SIROCCO SEARCH LTD
Companies House number – 09490372
Complies with General Data Protection Regulation from 28 May 2018
This document outlines our Privacy Policy to make you aware of how we are complying with GDPR. Henceforward it will be referred to as our “Privacy Notice”. This policy was last updated on 17th May 2018.
Sirocco Search is a specialised business consultancy offering executive search services, talent advisory, and personal career coaching. We partner with businesses and executives to enable and further their growth and development. We identify, assess and develop executive talent up to board level.
Sirocco Search Ltd take our obligations under all data protection laws very seriously and work hard to ensure that we are holding personal data in a secure and compliant manner. All data held by Sirocco Search is stored in a secure and confidential database accessible only by authorised personnel. We are committed to protecting the privacy of our candidates, clients and users of our website. We expect our clients to agree to our Privacy Policy as we agree to theirs as part of our business terms and conditions.
Here we summarise our policies regarding how we collect, use and transfer your personal data, the security measures we employ to protect such data and your rights regarding your personal data.
1. What personal information do we collect about you?
We collect the information necessary to be able to find available opportunities and further information needed to assess your eligibility through the different stages of the executive search recruitment process. This information includes your name, contact details, family details, CVs, identification documents, educational records, work history, employment status and references.
We sometimes also collect sensitive personal information about you, such as details of criminal convictions and ethnic origin and sexuality. We only collect sensitive personal information from you, and further process this data, where you have given your explicit consent or otherwise where permitted by law.
2. Where do we collect personal information about you from?
The following are the different sources from where we may collect personal information about you:
- Directly from you. This is information you provide while searching for a new opportunity (for example when you provide a CV) and/or during the different recruitment stages.
- From an agent/third party acting on your behalf.
- Through publicly available sources. We use a range of public sources including:
- LinkedIn
- Google
- Facebook & Twitter
- Company web sites and other social media platforms
- Delegate lists
- Association lists
- Membership lists
- By reference or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or even a present employer.
3. How do we use your personal information?
- Where we have a legitimate interest
- All the data we collect and process from you will only be used in relation to our executive search and assessment projects.
- We use certain personal data to determine which candidates might be worth approaching for a particular role. This is necessary for our legitimate interests as a search company. We don’t use any sensitive personal data without ensuring we have another basis for such processing.
4. How do we keep your personal information for?
- We will only store your personal data for as long as is necessary for us to assist in your career development and / or meeting our client hiring requirements.
- Maximum retention time: 7 years.
5. Who do we share your personal information with?
We share your personal information with clients seeking to fill a position, in order to determine with the client whether you are a good fit for the available position.
We share your personal information with trusted third parties where we have retained them to provide services that you or our clients have requested, such as referencing, qualification and criminal reference checking services (as required), verification of the details you have provided from third party sources, psychometric evaluations or skills tests. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.
We share your personal information with third parties who perform functions on our behalf and who also provide services to us, such as executive research consultants and IT consultants carrying out testing and development work on our business technology systems. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality
Where required we share your personal information with third parties to comply with a legal obligation; when we believe in good faith that an applicable law requires it; at the request of governmental authorities conducting an investigation; to verify or enforce our <<Terms of Use>> or other applicable policies; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to the our website, our business or the public.
6. What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal information necessary, or withdraw your consent for the processing of your personal information, where this information is necessary for us to provide services to you, we may not be able to match you with available job opportunities or discuss our potential client needs.
7. Do we make automated decisions concerning you?
No, we do not carry out automated decision making.
8. Do we transfer your personal information outside the EEA?
Whilst we work mainly with clients based in the EEA, we will occasionally work with organisations outside the EEA, in which case we will operate on the same safeguards as those pertaining to the EEA.
9. What are your rights?
By law, you have a number of rights when it comes to your personal information. Further information and advice about your rights can be obtained from the data protection regulator in your country.
The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
The right of access
You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
The right to rectification
You are entitled to have your information corrected if it’s inaccurate or incomplete.
The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
The right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
The right to data portability
You have rights to obtain and reuse your personal information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal information with your national data protection regulator.
The right to withdraw consent
If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, we may need to request specific information from you to help us confirm your identity and ensure your right to access the information. This is another appropriate security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.
10. More Detail on our GDPR Policy
Our Privacy Notice is based upon the concept of “legitimate interest” as a legal basis for using personally identifiable data without the need to obtain consent.
All the data we collect and process will only be used in relation to our Executive Search and Assessment Projects.
To summarise what this means to you:
Article 5 of the GDPR requires that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
11. How will we contact you?
We may contact you by phone, email, text or social media. If you prefer a particular contact means over another please just let us know.
12. How can you contact us?
If you have any enquires you can contact us at:
Info@siroccosearch.com
Jane Dowding – Registered Data Controller
+44 7767 888795
Sirocco Search Ltd
Information Commissioner’s Office registered number: ZA314919
Changes to the Privacy Policy
Sirocco Search reserves the right to modify or amend this Privacy Policy at any time and for any reason, as permitted by applicable law. If there are material changes to the Privacy Policy, we will post those changes here.