Personal data collected
For us to find the most suitable candidates for your organisation we need to collect and use certain information about you, or individuals who work at your organisation. We don’t need to collect too much from you, but what we do need is:
- Your organisation name and contact details (address, central telephone number, etc);
- Contact details of the individual we are liaising with at your organisation (name, telephone number, email address);
- Details of the job vacancy and type of candidate you require; and
- Any other information an individual from your organisation chooses to tell us.
Usually we collect this personal data directly from you, however we do sometimes collect some of this from other sources.
Collecting the data directly from you
You may provide your personal data to us via one of the following ways:
- Contacting us directly to discuss your vacancy requirements (usually by phone or email);
- Submitting a vacancy via the client services area of our website; or
- If you are a current/previous client when we have contacted you directly (usually by phone or email).
Collecting the data from other sources
We may gather some of your personal data, such as name and contact details, from publicly available sources online. For example, professional networking sites, such as LinkedIn, or job boards if you are advertising a vacancy.
What we use your personal data for and the legal basis we rely on
We collect and use your personal data for the following purposes:
To identify suitable candidates for the job vacancy you have and to ensure the contractual arrangement between our two organisations operates effectively.
We rely on the following legal basis for this:
- Contractual obligation – Article 6(1)(b) of GDPR
As an existing client to re-contact you in the future to see if you have any new job vacancies to fill or to send anonymised candidate profiles of individuals who we think may be suitable for your organisation.
As a prospective client to contact you to discuss any potential job vacancies you may have or to send anonymised candidate profiles of individuals who we think may be suitable for your organisation.
We rely on the following legal basis for this:
- Legitimate Interests – Article 6(1)(f) of GDPR
We don’t think it unreasonable for clients, both prospective and existing/lapsed, to want to know about our services and how we can help recruit the right person for your job vacancy or for you to know of any potential candidates that we feel may make suitable employees of your organisation. In fact, it can benefit your organisation to know when a highly skilled executive level individual is looking for new employment opportunities.
You can always opt out of any of our marketing communications at any time by clicking the unsubscribe button or contacting our Data Protection Manager.
Who we will share your personal data with
We will only share relevant and necessary personal data of our clients with the individual who you would like to invite for interview.
When we set up a new recruitment business for one of our top performing managers, the manager will take a copy of their client database they built up whilst working for Mackenzie Stuart. The new business is still owned and controlled in the majority by Mackenzie Stuart.
Your personal data may be accessed and seen by our third-party outsourced IT provider, whilst they undertake work on our behalf. We have a data processor contract in place which sets out both parties responsibilities and obligations under GDPR.
If you enter personal data into our website then it may be accessed and seen by our third-party website host and web data storage provider, whilst they undertake work on our behalf. We have a data processor contract in place which sets out both parties responsibilities and obligations under GDPR.
How we keep your personal data safe
Mackenzie Stuart take the security of your personal data seriously and we have put in place the most appropriate organisational and technical measures to safeguard personal data. Our measures include:
- Encrypting devices and servers where appropriate
- Password access to computers and mobile devices
- Secure premises
- Restricting access to those staff who need to see the information
- Internal policies and procedures on data protection and information security
- Staff training
When we use third-party providers to process and/or store personal data we undertake relevant assessments of their business to establish their level of compliance with GDPR and only use those that provide sufficient guarantees to implement appropriate technical and organisational measures to safeguard personal data.
Our website, emails, databases and data storage are all on servers based in the UK and EU.
If you suspect your personal data has been lost or misused, please contact our Data Protection Manager.
Transferring personal data outside of the UK and EU
If a candidate, who is located outside of the UK and EU, applies for your job vacancy we will need to provide them with some of your data in relation to that job. This means that we sometimes must transfer client personal data to a third country.
If there is no adequacy decision in place for the country we are transferring client data to, we will only transfer the personal data if:
- the transfer is necessary for the conclusion or performance of a contract between ourselves (i.e. we are contracted to find a suitable candidate for the job vacancy you have); or
- we have obtained your permission to transfer your personal data.
How long we will keep your personal data for
We keep client data for as long as we have an active communication with you, and once this ceases we will keep your personal data for 10 years before it is deleted from our systems/securely destroyed.
We have documented retention periods for all the information we obtain and process.
Unless you are a sole trader or in certain cases a partnership, it will be the individuals who work for our clients that have various rights in relation to how we process their personal data. Individuals can:
- access the personal data we keep about them and be given specific information about the processing.
- ask us to update inaccurate personal data we hold about them.
- ask us to delete their personal data but only when specific grounds apply.
- ask us to restrict the processing of their personal data, for example if they are contesting the accuracy of it.
- object to the processing of their personal data if they do not agree with our legitimate interest grounds and for direct marketing purposes.
- transfer personal data from us to another service provider but only when certain grounds apply.
If you would like to:
- object to the processing of your personal data (where we have relied on legitimate interests as our legal basis for the processing);
- or to unsubscribe from future marketing communications
please contact our Data Protection Manager.
We would really appreciate it if you would let us know if any of your personal data changes so that we can keep our records up to date and accurate.
We do not undertake any automated decision-making, including profiling.
Should you wish to exercise any of your rights please contact our Data Protection Manager.
If you are not happy with how we have been processing your personal data or have not dealt with one of your rights correctly when you have asked us to you may lodge a complaint with the Information Commissioners Office (ICO). The ICO has several ways in which you can get in touch with them, including post, email, and online forms. To find out how click here.
Our contact details
You can contact our Data Protection Manager via one of the following ways: