ARDENT RECRUITMENT
PRIVACY POLICY
24TH MAY 2018
BACKGROUND
Ardent Recruitment understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this Website, https://www.ardentrecruit.com, (“Our Site”) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law. For the purpose of data protection law, including the UK Data Protection Act 1998 (DPA) and (from 25th May 2018) the EU General Data Protection Regulation (GDPR), Ardent Recruitment is the data controller and is registered with the Information Commissioner’s Office with notification number ZA178431
Please read this Privacy Policy carefully and ensure that you understand it. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.
1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
“Cookie”
“Cookie Law” “Personal Data”
“We/Us/Our”
means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in section 14, below;
means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;
means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the GDPR. Personal data shall not include data where the identity has been removed (anonymous data); and
means Ardent Recruitment, a limited company registered in England under company number 09714147 , whose registered address is 80-83 Long Lane, London, United Kingdom, EC1A 9ET and whose main trading address is New Broad Street House. 35 New Broad Street. London. EC2M1NH.
2. Important Information About Us
-
-
2.1 Our Site is owned and operated by Ardent Recruitment
-
2.2 Our Information Security Manger is Jane Gaunt and can be contacted by email at infosec@ardentrecruit.com by telephone on +44 (0) 207194 7862, or by post at Jane Gaunt, Ardent Recruitment, New Broad Street House, 35 New Broad Street, London, EC2M 1NH.
-
3. What Does This Policy Cover?
This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.
4. Your Rights
-
-
4.1 As a data subject, you have the following rights under the GDPR, which this
Policy and Our use of personal data have been designed to uphold:
-
4.1.1 The right to be informed about Our collection and use of personal data;
-
4.1.2 The right of access to the personal data We hold about you (see section 13);
-
4.1.3 The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using the details in section 15);
-
4.1.4 The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in section 7 but if you would like Us to delete it sooner, please contact Us using the details in section 15);
-
4.1.5 The right to object to us processing your personal data for any of the purposes listed in this policy at any time;
-
4.1.6 The right to restrict (i.e. prevent) the processing of your personal data;
-
4.1.7 The right to data portability (obtaining a copy of your personal data to re- use with another service or organisation);
-
4.1.8 The right to object to Us using your personal data for particular purposes at any time by contacting us (using the details provided in this policy);
-
4.1.9 Rights with respect to automated decision making and profiling.
-
4.1.10 The right to withdraw your consent to processing at any time.
-
-
4.2 If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided in section 15 and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
-
4.3 For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
-
4. Your Rights
5. How is personal information collected and what Data Do We Collect about you?
Depending upon your use of Our Site, each time you visit Our Site you may give us information about yourself and We may collect some or all of the information below including personal and non-personal data technical data about your computer for system administration and to report aggregate information to third parties (please also see section 14 on Our use of Cookies and similar technologies):
5.1 5.2 5.3
5.4 5.5 5.6 5.7
name; business/company name
contact information such as email addresses and telephone numbers as provided by you;
IP address;
Web browser type and version;
operating system and platform;
a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to;
Some of this information constitutes “sensitive personal data” as defined in data protection law (of “special categories of data” under the GDPR). By registering to use Our Site and Our services you explicitly consent to our processing of your sensitive personal data or special categories of data as described in this privacy policy.
6. How Do We Use Your Data?
-
6.1 All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the GDPR at all times. For more details on security see section 8, below.
-
6.2 Our use of your personal data will always have a lawful and legitimate basis, either because it is necessary for Our performance of a contract with you, because you have consented to Our use of your personal data, or because it is in Our legitimate interests. Specifically, We may use your data for the following purposes:
-
6.2.1 (On the lawful basis of contract) in supplying Our services to you (please note that We require your personal data in order to enter into a contract with you);
-
6.2.2 (On the lawful basis of contract) in replying to emails from you; where entered via the Website;
-
6.2.3 (On the lawful basis of our legitimate interests and your consent) in supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by selecting “Unsubscribe” on any of our emails or communications. Or by emailing infosec@ardentrecruit.com)
-
6.2.4 (On the basis of Our legitimate interests and contract) to notify you about changes to our services).
Where We rely on the lawful basis of legitimate interests (or those of a third party) We will first consider and ensure that those interests do not override your interests and fundamental rights. Where We rely on your consent for processing any personal data, We will first ensure that you have been provided with the opportunity for such consent to be freely given, specific and informed and that you are aware of your right to withdraw consent at any time (noting that where consent is required for us to provide the information or services you request from us, if it is later withdrawn, We will be unable to provide such information or services). We will only use your personal data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (using the information set out below). If We need to use your personal data for any unrelated purpose, We will notify you and We will explain the legal basis which allows us to do so. Please note We may process your personal data without your knowledge or consent, in compliance with above rules, where this is required or permitted by law.
-
-
6.3 We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may disclose your personal data to third parties: to provide you with any services that you request and to carry out our obligations arising from any contracts entered into between you and us; in the event that We sell or buy any business or assets; or if We are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirement.
-
6.4 With your permission and/or where permitted by law, We may also use your data to form a view on what We think you may want or need or may be of interest for you to decide which product services and offers may be relevant for you, for marketing purposes which may include contacting you by email or telephone or post with information, on Our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
-
6.5 You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.
-
6.6 We will get your express opt-in consent before We share your personal data with any third-party for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us (using the contact information provided below) at any time. Where you opt out of receiving these marketing messages this will not apply to personal data provided to us as part of your contract with us for provision of Our Services. We require all third parties to respect the security of your personal data and to treat it in accordance with data protection law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7. Data Retention
7.1 We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. To determine the appropriate retention period for personal data, We have considered the nature and sensitivity of the personal data the potential risk of harm from unauthorised use or disclosure and the purposes for which we process it and whether we can achieve those purposes through other means. Data you provide will therefore be retained for the following periods (or its retention will be determined on the following bases):
-
7.1.1 1st Name, Last name; is kept for 4 years after last Contracted Services
-
7.1.2 Personal Email Address; is kept for 4 years after last Contracted Services
-
7.1.3 business/company name is kept for 10 years
-
7.1.4 IP address; 30 days
-
7.1.5 Web browser type and version; 26 months
-
7.1.6 operating system; 26 months
-
7.1.7 a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to; 26 months
8. Data Security/ How and Where Do We Store Your Data?
-
8.1 By submitting your personal data, you agree to our storing and using it. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy policy. We only keep your personal data for as long as We need to in order to use it as described above in section 6, and/or for as long as We have your permission to keep it.
-
8.2 Some or all of your data may be stored outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein). You are deemed to accept and agree to this by using Our Site and submitting information to Us. If We do store data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR. including:
-
8.2.1 We only share your data to countries that can meet the EEA Adequacy Rules and
-
8.2.2 Have proven Security measures in place to support the protection and security of the Personal Data processed on behalf of Ardent Recruitment.
-
8.2.3 We have agreed Data Controller/Data Processing Agreements to ensure such.
-
-
8.3 Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure data collected through Our Site. These include appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, in addition, We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where We are legally required to do so. Further details of the measures are contained in our Data Protection Policy.
-
8.4 Steps We take to secure and protect your data include:
-
8.4.1 1st Name, Last name; dual Password Access Control, Remote Secure online storage, Secure Transmission
-
8.4.2 Personal Email Address; dual Password Access Control, Remote Secure online storage, Secure Transmission
-
8.4.3 job title; dual Password Access Control, Remote Secure online storage, Secure Transmission
-
8.4.4 telephone numbers; dual Password Access Control, Remote Secure online storage, Secure Transmission
-
8.4.5 IP address; Password Access Control, Remote Secure online storage, Secure Transmission
-
8.4.6 Web browser type and version; Password Access Control, Remote Secure online storage, Secure Transmission
-
8.4.7 operating system; Password Access Control, Remote Secure online storage, Secure Transmission
-
8.4.8 a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to; Password Access Control, Remote Secure online storage, Secure Transmission
8.5 Where We have given you (or you have chosen a password) which enables you to access certain parts of Our Site, you are responsible for keeping this password confidential and We as that you do not share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure and whilst We do our best to protect your personal data, We cannot guarantee the security of your personal data transmitted to Our Site; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features as outlined in this policy to try and prevent unauthorised access.
9. Do We Share Your Data?
9.1 In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal obligations, a court order, or a governmental authority.
9.2. We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. Data will only be shared and used within the bounds of the law.
9.3. We may sometimes use third party data processors that are located outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein). Where We transfer any personal data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR including:
9.3.1 MSFT Office 365 Business Premium. Secure transfers and double password Access Control;
9.3.2 G-Suit. Secure transfers and double password Access Control, encryption at Rest.
9.4 In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal requirements, a court order, or a governmental authority.
10. What Happens If Our Business Changes Hands?
-
-
10.1 We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us.
-
10.2 In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted or at any other time you will be given the choice to have your data deleted or withheld from the new owner or controller.
-
11. How Can You Control Your Data
11.1 In addition to your rights under the GDPR, set out in section 4, when you submit personal data via Our Site, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details).
12. Your Right to Withhold Information
-
-
12.1 You may access Our Site without providing any data at all.
-
12.2 You may restrict Our use of Cookies. You can block any cookies from any Website by activating the setting on your browser that allows you to refuse the setting of some or all cookies. If you block all cookies (including Strictly necessary cookies) you will still be able to access Our Site but may not be able to access all or part of others Websites. You can also use your browser settings to delete cookies. For more information about how to disable cookies in your browser please visit http://www.aboutcookies.org.uk/managing-cookies
-
12.3 Where a cookie is provided by a third party, you may be able to use that third party’s own guidance to block that cookie.
-
13. How Can You Access Your Data?
You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable (however We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or alternatively We may refuse to comply with your request in these circumstances) and We will provide any and all information in response to your request free of charge within 30 days or contact you and tell you why We can’t provide data. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Whilst We try to respond to all legitimate requests within 30 days if your request is particularly complex or you have made a number of request it may take us longer in which case We will notify you and keep you updated. Please contact Us for more details at infosec@ardentrecuit or using the contact details below in section 15.
14. Our Use of Cookies
-
14.1 Cookies are small text files that are placed on your computer by Websites that you visit, they are widely used in order to make Websites work or work more efficiently. Our Site does not use or place first party Cookies on your computer or device.
-
14.2 By using Our Site, you may also receive certain third-party Cookies on your computer or device. Third party Cookies are those placed by Websites, services, and/or parties other than Us. Third Party Cookies are used on Our Site for basic Usage tracking and Statistics. For more details, please refer to section 5 & 6, above, and to section 14.5 below. These Cookies are not integral to the functioning of Our Site and your use and experience of Our Site will not be impaired by refusing consent to them.
-
14.3 All Cookies used by and on Our Site are used in accordance with current Cookie Law.
-
14.4 By using Our site and enabling these Cookies you are allowing Us to provide the best possible service to you. You may, if you wish, deny consent to the placing of Cookies. If you choose to refuse all Cookies at a browser level, other websites you visit that do rely on such Cookies may not function as expected and you should check those site’s cookie policies to check that blocking all Cookies at the browser level, will not affect your experience on those websites.
-
14.5 The following third-party Cookies may be placed on your computer or device:
-
14.6 In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device or for more information about how to disable cookies in your browser please visit http://www.aboutcookies.org.uk/managing-cookies. To opt out of being traced by Google Analytics across all Websites visit https://tools.google.com/dlpage/gaoptout
Name of Cookie |
Provider |
Purpose |
Google Analytics |
Google Inc |
Basic Usage tracking and Anonymised Statistics |
14.7 It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
15. Contacting Us
If you have any questions about Our Site or this Privacy Policy, please contact Us by email at infosec@ardentrecruit.com by telephone on +44 (0) 207194 7862, or by post at Ardent Recruitment. New Broad Street House. 35 New Broad Street. London. EC2M1NH.
16. Changes to Our Privacy Policy
We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.