Charterhouse is a “controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We may collect, store and use the following categories of information about you:
CANDIDATES & EMPLOYEES
- You may give your personal details to the company directly, such as by seeking employment with us, via submitting your CV, completing our application; or,
- Your details may have been identified via publicly available sources in relation to your professional history (e.g. LinkedIn or a jobs board where you have posted your CV for recruiters to consider you for opportunities);
- In some circumstances, your personal details may have been provided to us by another person for us to offer employment with us to you, e.g. a referral from one of our employees;
- Data may also be collected during the course of your employment or whilst undertaking training with us, e.g. from a referee or from your line manager.
- You may give your personal details to us directly, such as by seeking services from us; or,
- In some circumstances, your personal details may have been provided to us by another person in your company for us to offer and / or perform a contractual obligation between Charterhouse and your company;
- Your details may have been identified via publicly available sources in relation to your professional history (e.g. LinkedIn or your company website).
NEXT OF KIN
- your personal details have been provided to us by another person (our applicant; or worker; or employee) who has indicated you as an emergency contact.
- your personal details have been provided to us by another person (e.g., our applicant; or worker; or employee) who has indicated you as a referee
- You may give your personal details to us directly, such as by seeking to provide services to us; or
- In some circumstances, your personal details may have been provided to us by another person in your company to offer and / or perform a contractual obligation between Charterhouse Recruitment and your company;
- Your details may have been identified via publicly available sources in relation to services you provide (e.g. LinkedIn or your company website).
HOW WE USE YOUR INFORMATION ABOUT YOU
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Click here to find out more about the types of lawful basis that we will rely on to process your personal data.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Where we need to share your personal data, we have contracts and data sharing agreements in place with the recipients that require them to treat your information as confidential and ensure the continued protection of your data whilst in their possession. The Company will process your personal data with the following recipients:
- Governing bodies and authorities as required by law;
- Our software providers;
- Third party suppliers, e.g. business associates and professional advisers, such as external consultants, technical and IT support functions and independent auditors;
- Third party, where necessary to protect your vital interest, e.g. emergency services; or
- Marketing technology platforms and suppliers.
We may transfer your personal information to a third party as part of a sale of some or all our business and assets to any third party or a part of any business restructuring or reorganisation. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
AUTOMATED DECISION MAKING
We do not use automated decision-making including profiling. Should the Company intend to change this process you will be notified in advance.
We do not transfer your personal data outside the UK.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact our DPO. Click here to find out more.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.