We ask that you read this privacy notice carefully as it contains important information about who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
We are Elemed Limited (trading simply under Elemed). Elemed collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protec-tion Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
For our operations in the United States of America, our appointed representative in the European Economic Area (EEA) is Elemed’s UK entity, Elemed Recruitment Limited.
In the course of our activities as a recruitment and staffing specialist, we collect different kinds of information depending on whether you are a job seeker wishing to utilise our recruitment services to find your dream job, or whether you are a client who has contacted us to help you to find your next star employee. When we
refer to clients in this policy, we also refer to our commercial business suppliers, partners and vendors.
For our clients, we store the following personal information when you provide it to us:
Your name, your job title and role within your organisation, your office or head office address, your professional contact details (such as telephone numbers, fax numbers and email addresses).
For our candidates, we have set out a table at the Schedule below which sets out the information collected by us or from third parties. As an indication, we store the following information when you provide it to us may include:
Your name and contact details (i.e. address, home and mobile phone numbers, email address); Details of your qualifications, experience, employment history (including job titles, salary and working hours) and interests; Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs; Information regarding your criminal record; Details of your referees; Information about your previous academic and/or employment history; from references obtained about you from previous employers and/or education providers; Information regarding your academic and professional qualifications; Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information; A copy of your driving licence.
In general, we do not generally obtain personal information from our clients from other sources, but this can occur on occasion, such as:
In respect of our candidates, sometimes we will collect information from third parties such as previous employers, your school, university or college, professional regulators or government bodies based on information that has been provided by the candidates themselves. More information about this is set out in the Schedule below, but here are examples of some of the categories of information collected and organisations
who might provide us with that information:
On some occasions, we obtain information about candidates from third parties, such as from Job Boards with which the candidates may be registered, or from publically available, professional networking sites.
In this case, if one of our candidates uploads their CV to a jobs board website and we consider that the candidate may have the skills that our clients are looking for we might decide to collect that candidate’s information in order to pass the CV to those companies.
Similarly, if a candidate creates a profile on a social networking website designed specifically for professional networking and selects a specific option to let recruiters like us know that the candidate is open to job opportunities, then we may use their contact details as published on that website, for recruitment purposes.
In respect of our clients, we use any information we collect about you to:
In respect of our candidates, we have set out a handy table at the Schedule below which sets out how we
use your information in order to provide you with the highest quality recruitment services.
Typically, for our candidates, the types of organisations with whom we share your information include our clients, who are seeking individuals with a profile similar to yours in order to offer employment opportunities.
This data sharing enables us to best help you in your job search, and also allows us to fulfil our sourcing obligations to our clients.
However, candidates, please rest assured! We are proud to take our data protection obligations seriously and will not share your personal information with any other third party, unless we have your express consent to do so. Please rest assured that we are committed to providing high quality recruitment services and will never forward on your CV without first having obtained your consent.
Similarly, we share client data with our candidates when we think that we have found a good fit. This data is limited to information about the role, the company, any specific requirements or details. If the candidate is offered an interview with you, we will also provide the candidate with the hiring manager’s name, professional contact details and office address. Again, we will only ever share such information provided that our client
contact has confirmed to us that we can do so, and that they are happy to meet with the candidate.
We might also share data pursuant to data processing agreements, such as on external IT servers or on cloud-based storage. We might also give your details to our third-party providers, such as external finance, external marketing managers or external lawyers to make sure that we are able to complete our contractual obligations to you, or indeed for the smooth running of our business in the event that we do not have an adequate
back-office or administration support system internally. In any case, we always make sure that we have appropriate technical, security and organisational methods in place to secure the confidentiality and proper processing of your data, and we require that our third-party providers adhere to these guarantees too.
On occasion, some of those third-party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We will also share candidate and client information with law enforcement or other government or official authorities, and our external lawyers, if required by applicable law or in pursuit or defence of a claim.
The provision of details sent to us by our clients, such as the name, job title and professional contact details of the hiring manager, or account manager, as well as the appropriate office address (for billing or interview purposes) is required from our clients to enable us to ensure the proper administration of our services to you, to prepare the terms of business, to enter into a contract, to respect billing and payment procedures, to fulfil our general obligations to you (for example, by discussing your needs, requirements and providing you with our recruitment expertise), and administer the contract generally.
In respect of our candidates, in the table set out in the Schedule below we have explained how and when we are required to seek certain information from you as part of the recruitment process, either by law, or pursuant to contractual obligations with our clients, and once we are at the final selection stage, to ensure that the client has all of the relevant information at their disposal to be able to properly hire you.
We will hold any personal data about our client contacts for no longer than is reasonable in order to carry out our recruitment services pursuant to the intended conclusion of a contract, during the performance of the contract, and after its termination (for example, keeping any data in accordance with legal or fiscal obligations to in pursuit or defence of a claim). It may be that some personal data is retained on these documents, but this is purely incidental to documents which are generally required strictly for commercial purposes. Where possible, we will ensure that any personal data is anonomysed where it is not strictly necessary.
As a general rule, we will keep all client contacts on file for a period of 4 years following our last meaningful contact with you, unless you expressly tell us otherwise, and before we delete your data we will always periodically check with you to see whether our recruitment services are still of interest, unless you tell us otherwise.
We keep the personal information that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. How long we keep your information will depend on whether your application is successful and whether you become employed by one of our clients, the nature of the information concerned and the purposes for which it is processed.
Generally, we will keep recruitment information (including interview notes) for 2 years following our last meaningful contact with you, but before we delete your personal data, we will check with you to see whether you still want us to keep your details on file should you wish to use our services for your future job hunt.
Sometimes we may hold some data for longer than this, taking into account the limitation periods for potential legal or contractual claims. For example, if your application is successful, we will keep only the recruitment information that is necessary in relation to your employment with the client and pursuant to our contractual obligations with them.
In all cases, when checking with clients and candidates as to whether you still want to remain on our data base, and for all other direct marketing activities we carry out, we always respect the rules surrounding electronic communications and the use of new technologies (such as information gathered by cookies) and security breaches pursuant to the Privacy and Electronic Communications (EC Directive) Regulations 2003 (also
known as “PECR”). In this case, we will always ask you at the outset and will always provide you with the possibility to opt-in and opt-out.
As far as our clients are concerned, we process your personal information (i) with a view to entering into a commercial contract or to perform that commercial contract; (ii) in accordance with our legal obligations (for example, our accounting and HMRC obligations); and (iii) in our mutual legitimate interests – we both have the same or similar legitimate interests in collaborating together – to make sure we can secure you top talent!
In respect of our candidates, the table at the Schedule below sets out the reasons we can collect and use your personal information. We have nonetheless provided a couple of scenarios below which we hope are helpful, and which also complement the information in the table.
In the event that a candidate has posted their CV on a job board, the Information Commissioner (the UK Data Protection Authority, also known as the ICO) considers in its guidance that it is likely in this situation that the lawful basis for processing for the recruitment agency and their clients is legitimate interests. We agree with this approach.
In this instance, the candidate has made their CV available on a job board website for the express reason of employers and recruiters being able to access this data. They have not given specific consent for identified ‘data controllers’, but they would clearly expect that recruitment agencies, such as us, would access the CV and share it with our clients, indeed, this is likely to be the candidate’s intention.
As such, we consider that our legitimate interests as a recruitment agency and those of our clients to fill vacancies are not overridden by any interests or rights of the candidate. In fact, in this instance, our legitimate interests are likely to align with the interests of the candidate in circulating their CV in order to find a job.
In respect of a candidate’s social media account, we also agree with the ICO, that when a candidate has selected an “Available for Work Option” or “Please Notify Recruiters”, the candidate would clearly expect those who view their profile might use their contact details for recruitment purposes, which means that again, our legitimate interests are likely to align with the interests of the candidate in their search for a job.
In any case, and as we mentioned above, any contact we make with candidates via job boards or social media is always carried out in compliance with the GDPR and other legal requirements (such as the “PECR”) which govern how we can contact you by electronic means or by using new technologies.
We also understand that if a candidate has not to selected the “Available for Work Option”, or similar, then even if that candidate has the most fantastic profile for one of our clients, we will never assume that there expectation to be contacted for work and we consider that the interests of such potential candidates in maintaining control over their data overrides any of our legitimate interests as a recruitment agency or recruiting
organisation. In this instance, we would always seek the individual’s consent and ensure that they confirm they are happy to collaborate with us before any information is taken from their profile. As far as we are concerned, this approach means that we can supply the best quality candidates to our clients and provide excellent recruitment services in the process.
For both clients and candidates, we may transfer your personal information to locations outside the European Economic Area (EEA), for example, for storage on servers based outside of the EEA.
Sometimes, countries outside of the EEA do not have the same data protection laws as the United Kingdom and the EEA. Therefore, if we do transfer your personal information outside of the EEA, we will always ensure that appropriate or suitable relevant safeguards, such as the Standard Contractual Clauses, or as otherwise specified in the General Data Protection Regulation are applied, in order to help safeguard your privacy
rights and give you remedies in the unlikely event of a misuse of your personal information.
If you would like further information, please contact us (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
If you would like to unsubscribe from any emails you receive from us, you can also click on the ‘unsubscribe’ button at the bottom of the email. It may take up to 7 days for this to take place.
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the
Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or by telephone: 0303 123 1113.
This privacy notice was published on 25th May 2018 and last updated on 25th May 2018.
We may change this privacy notice from time to time, when we do we will inform you via the email address that we hold on file for you.
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us, please send an email to [email protected] write to Elemed, 26 Finsbury Sq, London, EC2A 1DS marking your correspondence for the attention of our Data Pro-tection Officer or call 02039298912.
If you would like this notice in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us’ above).
When you apply for a position in the United Kindgom, or enter into an employment contract with our clients, you are requiredto provide the categories of information marked ‘☐’. This helps our clients to verify your right to work and check your suitability for the position or enables us to do so when the client has specifically requested that we do this on their behalf.
*Further details on how we handle sensitive personal information and information relating to criminal convictionsand offences are set out in our internal policies, copies of which are available by contacting: [email protected]
Let’s get to know each other
Have a free, personalised, career consultation with one of our experts. Learn about under-the-radar opportunities, salary insights and develop your career plan.