General data protection regulation
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the company responsible for your personal data (“Ethan Partners” or “us”) can be found here.
Candidate Data we collect
We collect, process, store and use personal data from publicly available sources (e.g. LinkedIn) and when you forward us your curriculum vitae and through email correspondence. In order for us to provide the best possible employment opportunities for you, we need to ascertain certain information about you. We only ask for details that will legitimately help us in the process, such as your name, contact details, education details, employment history, nationality status (and any other information you chose to share with us).
When you contact us we may keep a record of the correspondence and we may also record any telephone call we have with you.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, we will record this.
Client Data we collect
As a client of Ethan Partners, we may need to collect and use information about you, or individuals at your organisation, throughout the course of providing you with our services such as: (i) finding Candidates who are the right fit for you or your organisation; (ii) providing you with Recruitment Process Outsourcing (“RPO”) services.
How your personal Data is collected
Candidate Data: There are two main ways in which we collect your personal data:
– Directly from you; and
– From third parties (e.g. LinkedIn)
Client Data: There are two main ways in which we collect your personal data:
– Directly from you; and
– External third parties (e.g. Candidates) and other limited sources (e.g. online and offline media).
Lawful processing of your personal Data
We will use your personal data in order to contact you with any information relating to the process or other suitable employment opportunities, and to deal with any questions, comments or complaints you have in relation to the process.
We may also use your personal data for our legitimate interests, including dealing with any customer services you require, enforcing the terms of any other agreement between us, for regulatory and legal purposes (for example anti-money laundering), for audit purposes and to contact you about changes to this policy.
Who do we share your Data with?
Candidate Data: We may share your personal data with prospective employers to increase your chances of securing a perspective contract of employment. We may also share your personal data with our service providers and government body officials (e.g. GDPR auditors, and lawyers).
Under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or protect a third party’s rights, property, or safety.
Client Data: We will share your data to ensure we are able to provide you with a suitable pool of Candidates. Unless you specify otherwise, we may share your data with other companies and associated third parties such as our service providers to help us achieve our objective.
We may also share your (both candidate and client) personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Where we hold and process your personal Data
Ethan Partners shall remain responsible for onward transfers to third parties. We share the Personal Information with these third-party providers to support our services only. Any other use of the Personal Data by third-party providers is prohibited.
All third-party providers receiving Personal Data from the European Union and/or Switzerland agree to (i) process the Personal Data only to the extent required by our services and in accordance with our instructions and (ii) comply with the data protection laws for transfer and processing of personal data and (iii) provide adequate technical and organization measures to protect the Personal Information.
We use the European Standard Contract clauses in order to guarantee the privacy and the security of your Personal Information.
Some or all of your personal data may be stored or transferred outside of the European Union (the EU) for any reason, including for example, if our email server is located in a country outside the EU or if any of our service providers or their servers are based outside of the EU. We shall only transfer your personal data to organisations that have provided adequate safeguards in respect of your personal data.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
All information you provide to us is stored on our secure servers.
However, you acknowledge that no system can be completely secure. Therefore, although we take these steps to secure your personal data, we do not promise that your personal data will always remain completely secure.
You have the right to obtain from us a copy of the personal data that we hold for you, and to require us to correct errors in the personal data if it is inaccurate or incomplete. You also have the right at any time to require that we delete your personal data. To exercise these rights, or any other rights you may have under applicable laws, please contact us at firstname.lastname@example.org
Please note, we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.
If you have any complaints in relation to this policy or otherwise in relation to our processing of your personal data, you should contact the UK supervisory authority: the Information Commissioner, see ico.org.uk..
Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Your right to object: If we use your data because we deem it necessary and reasonable for our legitimate interests, if you do not agree, you have the right to object. We will acknowledge and respond to your request within 30 days (although we may extend this period in specific circumstances).
Your right to withdraw consent: You have the right to withdraw consent anytime for us to process your personal data for the use in certain activities (e.g. assessing your suitability for certain roles).
Data Subject Access Requests (DSAR): You have the right to ask us to confirm all information we have obtained about you at any time, and you may ask us to modify, update or delete the information. We may comply with your request or, additionally do one of the following:
– ask you to verify your identity, or ask for further information about your request; and
– where we are legally permitted to do so, we may refuse your request, but we will explain why if this is to happen.
If we have not had meaningful contact with you for a duration exceeding twenty four months, we will delete your personal data from our systems unless we have reasonable belief that the law or other regulating bodies require is to continue holding your data.
If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This policy shall be governed by and construed in accordance with the law of England and Wales, and you agree to submit to the exclusive jurisdiction of the English Courts.
We may change the terms of this policy from time to time. You are responsible for regularly reviewing this policy so that you are aware of any changes to it.