Privacy
At RGP, we’re committed to protecting your privacy. We promise to clearly explain how your personal data is used and ensure it’s only collected when necessary. Your information will always be secure, and we’ll only send you content that’s relevant and valuable to you.
Overview:
We want to explain clearly how we process Client personal data in the provision of our services. For ease of use, we have split our Data Protection Statements into sections so you can easily find the information that you need:
Group Information Statement: Our Group Information Statement provides information about the companies in the Group including relevant contact details. This information is relevant to all data subjects.
Candidate Data Protection Statement: Our Candidate – Data Protection Statement (this statement) provides specific information about active and potential candidates supplied on assignment, whose personal data we process as part of our business.
Client Data Protection Statement: Our Client – Data Protection Statement provides specific information about our processing activities relevant to business clients, whose personal data we process as part of our business activities.
Other Contact Data Protection Statement: Our Other Contact – Data Protection Statement is relevant to all other data subjects whose personal data we process who are not considered Candidates or Clients. This includes but is not limited to personal data of vendors, agencies, partners, referees, emergency contacts, website users and members of the public.
Data Protection Rights Statement: The Data Protection Rights Statement is relevant to all data subjects and provides information about your rights and what you should do if you want to raise a concern.
For further information about our group of companies please see group information.
References to “we”, “us” and “Company” shall apply to the company in the group that is processing your personal data.
Our Group Information Statement provides information about the companies in the Group, including relevant contact details. This information is relevant to all data subjects.
1. Group Information & Contacts
Our Data Protection Statements addressed to individuals whose personal data we process as part of our engagement with them. RGP provides talent solutions to meet our clients’ needs by connecting specialized talent with leading employers across multiple geographies, industries, and disciplines.
Your relationship may be with one, or several, companies in the Group (each company is referred to herein as a “Group Entity” and together they are the “Group”). Each Group Entity and their global locations are specified below. Any Group Entity operating from a website other than www.RGP.com will present a separate data protection statement to data subjects.
North America
Resources Connection, Inc.
Resources Connection LLC
Veracity Consulting Group, LLC
Sitrick Group, LLC
RGP Property LLC
Resources Connection Mexico , S. de R.L. de C.V.
Resources Global Professionals, Inc Canada
Europe
Resources Connection (UK) Limited
Resources Global Professionals (Europe) B.V.
Resources Management & Finance B.V.
Resources Global Professionals Sweden AB
Resources Global Professionals (Ireland) Limited
Resources Global Professionals Czech s.r.o.
Resources Global Professionals (Germany) GmbH
Resources Global Professionals (Switzerland) GmbH
Asia Pacific
Resources Connection Australia PTY Limited
Resources Global Enterprise Consulting Beijing Co Ltd
Resources Global Enterprise Consulting Beijing Co Ltd – Shanghai Branch
Resources Global Enterprise Consulting Beijing Co Ltd – Guangzhou Branch
Resources Global Professionals Japan K.K.
Resources Global Professionals (HK) Limited
Resources Global Professionals (India) Private Limited
Resources Global Professionals (Korea) Ltd
RGP (Hong Kong) – Philippine Branch
Resources Global Professionals Taiwan Co., Ltd.
RGP Consulting SDN. BHD.
Resources Global Professionals (Singapore) Pte. Ltd.
Cloudgo Private Limited
Cloudgo Pte. Ltd.
Cloudgo Pty Ltd.
References to “we”, “us” and “Company” in our Data Protection Statements shall apply to the Group Entity that is processing your personal data.
2. Group Joint Controllers
As a global organisation we operate centralised systems to ensure consistency and security across the Group. We also make strategic decisions at our head office companies in United States (namely “RGP” (together “Group Head Office”). In such cases the relevant local Group Entity and Group Head Office are jointly responsible as joint controllers within the meaning of the General Data Protection Regulation. The joint processes relate to the operation and use of jointly used databases, platforms, functions (such as legal, finance and marketing) and IT systems and the implementation of key strategic decisions which determine how personal data is processed. With respect to the joint processes, the local Group Entity and Group Head Office jointly determine the purposes and means of processing.
Certain Group Entities also work very closely together on the development of our Candidate and Client relationships. We have identified below all relevant joint controller Group Entity relationships and the relevant lead Group Entity contact for those relationships.
Processing Activity: Centralised systems and head office functions
Data Subjects: All
Joint Controllers:
- Group Head Office
- Local Group Entity
Lead Group Entity Contact:
Processing Activity: Candidate Sourcing and Relationship Management
Data Subjects: UK/Europe Candidates
Joint Controllers:
- Local Group Entity
Lead Group Entity Contact:
Processing Activity: Client Relationship Management
Data Subjects:
- North America/Mexico/Asia Candidates
- Clients
Joint Controllers:
- Local Group Entity
- Each Group Entity is a Joint Controller
Lead Group Entity Contact:
As part of the internal Group Agreement, the Group Entities have determined, for the purposes of Data Protection Laws, how their respective tasks and responsibilities are structured and who fulfils data protection obligations. It has been determined how security arrangements should be managed, how the rights of all data subject can be ensured, how transparency requirements can be fulfilled and how data protection incidents can be monitored. In addition, we ensure that employees, only have access to the personal data that they need, treat all information as confidential and only process it for the relevant purpose.
3. Group Lead Contact Point
RGP Europe is available as your central point of contact for all queries at:
Data Protection Office: Email: privacy@RGP.com
You can also assert your rights with regard to the processing of personal data with your local Group Entity. For contact information please click here. We will coordinate in order to respond to your inquiry and to guarantee your rights as a data subject.
4. Your Data Protection Rights
Please see our Data Protection Rights Statements for further information about your rights
5. Queries & Supervisory Authority Contact Details
Please see section 2 of our Data Protection Rights Statement “Queries and Supervisory Authority” for further information about relevant Data Protection Authority contact details.
1. Who This Data Protection Statement Applies To:
This Data Protection Statement applies to Candidates. For the purposes of this Candidate – Data Protection Statement, a Candidate includes:
- an active job seeker, who registers with us with the purpose of us helping them to find a job or applies to a Client role that we have advertised;
- someone we identify as a potential job seeker.
2. Sources of Candidate Personal Data:
We have a variety of sources of Candidate personal data. We will only ever source personal data that is necessary to provide our services and in a way that would be generally expected.
We receive personal data about Candidates from a variety of sources. Usually a Candidate will register their interest with us or we will approach them through publicly available channels. We may also receive personal data about a Candidate when:
- the Candidate applies to a position advertised on our website;
- the Candidate may be sourced from publicly accessible platforms such as LinkedIn;
- the Candidate may be sourced from third party CV providers such as jobs websites that provide CV search facilities, where users have made their CV data available to registered customers of these sites;
- the Candidate may be referred to us from a third party recruitment business which is a supplier to us;
- the Candidate’s nominated referees or other individuals may provide us with personal data relating to the Candidate; or
- the Candidate may be referred to us by the Client.
3. Lawfulness of Processing:
This section describes the lawful basis we may use to process Candidate personal data.
We process all personal data lawfully and in accordance with the requirements of the Data Protection Laws.
When we process personal data any one of the following legal grounds will generally apply.
CONTRACT
We will process personal data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.
CONSENT
For certain processing activities we may rely on your consent.
Where we are unable to collect consent for a particular processing activity, we will only process the personal data if we have another lawful basis for doing so.
You can withdraw consent provided by you at any time by contacting us at privacy@RGP.com
LEGITIMATE INTEREST
At times we will need to process your personal data to pursue our legitimate interests, for example for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.
We will not process your personal data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.
You may object to any processing we undertake on this basis. If you do not want us to process your personal data on the basis of our legitimate interests, contact us at privacy@RGP.com and we will review our processing activities.
LEGAL OBLIGATION
If we have a legal obligation to process personal data we will process personal data on this legal ground.
DEFENCE OF LEGAL CLAIMS
In limited circumstances and in accordance with the law we may use personal data in the defence of legal claims or enforcing legal rights.
4. Categories of Candidate Personal Data
This section describes the personal data that we collect about Candidates. We only collect the personal data that we require in order to provide and deliver the services that you expect. We have described here the personal data that we use in order to provide our services.
The table below sets out the general categories of personal data that we may collect in relation to Candidates. For each personal data category we have included an example of the personal data types that may be included in the relevant category. We will always seek to minimise the personal data we process and the relevant personal data types will only be collected where relevant for the purpose.
Application Data
may include information provided when applying for a role such as, CV Data, Financial Data, Position Data, Media Data, and details of visa or eligibility to work. This may include Registration Data where the Candidate is not already registered.
Communications Data
may include communications with us over email, text, phone or letter.
Contact Data
may include a person’s name, email address, phone number, postal address, other communication details including social media links (e.g. Linkedin).
CV Data
may include Contact Data, Identification Data, Professional Data, Education Data and information about achievements and hobbies.
Education Data
may include educational history such as degrees, certificates and diplomas awarded, languages and qualifications.
Financial Data
may include payment and bank details, tax information, payroll information, professional fee rate expectations, Limited/Umbrella company details.
Health Data
may include health information including information about any disability or illness.
Identification Data
may include a person’s date of birth, driver’s licence, national tax identification number and passport information.
Marketing Data
may include Contact Data and any preferences in receiving marketing from us and your communication preferences.
Media Data
may include photographs, video data and recordings from any interview with the Candidate including, Contact Data, Professional Data, Education Data, Health Data, Registration Data and Communications Data.
Position Data
may include information relevant to a position such as rate of pay, working hours, reporting lines, job description and performance.
Professional Data
may include information about previous professional experience such as profession, company, department, employment history, skills/experience, membership of professional bodies.
Registration Data
includes personal data provided when registering as a Candidate and any notes or observations made on the Candidate record. This may include Contact Data, Identification Data, Professional Data and Education Data. It may also include system assigned identifiers, date record added, Work Finding Services Agreement (in relevant locations), Candidate registration form, Candidate Terms and Conditions.
Special Category Data
may include diversity data such as gender, religion, racial or ethnic origin, sexual orientation, trade union membership or Health Data.
Web Data
may include information provided on any forms completed by a Candidate on our website and, to the extent that it includes personal data, information on the type of device being used, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
5. Our Processing Activities:
We have set out in the table below, the general purpose of processing, the categories of personal data processed and the related lawful basis for processing.
The table below sets out the personal data we collect, the purpose for which we collect it and our lawful basis for doing so.
Purpose/Activity Personal Data Category Lawful Basis for Processing
Candidate Sourcing and applications
Purpose/Activity:
- to facilitate engagement through our website.
- to agree any contract between us and the Candidate for the provision of professional services to Clients.
- to process Candidate applications
- to create a record/file for the Candidate on our system and to link all notes and tracking throughout the engagement process including, interview, placement, onboarding and contracting process.
- screening and identification of Candidates for assignments
- to receive and review Candidate enquiries.
- to understand Candidate current and expected remuneration requirements, notice periods and availability, current and required locations.
Personal Data Category:
- Application Data
- Communications Data
- Contact Data
- CV Data
- Financial Data
- Identification Data
- Marketing Data
- Position Data
- Professional Data
- Registration Data
Lawful Basis for Processing:
- Contract
- Legitimate interest in sourcing the right Candidates
- Consent
Candidate Registration
Purpose/Activity:
- to register Candidates on our database.
- responding to Candidate queries.
- receiving and reviewing Candidate registrations.
- communications with Candidates re registration.
- setting up meetings with Candidates.
- engaging with Clients in relation to the Candidates.
Personal Data Category:
- Contact Data
- CV Data
- Communications Data
- Identification Data
- Registration Data
Lawful Basis for Processing:
- Contract
- Legitimate Interest in administering the registration process
Ongoing Candidate Relationship Management
Purpose/Activity:
- to keep up to date information about Candidates in relation to their requirements, in order to assess their suitability for current or future project opportunities.
- to maintain our Candidate database.
- to communicate with Candidates about assignments that might be of interest to them.
- to tailor our products and services to better identify the right Candidates for upcoming engagements with Clients.
- to undertake profiling for the purposes of semi-automated or manual decision making about Candidates.
Personal Data Category:
- Communications Data
- Contact Data
- CV Data
- Financial Data
- Identification Data
- Marketing Data
- Position Data
- Professional Data
- Registration Data
Lawful Basis for Processing:
- Consent
- Contract
- Legitimate Interest in managing Candidate relationships
Candidate Meetings
Purpose/Activity:
- to arrange and undertake Candidate meetings.
- recording notes of Candidate meeting.
- to communicate with the Candidate following meeting.
Personal Data Category:
- Contact Data
- Communications Data
- CV Data
Lawful Basis for Processing:
- Legitimate Interest in meeting with Candidates
- Contract
Candidate Assignment Management
Purpose/Activity:
- for performance management activities
- Mobilisation
- Retention
- Assignment extension
Personal Data Category:
- Contact Data
- Communications Data
- Position Data
Lawful Basis for Processing:
- Contract
- Legitimate interest in candidate engagement
Candidate Finance Activities
Purpose/Activity:
- to ensure remuneration expectations are met.
- to undertake financial audits
- to communicate professional fee arrangements between Client and Candidate.
- to pay referral fees.
- to make an offer of professional fees to a Candidate on behalf of a Client in relation to a specific engagement.
- to generate placement activity on our central systems in order to invoice a Client.
Personal Data Category:
- Contact Data
- Financial Data
- Identification Data
Lawful Basis for Processing:
- Contract
- Legitimate Interest in maintaining accounts
Website Delivery
Purpose/Activity:
- to respond to web forms completed by you.
- to promote our products and services.
- to administer the Website
- for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes.
- to ensure the safety and security of our website and our services.
Personal Data Category:
- Contact Data
- Web Data
Lawful Basis for Processing:
- Consent
- Legitimate Interest in administering our website
Legal and Compliance Activities
Purpose/Activity:
- to meet equal opportunity and diversity requirements
- to meet health and safety requirements
- to capture consent/contract acceptance on paper or electronic registration forms, terms & conditions or forms
- to comply with our legal obligations in respect of: the collection of taxes, levies, contributions; the detection of crime; labour standards; anti-bribery legislation; and industry specific legislation
- to comply with Client requests relating to their employment practices
- to comply with the law in certain jurisdictions
- to fulfill contractual obligations with Clients and vendors, for example, in relation to the enforcement of intellectual property rights.
- for the purposes of legal claims and compliance activities including insurance.
Personal Data Category:
- Contact Data
- Health Data
- Identification Data
- Special Category personal data
- Financial data
- Marketing data
- Registration data
- Communications data
Lawful Basis for Processing:
- Consent
- Contract
- Legitimate interest in providing legal opinion
- Assessment of Working Capacity
- Carrying out obligations under employment or social protection law
- Defence of legal claim
Prevention of fraud and ensuring security
Personal Data Category:
- CCTV Data
Lawful Basis for Processing:
- Legitimate Interest in ensuring security in our operations
6. Retention of Candidate Personal Data:
Our mission is to build lasting relationships with Candidates, not just for one assignment but for the purposes of building a partnership over many years.
Our aim is to build lasting relationships with our Candidates and thus to contribute to long term career success and development.
Our goal is to continue to engage and interact with Candidates even after they have secured a new position – for example to keep them informed of market developments, invite them to topical seminars and networking events, and to be on hand to offer advice about career planning.
The Group will retain your personal data for as long as we need to fulfil the purpose, we collected it for, which may be an ongoing purpose. We recognise that the level of engagement we have with Candidates may vary and we manage our retention activities carefully to reflect this. In some circumstances we will determine the appropriate retention period where the purpose of that retention can be justified, for example, for accounting, tax, legal and compliance purposes.
Examples of the activities that we would consider evidence of our ongoing engagement with a Candidate and thus a reason to continue to retain their personal data include:
- the Candidate engaging with our Services
- the Candidate meeting one of our talent management consultants, to register for new opportunities, or for example to update on their situation and seek professional advice or some other professional input
- us sending a Candidate’s profile (with their approval) to a Client for consideration for an assignment
- us arranging a business meeting with the Candidate or between the Candidate and a Client
- us exchanging email correspondence or having telephone conversations with the Candidate
- the Candidate interacting with our marketing communications for example, clicking to open our market insights, newsletters, surveys etc.
- If a Candidate unsubscribes to marketing communications, no further marketing communications will be sent.
7. Disclosure – Candidate Personal Data
We may need to share your personal data in order to deliver our services. We will always ensure that any disclosure of personal data is undertaken in compliance with Data Protection Law and ensure that appropriate technical and organisational measures are undertaken to protect and secure any personal data that is transferred.
Candidate Personal Data is shared in certain circumstances as follows:
- between the companies identified in this Data Protection Statement and in particular in our Group Information Statement for the purposes of administration, marketing and provision of our services.
- to business partners and third party service providers for the purposes of delivering services to or on behalf of our company and administration of our business, including email, chat, ticketing, Customer Relationship Management, Applicant Tracking System, payment processors, data aggregators, hosting service providers, external consultants, accountants, auditors, IT consultants and lawyers.
- if a company in the group or substantially all of its assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets.
- if we are under a duty to disclose or share personal data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have.
- to official authorities to protect our rights, property, or safety, or those of other persons (including you).
- to our email distribution partner and service providers in the case of marketing and newsletters.
- to Clients and potential Clients of our services for the purposes of consideration of the Candidate.
8. Transfer of Personal Data:
In some circumstances we may need to transfer personal data outside of the country where it was originally collected. We will always undertake such transfers in accordance with data protection laws.
We may transfer Personal Data outside of your home country; however, we will always ensure that this is done in compliance with the relevant laws of your country.
We will normally use and share personal data outside of your country for the following reasons:
- to carry out corporate oversight of our global business organisation.
- to provide shared services in certain functions such as HR, Finance, Marketing, Legal, Privacy and IT.
- to deploy certain tools and resources across the global organisation.
- to facilitate interactions between our employees across our global locations.
- to work with our group companies to identify Candidates/Clients.
RGP complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RGP has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. RGP has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework.
RGP’s accountability for personal data that it receives in the United States under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, RGP remains responsible and liable under the DPF Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the DPF Principles, unless RGP proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RGP commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
We inform all data subjects that our organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
RGP has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
9. Security Measures:
We monitor for and do everything that we can to protect personal data and prevent security breaches.
We will take all steps reasonably necessary to ensure that all personal data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we employ appropriate technical and organisational procedures to safeguard and secure the personal data we process to prevent unauthorised access.
We monitor for and do everything we can to prevent security breaches of the personal data that we process. Once we have received your personal data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your personal data can access it.
We also use secure connections to protect personal data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.
If you think that there has been any loss or unauthorised access to personal data of any individual, please let us know immediately.
10. Use of Third Party Website
It is important to be careful when visiting third party websites and when providing personal data to third parties. We have no control over third party websites that you may access.
Websites that you access via a link on our website or otherwise, are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect personal data from you, which will be used by them in accordance with their own Data Protection Statements, which may differ from ours. Please check the Data Protection Statements on those websites before you submit any personal data to them.
11. Cookies:
Cookies are small files containing a string of characters to identify your browser. When an individual visits RGP’s website, we do not deploy the of use Cookies or Web Beacons, or any other indirect electronic means to collect your Personal Information. However, should you or any individual decide to register on the website and download RGP information or publications, at that time we will use Cookies to provide a better user experience for those users who may return to our website. You may, however, reset your browser to refuse Cookies or to warn you when they are being sent. Please note that by turning the setting off on your Cookies, you will not have access to all the features available on RGP’s website.
12. Amendments to This Data Protection Statement:
We will post any changes to this Data Protection Statement on the Website and when doing so will change the effective date at the top of this Data Protection Statement.
In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.
13. Queries:
Please contact us if you have any questions or concerns about how your personal data is being used by us.
RGP’s Data Privacy Office is available as your central point of contact for all queries at:
Email: privacy@rgp.com
14. Your Data Protection Rights:
Please see our Data Protection Rights Statement for further information about your rights.
15. Supervisory Authority Contact:
If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached.
Please see section 2 of our Data Protection Rights Statement “Queries and Supervisory Authority Contact Details” for further information about relevant Data Protection Authority contact details.
1. Who This Data Protection Statement Applies To:
This Data Protection Statement applies to Clients.
For the purposes of this Client – Data Protection Statement, Clients are those business contacts that we engage with for the purposes of delivering services including:
- to hire consultants in temporary or independent contract positions.
- consultancy or advisory services.
- managed service solutions.
2. Sources of Client Data:
We source Client personal data in order to serve the business relationship.
We receive personal data about Clients from a variety of sources, as follows:
- the personal data is often provided by the Client or created by us as part of the relationship;
- the personal data may be collected from public sources;
- the personal data may be collected indirectly from another person within the company of the Client;
- the personal data may be collected through our website;
- the personal data may be collected indirectly from a website or from a third party.
3. Lawfulness of Processing:
This section describes the lawful basis we may use to process Client personal data.
CONTRACT
We will process personal data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.
LEGITIMATE INTEREST
At times we will need to process your personal data to pursue our legitimate interests, for example for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.
We will not process your personal data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.
You may object to any processing we undertake on this basis. If you do not want us to process your personal data on the basis of our legitimate interests, contact us at privacy@RGP.com and we will review our processing activities.
DEFENCE OF LEGAL CLAIMS
In limited circumstances and in accordance with the law we may use personal data in the defence of legal claims or enforcing legal rights.
LEGAL OBLIGATION
If we have a legal obligation to process personal data we will process personal data on this legal ground.
4. Categories of Client Personal Data:
We only collect the personal data that we require in order to ensure we can have a productive business relationship with Clients.
The table below sets out the general categories of personal data that we collect in relation to Clients:
Communications Data
may include personal data included in communications with us over email, phone, letter and electronic communications (social platforms and chats).
Contact Data
may include a person’s name, email address, phone number, postal address, other communication details, including social media links (e.g. Zoom, LinkedIn).
Marketing Data
may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
Position Data
may include Client role, job title, reporting line etc.
Web Data
may include information provided on any forms completed by a Client on our website and, to the extent that it includes personal data, information on the type of device being used, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
5. Our Processing Activities – Clients:
We want to ensure that the personal data is used for the purposes that you would expect.
The table below sets out the personal data we collect, the purpose for which we collect it and our lawful basis for doing so.
Managing payments and our relationship with the Client and administration of the contract
Purpose/Activity:
- to process payments to and from our business.
- to negotiate and administer the relationship with the Client.
- to fulfil our legal/contractual obligations.
- to manage/respond to complaints/issues.
- to generate placement activity on our systems for invoicing purposes
Personal Data Category:
- Communications Data
- Contact Data
- Financial Data
- Position Data
- Reference Data
Lawful Basis for Processing:
- Contract
- Legitimate Interest in managing payment and contracts
- Legal Obligation
Service delivery activities
Purpose/Activity:
- to keep in contact with the Client to discuss and review their requirements.
- to inform, update and discuss a Candidate that may be of interest.
- to consider a Candidate for engagement.
- to organise and schedule meetings between a Candidate and a Client.
- to inform the Client about progression of a Candidate through the engagement process, to discuss the contracts and on-boarding of a Candidate.
- to discuss any reference or other pre-screening information provided for a Candidate.
- to obtain information about the performance of a Candidate including the provision of references by the Client.
- to understand the type of solutions (including type of Candidates) required by the Client, and build up knowledge and understanding of the Client organisation and its structure.
- to create a record/file for the Client on our internal systems including all notes and tracking throughout the engagement process, meetings held, negotiation, on-boarding and contracting process.
- to send Client Contact Data to Candidates in relation to the interview and on-boarding process.
- to carry out our obligations under our contract with the Client
- to ask for feedback about our products or services.
- to manage relationship with Client.
Personal Data Category:
- Communications Data
- Contact Data
- Financial Data
- Position Data
- Reference Data
Lawful Basis for Processing:
- Contract
- Legitimate Interest in fulfilling our service delivery activities
Website Delivery
Purpose/Activity:
- to respond to web forms completed by Client.
- to promote our products and services on the website.
- to administer the Website.
- for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes.
- to tailor our products and services to better identify the right opportunities at the right time and meet Client needs more effectively.
- to produce aggregated models to predict trends and produce market insights.
- to undertake modelling to produce lead scores in order to predict which Candidates our Clients are most likely to deploy.
- to ensure the safety and security of our website and our services.
Personal Data Category:
- Contact Data
- Communications Data
- Web Data
Lawful Basis for Processing:
- Consent
- Legitimate Interest in the administration and security of our website
Marketing activities
Purpose/Activity:
- to keep in contact with Clients and review requirements for services
- to personalise marketing communications.
- to respond to any requests from you.
- to send newsletters and other information that may be of interest
- to inform you of events or webinars that might be of interest.
- to deliver and organise our conferences, seminars and events
- to follow up with attendees of our events/webinars.
- to promote our products and services.
- to ask for feedback about our products or services.
- to aggregate data used as part of surveys or to produce market insights.
- to segment and distribute targeted marketing.
Personal Data Category:
- Marketing Data
- Contact Data
- Web Data
Lawful Basis for Processing:
- Consent
- Legitimate Interest in marketing and promoting our business
6. Retention of Client Personal Data:
Our mission is to build lasting relationships with clients, not just for one assignment but for the purposes of building a partnership over many years.
Our goal is to continue to engage and interact with Clients, for example to keep them informed of market developments, invite them to topical seminars and networking events, and to be on hand to offer advice.
We recognise that the level of engagement we have with different Clients may vary and we manage our retention activities carefully to reflect this.
Examples of the activities that we would consider evidence of our ongoing engagement with a Client and thus a reason to continue to retain their personal data include:
- a placement has been added against the Client record
- a Client contact is added as a Billing Contact on a placement
- a Client contact is added as a Timesheet Approver on a placement
- a Client contact gives us a vacancy to recruit for
- a Client contact who we send CV’s to
- a Client contact who we arrange interviews with
- a Client contact who extends an offer
- a Client contact who we meet with face to face with or over the phone
- Exchanging email correspondence or having telephone conversations with the Client
If a Client contact unsubscribes to marketing communications, no further marketing communications will be sent.
7. Disclosure – Client Personal Data:
We may need to share your personal data in order to deliver our services. We will always ensure that any disclosure of personal data is undertaken in compliance with Data Protection Law and ensure that appropriate technical and organisational measures are undertaken to protect and secure any personal data that is transferred.
Client Personal Data is shared in certain circumstances as follows:
- between the companies identified in this Data Protection Statement and in particular in our Group Information Statement for the purposes of administration, marketing and provision of our services.
- to business partners and third party service providers for the purposes of delivering services to or on behalf of our company and administration of our business, including email, chat, ticketing, Customer Relationship Management, Applicant Tracking System, payment processors, data aggregators, hosting service providers, external consultants, accountants, auditors, IT consultants and lawyers.
- if a company in the Group or substantially all of its assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets.
- if we are under a duty to disclose or share personal data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have
- to official authorities to protect our rights, property, or safety, or those of other persons (including you)
- to payment service partners for the processing of payments to and from our business
- to protect our rights, property, or safety, or that of our clients or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection
- to analytics and search engine providers that assist us in the improvement and optimisation of our Website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google
- to insurance brokers and providers where required for administering claims
- to our email distribution partner and service providers in the case of marketing and newsletters
- to Candidates for the purposes of communicating with Clients
8. Transfer of Personal Data:
In some circumstances we may need to transfer personal data outside of the country where it was originally collected. We will always undertake such transfers in accordance with data protection laws.
We may transfer Personal Data outside of your home country; however, we will always ensure that this is done in compliance with the relevant laws of your country.
We will normally use and share personal data outside of your country for the following reasons:
- to carry out corporate oversight of our global business organization
- to provide shared services in certain functions such as HR, Finance, and IT
- to deploy certain tools and resources across the global organisation
- to facilitate interactions between our employees across our global locations
- to work with our Group Entities to identify Clients
- We will ensure that any transfer of Personal Data outside of any jurisdiction is undertaken using legally compliant transfer mechanisms and in accordance with relevant laws.
RGP complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RGP has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. RGP has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework.
RGP’s accountability for personal data that it receives in the United States under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, RGP remains responsible and liable under the DPF Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the DPF Principles, unless RGP proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RGP commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
We inform all data subjects that our organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
RGP has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
9. Security Measures:
We monitor for and do everything that we can to protect personal data and prevent security breaches.
We will take all steps reasonably necessary to ensure that all personal data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the personal data we process.
We monitor for and do everything we can to prevent security breaches of the personal data that we process. Once we have received your personal data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your personal data can access it.
We also use secure connections to protect personal data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.
If you think that there has been any loss or unauthorised access to personal data of any individual, please let us know immediately.
10. Use of Third Party Websites:
It is important to be careful when visiting third party websites and when providing personal data to third parties. We have no control over third party websites that you may access.
Websites that you access via a link on our website or otherwise, are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect personal data from you, which will be used by them in accordance with their own statements, which may differ from ours. Please check the statements on those websites before you submit any personal data to them.
11. Cookies:
Cookies are small files containing a string of characters to identify your browser. When an individual visits RGP’s website, we do not deploy the of use Cookies or Web Beacons, or any other indirect electronic means to collect your Personal Information. However, should you or any individual decide to register on the website and download RGP information or publications, at that time we will use Cookies to provide a better user experience for those users who may return to our website. You may, however, reset your browser to refuse Cookies or to warn you when they are being sent. Please note that by turning the setting off on your Cookies, you will not have access to all the features available on RGP’s website.
12. Amendments to This Data Protection Statement:
We will update the date on this Data Protection Statement when we make changes to it.
We will post any changes to this Data Protection Statement on the Website and when doing so will change the effective date at the top of this Data Protection Statement.
In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.
13. Queries:
Please contact us if you have any questions or concerns about how your personal data is being used by us.
RGP Data Protection Team is available as your central point of contact for all queries at:
Data Protection Office
Email: privacy@RGP.com
14. Your Data Protection Rights:
Please see our Data Protection Rights Statement for further information about your rights
15. Supervisory Authority Contact Details
If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached.
Please see section 2 of our Data Protection Rights Statement “Queries and Supervisory Authority Contact Details” for further information about relevant Data Protection Authority contact details.
1. Who This Data Protection Statement Applies To:
This Data Protection Statement applies to Other Data Subject
This Data Protection Statement describes how we process personal data of “Other Contacts”. For the purposes of this Data Protection Statement an “Other Contact” includes anyone who is not a Candidate, Employee, Independent Contractor or a Client.
Other Contacts will include for example suppliers, subcontractors, agencies, partners, referees, details of next of kin/emergency contacts, website users, visitors who registering on our websites.
2. Sources of Other Contacts Data:
We source Other Contacts personal data as part of our services. We will only ever source personal data that is necessary and in a way that would be generally expected.
We receive personal data about Other Contacts from a variety of sources, as follows:
- directly from the Other Contacts or created by us as part of the relationship
- through access to and use of our website
- from Candidates, Employees and Independent Contractors in the case of next of kin/emergency contact details and referees
3. Lawfulness of Processing:
This section describes the lawful basis we may use to process personal data in accordance with the requirements of the GDPR.
We process all personal data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds available for processing personal data. When we process personal data any one of the following legal grounds will generally apply.
CONTRACT
We will process personal data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.
LEGITIMATE INTEREST
At times we will need to process your personal data to pursue our legitimate interests, for example for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.
We will not process your personal data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.
You may object to any processing we undertake on this basis. If you do not want us to process your personal data on the basis of our legitimate interests, contact us at privacy@RGP.com and we will review our processing activities.
DEFENCE OF LEGAL CLAIMS
In limited circumstances and in accordance with the law we may use personal data in the defence of legal claims or enforcing legal rights, such as IP rights.
LEGAL OBLIGATION
If we have a legal obligation to process personal data we will process personal data on this legal ground.
4. Categories of Client Personal Data:
We only collect the personal data that we require in order to ensure we can have a productive business relationship with Other Contacts.
The table below sets out the general categories of personal data that we collect:
Communications Data
may include personal data included in communications with us over email, phone, letter and electronic communications (social platforms and chats)
Contact Data
may include a person’s name, email address, phone number, postal address, other communication details, including social media links (e.g. Zoom, LinkedIn)
Financial Data
may include payment details
Marketing Data
may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
Position Data
may include job title etc
Web Data
may include information provided on any forms completed by Other Contact on our website and, to the extent that it includes personal data, information on the type of device being used, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
5. Our Processing Activities – Other Contacts:
We want to ensure that the personal data is used for the purposes that you would expect.
The table below sets out the personal data we collect, the purpose for which we collect it and our lawful basis for doing so.
Managing payments and our relationship with the Client and administration of the contract
Purpose/Activity:
- to process payments to and from our business.
- to negotiate and administer the relationship with the Client.
- to fulfill our legal/contractual obligations.
- to manage/respond to complaints/issues.
- to generate placement activity on our systems for invoicing purposes.
- to communicate due diligence/security assessments.
Personal Data Category:
- Communications Data
- Contact Data
- Financial Data
- Position Data
- Reference Data
Lawful Basis for Processing:
- Contract
- Legitimate Interest in managing payment and contracts
- Legal Obligation
Website Delivery
Purpose/Activity:
- to respond to web forms completed by Client.
- to promote our products and services on the website.
- to administer the Website.
- for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes.
- to ensure the safety and security of our website and our services.
Personal Data Category:
- Contact Data
- Communications Data
- Web Data
Lawful Basis for Processing:
- Consent
- Legitimate Interest in the administration and security of our website
Marketing activities
Purpose/Activity:
- to keep in contact and review requirements for services.
- to personalise marketing communications.
- to respond to any requests from you.
- to send newsletters and other information that may be of interest
- to inform you of events or webinars that might be of interest
- to deliver and organise our conferences, seminars and events.
- to follow up with attendees of our events/webinars.
- to promote our products and services.
- to ask for feedback about our products or services.
- to aggregate data used as part of surveys or to produce market insights.
- to segment and distribute targeted marketing.
Personal Data Category:
- Marketing Data
- Contact Data
- Web Data
Lawful Basis for Processing:
- Consent
- Legitimate Interest in marketing and promoting our business
6. Retention of Other Contacts Personal Data:
We endeavour to only retain personal data for only as long as it is needed for the relevant purposes.
In some circumstances it is not possible for us to specify in advance the period for which we will retain your personal data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain personal data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.
Our retention policy for Other Contacts personal data is as follows:
Use of Next of Kin/Emergency Contacts
For the duration of which the Candidate, Employee or Independent Contractor remains active with us or update their details
Use of Referee Contacts
For the duration of the application process of the Candidate, Employee or Independent Contractor
Website Delivery
Please see Cookie Notice for further information
Management of Corporate Affairs
Data is retained in line with our statutory obligations
7. Disclosure – Other Contacts Personal Data:
We may need to share your personal data in order to deliver our services. We will always ensure that any disclosure of personal data is undertaken in compliance with Data Protection Law and ensure that appropriate technical and organisational measures are undertaken to protect and secure any personal data that is transferred.
Other Contacts Personal Data is shared in certain circumstances as follows:
- between the companies identified in this Data Protection Statement and in particular in our Group Information Statement for the purposes of administration, marketing and provision of our services
- to business partners and third party service providers for the purposes of servicing our company and administration of our business, including email, chat, ticketing, Customer Relationship Management, Applicant Tracking System, payment processors, data aggregators, hosting service providers, external consultants, accountants, auditors, IT consultants and lawyers
- if a company in the group or substantially all of its assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets
- if we are under a duty to disclose or share personal data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have
- to official authorities to protect our rights, property, or safety, or those of other persons (including you)
to payment service partners for the processing of payments to and from our business; - to protect our rights, property, or safety, or that of our customers or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection.
- to analytics and search engine providers that assist us in the improvement and optimisation of our Website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google
- to insurance brokers and providers where required for administering claims
- to our email distribution partner and service providers in the case of marketing and newsletters
- for the purposes of communications between Clients and Candidates
- to Clients in the case of certain information relevant to Candidates, Employees and Independent Contractors such as referees, next of kin/emergency contacts
8. Transfer of Personal Data:
In some circumstances we may need to transfer personal data outside of the country where it was originally collected. We will always undertake such transfers in accordance with data protection laws.
We may transfer Personal Data outside of your home country; however, we will always ensure that this is done in compliance with the relevant laws of your country.
We will normally use and share personal data outside of your country for the following reasons:
- to carry out corporate oversight of our global business organization.
- to provide shared services in certain functions such as HR, Finance, and IT.
- to deploy certain tools and resources across the global organisation
- to facilitate interactions between our employees across our global locations.
- to work with our Group Entities to identify Clients.
We will ensure that any transfer of Personal Data outside of any jurisdiction is undertaken using legally compliant transfer mechanisms and in accordance with relevant laws.
RGP complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RGP has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. RGP has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework.
RGP’s accountability for personal data that it receives in the United States under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, RGP remains responsible and liable under the DPF Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the DPF Principles, unless RGP proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RGP commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
We inform all data subjects that our organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
RGP has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
9. Security Measures:
We monitor for and do everything that we can to protect personal data and prevent security breaches.
We will take all steps reasonably necessary to ensure that all personal data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the personal data we process.
We monitor for and do everything we can to prevent security breaches of the personal data that we process. Once we have received your personal data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your personal data can access it.
We also use secure connections to protect personal data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.
If you think that there has been any loss or unauthorised access to personal data of any individual, please let us know immediately.
10. Use of Third Party Websites:
It is important to be careful when visiting third party websites and when providing personal data to third parties. We have no control over third party websites that you may access.
Websites that you access via a link on our website or otherwise, are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect personal data from you, which will be used by them in accordance with their own statements, which may differ from ours. Please check the statements on those websites before you submit any personal data to them.
11. Cookies:
Cookies are small files containing a string of characters to identify your browser. When an individual visits RGP’s website, we do not deploy the of use Cookies or Web Beacons, or any other indirect electronic means to collect your Personal Information. However, should you or any individual decide to register on the website and download RGP information or publications, at that time we will use Cookies to provide a better user experience for those users who may return to our website. You may, however, reset your browser to refuse Cookies or to warn you when they are being sent. Please note that by turning the setting off on your Cookies, you will not have access to all the features available on RGP’s website.
12. Amendments to This Data Protection Statement:
We will update the date on this Data Protection Statement when we make changes to it.
We will post any changes to this Data Protection Statement on the Website and when doing so will change the effective date at the top of this Data Protection Statement.
In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.
13. Queries:
Please contact us if you have any questions or concerns about how your personal data is being used by us.
RGP Data Protection Team is available as your central point of contact for all queries at:
Data Protection Office
Email: privacy@RGP.com
14. Your Data Protection Rights:
Please see our Data Protection Rights Statement for further information about your rights
15. Supervisory Authority Contact Details:
If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached.
Please see section 2 of our Data Protection Rights Statement “Queries and Supervisory Authority Contact Details” for further information about relevant Data Protection Authority contact details.
The Data Protection Rights Statement is relevant to all data subjects and provides information about your rights and what you should do if you want to raise a concern.
1. Your Rights
This Data Protection Statement is relevant to all data subjects and provides information about your rights and what you should do if you want to raise a concern.
Right of Access to Personal Data
You have the right to ask for all the personal data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of personal data concerned and the recipients of the personal data.
We will provide the first copy of your personal data free of charge, but we may charge you a reasonable fee for any additional copies.
We cannot give you access to a copy of your personal data in some limited cases including where this might adversely affect the rights and freedoms of others.
Right of Rectification of Personal Data
You should let us know if there is something inaccurate in your personal data.
We may not always be able to change or remove that personal data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
Right of Erasure of Personal Data (Right to be Forgotten)
In some circumstances you can ask for your personal data to be deleted, for example, where:
- your personal data is no longer needed for the reason that it was collected in the first place
- you have removed your consent for us to use your personal data (where there is no other lawful basis for us to use it)
- there is no lawful basis for the use of your personal data
- deleting the personal data is a legal requirement
Please note that we can’t delete your personal data where:
- we are required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is used for scientific or historical research or statistical purposes where deleting the personal data would make it difficult or impossible to achieve the objectives of the processing
- it is necessary for legal claims.
Right to Restrict What We Use Your Personal Data For
You have the right to ask us to restrict what we use your personal data for where:
- you have identified inaccurate personal data, and have told us of it
- where we have no legal reason to use the personal data, but you want us to restrict what we use it for rather than erase the personal data altogether
When personal data is restricted it can’t be used other than to securely store the personal data and with your consent to handle legal claims and protect others, or where it’s for important public interests.
Right to Have Your Personal Data Moved to Another Provider (Data Portability)
You have the right to ask for your personal data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
This right only applies if we’re using your personal data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.
Right to Object
You have the right to object to processing of your personal data which is based on public interest or legitimate interest processing. We will no longer process the personal data unless we can demonstrate a compelling ground for the processing.
Right Not to Be Subject to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.
You Can Make a Complaint
You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place. Please see “Queries and supervisory authority contact details” below for further information.
2. Queries and Supervisory Authority Contact Details
Please contact us using the following details if you have any questions or concerns.