to request access to, or copies of, your Personal Data that we Process or control;
- the right to request rectification of any inaccuracies in your Personal Data;
- the right to request, on legitimate grounds:
- erasure of your Personal Data that we Process or control; or
- restriction of Processing of your Personal Data that we Process or control;
- the right to object, on legitimate grounds, to the Processing of your Personal Data;
- where we Process your Personal Data on the basis of your consent, the right to withdraw that consent; and
- the right to lodge complaints regarding the Processing of your Personal Data with a Data Protection Authority.
To exercise one or more of these rights, please use the contact details provided in Section 13. Any formal request should be made in writing to the email address provided. Any information will be provided free of charge, unless the request is repetitive, unfounded, or excessive, at which point we will charge a reasonable fee, as permitted under GDPR. We will respond to any request regarding one or more of your legal rights within 30 days. We may request appropriate proof of identification to be provided before we can respond to your request. If we are unable to respond to your request within this time frame we will provide a valid reason for the delay and respond to you as soon as possible.
10. COOKIES AND SIMILAR TECHNOLOGY
There are a variety of tools to control cookies and similar technologies, including browser controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons and similar technologies. These tools may be provided by third-party service providers and may include the collection and tracking of certain data and information regarding the characteristics and activities of visitors to our website. We may disclose data, including personal information such as IP addresses, to certain such third-party services providers in order to obtain such services.
Your browser and other choices may impact your experiences with our websites. You may delete and block all cookies or decide to just block certain types of cookie via your browser setting. However, if you choose to block or delete cookies, this may affect the functionality of the Site.
11. LINKS TO OTHER WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
12. CHANGES TO THIS PRIVACY STATEMENT
13. HOW TO CONTACT US
To exercise one or more of your legal rights displayed in section 9 above, or to contact us regarding these rights or any other provision of this Policy or our Processing of your Personal Data, you can contact our Data Protection Officer, or data protection team, at this address: firstname.lastname@example.org
If you wish to raise a complaint on how we have handled your Personal Data, you can contact our Data Protection Officer, or data protection team, to have the matter investigated at this address: email@example.com
If you are not satisfied with our response or believe we are not Processing your Personal Data in accordance with the law, you can raise the complaint to the Information Commissioner’s Office.
Last Updated: 12 April 2018
APPENDIX: FURTHER INFORMATION
i. Personal Data
The categories of Personal Data about you that we may Process include:
- Personal details: given name(s); preferred name; job title; employer entity; department; salary; and compensation details.
- Contact details: home address; work address; home telephone number; work telephone number; work mobile number; personal mobile telephone number; personal email address; work email address; and social media profile details.
- Employment records: dates and details of current and former positions held; details of current and former employers; dates of employment; job titles; job locations; subject matter experience; and details of your current remuneration, pension and benefits arrangements.
- Details of referees: details of referees you may provide, including the relationship that you may have with each such referee, and the duration for which you have known each such referee.
- Opinions or views: Information on your interests and needs regarding future employment; extra information you choose to tell us; and information your references choose to tell us.
ii. Collection of Personal Data
Examples of sources from which we may collect Personal Data include the following:
- We may obtain your Personal Data when you provide it to us (e.g., where you contact us (or we contact you) via email or telephone, or by any other means).
- We may collect your Personal Data in the ordinary course of our relationship with you (e.g., if we offer to connect you with our Clients we may collect your Personal Data that are related to such Client opportunities, such as your curriculum vitae).
- We may collect Personal Data that you manifestly choose to make public, including via social media such as LinkedIn (e.g., we may collect information from your social media profile(s), to the extent that you choose to make your profile publicly visible).
- We may receive your Personal Data from third parties who provide it to us (e.g., past employers; referees; industry contacts; and clients).
- We may, with your prior express written consent, conduct background checks, in accordance with the protections provided by applicable law.
- We may collect or obtain Personal Data when you visit a Site or use any features or resources available on or through a Site. When you visit a Site, your device and browser will automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a Site and other technical communications information), some of which may constitute Personal Data.
iii. Storage of Personal Data
The locations your Personal Data could be stored in may include, but are not limited to:
- our database;
- emails on computers;
- mobile phones and tablets;
- contact address books;
- business cards;
- electronic documents on our file servers;
- paper files in our office; and
- cloud back-up and storage
Action for Burns & Children
47 Elms Road
Tel: +44(0)7703 828 226