WIMBLE ASSOCIATES PRIVACY NOTICE
This version dated: 30th April 2018
How your Personal Data is collected
- We, Wimble Associates Limited ('we', 'us' or 'our' will be interpreted accordingly), take your privacy very seriously. Please read this privacy notice carefully as it contains important information on how and why we collect, store, use and share personal information relating to you (our clients, candidates, suppliers and other valued contacts) from which you can be identified ('Personal Data').
- This privacy notice also explains your rights in relation to your Personal Data and how to contact us or supervisory authorities in the event you have a complaint.
- Changes to this privacy notice
- We may change this privacy notice from time to time — when we do we will inform you via our website or, if the changes are significant, we may inform you by email.
- What Personal Data do we collect and use?
- We may collect and use the following Personal Data about you:
- your name and contact information, including email address and telephone number(s);
- your current job role and employer;
- details of your qualifications, experience, employment history (including job titles and salary);
- your professional online presence e.g. LinkedIn profile;
- your personal or professional interests and qualities;
- your referees;
- your nationality and immigration status;
- details of your contact with us and our clients, including notes of meetings or calls; and
- other Personal Data that you may provide to us from time to time.
- Please also note that some of the Personal Data you supply and that we process may include what is known as 'sensitive' data about you, for example, information regarding your health or ethnic origin.
- If you choose not to provide the Personal Data we request, it may delay or prevent us from responding to a request or query, or providing our services to you.
- We collect most Personal Data directly from you—in person, by telephone or email. However, we may also collect information:
How and why we use your Personal Data
- from publicly accessible sources e.g. LinkedIn, corporate website of your employer, news websites;
- from specialist business intelligence suppliers;
- directly from third parties e.g. referees, former employers, acquaintances or former colleagues;
- your education providers;
- if applicable your relevant professional body; and
- if you visit our office, via our CCTV and access control system and reception logs.
- We may use your Personal Data for one or more of the following purposes:
If we process sensitive data as referred to under paragraph 4.2 we will only do this with your explicit consent; or, where needed to comply with applicable social security or social protection laws; or, to protect your vital interests (or those of someone else) in an emergency; or, where you have already publicised such information; or, where we need to use such sensitive data in connection with a legal claim that we have or may be subject to.
Our legal obligations regarding your Personal Data
- Providing our services to clients: where we agree to provide services to you, to take steps at your request before entering into a contract, and then to perform our contractual obligations to you, we will process your Personal Data as needed to contact you and ensure effective contract performance.
- Providing our services to candidates: where you contact us with a view to potentially finding a new role with one of our clients, or you are identified as a potential candidate during our research and we make contact with you, we will take steps to progress applications for new roles on your behalf if you ask us to, and we will contact you to inform you of progress.
- Research: For our legitimate interests or research relevant to us being able to operate our business, e.g. identifying candidates who may match client requirements via online research, contacting with our clients and potential candidates regarding hiring plans and career plans, communicating with client and candidate contacts to discuss candidate suitability and making notes regarding such communications. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your other legal rights and freedoms and in particular your right of privacy.
- Record maintenance: For our legitimate interests in keeping records of our research, communications, job application/ search progress and outcome and other information which may be collected in accordance with paragraph 4.
- Legal claims: to enforce and/or defend any of our legal claims or rights.
- Legal and regulatory obligations: for any other purpose required by applicable law, regulation, the order of any court or regulatory authority.
Who we share your Personal Data with
- We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) ('GDPR') and the UK Data Protection Act 2018 ('DPA') together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, 'Data Protection Law').
How long your Personal Data will be kept
- We may need to disclose your Personal Data to certain third party organisations who processing Personal Data only in accordance with our instructions under contract (called 'data processors') such as companies and/or organisations that act as our service providers or professional advisers, or otherwise assist us in delivering the services that you have requested e.g. website hosts and cloud storage providers.
- We only allow our data processors to handle your Personal Data if we are satisfied they take appropriate measures to protect your Personal Data. We also impose contractual obligations on data processors to ensure they can only use your Personal Data to provide services to us and to you.
- We may also disclose your Personal Data to third parties who make their own determination as to how they process your Personal Data and for what purpose(s) (called 'data controllers'), such as our clients who we may provide with details of a potential candidate for a role.
- The third party data controllers external to us (including our clients) with whom we deal will handle your Personal Data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organisations to understand how they may use your Personal Data. Since they are acting outside of our control, we have no responsibility for the data processing practices of these data controllers.
- We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
- We may also need to share some Personal Data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
- In all cases we always aim to ensure that your Personal Data is only used by third parties for lawful purposes and in compliance applicable Data Protection Law.
Security that we use to protect Personal Data
- We only retain Personal Data identifying you for as long as you have a relationship with us; or as necessary to perform our obligations to you (or to enforce or defend contract claims); or as is required by applicable law.
- We have a data retention policy that sets out the different periods we retain data for in respect of relevant purposes in accordance with our duties under Data Protection Law. The criteria we use for determining these retention periods is based on various legislative requirements; the purpose for which we hold data; and guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner's Office (ICO).
- Personal Data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.
Your Personal Data rights
- We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
- We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us (including Personal Data).
- In accordance with your legal rights under applicable law, you have a 'subject access request' right under which can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to as well as certain other information. Usually we will have a month to respond to such a subject access request, but we may, in case of complex requests, require a further two months to respond
- We reserve the right to verify your identity if you make a subject access request. We may also require further information to locate the specific information you seek before we can respond in full and apply certain legal exemptions when responding to your request. We may charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access.
- Under Data Protection Law you also have the following rights, which are exercisable by making a request to us in writing:
All of these requests may be forwarded on to a third party provider who is involved in the processing of your Personal Data on our behalf.
If you would like to exercise any of the rights set out above, please contact us at the address below.
If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner's Office (ICO) – see https://ico.org.uk/.
- to be provided with a copy of your Personal Data;
- to require us to correct Personal Data that we hold about you which is inaccurate or incomplete;
- to require us to erase your Personal Data without undue delay if we no longer need to hold or process it;
- to object to our use of your Personal Data for direct marketing;
- to object and/or to restrict the use of your Personal Data for purpose other than those set out above unless we have an overriding legitimate reason for continuing to use it; or
- to object to any automated processing (if applicable) that we carry out in relation to your Personal Data, for example if we conduct any automated credit scoring (we do not currently perform such automated processing);
- in certain circumstances, to require us to transfer Personal Data to another party where the Personal Data is being processed by automated means (against, we do not currently perform such automated processing).
- If you have any queries regarding this privacy notice or wish to make a further request relating to how we use your Personal Data as described above, please contact:
Data protection contact: Holly Saunders
Telephone: +44 203 823 2205