Harrison Clarke International Limited (“the Company”) is committed to protecting the privacy and security of your personal information.
Harrison Clarke International Ltd. is a UK company registered under Company Number: 10541771 and has its registered office at 33rd Floor, 25 Canada Square, Canary Wharf, London E14 5LQ (HCI UK).
Harrison Clarke International Inc. is registered in the State of California and has its registered office at 10100 Venice Blvd., Culver City, CA 90232, United States (HCI US). HCI US also has a place of business at 600 Third Avenue, 2nd Floor, Manhattan, New York, NY 10016, United States.
As HCI US is based in the United States, HCI US has appointed HCI UK to be its representative within the EEA.
HCI US has obtained Privacy Shield certification as set forth by the US Department of Commerce regarding the requirements for collection, use, and retention of personal information, as applicable to the United States (US). HCI US has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If you want to learn more about the Privacy Shield program, and view our certification, please visit https://www.privacyshield.gov/. Further information about our personal data transfers outside of the UK and EEA, and how we use the Standard Contractual Clauses is also set out below in this Privacy Notice.
Scope of the Privacy Notice
The Company is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulations (GDPR).
The Company is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. You are being sent a copy of this privacy notice because you are applying for work with us (whether as an employee, worker, self employed consultant or contractor). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR).
In relation to self-employed consultants and contractors, references to ’employer’ and employment related activities should be construed as referring to the Company and its activities as the business with which the self-employed consultant or contractor is potentially contracting to carry out work, in so far as those activities relate to the arrangements entered into between the self-employed consultant or contactor and the Company. Personal data will only be collected where it is relevant to the arrangements the Company is proposing to enter into with each individual or company. Nothing in this privacy notice shall affect the status of a self-employed consultant or contractor or shall render them a potential employee, worker, agent or partner of the Company.
Data protection principles
We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
The kind of information we hold about you
In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:
- The information you have provided to us in your curriculum vitae and covering letter.
- The information you have provided on our application form, including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications.
- Any information you provide to us during an interview.
- Any other information you provide to us during the application process in any format, including any tender documents (where applicable).
We may also collect, store and use the following “special categories” of more sensitive personal information:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
- Information about your health, including any medical condition, health and sickness records.
- Information about criminal convictions and offences.
How is your personal information collected?
We may collect personal information about candidates from the following sources:
- You, the candidate.
- A background check provider.
- A credit reference agency.
- Your named referees.
How we will use information about you
We will use the personal information we collect about you to:
- Assess your skills, qualifications, and suitability for the role.
- Carry out background and reference checks, where applicable.
- Communicate with you about the recruitment process.
- Keep records related to our hiring processes.
- Comply with legal or regulatory requirements.
It is in our legitimate interests to decide whether to appoint you to work for the organisation since it would be beneficial to our business to appoint someone to the roles which we have advertised at any given time.
We also need to process your personal information to decide whether to enter into a contract of employment, a contract for services or any other arrangement with you.
Having received the information you have provided to us as part of the application process, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then take up references and carry out any other pre-recruitment we need to do before confirming your appointment.
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.
How we process references
We will use the details that you provide regarding your named referees in order to request a reference for you. If you provide personal contact details for your named referees, for example, for the purposes of a personal reference, by providing these details to us you are confirming that you have the named referees’ consent to provide such information to us.
If you are named as a referee, we will use the personal contact details provided to us by the job applicant in order to contact you to request a reference. We will subsequently process any information you provide in response to a reference request (as set out above) in accordance with our legitimate business interests to carry out reference checks for prospective employees.
How we use particularly sensitive personal information
We may use your particularly sensitive personal information in the following ways:
- We may use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview or at any other stage in the process.
- We may use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
Information about criminal convictions
We do not envisage that we will process information about criminal convictions before you commence employment with us. However, it may be necessary during your employment with us to ask you to undergo a DBS check if required by a client to carry out work for them as part of their vetting processes for their suppliers. If this becomes relevant to your role we will discuss it with you at the relevant time. Where possible we will only carry out checks with your explicit consent and if you do not want to have the check done we will arrange for someone else to provide services to that client.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Why might you share my personal information with third parties?
We will only share your personal information with the following third parties for the purposes of processing your application: HCI US and our legal or professional advisers, where required.
Where your application involves the use of a recruitment agent, we may also pass information regarding the progress of your application, including feedback on your performance in the recruitment process, and the terms on which we are prepared to make a job offer, if applicable, to your recruitment agent.
HCI US is based in the United States of America (US) and meets the requirements of the US Privacy Shield, as set out at the start of this Privacy Notice. This means that HCI US provides a similar level of protection to your personal data as the protection afforded by the GDPR.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Transfers of your information out of the UK or EEA
Generally, we do not transfer personal data relating to job applications to work at HCI outside of the UK or the EEA. However, we may transfer your personal information from HCI UK to HCI US, as follows:
- We may transfer your personal information between HCI UK and HCI US in order to share data between the HCI Group which enables us to properly perform recruitment services for each of our entities.
- Where you have made an application to HCI UK but the position you have applied for is located in one of HCI US’ offices.
- You are based in the US but applied to HCI UK for a position.
Some non-EEA countries do not have the same data protection laws as within the UK and the EEA, but HCI commits to ensuring that EU and UK residents suffer no consequence or impact to their privacy rights in the event of an international transfer.
Our transfers of personal data from HCI UK to HCI US
To ensure that our candidates benefit from the high privacy standards in force in the EEA, any transfer of personal information related to EEA or UK residents from HCI UK to HCI US is carried out pursuant to the obligations set out in the European Commission’s Standard Contractual Clauses (SCCs).
As stated at the start of this Notice, HCI US has obtained Privacy Shield certification and has certified to the US Department of Commerce that it adheres to the Privacy Shield principles. However, whilst HCI US adheres to the Privacy Shield Principles and it remains in compliance with the requirements of such certification, any transfers of personal data from HCI UK to HCI US are conducted by relying on the European Commission’s Standard Contractual Clauses (SCCs) for Controller-to-Controller transfers. For more information about the SCCs, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
Other International Transfers
In the event of other transfers outside of the EEA and the UK, we will only conduct transfers of your personal data outside of the UK and the EEA when we are sure that such transfers are protected by the adequate safeguards set out in the SCCs, or where the receiving territory has been held by the European Commission as providing adequate protection to personal data. We also reserve the right to transfer personal data belonging to EEA and UK residents outside of the EEA and the UK in accordance with the legal provisions set out in the GDPR, provided that one of the following grounds are satisfied:
- The individual candidate has explicitly consented after being informed of the risks of the transfers due to the absence of an adequacy decision and appropriate safeguards.
- The transfer is necessary for the performance of a contract between the individual candidate and the organisation or for pre-contractual steps taken at the candidate’s request.
- The transfer is necessary for the performance of a contract made in the interests of the individual candidate between HCI and another person.
- The transfer is necessary for important reasons of public interest or to establish, exercise or defend legal claims.
- The transfer is made from a public register which is intended to provide information to the public and specific conditions are fulfilled.
- The transfer is in HCI’s legitimate interests if no other grounds apply and providing that the transfer is occasional, concerns only a limited number of candidates, and which are necessary for HCI’s legitimate interests. In this case, HCI shall also provide appropriate safeguards for the personal data and shall inform both the applicable supervisory authority (such as the ICO) and the candidates the transfer.
If you would like further information, please contact us at: email@example.com or visit the ICO website at https://ico.org.uk.
We understand that Brexit is an uncertain time for our candidates. We have been monitoring the best practices to ensure continued protection of your personal data. The UK has now left the EU and is currently in a transition period which at the time of updating this policy is set to expire on 31st December 2020. This means that during the current transition period, EU data protection law, including the GDPR, continues to apply to and in the UK. This also means that any transfers of personal data from the UK to the US (including those between HCI UK and HCI US) shall rely on the SCCs or such approved mechanism under the GDPR.
In relation to UK-EU transfers of personal data after the end of the transition period, the UK will hopefully be awarded an adequacy decision by the European Commission, meaning that the UK will be deemed to provide a level of protection to personal data which is the same as the level afforded by the GDPR and that no further action for UK-EU personal data transfers will be required after the end of the transition period. However, in the event that the UK is not awarded an adequacy decision, HCI shall rely and enter into the SCCs or any other such approved mechanism as described in Chapter V of the GDPR for any personal data transfers between the UK and the EU.
We will continue to closely monitor the developments in this area and will update this Privacy Notice accord-ingly, so please check back regularly.
Finally, please rest assured that for EU and UK residents, we will not otherwise transfer your personal data outside of the UK or EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
For California residents, in order to comply with applicable law (Assembly Bill No.1130 which came in to force 1 January 2020), we will notify you without unreasonable delay in the event of any breach of the security of the system following discovery or notification of the breach where we are legally required to do so, either via email or via a notice on our website. We will take all steps to mitigate the breach as set out in the applicable law.
How long will you use my information for?
We will usually retain your personal information for a period of 6 months after we have made the relevant appointment, subject to any additional legal obligations and in accordance with any legitimate interests of the company. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.
Rights of access, correction, erasure, and restriction
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact firstname.lastname@example.org.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The GDPR also gives EU and UK residents the right to lodge a complaint with a supervisory authority, in particular in the UK, or within the EU (or EEA) state where you work, normally live or where any alleged in-fringement of data protection laws occurred.
The supervisory authority governing HCI’s data activities in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns.
HCI US is also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Changes to this Privacy Notice
We may change this privacy notice from time to time and when we provide the latest version on this web-site. This privacy notice was last updated on 4 August 2020.
How to contact us
If you wish to contact us, please send an email to our Data Protection Counsel at: email@example.com.