INTRODUCTION

Welcome to our privacy policy. 

Charterhouse Recruitment (Yorkshire) Limited (collectively referred to as ‘Charterhouse’, ‘we’ ‘us’ or ‘our) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data, what types of personal data we may collect and tell you about your privacy rights and how the law protects you. 

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Charterhouse is a “controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. 

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO by emailing dpo@charter.fisherinc.co.uk  

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

HOW IS YOUR PERSONAL INFORMATION COLLECTED?

We may collect, store and use the following categories of information about you:

CANDIDATES & EMPLOYEES

CLIENT

NEXT OF KIN

REFEREE

SUPPLIER

HOW WE USE YOUR INFORMATION ABOUT YOU

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Click here to find out more about the types of lawful basis that we will rely on to process your personal data.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

DATA SHARING

Where we need to share your personal data, we have contracts and data sharing agreements in place with the recipients that require them to treat your information as confidential and ensure the continued protection of your data whilst in their possession. The Company will process your personal data with the following recipients:

We may transfer your personal information to a third party as part of a sale of some or all our business and assets to any third party or a part of any business restructuring or reorganisation. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

AUTOMATED DECISION MAKING

We do not use automated decision-making including profiling. Should the Company intend to change this process you will be notified in advance.

INTERNATIONAL TRANSFERS

We do not transfer your personal data outside the UK.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DATA RETENTION

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

If you wish to exercise any of the rights set out above, please contact our DPO. Click here to find out more.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.