This notice sets out how we will use your personal data, and your rights under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).
HeriotBrown is committed to protecting your privacy and we aim to respect your personal data you share with us.
Your personal information will be held and process by HeriotBrown. The HeriotBrown is the controller of this information. This also includes when it is collected or processed by third parties on our behalf. The HeriotBrown collects, processes and shares personal information to enable it to carry out its statutory and other functions.
Our website might include links to other companies’ websites. However, HeriotBrown is not responsible for the privacy practices of others and we encourage you to read their privacy notices.
The personal information relates to members of the public.
The HeriotBrown collects your data that you provide by registering on our recruitment website or either directly or through an agency or other third parties. You may be asked to provide the following information:
- Personal contact details that you provide when you register with us such as name, title, addresses, telephone numbers, and personal email addresses, employment history, qualifications.
- Date of birth, gender and ethnicity.
- Any information you have provided to us during an interview – proof of ID (e.g. passport, driving licence, utility bill as proof of address).
- Any information included in the application form.
- Records of correspondence with us.
- Confirmation of your security clearance. This can include passport details, nationality details and information about convictions/allegations of criminal behaviour.
- Records from documents showing your entitlements to work in the UK.
- When you access our website, we might collect your browsing records such as IP-address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type, language and other such information. If you contact us over the phone certain additional information, such as your phone number, may be sent to us.
Automated decision making/profiling (if applicable)
We may use a technology to select appropriate candidates based on search criteria. The process of finding suitable candidates is automatic. However, our employees are involved in the further selection process.
The personal information is processed for the purpose of a recruitment campaign to fill a vacancy. This will enable us to process the following functions relating to your recruitment:
1. Processing applications received for vacancies.
2. Arrange interviews for successful applicants.
3. Offer a successful candidate for the position.
If you have opted-in we may also send you marketing information and news via email. You can opt-out from receiving these at any time by clicking “unsubscribe” when you receive these messages from us.
The HeriotBrown may share your information with other organisations in the course of carrying out our functions, or to enable others to perform theirs, but only where it is lawful.
For successful candidates, your personal information will be kept for 2 years after the completion of the recruitment process. For unsuccessful candidates, your personal information will be kept for 9 months after completion of the recruitment process.
- You have the right to request information about how your personal data are processed, and to request a copy of that personal data.
- You have the right to request that any inaccuracies in your personal data are rectified without delay.
- You have the right to request that your personal data are erased if there is no longer a justification for them to be processed. (Request to delete individual responses will be considered on a case by case basis)
- You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
- You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.
We take the appropriate measures to ensure that all personal data is kept secure and protected against accidentally lost, or an unauthorised access.
All data is stored on secure Cloudways virtual server. We also apply the best practice to ensure that your data is protected by applying SSL certificate on our websites, firewalls, passwords and anti-spam software. We will limit the access to your personal data to those who have a genuine business to know it. Regular backups of our website take place to reduce the risk of data loss and we will notify you of a suspected data security breach where we are legally obligated to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.
If you would like to enact your rights, make a complaint or contact our Data Controller, you can do so by submitting a request at:
1st Floor, 1 Fore St Ave, London EC2Y 9DT
0203 875 3330
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of changes to this policy by email if you have provided us with means to do so.
This Privacy Notice was updated on April 2019.