This policy explains how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
Where the Company has relied on a legitimate interest to process your personal data our legitimate interests is as follows:
- You have supplied us with your personal data as you wish to receive recruitment services from the Company.
- It is of mutual benefit to both you and the Company that we process your data for this purpose.
Personal Data We Collect
Candidate Data: In order to provide the best possible employment opportunities that are tailored to you, we need to process certain information about you. We only ask for details that will genuinely help us to help you in your search for a role, such as your name, sex/gender, photograph, age, marital status, contact details, education details, employment history, emergency contacts, immigration status, salary details, NIC number, referee details and any other relevant information you may wish to share with us). Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health, diversity information or details of any criminal convictions.
Client Data: If you are a Client of Aston Fisher, we need to collect and use information about you, or individuals at your organisation, in the course of providing you services such as finding Candidates who are the right fit for you or your organisation. This information is limited as we generally only require details of individual contacts at your organisation (such as their names, telephone numbers and email addresses) to enable us to ensure that our relationship runs smoothly. We may also hold information that someone in your organisation has chosen to tell us.
How we collect your personal data
Candidate Data: Information is most likely collected via our website contact page, by telephone screening the candidate directly, by Linked In, or email.
- Website – Aston Fisher has a contacts page on their website that will request you to fill in your Full Name, Email address, Reason for Contact, Position interested in approaching us about, how we should contact you and your message. We will then approach you via the requested contact channel.
- Telephone screening – When speaking to a candidate for a general update call or to discuss a specific role, we will record our conversations on our company database. We will always inform you at the beginning of the conversation that we will record this information on our database.
- Online – as an Executive Search company, we will often research candidates online via Linked In or search websites and this information will be recorded on the candidate’s personal assignment record.
- Email – emails are saved and recorded on our database and saved in the relevant candidate or assignment record page.
- Adverts – from time to time we may advertise on specialist advertising
boards and we collect CVs via this route. All CV’s are stored on our encrypted
cloud based filing system and on our database.
Client Data: We collect data from Clients either directly or from third parties or other limited sources. This can be received either
- directly from you via telephone or email through business development channels
- from personal data we receive from other sources
- or data that is collected automatically.
Supplier Data: We collect your personal data during the course of our work with you.
How do we use your personal data
Candidate Data: The main reason for using your personal details is to help you find employment or other work roles that might be suitable for you. The more information we have about you, your skillset and your ambitions, the more bespoke we can make our service. Where appropriate and in accordance with local laws and requirements, we may also use your personal data for candidate mapping, marketing, profiling and diversity monitoring. Where appropriate, we will seek your consent to undertake some of these activities.
Below are ways in which we may use your personal data:
- collect data from you and other sources such as Linked In and online search engines
- storing your details (and updating them when necessary) on our database, so that we can contact you in relation to recruitment
- providing you with our recruitment services and to facilitate the recruitment process
- assessing data about you against opportunities we may think suitable for you
- sending information to Clients, following your permission, for particular roles
- carrying out our obligations arising from contracts entered into between Aston
Fisher and yourself
- Verifying details you have provided, using third party resources (such as psychometric evaluations or skills tests), or to request information (such as references, qualifications and potentially any criminal convictions, to the extent this is appropriate and in accordance with local laws.)
- Complying with our legal obligations in connection with the detection of crime or the collection of tax or duties
- Processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.
Client Data: The main reason for using information about Clients is to ensure that the contractual arrangements between us can be properly implemented so that the relationship can run smoothly. This may involve
- Identifying candidates who we think will be the right fit for you or your organisation
Supplier Data: The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.
Data received from people such as Referees and emergency contacts: We use referee’s personal data to help our Candidates secure their new roles, and to help candidates find employment which is suited to them. If we are able to verify their details and qualifications, we can make sure that they are well matched with prospective employers.
Who do we share your personal data with?
Candidate Data: We may share your personal data with various parties and for various reasons. Primarily, we will share your information with prospective employers to increase your chances of securing the job you want.
How do we safeguard your personal data
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately.
How long do we keep your personal data for
If we have not had meaningful contact with you (or, where appropriate, the company you are working for or with) for a period of ten years, we will delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation).
When we refer to ‘meaningful contact’ we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services. If you are a Candidate we will consider there to be meaningful contact with you if you submit your updated CV onto our website, email, telephone or approach us on Linked In. We will also consider it meaningful contact if you communicate with us about a potential role, either by verbal or written communication.
How can you access, amend or take back the personal data that you have given us
One of the GDPR’s main objectives it to protect and clarify the rights of EU citizens and individuals in the EU regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us.
You have the right to object to us processing your personal data where we do so for one of the following four reasons;
- Our legitimate interests
- To enable us to perform a task in the public interest or exercise official authority
- To send you direct marketing materials
- And for scientific, historical, research or statistical purposes.
You also have the right to withdraw your consent and we will ensure that we will not process any of your data.
Data Subject Access Requests:
You may ask us to confirm what information we hold about you at any time, and request us to modify update or delete such information. We may ask you to verify your identity and for more information about your request. We provide you with access to the information we hold about you, we will not charge you for this unless your request is ‘manifestly unfounded or excessive’. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
➢ Right to erasure: You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
- The data is no longer necessary for the purpose for which we originally collected and/or processed them
- Where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing
- The data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR)
- It is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller, or
- If we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
➢ We would only be entitled to refuse to comply with your request for one of the following reasons:
- To exercise the right of freedom of expression and information
- To comply with legal obligations or for the performance of a public interest task or exercise of official authority
- For public health reasons in the public interest
- For archival, research or statistical purposes; or
- To exercise or defend a legal claim.
➢ Right to restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either
- One of the circumstances listed below is resolved
- You consent, or
- Further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member of State public interest.
➢ The circumstances in which you are entitled to request that we restrict the processing of your data are:
- Where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified
- Where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data
- Where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it, and
- Where we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims.
➢ Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you.
➢ Right to lodge a complaint with a supervisory authority: You also the right to lodge a complaint with your local supervisory authority.
If you would like to exercise any of these rights, or withdraw your consent to the processing of your personal data, please contact
Deborah Bonney, Head of Operations, firstname.lastname@example.org/astonfisher
It is important that the personal information we hold about you is accurate and up to date. Please keep us updated on any change to your personal information.
Who is responsible for processing your personal data on the Aston Fisher
Deborah Bonney, Head of Operations, email@example.com/astonfisher
How do we store and transfer your data internationally?
Your data may be transferred:
➢ To different offices of Aston Fisher
➢ To third parties
➢ To overseas Client
➢ To Clients within your country, who may, in turn, transfer your data internationally
➢ To a cloud-based storage provider
Aston Fisher will ensure that all your data is stored and transferred in a secure way. We will only, therefore, transfer data outside of the European Union that is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data.
Our legal bases for processing your data
Legally, we can process your data where it “is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of you which require protection of personal data.”
Aston Fisher deem it reasonable to expect that if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and otherwise use your personal data to offer or provide our recruitment services to you, share that information with prospective employers and assess your skills against our current assignments.
Should you be in the position of securing a job, your prospective employer may also want to double check information we have provided to them (such as psychometric testing), references, qualifications, criminal record, within local laws. This is an essential part of our executive search and interim process that allows us to operate in a professional capacity.
We may also require Candidate data for our internal administrative purposes (particularly for interim Candidates) such as payment details for invoicing purposes, date of birth, NIC number, and Home address.
To ensure we provide the best possible service to our Clients, we store your personal data of individual contacts at your organisation as well as keeping records of our conversations, meetings, registered assignments and placements. From time to time we may ask you to undertake customer satisfaction surveys and provide written endorsements which may be added to our website and marketing material.
We use and store the personal data of individuals within your organisation in order to facilitate the receipt of your services. We may also hold your financial details so that we can pay you for your services. We believe all such activities are necessary within the range of our legitimate interests as a recipient of your services.
If you have been put down as a referee by either a candidate or Client and we have been given your personal details, we will use these details to contact you. This is an important part of our professional duties as an Executive Search and Interim company and believe it to be necessary for our legitimate interests.
If a candidate or employee of Aston Fisher has given us your details as an emergency contact, we will use these details to contact you in case of an accident or an emergency. This is necessary for our legitimate interests as we are a people-orientated company.
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent. Soft opt-in consent allows us to market our products and services to you which are related to recruitment services we provide as long as you do not actively opt-out from these communications. You have the right to withdraw your consent to these activities which you can do so at any time.
Under Article 4(11) of the GDPR Aston Fisher will not put you under any pressure to give your consent, you will have control over which processing activities you consent to and which you don’t, you need to take positive, affirmative action in giving us consent and we will keep records of the consents that you have given in this way.
How to contact us
For further information on General Data Protection at Aston Fisher please contact
Deborah Bonney, Head of Operations, firstname.lastname@example.org/astonfisher