Valid From: 25 May 2018
Data Protection & Privacy Statement for SR Search, which forms part of The SR Group


1.    Who are we?

The SR Group is a global professional, specialist recruitment organisation which focuses on Legal, Compliance, HR, Tax, Treasury, Marketing, Executive Search and other markets trading under the names Brewer Morris, Carter Murray, Frazer Jones, SR Search, SRG Projects and Taylor Root. We provide permanent and temporary recruitment services to clients looking to recruit talent for their businesses.

The SR Group has offices in London, Amsterdam, Düsseldorf, Frankfurt, Milan, Dubai, Singapore, Hong Kong, Melbourne, Sydney and New York.

The SR Group means our subsidiaries, our ultimate holding company and its subsidiaries, our associated companies as defined in section 1159 of the UK Companies Act 2006. A list of our relevant legal entities is set out at the end of this Policy. For the purposes of data protection legislation in force from time to time, the data controller will be the legal entity of The SR Group in the jurisdiction of which you are resident (or, if different, the legal entity with whom you are in contact or have a contract in place with).

The SR Group aims to comply with best practice and local privacy legislation in all jurisdictions in which it has operations. The application of The SR Group’s global Privacy Policy may be subject to some minor amendments in accordance with local law requirements in the different jurisdictions in which The SR Group operates and The SR Group may also issue a country specific data collection statement detailing its practices in that jurisdiction.

The SR Group Privacy Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and practices and to make sure it remains appropriate to the changing environment. Any information we hold will be governed by the most current version of the Privacy Policy. If you have any specific queries relating to The SR Group’s Privacy Policy in your local jurisdiction, please contact us using the details at the end of this Policy.
Please read this Privacy Policy carefully.

2.    What does this Policy cover?

We at The SR Group take your personal data seriously. This Policy:

  • sets out the types of personal data that we collect about you;

  • explains how and why we collect and use your personal data;

  • explains how long we keep your personal data for;

  • explains when, why and with who we will share your personal data;

  • sets out the legal basis we have for using your personal data;

  • explains the effect of refusing to provide the personal data requested;

  • explains the different rights and choices you have when it comes to your personal data; and

  • explains how we may contact you and how you can contact us.

3.    What personal data do we collect about you?

We collect the information necessary to be able to find available opportunities and further information needed so our recruiters can assess your eligibility through the different stages of recruitment. This relates to our business which is recruitment but also applications to work for The SR Group. This information includes: your name private and corporate email address, postal address and telephone number; financial information; curriculum vitae; work history; your educational records and training, work performance and right to work; compliance and identity documentation; references and links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, business Facebook or corporate website.

Depending on the nature of a role considered for, and also depending upon the applicable jurisdiction, we may need to collect and process sensitive personal data about you which may include information about your health (including details of any sick leave taken during your previous roles), details of any disability, details of any offences you have committed or are alleged to have committed and whether you are a member of any professional or trade associations. Please see section 8 below for the legal basis for such processing.

In addition, as part of our commitment to equality of opportunity and to monitor compliance with our equal opportunity policy, we may ask you to complete an equality monitoring form. Where you are asked to complete an equality monitoring form, information is provided voluntarily and on an anonymous basis for statistical analysis. It is not stored with your other personal records.

4.    Where do we collect personal data about you from?

The following are the different sources we may collect personal data about you from:

  • Directly from you. This is information you provide while searching for a new opportunity and/or during the different recruitment stages. For example, by filling in candidate registration forms in person or on our websites (which include www.thesrgroup.com, www.brewermorris.com, www.cartermurray.com, www.frazerjones.com, www.taylorroot.com, www.srsearch.com, www.srgprojects.com and the associated websites hosted on local country domains, including .de, .nl, .it, .ae, .com.sg, .com.hk, .com.au, .com/usa and .com/europe) or by corresponding with us in person, by phone, e-mail or otherwise. It includes information you provide when you attend our events, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, contribute to a market or insights report, or interact with us at a conference, and when you report a problem with our site.

  • From an agent/third party acting on your behalf. For example, this may be your own limited company or from another recruitment business or agency where you are applying to work for The SR Group.

  • Through publicly available sources with professional relevance. We use the following public sources:

  • Professional social media and networking sites (including LinkedIn)

  • Job Boards that you have registered your details on

  • Online curriculum vitae libraries

  • Corporate websites

  • By Reference or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or even a present employer or we may get a reference from your previous employer or a named referee included on your application form or curriculum vitae.

  • Where we collect your information through publicly available sources as set out above, we may do this with the aid of software programmes. These programmes are given parameters on the requirements of a role and search through publicly available sources, where there is a reasonable expectation that such information may be collected and processed by recruiters, to find candidates for particular job roles.

5.    How and why do we use your personal data?

We use your personal data so that we can provide our services to you, including to:

  • carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us;

  • provide you with information about job vacancies and to assist you in finding a suitable position (either temporary or permanent) by matching your skills, experience and education with a potential employer. We will initially collect basic information on you such as contact details, job role and experience and then pass this on to the client in search of talent. If you are chosen by the client and go through to the next stage we will then be collecting more information from you at the interview (or equivalent) stage and onwards in that manner;

  • if you work for a client or a potential client looking to fill roles, to contact you about candidates and to share your contact details with a candidate, at interview stage and beyond;

  • maintain our business relationship, where you are a user of our website, a client or candidate;

  • provide you with recruitment services - which may include career guidance and management and to supporting businesses’ resourcing needs and strategies;

  • manage a temporary or contract assignment - if you are engaged by The SR Group as a temporary worker;

  • assist in managing our relationship with you and our clients and perform administration or operational functions;

  • to third parties (see section 7 below);

  • analyse visitor trends and traffic on our websites – this information does not identify you individually – and ensure that content from our site is presented in the most effective manner for you and for your computer;

  • as part of our efforts to keep our site safe and secure;

  • notify you about changes to our services or this Privacy Policy;

  • carry out market research, marketing analysis and satisfaction surveys;

  • where you have provided your contact information with the possible use of our services, advise you of news and industry updates, events, services, promotions and competitions reports and other information that we feel may be of interest to you because it is relevant to your career or to your organisation. Where we do this you will be able to unsubscribe from such communications using the unsubscribe link or by contacting us at dataprotection@thsrgroup.com; and

  • to comply with our legal obligations and rights, under contracts and at law, and to cooperate with authorities and investigations.

6.    How long do we keep your personal data for?

We only retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.

When determining the relevant retention periods, we will take into account factors including:
a.    our contractual obligations and rights in relation to the information involved;
b.    legal obligation(s) under applicable law to retain data for a certain period of time;
c.    our legitimate interest where we have carried out a balancing test (see section 8 below);
d.    statute of limitations under applicable law(s);
e.    (potential) disputes;
f.    if you have made a request to have your information deleted; and
g.    guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed.

7.    Who do we share your personal data with?

Your personal data may be shared with certain third parties who will be subject to contractual obligations of confidentiality and compliance with relevant laws, including:

  • our clients who have a position to fill, in order to determine with the client whether you are a good fit for the available position. Our clients are global and cover various sectors including Legal, Compliance, HR, Tax, Treasury, Marketing, Executive Search and other markets.

  • the end client who you may be placed with through an intermediary such as an RPO.

  • our employees or other parts of our group globally (including our subsidiaries and our ultimate holding company);

  • suppliers, contractors and agents who may perform services for us, such as: professional advisors (for example, accountants or lawyers); IT software and service companies; research and mailing houses; event organisers and function co-ordinators; payroll and other financial service providers; analytics and search engine providers that assist us in the improvement and optimisation of our site; credit reference agencies; insurance brokers; compliance partners and other sub-contractors for the purpose of assessing your suitability for a role (such as psychometric testing and reference/qualification checking);

  • third parties relating to any business sale, merger, liquidation, receivership or transfer of assets provided that they agree only to use your personal data for the purposes that you have provided it to us;

  • prospective partners, clients and other reputable third parties to disclose aggregate statistics about our site visitors and candidates in order to describe our services and for other lawful purposes – in such cases these statistics will include no personal identifying information; and

  • if required to do so by law, a court order or by a regulatory authority of competent jurisdiction or if we believe that such action is necessary to protect, defend or enforce the rights of The SR Group.

8.    What legal basis do we have for using your information?

For candidates, contractors, referees and clients as well as applicants to work for The SR Group, our processing is necessary for our legitimate interests. As a recruitment business and recruitment agency we introduce candidates to clients for permanent employment, temporary worker placements or independent professional contracts.  The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process in that we need the information in order to be able to assess suitability for potential roles, to find potential candidates and to contact clients and referees. In order to support our candidates’ career aspirations and our clients’ resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements. To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts.

We carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing. We keep a record of these balancing tests. You have a right to and can find out more about the information in these balancing tests by contacting us using the details below.

We will rely on contract if we are negotiating or have entered into a placement agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.

We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal and regulatory obligations, such as disclosure to public authorities, regulators and investigations.

If you are interviewed and submitted as a candidate, then this may involve the processing of more detailed personal data including sensitive data such as health information that you or others provide about you. Such information may be required to perform/qualify for a certain function for which you want to apply based on national laws, which may provide the legal basis to process these data. In cases where there is no legal basis, we will ask for your express consent orally, by email or by an online process for the specific activity we require consent for and record your response. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time (as set out in section 16 below).

9.    What happens if you do not provide us with the information we request or ask that we stop processing your information?

If you do not provide the personal data necessary, object to or withdraw your consent (where applicable) for the processing of your personal data, we may in individual cases not be able to match you with available job opportunities.

10.    Do we make automated decisions concerning you?

No, we do not carry out automated profiling as there is human intervention in all our processing of personal data.

11.    Do we transfer your data across international borders?

To better match your employee profile with current opportunities, for the purposes of business development, systems development and testing, where required in order for our suppliers to provide a service to us or as necessary in order to perform our contract with you, your personal data may be transferred to clients and partners in countries across international borders as well as our global offices listed at the end of this Policy.

These countries privacy laws may be different from those in your home country. Where we transfer data to a country which has not been deemed to provide adequate data protection standards we have security measures and approved contracts in place to protect your personal data. For example, if the transfer is from the European Economic Area (EEA) to a country outside the EEA which has not been deemed to provide adequate data protection standards by the European Commission, we will use specific contracts approved by the European Commission which give personal data the same protection it has in Europe and/or where the transfer is to the US ensure that they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

By submitting your personal data, you agree to this transfer, storing or processing.

To find out more about how we safeguard your information as related to transfers please contact us on dataprotection@thesrgroup.com or using the details below.

12.    Security and storage of your data

Safeguarding personal data and respecting confidentiality of your information is important to The SR Group.

All information you provide to us is stored securely and we take necessary steps, including putting in place appropriate technical and organisational measures, to protect your personal data. While we have security measures in place to protect against the loss, misuse and alteration of personal data under our control we cannot guarantee that loss, misuse or alteration of personal data will not occur.

13.    Using our websites – internet-based transfers

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our websites may include links to external websites operated by other organisations which may collect personal data about you when you visit them. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for the privacy practices of any third-party websites. Please check these policies before you submit any personal data to these websites.

14.    Do we use Cookies to collect personal data on you?

To provide better service to you on our websites, we use cookies to collect your personal data when you browse. See our Cookie Policy for more details.

15.    IP addresses

We may collect information about your computer including where available your IP address, operating system and browser type for system administration and to analyse visitor trends and traffic on our website. This information is collected in aggregate form and does not identify individuals. It is not passed on to third parties.

16.    What rights do you have in relation to the data we hold on you?

By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from us using the contact details at the end of this Policy or the data protection regulator in your country.

Rights

What does this mean?

1. The right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.

2. The right of access

You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.

3. The right to rectification

You are entitled to have your information corrected if it’s inaccurate or incomplete.

4. The right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

5. The right to restrict processing

You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

6. The right to data portability

You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

7. The right to object to processing

You have the right to object to certain types of processing, including processing for direct marketing or if you no longer want to be contacted with potential opportunities.

8. The right to lodge a complaint

You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.

9. The right to withdraw consent

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw any consent to us using your personal data for marketing purposes.

 
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • baseless or excessive/repeated requests, or
  • further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

17. Keeping our records accurate and up to date

The SR Group will review the personal data it processes to ensure that it is up to date and accurate. Your co-operation in helping us to keep your personal data accurate by informing us of any change of name or change of address is an important part of this. If you would like to review or change the details you have supplied us with, you may do so at any time by notifying us in writing.

18. Changes to our Privacy Policy

This Privacy Policy was last updated in May 2018. The SR Group may change this Privacy Policy from time to time. If we change our Privacy Policy, we will post the changes on our website and, where appropriate notify you by email. The date of issue will be indicated. We recommend that you check the terms of this Privacy Policy periodically to keep up to date with any changes.

19. How will we contact you?

We may contact you by phone, email or social media. If you prefer a particular contact means over another, please just let us know.

20. How can you contact us?

If you are unhappy with how we’ve handled your information, or have further questions on the processing of your personal data, contact us here: dataprotection@thesrgroup.com or +44 (0)20 7415 0050 or address your query to the relevant office:

London Office
Anthony Davies - The Data Protection Officer
The SR Group (UK) Limited
95 Queen Victoria Street
London EC4V 4HN

Amsterdam Offices
Anthony Davies - The Data Protection Officer
The SR Group (Netherlands) B.V
1101 BR Amsterdam-Zuidoost
The Netherlands

Düsseldorf and Frankfurt Offices (for permanent and interim recruitment engaged directly by our clients)
Anthony Davies - The Data Protection Officer
The SR Group (Germany) GmbH
Schwanenmarkt 15
40213 Düsseldorf
Deutschland

Düsseldorf and Frankfurt Offices (for temporary recruitment)
Anthony Davies - The Data Protection Officer
The SRG Projects (Germany) GmbH
Schwanenmarkt 15
40213 Düsseldorf
Deutschland

Milan Office
Anthony Davies - The Data Protection Officer
The SR Group (Italy) S.r.l.
Via Giuseppe Sacchi 4
20121, Milan, Italy

Dubai Office
The Data Protection Team
The SR Group (Dubai) Limited
Suite 614, Liberty House, DIFC,
P.O. Box 506739,
DIFC – The Gate,
Dubai, UAE

Hong Kong Office
The Data Protection Team
The SR Group (Hong Kong) Limited
1918 Hutchison House
10 Harcourt Road, Central, Hong Kong

Singapore Office
Anthony Davies - The Data Protection Officer
The SR Group (Singapore) Pte. Ltd
30 Cecil Street,
21-03/04 Prudential Tower
Singapore, 049712

Sydney Office
The Data Protection Team
The Specialist Recruitment Group Pty Ltd
Suite 14.01
25 Bligh Street
Sydney, NSW 2000, Australia

Melbourne Office
The Data Protection Team
The Specialist Recruitment Group Pty Ltd
Level 4 520 Collins Street
Melbourne, Victoria 3000, Australia

New York Office
The Data Protection Team
The SR Group (US) Inc.
2 Park Avenue, Suite 303, 3rd Floor,
New York, NY10016, America