The information we collect and how we use it
Aldrich & Co will require personal information such as your name, contact details, sensitive personal information, and your CV. Information from these various sources is held and used by us for the following purposes:
- So that we can provide our services to you and answer your enquiries;
- So that we can have a business relationship with you if you are either a user of our website or a client or candidate;
- So that you can submit your CV to us, and we can advise you on your career options, match your details with specific job vacancies, to help us find you the position that is most suited to you;
- So that we can assess your profile against job vacancies for which you have applied;
- So that we can pass your information (further to your consent) to trusted third parties who have been retained to provide information such as reference checks, qualification and criminal reference checks, etc and to third parties who provide services to us, such as IT and mailing services;
- So that we can keep you informed of news and events – where we do so, you will be able to unsubscribe from such communications;
- For compiling salary and other surveys of our candidates;
- As required by regulatory or law enforcement agencies, or where we are permitted to do so by law.
We may also need to share some of the personal information set out with other parties, such as external contractors and our professional advisers. Information is only shared for the delivery of our service to you or to comply with our legal obligations.
We will notify you of any changes to information we collect or to the purposes for which we collect and process it. Should you have any questions or concerns about the Aldrich & Co privacy commitment, please feel free to e-mail us at firstname.lastname@example.org.
Where information may be held
Information may be held at our offices, and third-party agencies, service providers, representatives and agents as described above.
Disclosure of your information
We will share your information within Aldrich & Co where necessary in order to provide you with our recruitment consultancy, executive search and coaching services. We will also share your details with prospective employers when you have applied to a job vacancy relating to that prospective employer.
Before data containing your personably identifiable information is transmitted to a prospective employer, we will always ask you for your consent.
We may pass on your personal information if we have a legal obligation to do so. We also reserve the right to disclose the information we have collected about you to our professional advisors and to other persons to the extent that Aldrich & Co contracts out any aspect of the operation of its recruitment agency services.
Access to your information
You have the right at any time to ask us for a copy of the information that we hold about you. We may ask you to verify your identity and for more information about your request. Please email email@example.com to request access.
How long we keep your information
The period for which we keep your information is dependent on whether or not we have placed you in a temporary booking or permanent role.
Where we have been unsuccessful in placing you in a temporary or permanent booking, we will retain your data for 6 years from the date we last contacted you in our database. If we have placed you, we will retain your information for 6 years from the date of placement or date on which you last worked for us or last contacted you, or you contacted us, in our database.
In order to comply with our legal obligations, we will retain certain pay-related and other financial information for 6 years.
Retention of Data
Retained data is reviewed every 6 months to establish its age and when data is no longer required or has reached its maximum time limit, it will be appropriately removed. If you believe that we are in possession of personal data that you wish us to delete prior to these pre-determined times, please contact our Data Compliance Officer at firstname.lastname@example.org to request deletion.
Keeping your personal information secure
We have security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
General Data Protection Regulation (GDPR) provides for certain requirements from data controllers for the portability of personal data. The data stored on our Customer Relationship Management (CRM) system is controlled by the Company. Aldrich & Co permit the portability of data on mobile devices such as mobiles or laptops, as well as home office working, under restriction and/or limitations. Access to this data can be terminated or limited as and when necessary to prevent data breaches or leaks. Every reasonable step is taken to ensure that data accessed outside of our network is secure.
Reporting Data Breaches
In accordance with GDPR guidelines, we agree to analyse any suspected data breach and report it within 72 hours of becoming aware of the breach. Unless the breach itself is considered low risk, breaches would be reported to the Information Commissioner’s Office (ICO). Once a data breach or leak has been discovered, it would be reported to this authority. We have processes and policies in place to avoid any potential data breaches. We regularly train all of our staff on the importance of data security and what their responsibilities are with safeguarding data that we process.
Internal Policies for GDPR
Aldrich & Co have security and access policies for employees that safeguards data and protects the integrity of data. We also ensure this doesn’t impact business functions and data subject or data subject experiences. We have a data security policy, confidentiality policy, password policy and a policy covering Bring Your Own Devices (BYOD). These policies aim to mitigate any instance of data breach or leaks.
IT policies for GDPR
Aldrich & Co outsource their IT system maintenance and management to a Third-Party who is responsible for safeguarding the network and terminals with access to the network. The third party manage the anti-virus on the machines, and security updates to mitigate against data breaches and leaks. The data this Third Party can access is limited to the minimum needed to complete their role and they are also bound by a data privacy and confidentiality contract. Aldrich & Co are solely responsible for employee accessibility in granting, limiting or terminating accessibility where necessary.
You have the right at any time to ask us for a copy of the information supplied by you that we hold. If you would like to make a request for information, please email email@example.com. You also have the right to ask Aldrich & Co to stop using your information, amend it or erase it.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information – please contact us on firstname.lastname@example.org and let us know how we can help you. If not, please contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.