Data Protection Framework
Hanson Search has completed applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) for activities related to this website, and these are available upon request from the Hanson Search’s Data Protection Officer (see 'Contacting Hanson Search' below).
Who We Are and What We Do
We are a recruitment agency as defined in the Employment Agencies and Employment Businesses Regulations 2003. We also provide the following other services: events & workshops, training, and consultancy. We collect the personal data of the following types of people to allow us to undertake our business;
- Prospective and placed candidates for permanent or temporary roles
- Prospective and live client contacts
- Supplier contacts to support our services
- Employees, consultants, temporary workers
We collect information about you to carry out our core business and ancillary activities.
Information You Give To Us/We Collect About You
This is information about you that you give us by filling in forms on our site [www.hansonsearch.com] or by corresponding with us by phone, e-mail or another method. It includes information you provide when you register to use our site, to enter our database, subscribe to our services, attend our events, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site.
The information you give us or we collect about you may include your name, address, private and corporate e-mail address and phone number, financial information, compliance documentation and references verifying your qualifications and experience and your right to work in the United Kingdom, curriculum vitae and photograph, links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, business Facebook or corporate website.
Information We Collect About You When You Visit Our Website
With regard to each of your visits to our site, we will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information if applicable, browser type and version
- information about your visit, including [the full Uniform Resource Locators (URL),] [clickstream to, through and from our site (including date and time),] [products you viewed or searched for’] [page response times,] [download errors,] [length of visits to certain pages,] [page interaction information (such as scrolling, clicks, and mouse-overs),] [methods used to browse away from the page,] and any phone number used to call our customer service number.
Information We Obtain From Other Sources
This is information we obtain about you from other sources such as [LinkedIn, corporate websites, job board websites, online CV libraries, your business card, personal recommendations, and events]. In this case we will inform you, by sending you this privacy notice, within a maximum of 30 days of collecting the data of the fact we hold personal data about you, the source the personal data originates from and whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.
We are working closely with third parties including [companies within our Group, business partners, sub-contractors in technical, professional, payment and professional advisors]. We may receive information about you from them for the purposes of our recruitment services and ancillary support services.
Purposes of the Processing and The Legal Basis for the Processing
We use information held about you in the following ways:
- To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation.
- To provide you with information about other goods and services we offer that are similar to those that you have already purchased, been provided with or enquired about.
- The core service we offer to our candidates and clients is the introduction of candidates to our clients for temporary or permanent career opportunities. However, our service expands to supporting individuals throughout their career and to supporting businesses’ resourcing needs and strategies.
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into a placement agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce you to a client (if you are a candidate).
Our Legitimate Business Interests
Our legitimate interests in collecting and retaining your personal data is described below:
As a recruitment business, we introduce candidates to clients for permanent employment, temporary worker placements or independent professional contracts. The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process.
In order to support our candidates’ career aspirations and our clients’ resourcing needs, we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.
To maintain, expand, develop our business, and deliver our ancillary services, we need to record the personal data of prospective candidates and client contacts.
Should we want or need to rely on consent to lawfully process your data, we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing, you have the right to withdraw your consent to this particular processing at any time.
Other Uses of Your Data:
- Use of our website
- To notify you about changes to our service
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
We will use this information:
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- To improve our site to ensure that content is presented in the most effective manner for you and for your computer
- To allow you to participate in interactive features of our service when you choose to do so
- As part of our efforts to keep our site safe and secure
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
- To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process. If automated decision making or profiling is used then we provide information about how decisions are made, the significance and the consequences.
Customer and Citizen Data
You may decide to send us your personal information via this website if you are seeking more information, requesting to attend one of our events, or registering your information for future job opportunities. Your decision to disclose your personal data is entirely voluntary, and by doing so, you are taking an affirmative action by providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us.
Hanson Search may access and use your personal data only for the purposes for which you have submitted it to us to (a) provide information to you, (b) make contact with you, (c) provide services to you, (d) investigate career opportunities suitable for you, or (e) maintain the operations and security of the website and services we provide to you, and (f) reasons set out in the above sections of this privacy notice. We will not use your personal information for any other purposes, for example for the communication of marketing materials, unless we have your specific consent that permits us to do so.
We will at all times handle and store your personal data in accordance with industry best practice aligned with ISO27001, the international standard for information security. This includes the activities and procedures undertaken by our own personnel and authorised third parties (see Sensitive Personal Data Section below), and the technical controls which we have implemented to prevent unauthorised access, compromise or theft of information from our applications, supporting computer systems and premises.
Sensitive Personal Data
GDPR specifies a set of personal data categories which are “sensitive”, and which require special consideration by Data Controllers. This website, and any services available from this website, do not knowingly collect or process any sensitive personal data, and supporting Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) are available upon request from the Hanson Search’s Data Protection Officer (see 'Contacting Hanson Search' below).
Children’s Personal Data
This website, and any services available from this website, are not directed to children under the age of 13. If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact the Hanson Search’s Data Protection Officer (see 'Contacting Hanson Search' below) immediately so that we can take appropriate action.
Customer and Citizen Data Rights
As prescribed within data protection regulations, you have specific rights connected to the provision of your personal data to Hanson Search using this website. These include your rights to request we:
- confirm to you what personal data we may hold about you, if any, and for what purposes
- change the consent which you have provided to us in relation to your personal data
- correct any inaccurate or incomplete personal data which we may hold about you
- provide you with a complete copy of your personal data for you to move elsewhere
- stop the processing of your personal data, whilst an objection from you is being resolved
- permanently erase all your personal data promptly, and confirm to you that this has been done (there may be reasons why we may be unable to do this)
To contact Hanson Search, please see contact details below.
If Hanson Search does not address your request or fails to provide you with a valid reason why we have been unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint. They can be contacted via their website (www.ico.org.uk) or by telephone 0303 123 1113.
Declaration of Sub-Processing
To make an informed decision on whether to provide your personal data to Hanson Search using this website, we need to make you aware of the following organisations who act as Data Processors for us in the provision of our services to you.
These include any member of the Hanson Search group, both in the EEA and outside of the EEA, Vincere (for sales administration and account management purposes), Mailchimp (for consented marketing communications), and Modina Ltd. (for financial, invoicing and payroll processing activities).
Selected third parties including:
- clients for introducing candidates to them
- candidates for arranging interviews and engagements
- clients, business partners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you
- subcontractors including email marketing specialists, event organisers, payment and other financial service providers
- analytics and search engine providers that assist us in the improvement and optimisation of our site
- credit reference agencies, our insurance broker, compliance partners and other sub-contractors to assess your suitability for a role where this is a condition of us entering into a contract with you.
We will disclose your personal information to third parties:
- If Hanson Search or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms as set out in this privacy notice, and other agreements; or to protect the rights, property, or safety of Hanson Search, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
The lawful basis for the third-party processing will include:
- Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs
- Satisfaction of their contractual obligations to us as our data processor
- For the purpose of a contract in place or in contemplation
- To fulfil their legal obligations
The activities within which each of these Data Processors participates have been recorded within the applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR). These will be available upon request from Hanson Search from 25 May 2018 (see below).
Retention of Your Data
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention notice and run data routines to remove data that we no longer have a legitimate business interest in maintaining.
We do the following to try to ensure our data is accurate:
- prior to making an introduction, we check that we have accurate information about you
- we keep in touch with you so you can let us know of changes to your personal data
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so.
For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
Cookies are small text files sent by us to your computer, and from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser session. Persistent cookies last until you or your browser delete them, or until they expire.
This Hanson Search website may include relevant hyperlinks to external websites not controlled by us. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be subsequently provided to you. You are advised, therefore, that your use of external links is at your own risk and we cannot be responsible for any damages or consequences from your use of them.
Contacting Hanson Search