Magrath Sheldrick LLP Privacy Notice (Client Candidates)

By progressing with your application and providing us with your personal data you agree to us processing that data in accordance with the terms of this privacy notice.

 

INTRODUCTION

You are replying to a job advertisement that we have placed on behalf of a client. In order to progress your application you will necessarily be providing us with your personal data. It is  important that you read this notice, it contains important information about we treat your personal data.

We will receive your personal data in connection with your application. We will provide that information to our client. We are required under data protection legislation (including the General Data Protection Regulations (GDPR)) to notify you of the information contained in this privacy notice and it is important that you understand it. We hold and process personal data in accordance with our Data Protection Policy.

Please note that our client may issue you with a separate Privacy Notice.

 

THE INFORMATION THAT WE HOLD ABOUT YOU

We will collect, store, and process the personal data that you provide to us for the purpose that you supply it. Depending on the information that you provide we may process the following categories  of personal data about you:

Category Examples
Personal Contact Details Name, title, addresses, telephone numbers, personal email addresses
Biographical Data Date of birth, gender, marital status, dependants
Educational Data Qualifications
Recruitment Data References, CV, cover letter, application form

Depending on the contents of the documents and information you provide we may also receive and process more Sensitive Personal Data, known as “special categories of data” which require a higher level of protection, including:

 

Sensitive Personal Data or Special Categories of Data
  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
  • Trade union membership
  • Information about your health, including any medical condition, health and sickness records
  • Biometric data.
  • Information about criminal convictions and offences

HOW DO WE COLLECT AND USE YOUR PERSONAL DATA?

 The data that we collect about you will come directly from you or from the recruitment website where the advert was posted. We do not collect your personal data in any other way.

We will use your personal data for the purpose that it has been provided to us and in order to provide it to our client in connection with your response to the advert we posted on their behalf.  We may also process your personal data where it is necessary for our legitimate interests (or those of a third party) for us to do so and your interests and fundamental rights do not override those interests.

Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law, although this is likely to be rare, for example:

  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest or for official

SENSITIVE PERSONAL DATA (also known as special categories of data)

We will only collect and process Sensitive Personal Data if you provide it to us as part of your application. We will normally only process your Sensitive Personal Data to progress your application by providing the documents and data you provide to us to our client. The law requires that we need to have further justification for collecting, storing and processing Sensitive Personal Data and requires us to ensure higher levels of protection. We will process Sensitive Personal Data in accordance with our Privacy Policy and where the law requires us to.

If you progress your application and in doing so provide us with your Sensitive Personal Data you are consenting to us processing that data in accordance with the terms of this privacy notice and to us sending that data to our client. If you do not wish us to process your Sensitive Personal Data, do not send it to us.

We may also process your Sensitive Personal Data where we need to carry out our legal obligations or where it is needed in the public interest. Less commonly, we may process this type of data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

Information about criminal convictions

We will only collect and process data about criminal convictions if you provide it to us as part of your application. We will normally only process data relating to criminal convictions where such processing is necessary to provide the information you supply to our client and in line with our Privacy Policy. Less commonly, we may use data relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

AUTOMATED DECISION-MAKING

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken  by us about you using automated means.

DATA SHARING

We will share your data with our client and may additionally share your data with third parties including government agencies where it is required by law. We are not liable for our client’s actions and have no control over your personal data once it is provided to our client.

If you progress your application and provide us with your Personal Data you are consenting to us processing that data in accordance with the terms of this privacy notice and to us sending that data to our client. If you do not wish us to provide your Personal Data to our client do not send it to us.

Transferring information outside the EU

We will not transfer the personal data we collect about you outside the EU.

DATA SECURITY

We have put in place a Privacy Policy and appropriate security measures to protect the security of your information and prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, clients and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

We will only retain your personal data for a reasonable period and in accordance with our data retention policies from time to time, and to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.  We currently retain data for a period of 7 years from the end of a client engagement.

YOUR DATA RIGHTS

Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). However, there may be reasons why we cannot agree a “request to be forgotten” or for data to be erased, such as where we need to retain it for regulatory or other
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing
  • Request the transfer of your personal data to another

If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact our Data Protection Officer in writing.

Depending on the circumstances, we may need to request ID to confirm your identity before processing your request. We may also charge a reasonable fee if your request for access is  repetitive, unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

YOUR RIGHT TO WITHDRAW CONSENT

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.

DATA PROTECTION OFFICER

We have appointed a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact our Data Protection Officer by email to [email protected] You have the right to make  a complaint at any time to the Information Commissioner’s Office (ICO), the UK  supervisory authority for data protection issues.

CHANGES TO THIS PRIVACY NOTICE

We reserve the right to update this privacy notice at any time.

 

If you have any questions about this privacy notice, please contact the Data Protection Officer by email to [email protected] or on 020 7495 3003.