Privacy Policy

Introduction
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The GDPR aims to harmonise data protection legislation across the European Union, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

This Privacy Policy sets out how we, Altus Search Limited, collect, store and use information about candidates, clients, suppliers and website users. This Privacy Policy is effective from 25th of May 2018.

Data controller:
Altus Search Limited.

What Information We Collect:
We collect the information such as full name, date of birth, postal address, contact details, CV, renumeration package and salary expectations, visa status, company name or business name and address (if applicable), registrations number (if applicable), VAT number (if applicable), bank details (if applicable), passport and proof of address (when we are required to perform reference check).

How we collect or obtain information about you:
• when you provide it to us (e.g. by contacting us via e-mail, phone, meeting in person or responding to our adverts on job boards and professional networking websites).
• from your use of our website, using cookies.
• occasionally, from third parties (e.g. recommendation from friend or colleague, clients or social media sites like LinkedIn).

How we use your information:
For administrative and business purposes (collecting, saving and storing your information on our database particularly to contact you regarding new job opportunities we might have that match your skill set and record keeping, send your details to our clients in order to secure an interview and fulfil your employment needs, to fulfil our contractual obligations, and in connection with our legal rights and obligations.

Our legitimate business interests in collecting and retaining your personal data is below:
• We are a recruitment agency and introduce Candidates to Clients for permanent employment, temporary worker placements or independent contracts. The exchange of personal data of our Candidates and our Client contacts is a necessary part of this relationship.
• In order to support our candidates’ career progress and our clients’ requirements we need a database of candidate and client personal data containing historical information as well as current recruiting requirements.
• If you are looking for employment or have posted your information on a job board or professional networking site which allows the public (including recruiters) to view your information - that you are happy for us to collect and otherwise use your personal data to offer or provide our recruitment services to you, assess your skills against our bank of vacancies and, with your consent, share that information with prospective employers.
• To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts.
• We will rely on contract if we are negotiating or have entered into a placement agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
• We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligations.
• To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation.
• We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce you to a client (if you are a candidate).

Disclosure of your information to third parties:
Only to the extent necessary to run our business, to our service providers such as a background screening company and IT support, to fulfil any contracts we enter into with you, where required by law or to enforce our legal rights.

Do we sell your information to third parties (other than in the course of a business sale or purchase or similar event):
To whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

How we secure your information
• We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:
• only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible.
• using secure servers in Europe to store your information.
• verifying the identity of any individual who requests access to information prior to granting them access to information.

Transmission of information to us by email:
• Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.
• We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.

Use of cookies and similar technologies:
We use Google Analytics cookies on our website.

Transfers of your information outside the European Economic Area:We will only transfer your information outside the European Economic Area if we are required to do so by law or we are able to offer new employment propositions for candidates or introduce prospective candidates to clients (country names to be disclosed on individual case by case scenario before sending data out). Where information is to be so transferred, it may be to a country in respect of which there is an adequacy decision from the EU Commission. However, if this is not the case, it is our policy to take steps to identify risks and in so far as is reasonably practicable, ensure that appropriate safeguards are in place.

Use of automated decision making and profiling:
We do not use automated decision making and/or profiling as a person will always be involved in decision making process.

Your rights in relation to your information:
• Subject to certain limitations on certain rights, you have the following rights in relation to your information, which you can exercise by sending an email to information@altussearch.co.uk:
• to request access to your information and information related to our use and processing of your information.
• to request the correction or deletion of your information.
• to request that we restrict our use of your information.
• to receive information which you have provided to us in a structured, commonly used and machine-readable format (e.g. a CSV file) and the right to have that information transferred to another data controller (including a third party data controller).
• to object to the processing of your information for certain purposes
• to withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information. Please note that if you withdraw your consent, this will not affect the lawfulness of our use and processing of your information on the basis of your consent before the point in time when you withdraw your consent.
• the right not to be subject to a decision based solely on automated processing, including profiling which produces legal affects concerning you or similarly significantly affects you.
• In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation. For the purposes of the UK, the supervisory authority is the Information Commissioner’s Office (ICO), the contact details of which are available here: https://ico.org.uk/global/contact-us/.
Verifying your identity where you request access to your information:
Where you request access to your information, we are required by law to use all reasonable measures to verify your identity before doing so.
These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or general unauthorised access to your information.
How we verify your identity:
Where we possess appropriate information about you on file, we will attempt to verify your identity using that information.
If it is not possible to identity you from such information, or if we have insufficient information about you, we may require original or certified copies of certain documentation in order to be able to verify your identity before we are able to provide you with access to your information.
We will be able to confirm the precise information we require to verify your identity in your specific circumstances if and when you make such a request.

Sensitive Personal Information:
• ‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.
• We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us.
• If, however, you inadvertently or intentionally transmit sensitive personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information under Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purposes of deleting it.
• we do not knowingly or intentionally collect what is commonly referred to as ‘sensitive personal information’. Please do not submit sensitive personal information about you to us.

How long we retain your information:
We will not hold your information for no longer than necessary, taking into account any legal obligations we have (e.g. to maintain records for tax purposes), any other legal basis we have for using your information (e.g. your consent, performance of a contract with you or our legitimate interests as a business) and certain additional factors described below.

Criteria for determining retention periods:
• In any other circumstances, we will retain your information for no longer than necessary, taking into account the following:
• the purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or to contact you in the future).
• whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation).
• whether we have any legal basis to continue to process your information (such as your consent); how valuable your information is (both now and in the future).
• any relevant agreed industry practices on how long information should be retained.
• the levels of risk, cost and liability involved with us continuing to hold the information.
• how hard it is to ensure that the information can be kept up to date and accurate.
• any relevant surrounding circumstances (such as the nature and status of our relationship with you).
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by sending an email information@altussearch.co.uk.

Changes to our Privacy Policy:
We update and amend our Privacy Policy from time to time.

Minor changes to our Privacy Policy:
Where we make minor changes to our Privacy Policy, we will update our Privacy Policy with a new effective date stated at the beginning of it. Our processing of your information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards.

Major changes to our Privacy Policy or the purposes for which we process your information:
Where we make major changes to our Privacy Policy or intend to use your information for a new purpose or a different purpose than the purposes for which we originally collected it, we will notify you by email (where possible) or by posting a notice on our website. We will provide you with the information about the change in question and the purpose and any other relevant information before we use your information for that new purpose. Wherever required, we will obtain your prior consent before using your information for a purpose that is different from the purposes for which we originally collected it.

Contact:
The data controller is Altus Search Limited (07238131) of 72 Mount Pleasant, Cockfosters, Hertfordshire, EN4 9HH. You can contact the data controller by writing to Altus Search Limited, 72 Mount Pleasant, Cockfosters, Hertfordshire, EN4 9HH or sending an email to information@altussearch.co.uk. The Data Controller’s data protection representative is Inan Rashid. Please contact us on 020 7430 1831. If you have any questions about this Privacy Policy or would like to exercise one of your rights in relation to your information, please contact the data controller.