Forseti Search – Privacy Policy

1. Purpose and Summary of Privacy Policy

Protecting your privacy and confidentiality is fundamental to the way Forseti Search Limited (referred to as “we”, “us” or “our” hereafter) does business.

The purpose of this Privacy Policy (referred to as “Policy” hereafter) is to set out the basis on which any personal data we collect from you, or that you provide us, will be processed by us.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

This Policy covers:
(a) Who we are and what we do
(b) Personal data we collect
(c) Where we obtain your information
(d) How we use your personal data (legal basis and who we share with)
(e) Data security
(f) How long we keep your personal data
(g) Transferring personal data outside the European Economic Area (EEA)
(h) Your rights

2. Scope

We are a data controller (as defined in the General Data Protection Regulation (GDPR)) and are responsible for the personal data which we collect during our dealings with you. This means we determine the purposes for and the way we process your personal data.

The GDPR applies in each EU member state. The UK is no longer an EU member state, but has incorporated the provisions of the GDPR into national law and accordingly the same high standards of data protection will continue to apply in the UK. For the purposes of this policy, references of provisions of GDPR shall include GDPR as implemented into UK law.

3. Policy

The Policy is set out below:

(a) Who we are and what we do

We are a recruitment agency and we collect personal data from the following types of people to allow us to undertake our business:

  • Prospective and placed candidates for permanent and contract roles
  • Prospective and live client contacts
  • Supplier contacts to support our services

(b) Personal data we collect

To provide the best possible employment opportunities that are tailored to our candidates, we need to process certain information. We only ask for details that will genuinely help us to help candidates find a new role including your name, contact details, education details, employment history, reference details and your eligibility to work data (and other relevant information you may choose to share).

If you are a client of ours we need to collect and use information about you, or individuals at your organisation, so we can provide you with our recruitment services such as finding candidates to fill your roles.

We will also store information relating to previous dealing between us including job applications, e-mail and telephone communications, job interviews and placements.

(c) Where we obtain your information

We may obtain candidate information from any number of locations including:

  • When you correspond with us by phone, e-mail or otherwise
  • When you register your CV on a job board and it matches the skills we are looking for
  • When you apply for one of ours jobs via a job board
  • When you are referred by a friend or colleague
  • Your online profiles

When we obtain your information from external sources such as LinkedIn, corporate websites and job boards, we will send you a copy of this Policy within a maximum of 30 days of collecting the data.

There are two main ways in which we collect client data:

  • Directly from you
  • From third parties such as candidates, online job boards, LinkedIn and networking

(d) How we use your personal data

We take your privacy seriously and will only use your personal information to provide you with our recruitment services, whereby we introduce candidates to clients. However, in order to provide you with these services, it is essential that we exchange candidate and client personal data.

Therefore, our legal basis for the processing of personal data is our legitimate business interests described in more detail below, although we will also rely on consent for specific uses of data.

Under our legitimate business interests we think it is reasonable to expect that, if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and use your personal data to provide our recruitment services to you by assessing your skills against our live vacancies.

In addition, during a job offer process, your potential employer may also want to confirm your references and qualifications to the extent that is appropriate and in accordance with the law.

However, if you are a candidate, we will only share your information to prospective employers with your expressed consent.

We also want to provide you with tailored job alerts to help you in your job search. We therefore think it is reasonable for us to process your data to make sure that we send you the most appropriate jobs.

We may also need to use your data for our internal administrative activities such as invoicing (where relevant).

Please note that we do not and will not:

  •  Sell, rent or trade your personal data
  • Utilise automated decision making when processing your personal data (such as profiling)
  • Process personal data on anyone under the age of 18

(e) Data Security

All of the personal data we hold about you will be processed by our staff in the United Kingdom and accessed by our cloud-based CRM system restricted on a per user basis. We take all reasonable steps to ensure that your personal data is processed securely and is not misused in any way.

All data on our network is protected with McAfee anti-virus software that is automatically updated by the provider on a continual basis. This software will remove both known viruses and potential viruses.
Inbound and outbound e-mails are scanned automatically via Microsoft Office 365 and e-mails containing viruses are blocked before hitting our network.

All user data is backed up using a backup strategy that meets the business requirements for data recoverability.

(f) How long we keep your personal data

We will delete candidate personal data from our systems if we have not had any meaningful contact with you for seven years (or for such longer period as we believe, in good faith, that the laws or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.

We will consider there to be meaningful contact with you if you apply for jobs with us or we receive an updated CV from a job board. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication.

Under data protection regulations (GDPR), we are required to keep the data we hold accurate and where necessary up to date. As such we will make effort to regularly communicate with you to ensure your data is up to date and accurate. Whilst we make every effort to maintain the accuracy and completeness of your personal data you can assist us with this by promptly contacting us if there are any changes to your personal data or if you become aware that we have personal data which is inaccurate, inauthentic, deficient or incomplete.

If you wish to have your personal data removed from our systems, you can make such a request by contacting us using the details set out in Section Five of this Policy. Subject to any legal or regulatory requirements, we will then delete this information (to the extent technically practicable).

(g) Transferring personal data outside the European Economic Area (EEA)

As we operate in multiple countries personal data may be transferred between candidates and clients in countries or territories outside the EEA. However we will only share personal data in this manner if we have obtained prior consent to do so.

Please be aware that countries or territories outside the EEA do not offer the same level of protection for personal data as may be enjoyed within your country. Where a transfer of your personal data outside the EEA takes place, we will ensure that we have adequate safeguards in place so that your personal data is treated securely.

(h) Your rights

If you wish to update, modify, correct, delete, access or receive a copy of your personal data, to the extent you are entitled to do so under applicable law, you can make such a request by contacting us using the details set out in Section Five of this Policy. We will respond to your request within the period prescribed by applicable law.
For us to comply with our security obligations and to prevent unauthorised disclosure of data, we may request that you provide us with a copy of valid means of identification and verification of the identity of the individual whose personal data is the subject of such a request.

4. Policy Changes

We may change or update parts of this Policy to maintain compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating www.forseti-search.com/privacy-policy.
This Policy was last updated in January 2021.

5. Contact Details

If you would like to contact us in relation to this Policy or anything else in connection with the personal data we collect about you, including (without limitation) where you would like to update your personal data, receive a copy of the data we’ve collected on you, or would like to raise a complaint or comment, please contact us via data.protection@forseti-search.com.