FULLBROOK CONSULTING LIMITED – PRIVACY POLICY

Contents:

  1. Definitions
  2. Summary
  3. Fullbrook Principles
  4. Lawful Basis
  5. Consent
  6. Type of Personal Data We Collect
  7. How We Collect Personal Data
  8. How We Use Personal Data
  9. Who We Share Personal Data With
  10. How Long We Keep Personal Data for
  11. Individual's Rights
  12. Information Security
  13. How We Transfer Your Data Internationally
  14. Who is Responsible for Processing Data on The Fullbrook Website
  15. When This Privacy Policy Applies
  16. Marketing
  17. Changes
  18. Contact Details

1.0 Definitions

Personal Data (1.a) - Any information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number (e.g. social security number) or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (e.g. name and first name, date of birth, biometrics data, fingerprints, DNA…)

Sensitive Personal Data (2.b) - personal data consisting of information relating to the data subject with regard to racial or ethnic origin; political opinions; religious beliefs or other beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; the commission or alleged commission by the data subject of any offence; or any proceedings for any offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings.

Candidates (3.c) – includes applicants for all roles advertised or promoted by Fullbrook, including this website, Job Boards, direct applications to consultants for permanent, part-time and temporary positions and freelance roles with Fullbrook Consulting and / or Fullbrook's Clients, as well as people who have supplied their CV to Fullbrook, not in relation to a specific job. Individual contractors, freelance workers and employees of suppliers or other third parties put forward for roles with Fullbrook will be treated as candidates for the purposes of this Privacy Policy.

Clients (4.d) - This category covers our customers, clients, and others to whom Fullbrook provides services in the course of its business.

Staff (5.e) – includes employees engaged directly in the business of Fullbrook (or who have accepted an offer to be engaged) as well as certain other workers engaged in the business of providing services to Fullbrook (even though they are not classed as employees). To be clear, 'Staff' does not include individuals sourced by Fullbrook for the purpose of being placed with our Clients. These individuals are treated as Fullbrooks' Candidates and are covered accordingly by this Privacy Policy. Likewise, independent contractors and consultants performing services for Fullbrook fall within the definition of a 'Supplier' for the purposes of this Privacy Policy.

Suppliers (6.f) – refers to partnerships and companies (including sole traders), and atypical workers such as independent contractors and freelance workers, who provide services to Fullbrook.

Website Users (7.g) - any individual who accesses Fullbrook's company website.

Other People whom Fullbrook may Contact (8.h) – these may include Candidates' and Fullbrooks' Staff emergency contacts and referees. We will only contact them in appropriate circumstances - in line with GDPR.

Delete (9.i) – We will endeavor to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so. In order to comply with the regulation and your request, we may need to keep some very basic information with a note of the action we took and the reason behind it.

General Data Protection Regulation (GDPR) (10.j) – a European Union statutory instrument which aims to harmonize European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.

2.Summary

  • In accordance with applicable law, we only collect a limited amount of information about you that is necessary for running our business and improving our service. We do not use profiling, we do not sell or in any other way spread your data to third parties. We do not use your data for purposes other than what we specify. We also make sure that your data is stored securely. We delete all information deemed no longer necessary. We constantly review our Privacy Policy to make it better and to protect you more.
  • In order to operate our business, we may collect and store personal information that you submit to us via this recruitment website, social & professional networking platforms, job boards and / or direct applications to our Consultants. Please read the following privacy policy to understand how Fullbrook uses and protects the information that you provide.
  • The policy is subject to change and any changes in the future will be made visible on this page. By continuing to use this recruitment site you are agreeing to such changes. We recommend that you check the privacy policy each time you visit this site.
  • Should you require further information on any of the topics detailed in this Privacy Policy or if you would like to know more about our other relevant policies and procedures, please contact us directly using the details provided within this Policy (Contact Us – Section 18.1).

3.Fullbrook Consulting Limited - Principles

Fullbrook Consulting Limited (From here on; Fullbrook, we, us, our) follows the following principles to protect individuals' privacy:

  • Fullbrook does not collect more information than it is necessary.
  • Fullbrook does not use your data for purposes other than those specified.
  • Fullbrook does not keep your data if it is no longer needed unless otherwise discussed with you.
  • Fullbrook only provides your data to select third party clients with your specific consent.
  • You do not give out personal information by visiting our website.

4.Our Lawful Basis for Processing Data

4.1 Legitimate Interests

Article 6(1)(f) of the GDPR says that we can process your data where it "is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data."

We believe that processing your data will help us to offer you a more tailored, efficient service. However, you do have the right to object to us processing your personal data on this basis. We will always inform you on processing your data (either verbally or electronically) and we will give you clear instructions on how to exercise your right to object.
Please note that in certain jurisdictions in which we operate, a different legal basis for data processing might apply in certain cases. For more information in relation to your jurisdiction, please visit the ICO website.
We will not use your data for anything other than it was originally intended for.

4.1 (a) Candidate Data

We believe it is reasonable to expect that if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and use your personal data to offer or provide our recruitment services to you. Once at offer stage, your prospective employer may also want to confirm your references, qualifications and criminal record, to the extent that this is appropriate and in accordance with local laws. We may need to request such information so that we can function as a profit-making business, and to help you and other Candidates secure new employments.

We want to provide you with tailored job recommendations, we therefore think it's reasonable for us to process your data to make sure that we send you the most appropriate content.
We must make sure our business runs smoothly, so that we can carry on providing recruitment services to Candidates. We therefore also need to use your data for our internal administrative activities, for example invoicing where relevant.
We have our own obligations under the law, which it is a legitimate interest of ours to insist on meeting. If we believe in good faith that it is necessary, we may therefore share your data in connection with crime detection, tax collection or actual or anticipated litigation.

4.1 (b) Client Data – Legitimate Interest

To ensure that we provide you with the best service possible, we store your personal data and / or the personal data of individual contacts at your organization as well as keeping records of our conversations, meetings, registered jobs and placements.

4.1 (c) Supplier Data – Legitimate Interest

We use and store the personal data of individuals within your organization to facilitate the receipt of services from you as one of our Suppliers.
We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.

4.1 (d) People Whose Data We Receive from Candidates and Staff, Such as Referees and Emergency Contacts – Legitimate Interest

If you have been named by a Candidate or a prospective member of Staff as one of their referees, we use your personal data in order to contact you for a reference. We deem this to be necessary for our legitimate interests as an organization offering recruitment services and employing people ourselves.
If a Staff member has given us your details as an emergency contact, we will use these details to contact you in the case of an accident or emergency. We are sure you will agree that this is a vital element of our people-orientated organization, and so is necessary for our legitimate interests. We will not use your data for anything other than it was originally intended for.

4.1 (e) Website Users

We do not monitor the data of general website traffic. We may process your details onto our CRM system should you make a direct application for one of our live roles through our company website.

5.Consent

  • In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent.
  • Article 4(11) of the GDPR states that (opt-in) consent is "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her." In plain language, this means that:
    • you have to give us your consent freely, without us putting you under any type of pressure
    • you have to know what you are consenting to – so we'll make sure we give you enough information
    • you should have control over which processing activities you consent to and which you don't
    • you need to take positive and affirmative action in giving us your consent.
  • We will keep records of the consents that you have given in this way.
  • In some cases, we will be able to rely on soft opt-in consent. We are allowed to market products or services to you which are related to the recruitment services we provide, as long as you do not actively opt-out from these communications.
  • Please note that in certain cases of the jurisdictions in which we operate, we comply with additional local law requirements regarding consenting to receive marketing materials. For more information in relation to your jurisdiction, please visit the ICO website.
  • You have the right to withdraw your consent to these activities. You can do so at any time by contacting us directly. Further details on Individual's rights can be found in Section 11.

6.Type of Personal Data We Collect

6.1 Candidate Data

In order to provide the best possible employment opportunities that are tailored to you, we need to process certain information about you. We only ask for details that will genuinely help us to help you, such as your name, contact details, education details, employment history. This list is not exhaustive, where necessary, and in accordance with GDPR, we may also require additional information, however, this will be discussed on an individual basis.

6.2 Client Data

We need to collect and use information about you, or individuals at your organization, in the course of providing you with services such as: (i) finding Candidates who are the right fit for you or your organization; (ii) business development and coaching services.

6.3 Supplier Data

We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organization so that we can communicate with you. We may also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).

6.4 Individuals, Whose Data We Receive from Candidates and Staff, Such as Referees and Emergency Contacts

In order to provide Candidates with suitable employment opportunities safely and securely and to provide for every eventuality for them and our Staff, we need some basic background information. We only ask for very basic contact details, so that we can get in touch with you either for a reference or because you've been listed as an emergency contact for one of our Staff members. We will seek appropriate consent - in line with GDPR - from Referees prior to sharing their details for employment reference checking purposes with our Clients.

6.5 Website Users

We do not collect data from our general website users.

7.How We Collect Personal Data

7.1 Candidate Data

There are two main ways in which we collect your personal data

  • Directly from you.
  • From Third Parties (such as; Job Boards, Social Media Networking Platforms, Referrals).

7.2 Client Data

There are two main ways in which we collect your personal data

  • Directly from you.
  • From Third Parties (such as; Social Media Networking Platforms, referrals from our Existing Clients).

7.3 Supplier Data

We collect your personal data during the course of our work with you.

7.4 People Whose Data We Receive from Candidates and Staff, Such as Referees and Emergency Contacts

We collect your contact details only where a Candidate or a member of our Staff names you as their emergency contact or where a Candidate gives contact details to us in order for you to serve as a referee.

7.5 Website Users

We do not collect data from our website users.

8. How We Use Personal Data

Please note: We do not use the data we collect for anything other it was originally intended for, unless otherwise agreed to by the Data Subjects themselves.

8.1 Candidate Data

We use and process your personal details and information to help you find employment or other work roles that might be suitable for you. The more information we have about you, your skillset and your ambitions, the more bespoke we can make our service. Where appropriate and in accordance with GDPR, we may seek your consent to undertake other form of activities.

8.2 Client Data

We use your personal details and information to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly. As part of our agreement with you, we will process your details onto our internal CRM system - in line with GDPR – for our reference. Client data is classed the same and Candidate data in terms of Data Retention and Consent.

8.3 Supplier Data

We use your personal details and information to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.

8.4 People Whose Data We Receive from Candidates and Staff, Such as Referees and Emergency Contacts

We request and use referees' personal data in case it is requested from us by a Client for employment reference checking. We will seek consent from the Referees to share their details with potential employers – in accordance with GDPR. We will not use referee's personal data for anything other than it was originally intended for. We use the personal details of Staff members' emergency contacts in the case of an accident or emergency affecting the particular member of Staff. We will not use Emergency Contacts' personal data for anything other than it was originally intended for.

8.5 Website Users

We do not collect data from our website users nor do we use it in any way.

9. Who We Share Personal Data With

9.1 Candidate Data

We will not share your personal Data that you provided us with, unless you request us to do so and provide appropriate Consent in line with GDPR. Personal Details that you provide us with - such as the full content of your CV - will only be shared with Clients for prospective employment opportunities at your Request and with your Consent – in line with GDPR.

9.2 Client Data

We will not share your Personal Data that you provided us with, unless you request us to do so and provide appropriate Consent in line with GDPR.

9.3 Supplier Data

We will not share your personal Data that you provided us with, unless you request us to do so and provide appropriate Consent in line with GDPR.

9.4 People Whose Data We Receive from Candidates and Staff, Such as Referees and Emergency Contacts

We will not share your personal Data that you provided us with, unless you request us to do so and provide appropriate Consent in line with GDPR.

9.5 Website Users

We do not collect data from our website users nor do we share it with anyone.

10. How Long We Keep Personal Data For

We will Delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for two years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.

When we refer to "meaningful contact", we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our services. If you are a Candidate, we will consider there to be meaningful contact with you if you submit your updated CV to us. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication. Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you click-through or reply directly.

11. Individuals' Rights

Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us directly. We will seek to deal with your request without undue delay – in line with GDPR - and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

11.1 Right to be Informed

You have a right to be informed about the collection and usage of your personal data (Sections 6 & 7). Should we process your details onto our internal CRM system, in line with GDPR requirements, we will inform you of our action at the first instance, either over the phone or via email correspondence but within no more than 30 days from the processing of your details. We will ensure to provide you with adequate information on the processing of your details when we first contact you.

11.2 Right to Object

If we are using your data because we deem it necessary for our Legitimate Interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.

11.3 Right to Withdraw Consent

Where we have obtained your consent to process your personal data for certain activities (for example, for submitting your CV and application to our Clients for certain job roles), you may withdraw your consent at any time by contacting us directly.

11.4 Data Subject Access Requests (DSAR)

You have the right to ask us to confirm what information we hold about you at any time. Please contact us directly – Section 18.1 – to obtain a DSAR form.

  • we will ask you to verify your identity, or ask for more information about your request, in line with our internal DSAR policy.
  • where we are legally permitted to do so, we may decline your request, but we will explain why, if we do so.

11.5 Right to Erasure

In certain situations, you have the right to request us to "erase" your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register so that we can refer to our note that and therefore, we will minimize the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.

11.6 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority, details of which can be found on the ICO website..

11.7 Right to Restrict Processing

If your interests or requirements change, you can unsubscribe from part or all of our communications (for example job role emails or the Fullbrook Newsletter) by contacting us directly. Section 18.1

12. Information Security

We seek to ensure the security of personal data. When we collect information about you, we also make sure that your information is protected from unauthorized access, loss, manipulation, falsification, destruction or unauthorized disclosure. This is done through appropriate technical and organisational measures that we have in place. For more information on this, please contact us directly. Section 18.1

13. How We Transfer Your Data Internationally

We may operate on a global level. In order for us to continue operating in this way, we may have to transfer your data internationally to our Clients that are based overseas. This will be discussed with Candidates on an individual level and details will be provided / consent will be sought prior to transferring / sharing data internationally. For more information on this, please contact us directly. Section 18.1

14. Responsibility for Processing Personal Data

14.1 Processing

Employees of Fullbrook Consulting Limited control the processing of personal data.

14.2 Person Responsible for Data Protection

Wayne Kay – Managing Director
Phone: 0115 838 9490
Email: wayne.kay@fullbrookconsulting.com

15. When This Privacy Policy Applies

This Privacy Policy is applicable to the services offered by us directly via our company website. Once redirected to another website, this Policy is no longer applicable.

16. Marketing and Business Development

16.1 What We Send

We, Fullbrook Consulting Group, believe that we have a Legitimate Interest in looking to develop our business by contacting potential new clients for recruitment purposes. Our communication consists of us providing details of our recruitment services and inform organizations of potentially suitable candidates for their organization.

16.2 Your Rights

If you have received a personalized marketing email from us, you have a right to opt out of receiving communications from us and / or restrict the communication that we send you. To exercise these rights, please reply directly back to the email that you received, simply stating: OPT OUT or specify the restriction that you would like us to apply on the communication that you receive from us. You can also email us at info@fullbrookconsulting.com or phone on 0115 838 9490 to discuss further or to request more information.

17. Changes

  • This version of the Privacy Policy is effective from the 25th of May 2018.
  • We reserve the right to change this Privacy Policy.
  • We constantly review our Privacy Policy and strive towards making it better.
  • We will not reduce your rights stated in this Policy without asking for explicit prior consent to the changes.
  • All changes to our Privacy Policy will be available on this website.

18. Contact Details

18.1 How to Contact Us

Address:
Fullbrook Consulting Limited
Gothic House, Barker Gate
Nottingham, NG1 1JU
United Kingdom
Phone: +44 (0) 115 8389490
Email: info@fullbrookconsulting.com

18.2 How to Contact the Information Commissioner's Office

Address:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5A
Phone: +44 (0) 303 123 1113
Email: casework@ico.org.uk