Last updated: April, 6th 2021
Table of Contents
- Harper Stephenson.
- How we collect data.
- How we use your personal data.
- The Data We Collect and Process.
- Additional data we Collect
- How and why we share your personal data.
- How we transfer your data internationally.
- Safeguarding your data.
- Retaining and deleting personal data.
- Equal Opportunities Monitoring & Other Sensitive Data – Candidate Notice.
- Marketing Activities.
- Your rights.
- About cookies.
- Cookies that we use.
- Managing cookies.
- Our details.
- Data protection officer.
We are committed to safeguarding the privacy of our website visitors, customers, clients, suppliers, employees and service users. We are committed to ensuring that the information you submit to us, or which we collect via various channels including our websites, through written correspondence, e-mails, phone calls, conversations or meetings with our employees, or through any of our offices, is only used for the purposes set out in this notice.
Harper Stephenson Search & Select Limited is a UK register company with the company Number: 07463847. Our registered postal address is 86-90 Paul Street, London EC2A 4NE. Our website is hosted in the UK, with GoDaddy UK. [www.harperstephenson.co.uk and www.harperstephenson.com]
This is a companywide Privacy Notice which applies in all countries throughout our international network and in the countries outside of the UK, in which we operate.
This is a summary of our policy and we have tried to make it as clear and easy as possible to help you understand the type of data we collect, why we collect it, how it is used and how we might share it and how long we keep it. In addition, we have also included a summary of how your data is protected while it is processed, in transition and while at rest.
How we collect data
There are two main ways in which we collect your personal data:
1. Directly from you; and
2. From third parties.
We use platforms such as LinkedIn and other third-party specialists to help you find your perfect candidate if you are a client or to find your perfect job if you are a candidate.
How we use your personal data
In this section, we have set out the general categories of personal data that we may process, and in cases where we did not obtain your personal information directly from you, the source of that information. We will also specify the purposes for which we may process your personal data and the legal bases of the processing.
The main reason for collecting your data is to help you find work roles or employment which meets your skills level, experience, ambitions, and your vision for your career development. Because our services are highly targeted, the more we know about you the better able we are to tailor your recruitment experience. We aim to use the data we collect about you to place you in your dream role.
The main reason for collecting your data is to support your HR requirements, and to make sure that the contractual agreements between us can be properly implemented, so that our relationship can flourish. The more information we have about your company or business and its HR needs the better able we will be at tailoring our services to meet your current and future needs.
The main reason for using your personal data is to make sure that we have appropriate contractual agreements in place and so that the agreement can be properly implemented so that our relationship can flourish, and to comply with any statutory and/or legal requirements.
We only contact Candidate Referees or Employee emergency contacts when necessary for the purpose. For example, as part of the final stages of the recruitment process the prospective employer may ask for a candidate’s reference; in this instance we will contact the reference to verify the information provided by the candidate, such as their details, their qualifications, experience etc.
We will only contact an employees’ emergency contact in the event of a workplace-based emergency.
Whether we are in the process of helping you find a job, continuing our relationship with you once we have found you a role, providing you with services, receiving a service from you or you are visiting our website, we may be processing your personal data.
If you are an employee of Harper Stephenson, please refer to your employee handbook section covering Fair Processing Notice which you received during your induction.
It is important to note that we may amend this Privacy Notice and our Policy from time to time and therefore advise you to visit this page if you would like to stay up-to-date, as this is where we will post any changes.
If you disagree or are dissatisfied with any aspect of our Privacy Notice, you have legal rights which you can exercise at any time and these too are described in our Policy.
The Data We Collect and Process
We only collect the data which is necessary for us to fulfil our contractual duties to you or others. Some of the data we collect, process and store are a statutory requirement or matter of law, which we as a registered UK company and legally obligated to comply with. Other types of data are simply needed to ensure that our relationship with you is responsive and efficient.
We collect a very small amount of data from our website users, (“usage data”) about your use of our website. This data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency, and pattern of your service use. The source of the usage data is our website analytics tracking system, which is provided by Google Analytics.
The legal basis for this processing is your consent. When you visit our website for the first time you will be asked to accept our “cookie”. (See more about Cookies in the Cookies Section of this Privacy Notice).
The reason for collecting this data is to improve our website content and your experience when visiting our website.
We need to collect, process, and retain a certain amount of personal data from you, to enable us to provide you with the best possible employment opportunities, which we tailor to meet your needs. This data includes but is not limited to, the obvious, such as your name, age, date of birth, your contact details, educational, employment history etc. and National Insurance Number. To comply with UK Employment Law, we may ask you about your immigration status, or right to work in the UK, if you are not a British Citizen. We may need some financial information for roles where it is incumbent on us to perform financial background checks. Dependent on the role you may be seeking and only where appropriate or required we may need to collect information related to your health, and diversity information.
If you are one of our clients, we may collect and use information about you or individuals within your organisation to enable us to provide you with our tailored candidate finding service or assist you in other ways as described in your Service Level Agreement (SLA) with us. This might include us acting as your out-sourced HR department, or helping you with HR Projects, or assisting other companies providing you with services, or you are providing services to other companies within our network.
SUPPLIER & CONTRACTOR DATA
If you are a supplier or contractor, we will retain the minimum information necessary to place orders with you and or book services from you. We will need your Bank Details so that we can pay you for the services which we have purchased from you.
It is standard practice to ask our candidates for some basic background information and contact details, this helps us to get in touch with candidates if we need a reference; or if a reference’s basic details need to be updated. Our employees are asked to provide an emergency contact as part of our contingency planning in the event of an unforeseen health and safety matter arising.
Additional data we Collect
All phone calls to our office are recorded for training and monitoring purposes – we also may use this data to deal with your question and enquiries – recording these calls helps to ensure that we do not have to rely on memory to make sure we get everything right for you first time. In the event of a misunderstanding or service dispute, these recorded calls can also assist in a friendly and speedy resolution.
Telephone data is only retained for as long as is necessary to address your questions, enquiries and to support the resolution of any misunderstanding or disputes and are regularly reviewed and deleted.
Video Conferencing Data
Video conferencing data may be recorded when it is necessary to do so. In these instances, you will be advised before the call, that the call will be recorded. Candidate role interviews for or on behalf of our clients might be recorded and passed on to the client, where the client has not been able to interview the candidate themselves and again if this is the case the candidate will be advised beforethe interview commences.
Video Conferencing data is regularly irretrievably deleted when it is no longer necessary for the purpose that it was recorded.
Email & Postal Correspondence
When working with our clients, candidates, suppliers, and others, we normally keep a record of all email and postal correspondence to ensure that our contractual obligations to all are being properly managed and that any responses to incoming correspondence is dealt with efficiently. We regularly review and irretrievably deleted or securely destroy email and/or postal correspondence when it is no longer necessary for the purpose it was processed and stored.
How and why we share your personal data
Your personal data will only be shared with a prospective client based on the employment/role opportunities they have to offer where we believe you are an ideal (best) candidate to be put forward for the role, based on the personal information you have shared with us as described in the sections above.
We share your data only with those candidates which we believe, based on their experience, qualifications, career vision as a great fit for your company and the roles you have to offer. We may occasionally share your details with trusted third-parties to support your HR requirements and reduce any potential delays in filling critical roles.
SUPPLIER & CONTRACTOR DATA
With your explicit consent we may share your information with our clients, associates or third parties, such as others of our 3rd-Party service providers, where we believe your services, would add value to their service offering or address a critical need within their organisation.
We do not share information about candidate referees or employee emergency contacts with others without explicit consent and will contact you directly to seek your consent should the need arise.
As previously described, we use website analytics to get a better understanding of how our website visitors use our website, so that we can make continuous improvements to the website and its content. This data is collected by our analytics service provider and is anonymised. It is provided to us through our analytics dashboard as a statistical analysis of the website usage.
How we transfer your data internationally
As a rule, candidate data may only be transferred internationally when you have told us that you would like to work abroad and an opportunity to place you with one of our international clients arises. In this circumstance, your data will be transferred to the client using an encrypted data service.
We use “We Transfer” to support the transfer of data, because:
· The connections from our systems to their cloud is encrypted,
· We limit the time that your data is stored on the “We Transfer” service to 7-days.
· After 7-days your data is automatically and irretrievably deleted from their cloud services.
· The “We Transfer” cloud is encrypted, so your data is encrypted while it is held there.
· The connection between “We Transfer” and our client is encrypted and can ONLY be accessed by a dedicated encrypted link that is emailed to our client.
If other circumstances arise where we might need to transfer your data internationally, we will wherever possible only do so with your consent and wherever possible will use “We Transfer” or a similar encrypted service to ensure the security of your personal data.
Safeguarding your data
We do not store and client, candidate, supplier, contractor, or website user information on our website. We also use professional tiered website security, including a website firewall to protect your data should you choose to use the eForm on our “How to Reach Us” page on our website. Our website is also protected with a Secure Socket Lock (“SSL”) [the little padlock you see in your browser when you arrive at our website]. SSL is a technical capability that encrypts your connection to our website when you are visiting and is another layer of security to help protect any information you might send to us when using the eForm as described.
Internally within our organisation, we have followed “Secure by Design” principles and framework to do all that is humanly and technically possible to prevent unauthorised access to and misuse of your personal data.
Some of the steps we have taken include the use of encryption and encryption services when transferring your personal data to our clients in the effort of securing your role within the client company. We use Virtual Private Network Services to further shield and secure data.
All our technology infrastructure partners are ISO 27001 accredited and are GDPR Compliant.
We also restrict access to your personal information within our organisation to ONLY those members of staff who really need access to service our contractual agreement with you.
Retaining and deleting personal data
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
We regularly review all the data we hold on our clients and candidates to make sure it is accurate and up-to-date and will make any corrections and revisions to the data including deleting data that is no longer necessary during these reviews.
We only keep client and candidate data for as long as is necessary for us to fulfil our contractual agreements, however, it is important to note that our relationship with you our clients and candidates often spans many years, if not decades. As long as you are an active client or candidate, your data will be securely retained and processed for the reasons given in our contractual agreements with you.
Similarly, the personal data of our employees, contractors and/or suppliers will not be kept for longer than is necessary for the purposes of providing direct employment to our employees or/and or contractors, and for the purpose of purchasing services and/or products from our supplies.
We will retain and delete your personal data as follows:
Our retention and deletion policy and procedures relate to those of our company clients, where our service agreement has come to an end, by virtue of the contracted period ending, or the company client ceasing to trade or on receipt of written notification from the client company that our services are no longer required; or in the case of our recruitment candidates, where we have received written notification by the candidate that they no longer require our services for any reason. In these cases, we will:
Client Companies: We will retain all available Open Source, publicly available information such as the company name, address, postcode, telephone number, website address and generic email address, for up to 3-years after the client company has ceased to purchase services from us, and will delete the personal information including name, email address, telephone and mobile number of any members of the HR Department or Executive which had formally been our points of contact for the company, within 30-days of the company notifying us that our service was no longer necessary.
Summary and/or redacted financial records of the services provided to a company client, prior to receipt of a termination notice from the client will be held on file for 7-years as part of our legal obligations under UK Company and Taxation Laws.
Recruitment Candidate: We will retain the recruitment candidates’ name, address, postcode, email address, telephone and or mobile number and most recent CV on file for 90-days after having received written notification by the candidate that they no longer wish to receive our services or support. We do this as a contingency allowing you, the candidate to change your mind, in the event of a change in circumstances for 90-days after having received a termination notice from you.
Notwithstanding, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or if you are in a dispute in which the personal data we hold may be required in a legal case.
Equal Opportunities Monitoring & Other Sensitive Data – Candidate Notice
Some of the data that we may be required to collect from candidates under Equal Opportunities Employment law comes under the umbrella of “diversity information”. This could be information about your ethnic background, gender, disability, age, sexual orientation, religious or similar beliefs, political affiliations and or your economic background.
The type of data as described above is called “sensitive” or “special” category data. This data is controlled under slightly stricter rules, therefore if we need to collect this data from you and have a legal obligation to share it with a client, we will only do so with your explicit consent.
When “special” or “sensitive” category data is required to be collected under contractual agreement with a client, we will ask you for your consent by offering you an “opt-in”. This means that you will have given us clear and explicit consent which tells us that you agree to us collecting and using this information.
Where appropriate and in accordance with local employment legislation we may disclose this data to clients where we are contractually obligated to do so. In these instances, and where possible the data will be suitably anonymised.
When becoming one of our clients, you will be given the opportunity to opt-in to receive our marketing communications, in the form of our newsletters, general marketing, promotional materials or other communications which may be of interest to you. You may at any time opt-out of receiving any or all of these communications by clicking on the “Unsubscribe” link which is found in the footer of these communications, and following the instructions provided. Alternately you are welcome to contact us with your opt-out instructions by email.
We sometimes use a third-party email marketing service to provide you with these communications.
As a rule, we do not ask candidates to opt-in to receive our marketing communications. We prefer to communicate with your personally when opportunities that meet your career aspirations arise.
In this section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries, as they do not apply to the operational practice of our business or the services, we provide you with; however, we invite you to read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
The UK Data Protection Regulator is The Information Commissioners Office, you can find more information about the UK Data Protection Act – https://ico.org.uk/
More Information about GDPR can be found here: https://gdpr-info.eu/
Your principal rights under data protection law are:
the right to access;
You have the right to confirm whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
the right to rectification;
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. As previously stated, we conduct regular reviews of client and candidate data to maintain accuracy, however, if something changes, outside of our review periods, please notify us immediately so that we can update your records.
the right to erasure;
You have the right to the erasure of your personal data without undue delay. Those circumstances include your personal data which is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and/or where you believe your personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary for compliance with a legal obligation, or for the establishment, exercise, or defence of legal claims.
the right to restrict processing;
In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims.
the right to object to processing;
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
the right to data portability;
We do not use automated systems or services to process any of your personal data. All our services to you as a client or candidate is uniquely tailored to you; however, we felt it only right to include this right for your information even though it does not apply to our operational environment, how we do business or how we process your personal data.
To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
the right to complain to a supervisory authority;
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. If you are a permanent resident of the UK, you can contact the ICO, who are the UK’s supervisory authority. https://ico.org.uk/make-a-complaint/
the right to withdraw consent.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us, we accept email and postal notification.
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by email where the changes may have a direct impact on our contractual agreement or the data we need to collect to provide our service to you, or if there are changes or amendments to the Data Protection Laws which we are obligated to comply with.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use.
Cookies used by our service providers.
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
Blocking all cookies will not have a negative impact on your use of our website as we do not host a membership area on our website but may interfere with your ability to send us messages and/or enquiries when using our eForm on our “How to Reach Us” page.
This website is owned and operated by Harper Stephenson Search & Select Limited.
We are registered in England and Wales under registration number 07463847, and our registered office is at 86-90 Paul Street, London EC2A 4NE
Our principal place of business is at [address].
You can contact us:
By post, using the postal address given above;
using our website contact form; https://harperstephenson.co.uk/how-to-reach-us
by telephone, on +44 208 064 1195 or by email Hello@harperstephenson.co.uk
Data protection officer
Our data protection officer’s contact details are: Delicia Whitaker and you may contact her by telephone at +44 208 064 2295 or by e-mail at firstname.lastname@example.org