Privacy Policy
INTRODUCTION
This Privacy Policy explains what we do with your personal data, whether we are in the process of helping you find a job, continuing our relationship with you once we have found you a role, providing you with a service, receiving a service from you, using your data to ask for your assistance in relation to one of our candidates, or you are visiting our website.
It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
This Privacy Policy applies to the personal data of our candidates, website users, clients and suppliers.
What kind of personal data do we collect?
CANDIDATE DATA: In order to provide the best possible employment opportunities that are tailored to you, we need to process certain information about you. We only ask for details that will genuinely help us to help you, such as your name, age, contact details, education details, employment history, emergency contacts, immigration status and social security number (and of course you may choose to share other relevant information with us).
CLIENT DATA: If you are an IRC customer, we need to collect and use information about you, or individuals at your organisation, in the course of providing you services such as finding candidates who are the right fit for you or your organisation.
SUPPLIER DATA: We need a small amount of information from our suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide.
WEBSITE USERS: We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is most popular.
How do we collect your personal data?
CANDIDATE DATA: We collect candidate personal data in two primary ways:
1. Personal data that you, the candidate gives us.
2. Personal data that we receive from other sources.
Personal data you give to us
IRC needs to know certain information about you in order to provide a tailored service. This will enable us to provide you with the best opportunities and should save you time in not having to trawl through information about jobs and services that are not relevant to you.
There are numerous ways you can share your information with us. It all depends on what suits you. These may include
– Entering your details on the IRC website, as part of the application process;
– Emailing your CV to a IRC consultant or being interviewed by them.
– Entering through a social media channel such as LinkedIn or Twitter.
CLIENT DATA: We collect client personal data that we receive directly from you.
Personal data that we receive directly from you
We both share the same goal – to make sure that you have the best staff for your organisation. We will receive data directly from you in two ways:
– Where you contact us proactively, usually by phone or email; and/or
– Where we contact you, either by phone or email, or through our consultants’ business development activities more generally.
SUPPLIER DATA: We collect your personal data during the course of our work with you.
WEBSITE USERS: We will collect data from you when you contact us via the website, for example by applying for a job advertisement.
How do we use your personal data?
CANDIDATE DATA: We generally use Candidate data for recruitment activities.
Recruitment Activities
Our main area of work is recruitment – connecting the right candidates with the right jobs. We’ve listed below various ways in which we may use and process your personal data for this purpose, where appropriate and in accordance with any local laws and requirements. Please note that this list is not exhaustive.
– Collecting your data from you and other sources, such as LinkedIn;
– Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to recruitment;
– Providing you with our recruitment services and to facilitate the recruitment process;
– Assessing data about you against vacancies which we think may be suitable for you;
– Sending your information to clients, in order to apply for jobs or to assess your eligibility for jobs;
CLIENT DATA: The main reason for using information about clients is to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly.
SUPPLIER DATA: The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.
Who do we share your personal data with?
CANDIDATE DATA: Primarily we will share your information with prospective employers to increase your chances of securing the job you want. Where appropriate and in accordance with local laws and requirements, we may share your personal data with the following:
– Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
– Potential employers and other recruitment agencies/organisations to increase your chances of finding employment.
CLIENT DATA: We will share your data primarily to ensure that we provide you with a suitable pool of candidates.
SUPPLIER DATA: Unless you specify otherwise, we may share your information with any of our group companies and associated third parties such as our service providers and organisations to whom we provide services.
WEBSITE USERS: Unless you specify otherwise, we may share your information with providers of web analytics services, marketing automation platforms and social media services to make sure any advertising you receive is targeted to you.
How do we safeguard your personal data?
We care about protecting your information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.
How long do we keep your personal data for?
We will delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for two years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with us. If you are a candidate, we will consider there to be meaningful contact with you if you submit an updated CV to us. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication.
How can you access, amend or take back the personal data that you have given to us?
One of the GDPR’s main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
To get in touch about these rights, please contact us. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for profiling your suitability for certain roles), or consent to market to you, you may withdraw your consent at any time.
Data Subject Access Requests (DSAR): Just so it’s clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information.
Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
How do we store and transfer your data internationally?
IRC is a global organisation – this is what enables us to offer the level of services that we do. In order for us to continue operating in this way, we may have to transfer or store your data international with the following;
– between and within IRC entities;
– to third parties such as suppliers to IRC
– to overseas clients
– to a cloud-based storage provider; and
– to other third parties.
CLIENT DATA: The data we collect about clients is actually very limited. We generally only need to have your contact details or the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses) to enable us to ensure that our relationship runs smoothly.
SUPPLIER DATA: We don’t collect much data about suppliers. We simply need to make sure that our relationship runs smoothly. We’ll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.
OUR LEGAL BASES FOR PROCESSING YOUR DATA LEGITIMATE INTERESTS
CANDIDATE DATA:
We think it’s reasonable to expect that if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and otherwise use your personal data to offer or provide our recruitment services to you, share that information with prospective employers and assess your skills against our bank of vacancies. Once it’s looking like you may get the job, your prospective employer may also want to double check any information you’ve given us (such as the results from psychometric evaluations or skills tests) or to confirm your references, qualifications and criminal record, to the extent that this is appropriate and in accordance with local laws. We need to do these things so that we can function as a profit-making business, and to help you and other candidates get the jobs you deserve.
We want to provide you with tailored job recommendations and relevant articles to read to help you on your job hunt. We therefore think it’s reasonable for us to process your data to make sure that we send you the most appropriate content.
We also think that it might help with your job search if you take part in our specialist online training or some of our more interactive services, if you have the time. These are part of our service offering as a business, and help differentiate us in a competitive marketplace, so it is in our legitimate interests to use your data for this reason.
We have to make sure our business runs smoothly, so that we can carry on providing services to candidates like you. We therefore also need to use your data for our internal administrative activities, like payroll and invoicing where relevant.
CLIENT DATA:
To ensure that we provide you with the best service possible, we store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations, meetings, registered jobs and placements. From time to time, we may also ask you to undertake a customer satisfaction survey. We think this is reasonable – we deem these uses of your data to be necessary for our legitimate interests as an organisation providing various recruitment services to you.
SUPPLIER DATA:
We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.
CONSENT
Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” In plain language, this means that:
– you have to give us your consent freely, without us putting you under any type of pressure;
– you have to know what you are consenting to – so we’ll make sure we give you enough information;
– you should have control over which processing activities you consent to and which you don’t.
– you need to take positive and affirmative action in giving us your consent
We will keep records of the consents that you have given in this way.
As we have mentioned, you have the right to withdraw your consent to these activities. You can do so at any time, and details of how to do so can be found below.
How you can get in touch with us:
– to access, amend or take back the personal data that you have given to us;
– if you suspect any misuse or loss of or unauthorised access to your personal information;
– to withdraw your consent to the processing of your personal data (where consent is the legal basis on which we process your personal data);
– with any comments or suggestions concerning this Privacy Policy
You can write to us at the following address:
27 Old Gloucester Street London WC1N 3AX
Alternatively, you can send an email to: info@i-r-consulting.com