This policy applies to personal data which is collected and/or used by Falmouth Fairfax in its capacity as a controller as that term is defined in the EU General Data Protection Regulation (“GDPR”).
Why we use personal data
As a recruitment and personnel search business, we use personal data of our clients, candidates, suppliers and our own personnel to enable us to provide high-quality recruitment and personnel search services, including associated consulting services (together, the “Services”). This includes initiating and administering recruitment and search processes, marketing the Services, events and market updates (including relevant job opportunities and news) to potential and existing clients and candidates (but not from third parties), managing relationships with our business contacts, managing internal administrative processes, internal recruitment processes, diversity reviews, benchmarking, other recruitment-related consulting services and handling and responding to any enquiries, complaints or claims which arise in relation to our Services or processing of the data.
How we collect personal data
We collect personal data in a range of different ways depending on our interactions with you. Those include:
direct meetings with you;
via our website;
from your direct enquiry to or engagement of us;
through publicly available sources, where appropriate;
via trusted third parties, where appropriate and
you contacting us with any other enquiry, complaint or notice.
By using our website, you acknowledge your understanding of, and where necessary your agreement to, our use of your personal data.
What personal data we collect
For candidates, we collect your name, address, e-mail address, telephone number and any other personally-identifiable information and other relevant information directly from you or your CV. We may also obtain personal data about you from third parties to ensure that we are providing quality services to you and our clients
For clients, suppliers and other professional contacts, we collect your name, address, e-mail address, telephone number and any other personally-identifiable information and other information relevant and appropriate to managing our business relationship, including without limitation:
to carry out pre-engagement checks;
carry out communication, service, billing and administration;
deal with complaints; and
We may also process any other personal data where this data is volunteered to us by you. You consent to us processing that personal data.
Our legal basis for processing personal data
GDPR requires that we have a valid grounds for processing your personal data. The main grounds that we rely on in order to process personal data are as follows:
the processing is necessary for the performance of a contract, or to take steps (at your request) to enter into a contract;
the processing is necessary for us to comply with a relevant legal obligation;
the processing is in our legitimate interests, subject to due consideration for your interests and fundamental rights (this is the basis we rely upon for the majority of the processing of personal data in connection with the provision of our Services, and also for the purposes of most client on-boarding, administration and relationship management activities); or
on the basis of your consent (this ground will only be used in limited circumstances).
Where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time. If you wish to withdraw your consent, please see the “Contact” section below.
Who we will share personal data with
We will not sell, rent or trade your personal data to others. We may share personal data with our trusted third party suppliers in connection with the Services we provide, including for internal administration purposes.
For candidates, we may share your personal data with our clients in relation to the locating suitable employment and the Services that we provide. Candidates are requested to instruct Falmouth Fairfax on application if they wish any details to be restricted from any parties or companies that they do now wish Falmouth Fairfax to approach on their behalf.
We may also be required to share your data:
to a regulatory body or as required by law;
in relation to the prevention and/or detection of crime;
to establish legal rights or to investigate or pursue legal claims;
a merger, acquisition or corporate restructuring to which Falmouth Fairfax is subject; or
to prevent risk of harm to an individual.
We will use reasonable endeavours to make sure that all third parties that we share your data with are subject to appropriate obligations to ensure the protection of the data that we share with them.
Transfer of your data outside of the UK and/or European Economic Area (“EEA”)
We may transfer personal data outside of the UK and/or EEA in relation to our work with international client or suppliers with operations based abroad. Where such a transfer is required, we will ensure that the appropriate Model Clauses, as approved by the EU Commission, are in place.
How long we will retain personal data
We will only keep personal data for as long as we have a valid basis for needing it. We periodically review the data that we hold to make sure that it remains both relevant and up-to-date.
Your rights in relation to your personal data
You have certain rights in relation to your personal data that we process. In order to validate any request that we receive to exercise those rights, we may ask you for additional information to confirm your identity before complying with your request or we may otherwise require additional information from you in order to respond to the request. We reserve the right to charge a fee for complying with a request where we are permitted to do so by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us (see the “Contact” section below). We will make every reasonable effort to comply with your request within the required timeframes but there are circumstances where we may not be able to, or required, to fully comply with your request.
Right to Access: You have the right to access personal data which Falmouth Fairfax holds about you, together with certain information about how and why your personal data is processed.
Right to Rectification: You have a right to request us to correct your personal data where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure): You have the right under certain circumstances to have your personal data erased. Your information can only be erased if it is no longer necessary for the purpose for which it was collected, and we have no other valid basis for processing the information.
Right to Restrict Processing: You have the right to restrict the processing of your personal data where its accuracy is contested, the processing is unlawful, it is no longer needed for the purposes for which it was collected but we still need it to establish, exercise or defend legal claims or you have exercised the right to object and we have not yet establish if there are of overriding grounds for retention.
Right to Data Portability: In certain circumstances you have the right to data portability, which requires us to provide personal data to you or another controller in a commonly used, machine readable format.
Right to Object to Processing: You have the right to object to the processing of your personal data at any time, but only where that processing is based on our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
We ensure that you are provided with opt-out options when we send you any marketing.
To exercise any of the above mentioned rights, please see the “Contact” section below.
In addition, you may also have the legal right make a complaint to the relevant supervisory authority or local data protection authority. In the UK, this is the Information Commissioner’s Office.
Our systems and IT staff remain constantly vigilant to protecting the data we hold. We implement reasonable technical and organisational measures and safeguards to protect personal data from unauthorised loss, misuse, alteration, or destruction. This includes encryption of our electronic systems, access limitation to systems, limiting access to your personal data on a "need to know" basis, and providing training to appropriate Falmouth Fairfax staff.
Despite these efforts, security cannot be absolutely guaranteed against all threats.
If you require any further information from us in relation to our processing of your personal data, including where you would like to make a complaint, please contact us at firstname.lastname@example.org. Alternatively, please feel free to write to us at: Data Protection Enquiries, Falmouth Fairfax Limited, 83 Victoria Street, London, SW1H 0HW.
This Policy may be updated at any time by Falmouth Fairfax. Updates to the Policy will be notified to you via our website.