Adam Appointments Limited: Privacy Notice
Why is this notice important?
All organisations that process personal data are required to comply with data protection legislation. This includes in particular the Data Protection Act 1998 (or its successor) and the EU General Data Protection Regulation (together the ‘Data Protection Laws’). The Data Protection Laws give individuals certain rights over their personal data whilst imposing certain obligations on the organisations that process their data.
The following terms are referred to regularly throughout this notice:
- ‘Personal data’ means any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- ‘Processing’ means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Who are we?
Adam Appointments Limited is a company incorporated in Scotland (registered number SC238607) and whose registered address is: Adam Appointments Limited, 32/8 Hardengreen Business Park, Eskbank, Scotland, EH22 3NX. We are registered in the Information Commissioner’s Office (ICO) public register of data controllers
What do we do?
We are a Scottish based recruitment and talent consultancy specialising exclusively in the Corporate Governance arena. We primarily cover the Financial Services Sector and Professional Services firms and we deal with roles at all levels, from Consultant up to Director-level. We operate on a contingent basis, recruiting for permanent and fixed term roles.
What personal data do we gather, hold and process?
We only gather, hold and process personal data that we need to carry out our role as a permanent recruitment firm. This includes:
- Personal information: name; gender (for diversity purposes); date of birth (for diversity purposes); nationality; job title; employer; business function; financial compensation.
- Contact information: addresses; phone numbers; email addresses and Linked-In profile.
- Employment information: predominantly in the form of a CV but could also include written notes from conversations and/or email.
- Communications: we retain key emails/text messages from our communications with you to keep a record of our interactions with you.
We do not process any sensitive personal data.
Where do we get that personal data from?
We will get your personal data from a range of sources including:
- Where you send it to us directly: sent to us via email, text, Linked-In message, response to an advert on our website or on a job board e.g. s1Jobs.
- Where you convey it to us directly: via telephone calls that we may subsequently document.
- Where we create the personal data about you: in the form of notes in our secure database.
- Where you choose to make it publicly available: we only utilise data from public profiles on Linked-In, we do not process personal data from any other social media.
- Where it is provided to us by a third party (another data controller): from time to time we will receive CVs and other personal data from trusted partners, we will always ensure that you will have given your consent for this to be passed to us.
What do we do with your personal data?
Specifically, we carry out the following types of personal data processing activities. These primarily relate to the provision of permanent recruitment services – either in relation to specific roles for clients or in maintaining a relationship to support future recruitment activities:
- Collecting and recording details of new candidates and client contacts through the sources noted above in our secure database.
- Updating candidate and client contact details following ongoing contact.
- Removing/amending candidate and client contact details from our secure database.
- Writing interview notes in our secure database.
- Sharing CVs and/or other candidate or client contact details between the team – from the secure database or within Linked-In.
- Reformatting CVs – either in AA or by transferring to trusted 3rd party administrative support.
- Transferring CVs and other data over to clients and/or other 3rd parties (for which we will always seek your consent – verbally or in writing).
- Archiving data.
- Updating data about candidates and contacts from Linked-In.
- Leveraging candidate data in salary or market intelligence research for clients – always on an aggregate and anonymised basis.
From time to time we may also use your personal data to contact you for surveys and/or other reasons that do not relate directly to specific recruitment activity.
We do not carry out any automated profiling.
What legal basis do we have for processing your personal data?
The first data protection principle under the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner. Processing is only lawful if we have a lawful basis on which to do so and we must be able to demonstrate that a lawful basis applies.
The GDPR applies when personal data is processed. As noted above ‘Processing’ is quite a wide definition and includes collecting, saving, using, deleting or sharing personal data belonging to clients, candidates and other contacts. We do most of these things on a daily basis.
Having considered the six lawful bases, we concluded that legitimate interests is an appropriate basis for the processing of your personal data – as outlined above. We validated this decision by carrying out a detailed Legitimate Interests Assessment (LIA) as advocated by the ICO.
We recognise that in relying on legitimate interests, we take on extra responsibility for ensuring that your rights and interests are fully considered and protected. This is something to which we are fully committed.
How do we keep your personal data secure and accurate?
The need to ensure that your personal data is kept securely means that precautions must be taken against physical/cyber loss or damage, and that both access and disclosure must be restricted.
All our staff are responsible for ensuring that any personal data which they hold is kept securely and that personal information is not disclosed either orally, in writing or otherwise to any unauthorised third party. All our staff are bound to abide by the Confidentiality clause in their employment contract. This relates to absolute confidentiality in respect of all information acquired by the employee whilst working for us.
In addition, we have taken steps to ensure electronic data is held securely, largely through the use of the third party provided ‘Virtual Office’ environment (incorporating the secure RDB ProNet database). Further details of our security arrangements are laid out in our Information Security policy – available on request.
How long do we keep your personal data?
We carried out a Personal Data Retention Assessment of all types of personal data that are processed by us to determine what would be appropriate from a retention perspective – balancing the expectations of the data protection principles with the legitimate interests of our business and the individual, as well as any existing legal or regulatory retention requirements.
The overriding policy position is that employees are responsible for ensuring no personal data will be kept longer than necessary. We will retain your personal data for as long as we have your permission to contact you. Should you wish to withdraw that permission or amend your data in any way, you may do so at any time by contacting us directly.
We may be required to retain some information after you have ceased to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
What are your rights in respect of the personal data we hold?
Under the GDPR, you have a new set of rights relating to your personal data. You have the right to object to how we use your personal information. You also have the right to see what personal information we hold about you. In addition, you can ask us to correct inaccuracies, delete or restrict personal information or to ask for some of your personal information to be provided to someone else. You can make a complaint to us through the contact details below.
If you ask us to carry out any of the above activities we commit to address within one week of your request.
You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, at https://ico.org.uk.
How do you contact us about anything else to do with your personal data and your rights?
To make enquiries or for further information about exercising any of your rights please contact Dougie McAndrew, Adam Appointments Limited, Abbey House, 83 Princes Street, Edinburgh, EH2 2ER or by email on firstname.lastname@example.org.