Privacy Policy

Elliott Scott HR Privacy Policy

 

Privacy Notice

 

Elliott Scott HR Recruitment is aware of its obligations in Europe to comply with General Data Protection Regulation (GDPR) and is committed to processing personal data securely and transparently. This privacy notice sets out, in line with GDPR, the types of data that we hold. It also sets out how we use that information, how long we keep it for and other relevant information about your data.

 

We have prepared a general privacy notice covering all subject data and including use of our website at www.elliottscotthr.com 

 

The following categories of subject data are covered more specifically in the appendices;

1.) Candidates

Defined as; as active job seeker, someone we identify as a potential job seeker, someone we have previously placed with a customer, a contractor. This includes those that register or apply for an opportunity on our website www.elliottscotthr.com 

 

2.) Customers, Potential Customers and Suppliers

 

GENERAL PRIVACY NOTICE

 

About Us

Elliott Scott HR Recruitment (“ES”) is a global recruitment company operating predominantly in the Human Resource sector. In addition to permanent placements, ES also provides services such as temporary staffing, contractor recruitment, mapping and other related consultancy services.

 

This policy covers the following legal entities;

Elliott Scott HR Recruitment Limited (UK)

Elliott Scott HR Recruitment Limited (Hong Kong)

Elliott Scott HR Recruitment Pte (Singapore)

Elliott Scott HR Recruitment Inc. (USA)

 

Data protection principles

In relation to all personal data, we will:

• Process it fairly, lawfully and in a clear, transparent way

• Ensure it is processed and held securely

• Collect your data only for reasons that we are explained to you in this policy

• Only use it in the way that we have told you about

• Only shared as specified in this policy

• Keep your data for only as long as we need it 

 

Data Controller & Data Processor

ES a recruitment business which provides job-seeking services to its clients and Job-seekers. ES must collect and process personal data so that it can provide these services.

 

In most cases ES is a data controller, meaning that it determines the legal basis and processes to be used when using your personal data. In some cases, ES may act solely as the data processor, and has the obligation to process the personal data only on behalf of the data controller and in compliance with its instructions. 

 

ES Data Controller contact details are as follows:

info@elliottscotthr.com

Elliott Scott HR Recruitment Limited, Maple Works, 73 Maple Road, Surbiton, Surrey, KT6 4AG

 

Your rights in relation to your data

The law on data protection gives you certain rights in relation to the data we hold on you. These are:

• The right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice

• The right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. 

• The right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it 

• The right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it

• The right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct 

• The right to portability. You may transfer the data that we hold on you for your own purposes

• The right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests

• The right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights. 

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

 

If you wish to exercise any of the rights explained above, please contact the Data Controller details above.

 

Automated decision making

No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.

 

General Security

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect. Our key systems are password access controlled, limited to only those that require access to fulfil the services and the systems and infrastructure are firewall and intrusion protected.    

 

Information automatically logged

When you visit our website, we will record your visit only as a “hit”.  The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, and time/durations and the pages visited (“visitor data”). We use the visitor data for the purpose of maintaining and improving our Website such as to determine the optimal screen resolution, which pages have been most frequently visited etc. We use such data only for website enhancement and optimisation purposes. We do not use and have no intention to use the visitor data to personally identify anyone.

 

Cookies

We may use cookies in our Website.  Cookies are small pieces of information that we store on your computer’s or mobile device’s browser or hard drive.  The information stored is to enable the site to function correctly and give you additional features and benefits such as automatic log in.   Most browsers give you the option of preventing cookies from being stored, though doing so may cause you to lose some of the benefits of our Website.  The information collected by means of cookies on our Website about you will be used only for compiling aggregate statistics on how visitors browse our Website. Such statistics are collected for the purpose of managing and improving the design of our Website.

 

Changes to the Privacy Notice

We may amend this Statement from time to time.  We suggest that you visit our Website regularly to keep up to date with any changes.

Please be informed that our business in Singapore, Elliott Scott HR Recruitment Pte. Limited, has also developed and implemented policies and practices to comply with the provisions of the Personal Data Protection Act 2012 (Act 26 of 2012) (the “PDPA”).

 

Making a complaint

As well as contacting ES, the supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO www.ico.org.uk. Otherwise you should contact the regional data protection authority.

 

APPENDIX 1 - CANDIDATE PRIVACY NOTICE

 

Types of Candidate data we process

We may hold many types of candidate data, including; 

• Your personal details including your name, address, email address, phone numbers

• Your photograph

• Gender 

• Marital status

• Information included on your CV including references, education history and employment history

• Current and previous job titles, job descriptions, pay grades, benefits/pension entitlement, hours of work and other terms and conditions relating to your employment

• Passport, driving license, ID proof or documentation relating to your right to work 

• References

• National Insurance number, tax code

• Bank details

• A log of communications with you

• Job offers and contracts of employment

 

How we collect Candidate data 

For the purposes of providing candidates and customers with job-seeking services and/or information relating to relevant roles and candidates, we will only use your personal data in accordance with the terms of this privacy notice. 

 

ES sourced your personal data/sensitive personal data by the following means:

• The candidate registered as a job-seeker or applied for a role through our Website or directly

• The Candidate was referred to us by a customer, agency or contact 

• The Candidate applied for a position advertised through a third party job board

• The Candidate proactively replied to an approach through a publicly accessible platform e.g. LinkedIn

• The Candidate provided us with payroll and bank information in order facilitate the requirements for a contract or temporary position

• The Candidate provided us with copies of their ID, passport or other documentation required for interview or contract discussions in relation to a placement.

 

Why we process Candidate data

ES will collect your personal data and will process your personal data for the purposes of providing you with job-seeking services. 

 

This may also include;

• To assess your suitability for an available role

• To put you forward to prospective employers

• To match you to our job vacancies

• Updating our databases

• To carry our interviews, screenings and assessments 

• To manage communications and correspondence

• To negotiate and agree contracts of employment

• To conduct pre-employment checks

• To keep you informed of our services, events and general market & industry information including surveys

• Arranging payments to you

 

Lawful basis for processing your data

Under GDPR, where we are the Data Controller we must have a lawful basis for processing all personal data. GDPR sets out the where processing of personal data can be undertaken legally; 

• In order to perform a contract that we are party to

• In order to carry out legally required duties

• In order for us to carry out our legitimate interests

• Where we have consent

• Vital interests and 

• Where something is done in the public interest that is set out in law.

 

All of the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on legitimate interests to process your data to;

• Perform job seeking and related consultancy services for candidates

• Including; contacting you about opportunities and sharing your personal data with prospective employers. 

• To provide you with information that will assist your job search such as events, market & industry information including surveys.

 

We will rely on our contract with you to process your personal data to:

• Ensure you are paid where you are a contractor.

 

We also need to collect your data to ensure we are complying with legal requirements such as:

• Ensuring tax and National Insurance is paid

• Carrying out checks in relation to your right to work in the region

 

Sharing Candidate data

As a recruiter, we look to place candidates with companies looking for candidates. Primarily we will share candidate data with companies and customers looking to employ permanent, temporary or contract workers or whom we think would be a good fit for you as a job-seeker and may not have a current position available.

 

Where we are processing payroll for you as a contractor, we will share your information with the tax authorities, pension providers and other organisations that we are required to, in order to process your pay. 

 

Overseas Transfers

ES may transfer the information you provide to us to countries outside the European Economic Area (“EEA”) for the purposes of providing you with job-seeking services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein

 

Protecting your data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such. 

 

We hold your information on a secure database system held in the UK and managed by a professional outsourced IT company. The database is password controlled and only those that require have access. For further information please see our security information in the “GENERAL PRIVACY NOTICE”. 

 

Where we share your data with third parties, we provide written instructions to them to ensure that your data is held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

 

How long we keep your data for

ES will retain your personal data where we have an ongoing legitimate need to do so, for example to engage in long term relationships with our candidates to assist in their long term careers.

 

Where there is no legitimate basis or there has been no engagement with you for a period of 10 years, we will either delete or anonymise your personal data.

 

We must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation. 

 

If you have any questions about how long we retain your personal information, you may contact us using the ES Data Controller contact details provided under the Section headed GENERAL PRIVACY NOTICE. 

 

APPENDIX 2 – CUSTOMER, POTENTIAL CUSTOMER, SUPPLIER 

 

Types of personal data we process

We may hold many types of candidate data, including; 

• Your personal details including your name, address, email address, phone numbers, job titles;

• Communications with you 

 

How we collect personal data 

ES sourced your personal data by the following means:

• Where we entered into a customer/supplier agreement with you

• Where we were referred to you

• Where you attended an event 

• Directly from you, for example approached directly or responding to a LinkedIn message 

 

Why we process personal data

ES will collect your personal data and will process your personal data for the purposes of; 

For Customers & Prospective Customers

• Supplying job search services

• Negotiating and agreeing candidate search contracts 

• Contacting you about candidates

• Developing and managing our services and relationship with you. 

• Issuing market & industry information including surveys

• Issuing invoices and payment queries

 

For Suppliers

• Negotiating and agreeing supply agreements/services with you

• Managing the supply of services 

• Handling invoices and payment

 

Lawful basis for processing your data

Under GDPR, where we are the Data Controller we must have a lawful basis for processing all personal data. GDPR sets out where the processing of personal data can be undertaken legally; 

• In order to perform a contract that we are party to

• In order to carry out legally required duties

• In order for us to carry out our legitimate interests

• Where we have consent

• Vital interests and 

• Where something is done in the public interest that is set out in law.

 

All of the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on our contract with you to process your data. For example, we need to collect your personal data in order to:

• Perform the job search or consultancy services

• To communicate with you in that regard to the contract services

• To manage payment for the services

 

We may also process your data where there is a legitimate interest such as:​

• Keeping you informed of our services, terms and conditions, policies

• Keeping you informed of industry and market information including surveys

• Inviting you to industry related events

 

Sharing personal data

We may share your personal information with the following types of internal and third parties for the purposes described in this notice:

• We freely share your information with our internal staff and group companies. Your contact information is maintained on our global database, which is secure and accessible only to employees – for the purpose of managing your customer account and providing contract, search or consultancy services. 

• We may share your information with third party service providers (our Vendors) who perform functions on our behalf (including external consultants, business associates and professional advisers, such as lawyers, auditors, accountants, technical support providers, and third party travel agencies, outsourced IT and document storage providers).

• We may share your information with a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger, or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Notice.

 

Overseas Transfers

ES may transfer only the information you provide to us to countries outside the European Economic Area (“EEA”) for the purposes of providing you with job-search services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein

 

Protecting your data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such. 

 

We hold your information on a secure database system held in the UK and managed by a professional outsourced IT company. The database is password controlled and only those that require have access. For further information please see our security information in the “GENERAL PRIVACY NOTICE”. 

 

Where we share your data with third parties, we provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

 

How long we keep your data for

ES will retain your personal data where we have an ongoing legitimate need to do so, for example to engage in long term relationships with you as a customer or supplier or a potential future candidate. 

 

Where there is no legitimate basis or there has been no engagement with you for a period of 10 years, we will either delete or anonymise your personal data.

 

If you have any questions about how long we retain your personal information, you may contact us using the ES Data Controller contact details provided under the section headed “GENERAL PRIVACY NOTICE”. 

 

Copyright © 2018, Elliott Scott HR Recruitment Limited. All rights reserved.

 

To download the latest Privacy Policy, please go here: 

Elliott Scott HR Privacy Policy .pdf

Size: 230 KB