16-20 Ely Place
London EC1N 6SN
E: email@example.com T: +44 (0) 207 070 3022
We provide executive search services to clients looking to recruit main board and senior management personnel for their businesses. We also provide Interim Management, Market Mapping and Advisory services.
What does this Policy cover?
We at Calibre One take your personal data seriously. This policy:
sets out the types of personal data that we collect about you;
explains how and why we collect and use your personal data;
explains how long we keep your personal data for;
explains when, why and with who we will share your personal data;
sets out the legal basis we have for using your personal data;
explains the effect of refusing to provide the personal data requested;
explains the different rights and choices you have when it comes to your personal data; and
explains how we may contact you and how you can contact us.
What is personal data?
Personal information is any information about you as a person and includes details with respect to your name, contact details, current employment and compensation, work history, interests, your personal references and other data that you may provide through submitting a CV or resume, and during discussions over the telephone or in meetings.
What personal data do we collect about you?
If you are a candidate, we collect the information necessary to assess your eligibility and interest relative to a specific opportunity, or to clients who may retain us to either recruit or introduce them to individuals with specific experience and qualifications. The information you are submitting should be complete and accurate. This information includes contact details, CV’s, educational records, work history, employment and references – we advise you not to provide information which may be deemed sensitive on your CV as we will retain any documents that you have provided
If you are a referee for a candidate, we ask you to answer specific questions to validate the information we have about our candidate and to explore their skills and experience relative to the role in question.
We may also collect sensitive personal data about you, such as health-related information, personal beliefs or personal and/or family information – but we only collect this sensitive personal data from you, and further process it, where you have already given your explicit consent.
Where do we collect personal data about your from?
The following are the different sources we may collect personal data about you from:
Directly from you. This is information you provide while searching for a new opportunity and/or during the different recruitment stages
From an agent/third party acting on your behalf. g. Interim Management Company or Rec-to-Rec
Through publicly available sources. These include but are not limited to:
Industry press & periodicals
By Reference or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or even a present employer.
How do we use your personal data?
We use your personal data to match your skills, experience and education with searches we are retained on by our clients. We will initially collect basic information on you – and this summary biographical information may be shared with a client, in the context of a particular search. If you are seen to be a good fit and go through to the next stage, we will then be collecting more information from you via the interview (or equivalent) stage and onwards in that manner – however we would have spoken to you before presenting further details to a client or indicating any potential interest you may have.
On occasion we may use your data to contact you via email or phone for marketing purposes, where we deem the activity could be beneficial to both sides. However, when we do this, there will be a clear opt-out, which we will always abide by if asked to do so.
How do we ensure security and integrity of data?
We use our best efforts to ensure that data is accurate, complete, current and reliable for its intended use. We use appropriate technical and organisational measures and safeguards to help protect your personal data from unauthorised access, misuse, alteration or loss. Our internal policies and procedures are designed to help ensure we safeguard the privacy and accuracy of all data we collect or process. To the extent that we disclose personal data to clients or third parties, we will request that they properly protect the security and confidentiality of such information and otherwise process such data in accordance with applicable law.
How long do we keep your personal data for?
We only retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
When determining the relevant retention periods, we will take into account factors including:
our contractual obligations and rights in relation to the information involved;
legal obligation(s) under applicable law to retain data for a certain period of time;
statute of limitations under applicable law(s);
if you have made a request to have your information deleted; and
guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information once it is no longer required for the purpose(s) for which it was obtained, which generally speaking, is after six years.
Who do we share your personal data with?
We share your personal data with the client who has a position to fill, in order to determine with the client whether you are a good fit for the available position. Our clients tend to be high growth technology and technology-enabled companies, and investor-backed and quoted companies undergoing growth and transformation around the World.
Your data will also be shared with our colleagues in our global offices around the world, however they will abide by the same GDPR rulings regarding the capture, safeguarding and sharing of personal data [further detail below].
What legal basis do we have for using your information?
For prospective candidates, referees and clients, our processing is necessary for our legitimate interests in that we need the information in order to be able to assess suitability for potential roles, to find potential candidates and to contact clients and referees. We carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing. We keep a record of these balancing tests. You have a right to and can find out more about the information in these balancing tests by contacting us using the details below.
If you are shortlisted as a candidate, then this may involve the processing of more detailed personal data including sensitive data such as health information that you or others provide about you. In that case, we always ask for your consent before undertaking such processing.
For clients, we may also rely on our processing being necessary to perform a contract for you, for example in contacting you.
What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal data necessary or withdraw your consent for the processing of your personal data, we may not be able to match you with available job opportunities.
Do we make automated decisions concerning you?
No, we do not carry out automated profiling.
Do we transfer your data outside the EEA?
To better match your employee profile with current opportunities we may transfer your personal data to clients and partners in countries outside the EEA. These countries privacy laws may be different from those in your home country. Where we transfer data to a country which has not been deemed to provide adequate data protection standards we always have security measures and approved model clauses in place to protect your personal data.
At present we transfer personal data to the following countries outside the EEA:
To find out more about how we safeguard your information as related to transfers contact us on firstname.lastname@example.org.
What rights do you have in relation to the data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.
What does this mean?
1. The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
2. The right of access
3. The right to rectification
You are entitled to have your information corrected if it’s inaccurate or incomplete.
4. The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5. The right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6. The right to data portability
You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
7. The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
8. The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
9. The right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
baseless or excessive/repeated requests, or
further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
How will we contact you?
We may contact you by phone, email or social media. If you prefer a particular contact means over another, please just let us know.
How can you contact us?
If you are unhappy with how we’ve handled your information or have further questions on the processing of your personal data, contact us here: Calibre One, Audrey House, 16-20 Ely Place, London EC1N 6SN / email@example.com.