GDPR Candidate Privacy Notice (UK and EU)
Northhill Partners Limited and its Subsidiary and Group Companies is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. You are on this page because you received a copy or a link of or to this privacy notice because you are applying for or have applied for work with us (whether as an employee, worker, contractor or a Candidate for a position with our Clients). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR).
In order to provide our recruitment and related support services Northhill Partners Limited Group need to collect personal data relating to our Candidates. This Privacy Statement provides specific information relating to Candidates.
CANDIDATES & ASSOCIATED CONTACT
As a recruitment business we connect those looking for a job (“Candidates”) with businesses who are looking for Candidates (“Clients”). For the purposes of this Privacy Statement a Candidate includes:-
- an active job seeker who registers with us with the purpose of us helping them to find a job, or applies to a role that we have advertised;
- someone who we have placed with a Client whether on a permanent or contract basis;
- someone we identify as a potential job seeker (for more information see Sources of Personal Data);
- for the purposes of this Privacy Statement a contractor of Northhill Partners Limited Group is defined as a Candidate.
An “Associated Contact” of a Candidate means individuals whose contact details are provided to us where, for example:-
- a Candidate may make a referral of another jobseeker;
- a Candidate may provide the details of their emergency contacts;
- a Candidate may provide us the details of a referee;
A Client Contact with whom Northhill Partners Limited Group has/had a Candidate on contract assignment, may provide a reference for that Candidate
DATA PROTECTION PRINCIPLES
We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about. If you are our employee we retain your personal data for at least 6 years after you leave our employment for legal purposes.
- Kept securely.
Under the GDPR we must have a lawful basis for processing all personal data. The GDPR sets out the grounds where processing of personal data can be undertaken legally. The main grounds used by Northhill Partners Limited Group to process personal data are as follows:-
If we have a contract with a Candidate, such as a contract worker, or where the Candidate has entered into a work finding services agreement for the provision of services, we will process personal data in order to fulfil the requirements of the contract, or to undertake set up requirements prior to entering into the contract.
- Legal Obligation
If we have a legal obligation to process personal data, such as the payment of taxes, we will process personal data on this legal ground.
- Legitimate Interests
The GDPR states that we may process personal data “if necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”. We may use legitimate interests where we do not have GDPR compliant consent, or where the information is collected indirectly about Candidates (see Sources of Personal Data). We have assessed the scenarios where we use legitimate interests as a legal ground for processing and we consider our processing is in line with Candidate expectations and that there is a balance between our interests, and those of Candidates. Candidates may object to any processing undertaken on the grounds of legitimate interests. To find out How do you Access / Update / Delete Your Data, please read that section of our General Privacy Statement. See also the section below on when we may rely on Legitimate Interests as a lawful reason for processing Candidates’ data.
Consent may be collected when a Candidate applies to a position advertised on our websites, or when a candidate completes our registration process (see Sources of Personal Data). Where we are unable to collect consent for a particular processing activity we will only process personal data if we have another lawful ground of legitimate interest, including Legitimate Interests. To find out How do you Access / Update / Delete Your Data, please read the section of our Privacy Statement below headed “Rights of Access, Correction, Erasure, and Restriction”
- Defence of legal claims
In limited circumstances and in accordance with the law we may use Candidate information in the defence of legal claims or enforcing legal rights, such as IP rights
- Assessment of employee working capacity
In certain circumstances, particularly in the case of a contract worker, we may be required to assess the working capacity of that worker and we will operate under this legal ground in relation to any tests or assessments undertaken involving the processing of sensitive personal data.
OUR LEGITIMATE BUSINESS INTERESTS
Our legitimate interests in collecting and retaining your personal data is described below:
- As a recruitment business and recruitment agency we introduce Candidates to Clients for permanent employment, temporary worker placements or independent professional contracts. The exchange of personal data of our Candidates and our Clients is a fundamental, essential part of this process and is a reasonable expectation of Candidates.
- In order to support our Candidates’ career aspirations and our Clients’ resourcing needs we require a database of Candidate and Client personal data containing historical information as well as current resourcing requirements.
- To maintain, expand and develop our business we need to record the personal data of prospective Candidates and Client contacts.
THE KIND OF INFORMATION WE HOLD ABOUT YOU
In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:
- The information you have provided to us in your curriculum vitae and covering letter.
- The information you have provided on our application form, including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications,pay roll data, including National Insurance/Social Security Number, payment information, Limited / Umbrella Company details, any government issued Photo Identity Card
- Candidate application data including salary, notice period, details of visa or eligibility to work, photographic images, video applications if available, desired salary, CV received date, ‘referred by’.
- Candidate CV including date of birth, employment history, skills/ experience, languages, educational history, qualifications, membership of professional associations, contact details of employer references/character references, licenses held, interests and hobbies.
- Any information you provide to us during a face-to-face or telephone interview.
- Candidate compensation data including salary and benefits offered to the Candidate by Client.
- Candidate metadata from candidate including summary of recency, frequency and timeline of email engagement from Candidate emails / marketing interaction.
- Associated Contact Emergency Contact including Name, Phone Number, Email Address and relationship to Candidate.
We may also collect, store and use the following “special categories” of more sensitive personal information:
- Information about criminal convictions and offences only where this is absolutely necessary for a particularly sensitive role. This may vary from country to country.
SOURCES OF PERSONAL DATA:- HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We have a large variety of sources of Candidate data. We will only ever source data that is necessary to provide services to you and in a way that would be generally expected.
We receive personal data about Candidates from a variety of sources. The primary source is from our Candidates directly. Examples of the sources of personal data of Candidates are as follows:-:
- You, the candidate.
- Partner recruitment agencies registered on any recruitment platform, or those partnering directly with us from which we collect the following categories of data: Name, Email address, Phone Number, CV, Gender, employment history and qualifications.
- Your named referees, from whom we collect the following categories of data: Name of the Position you worked at, Start Date, End date, Reason of Leaving and any other work related information.
- The following data from third parties is from a publicly accessible sources – such as social media websites including but not limited to Facebook, Twitter and professional networking websites including but not limited to LinkedIn, Xing – and other websites on the internet in general.
- The Candidate may apply to a position advertised on a third party jobs website;
- The Candidate may be sourced from publicly accessible platforms where Northhill Partners Limited Group employees are also registered users, for example LinkedIn;
- The Candidate may be sourced from third party CV providers such as jobs websites who provide CV search facilities and where users have made their CV data available to registered customers of these sites;
- We receive Candidate information when the Candidate interacts with our communications e.g. websites and advertisements;
- We may receive personal data about a Candidate from nominated referees of the Candidate or from other Associated Contacts of the Candidate;
- The Candidate may be referred to us from a Client who wishes us to payroll the Candidate as a contractor;
- When we are providing a managed services solution to a client, the Candidate may be referred to us from a third party recruitment business which is a supplier to us for that client;
- When we are providing a managed services solution to a client, the Candidate may be referred to us directly from that client requesting that we process their application on their behalf.
We will use the personal information we collect about you to:
We want to ensure that the personal data is used for the purposes that you would expect and our ultimate goal is that there should be no surprises for Candidates in the way that personal data is used by Northhill Partners Limited Group. Personal Data is used for the following key business activities to ensure that we can deliver the best recruitment services to you:
- Recruitment Services
- Equal Opportunities & Diversity
- Assess your skills, qualifications, and suitability for the work or role
- Carry out background and reference checks, where applicable.
- Communicate with you about the recruitment process.
- Keep records related to our hiring processes.
- Comply with legal or regulatory requirements.
- Share your Curriculum Vitae and resume information, with your consent, with our clients and associated companies of whom you have been notified. We have taken all reasonable steps to ensure that our clients will use your information only for the above purposes also and primarily to assess your suitability for the role or work we have discussed with you.
It is in our legitimate interests to decide whether to appoint you to a role or for work with our client and since it would be beneficial to our business to appoint someone to that role or work with our client.
We also need to process your personal information to decide whether to enter into a contract of employment with you or to assess your suitability for work with our client.
Having received your CV and covering letter or your application form and/or the results from any tests which you may have taken, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role with us or our client. If you do, we will decide whether your application is strong enough to invite you for an interview or to recommend that you attend an interview with our client. If we or our client decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to place you for an interview with our client or to offer you the role or work. If we or our client decide to offer you the role or work, we will then take up references and/or carry out a criminal record and/or carry out other relevant checks before confirming your appointment.
We provide further details of how we may use Candidate’s data below:-
Our business is to assist and advise Candidates in their search for job opportunities. In providing our services, we may use personal data including for the following purposes (we will only ever use the personal data as described here if we have a legal basis for doing so):
- to keep in contact with Candidates, to inform, update and discuss new relevant job opportunities and any subsequent progression through the job search process, for example about interviews, job offers, onboarding, and in the case of contract workers, the timesheet and payment processes;
- to keep up to date information about the Candidate in relation to their job search process and their requirements, in order to assess their suitability for current or future vacancies for example based on their previous skills and experience overall, their own statements about career aspirations, professional development, strengths and weaknesses, their level of managerial experience, professional qualifications;
- to contact referees as part of the recruitment process for permanent roles or as part of the screening process for contract roles;
- to record emergency contact details for contract workers;
- to understand the profile of organisations in which Candidates are currently / previously employed;
- to create a record/file for the Candidate on our internal systems to associate all notes and tracking throughout the job search, interview, placement, onboarding and contracting process;
- to understand current and expected salary, notice period and available, current and required locations in order to enhance and impact the success of the matching process and ensure the Candidate is provided with the most relevant opportunities;
- to develop the relationship between Northhill Partners Limited Group and the Candidate and ensure a more personalised service;
- to meet the requirements of the Client application process including criminal record and credit checks (where relevant);
- to verify the information provided by Candidates using evaluations and tests (including functional capability and psychometric testing) at the request of the Client;
- to pay referral fees;
- to retain evidential proof of the identity of the Candidate;
- to share Candidate information with Clients. We are not responsible for the processing activities of Clients once a Candidate’s personal data has been shared. Please refer to the Privacy Statement of the relevant Client;
- to carry out our obligations under Client contracts;
- to enable Candidates to participate in our career development services
- to tailor our products and services to better identify the right Candidates and present the right opportunities at the right time and meet Candidate and Client needs more effectively;
- to undertake modelling based on demographic, behavioural, geographic data in order to produce lead scores that may predict the jobs, locations and companies Candidates are most likely to be interested in, or to predict which Candidates our Clients are most likely to hire;
- to undertake profiling for the purposes of semi-automated or manual decision making about Candidates.
We aim to provide Candidates with information that is relevant and personal to the service that they expect to receive from us. When drafting and sending marketing communications, we may use personal data for the following purposes:
- to personalise and make the marketing information sent as relevant as possible;
- to ask for your help in relation to sharing information about opportunities we may have, with your network;
- to aggregate data used as part of surveys or to produce market insights;
- to segment and distribute targeted marketing;
- to follow up with attendees of our events/webinars or to contact attendees about current or future opportunities;
- to ask for your opinion about our products or services;
- to produce aggregated models to predict trends and produce market insights.
We may use and create personal data about Candidates for the purposes of making and receiving payments including the following scenarios (we will only ever use the personal data as described here if we have a legal basis):
- to make an offer of salary and benefits to a Candidate on behalf of a Client in relation to a specific job offer;
- to generate placement activity on our central systems in order to invoice a Client;
- to benchmark salaries for Candidates with similar experience or for companies with similar vacancies;
- to undertake financial audits;
- to communicate payroll and other financial information to Candidates and Clients.
We are continuously developing our software and systems to improve the services that we provide to our Candidates. We use personal data in some cases to facilitate that development including the following (we will only ever use the personal data as described here if we have a legal basis):
- to gain customer insights to help optimise and develop new products and services for Candidates;
- to store and backup information;
- to undertake modelling to identify improvements and efficiencies in the recruitment process.
We may need to process certain personal data as part of our legal obligations, and to ensure our recruitment practices are in line with our diversity programmes. We may use personal data for the following purposes (we will only ever use the personal data as described here if we have a legal basis):
- to capture consent/contract acceptance on paper or electronic registration forms, terms & conditions or forms;
- to comply with our legal obligations in respect of: the collection of taxes, levies, contributions; the detection of crime; labour standards; anti-bribery legislation; and industry specific legislation;
- to comply with Client requests relating to their employment practices;
- to comply with the law in certain jurisdictions;
- to fulfil contractual obligations with Clients and vendors, for example, in relation to the enforcement of intellectual property rights.
Equal Opportunities & Diversity
We may process certain personal data as part of our commitment to Equal Opportunities & Diversity, for example to ensure our recruitment practices are in line with our diversity programmes. We may use personal data for the following purposes (we will only ever use the personal data as described here if we have a legal basis):
- to promote diversity or inclusion in the workplace.
A Candidate’s personal data relating to diversity is held anonymously and used for statistical purposes only.
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), neither we nor our client will be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.
INFORMATION ABOUT CRIMINAL CONVICTIONS
We envisage that we will process information about criminal convictions.
We may need to collect information about your criminal convictions history if we would like to offer you the work or role (conditional on checks and any other conditions, such as references, being satisfactory). We are required to carry out a criminal records check in order to satisfy ourselves and our Clients that there is nothing in your criminal convictions history which makes you unsuitable for the role. In particular:
- Where we are legally required by Clients to carry out criminal record checks for those carrying out particularly sensitive types of roles or work
We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Why might you share my personal information with third parties?
We will only share your personal information with the following third parties for the purposes of processing your application or your Personal Data: Associated Companies, Clients, security companies for the purposes of verifying specific information and carrying our criminal records checks as required and/or necessary. We will also share your personal information with our client for the purpose of seeking to place you in the role which we have discussed with you or other suitable roles in line with our agreement with you and in your interests. All our clients, third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. We may also require the sharing of your personal information to our Indian and USA offices and to our client’s offices based outside the European Economic Area (EEA) for the purposes of securing the work you have applied for and for appropriate administration purposes which is in your interests to enable us to provide the appropriate level of service to you.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Where your information is shared with our offices outside of the EEA we acknowledge that those countries may not be regarded as having the same degree of data protection laws as the EU currently has. However we aim to ensure that we as an organisation and our clients have the same or similar degrees of security measures in place in those countries.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for?
Our aim is to build lasting relationships with our Candidates and thus to contribute to long term career success and development. So our goal is to continue to engage and interact with Candidates even after they have secured a new position – for example to keep them informed of market developments, [ invite them to topical seminars and networking events ], and to be on hand to offer advice about career planning. But, we recognise that the level of engagement we have with different Candidates will vary and so our retention policy is designed to reflect this. If we lose touch with a Candidate we recognise that the personal data we collected is no longer needed for the purpose for which it was collected and we won’t retain it any longer.
Specifically in relation to marketing, personal data will be retained for (i) a period of twelve months following the date of the last engagement by a Candidate with a marketing communication or (ii) the date the Candidate unsubscribes from marketing communications, whichever is earlier.
Specifically in relation to Recruitment Services, IT, Finance, Legal, Equal Opportunities and Diversity, personal data will be retained in accordance with the above statements unless we are required to keep it for legal reasons. It will then only be retained for the period required by law and will not be further processed for any other purpose.
To provide an example of retention periods: -we aim to retain your personal information for no longer than is necessary but normally for a period of at least 2 to 6 years. We may need to continue retaining your information for example after we have communicated to you our decision or our client’s decision about whether to appoint you to role or work. Because of our aim in creating a long lasting relationship with our candidates and providing a life-long career support and management process we may retain your data for longer where we consider that the job market is such that there may be suitable opportunities for you in future .
If you are or become our employee rather than being employed by our clients then we retain your personal data for at least 6 years after you leave our employment for legal purposes. We retain your personal information for those periods so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way and that you have the best opportunity to secure work with our clients which is in your interests. After this period, we will securely destroy your personal information in accordance with our data retention policy or applicable laws and regulations.
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact email@example.com in writing.
DATA PROTECTION OFFICER
If you have any questions about this privacy notice or how we handle your personal information, please write to us on this email firstname.lastname@example.org and the appropriate person will get in touch with you. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.