Privacy Policy - Pallot Cook Consulting

Pallot Cook Consulting’s (PCC) Privacy Policy

Personal data means any information about an individual from which that person can be identified.

Your personal data and privacy is important to us.

PCC are committed to safeguarding your personal data and protecting your privacy.

This privacy policy applies to:

Website Users – any individual visitors to, and users of, our website whose personal data is collected by us in the course of the Website Users’ use and navigation around our website
Individuals / Candidates – Individuals who request PCC to provide a service to them and / or applicants for any type of job or engagement via us whose personal data is collected in the course of our services
Referees – referees of Individuals / Candidates whose personal data is collected in the course of our verification of a Candidate; and/or
Business clients – individuals who work for, or are engaged by, our customers, clients or suppliers whose personal data is collected in the course of our work with them.

PCC refer to the above groups of individuals collectively as “you” unless the context dictates otherwise.

Any notices or statements relating to data, data protection, fair processing and/or privacy that PCC may issue at the time of collecting personal data about you will supplement this privacy policy. They are not intended to override it.

PCC may change this privacy policy from time to time to reflect changes in the law and/or our personal data handling activities and data protection practices.

PP encourage you to check this privacy policy for changes whenever you visit our website, as we may not always notify you of the changes.

It is important that the personal data PCC holds about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

When this privacy policy does not apply?

There are instances where PCC act on behalf of a client to process personal data rather as the data controller. For example, where processing interview feedback.

The privacy policy or privacy notice of the client will apply in those instances and NOT this privacy policy.

Where we are a data processor, we will refer you to the applicable data controller and their privacy policy if you have any data protection-related queries.

How to get hold of us

You can contact PCC for any data related query or make a complaint about how your personal data is being handled using the details below:

Email address: jesspc@pallotcookconsulting.co.uk
Telephone number: +44 (0) 7791 453 238
Via the Contact Us section on our website.

If you wish to make a request to access your personal data or to have your personal data removed please use the details above

Who is involved in the collection and handling of your personal data?

PCC will be the main entity involved in the collection and handling of your personal data. The following other parties may be involved, however:

Third party service providers – we may instruct third parties to assist us to collect and handle your personal data on our behalf. Those third parties will carry out those activities in accordance with this privacy policy.
Third party hyperlinks & connectors – our website and/or services may include links to third party websites, plug-ins and applications, such as in the form of banner advertisements.

Clicking on those links, or enabling those connections, may allow third parties to collect or share data about you. We do not control these third parties and are not responsible for their data protection compliance. When you leave PCC’s website, or connect to a third party from us, it is your responsibility to familiarise yourself with their privacy policy or notice, as we accept no responsibility for, and have no control over, them or any information or data collected by or for them.

What personal data do we collect?

Personal data means “any information relating to an identified or identifiable individual”.

It does not, therefore, include data where the identity has been removed (anonymous data).

We will collect and handle, process, use, store, share and transfer (generically referred to as handling) the different kinds of personal data about you that is listed under the name of the category of individual that applies to you. Please note, that even though a type of data may be collected, it does not mean that it is retained.

INDIVIDUALS / CANDIDATES:

We may collect personal data from you when you use this Website because you provide it to us to undertake a service for you. We may also use other sites / sources to find publically available information due to the service you request us to provide.

We may process personal data from you because we observe or infer that data about you from the way you interact with us or others. For example, to improve your experience of this Website and to make sure that it is working effectively. For example, we (or our service providers) may use cookies to collect personal data.

Data includes:

Identity Data, which includes your title, first name, last name, maiden name, date of birth, gender, photograph, national insurance number (or equivalent in your country), nationality and other information relating to residency and citizenship which may be required to establish a right to work in a given country, marital status and number of dependents
Contact Data, which includes your billing address, delivery address, email address and telephone numbers, emergency contact details and contact details history
Historical Data, which includes educational history and credentials, employment history, skills and qualifications, and results from any other background and disclosure checks in countries where it is lawful to carry out such checks
Employment-related Data, which includes your current remuneration, pension and benefits, what role you are looking for, what work-related areas interest you, third party references and interview and assessment feedback created either ourselves or by our client following an interview or assessment
Verification Data, which includes a copy of your driving licence, passport, identity card or another form of identification and referee details
Diversity Data, as may be collected for governmental reporting purposes, which may include racial or ethnic origin, religious or other similar beliefs and physical or mental health, including disability-related information
Technical Data, which includes your internet protocol (IP) address, MAC address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, mobile phone location data and other technology on the devices you use to access our website and our services
Profile Data, which includes your usernames and passwords, your interests and preferences and other insights or determinants that we have gained from our analysis and profiling of you
Usage Data, which includes how you use and navigate around our websites and what you browse within them. We will also keep records of your contact with us and any feedback and survey responses that you have submitted; and
Marketing Data, which includes your preferences in receiving marketing from our third parties and us and your communication preferences.
Other Data – The above list of personal data is not exhaustive. You, your referees or third-party sources may tell us extra information that we have not listed above.
Special Category of Personal Data – During the recruitment process, we will make a copy of your passport or your identification documents, which is considered to be a Special Category of Personal Data as it can reveal your racial or ethnic origin. We are required to obtain your explicit consent to handle this type of your personal data. You should have been provided with a Consent Form to allow us to do so. Please contact us if you have not been provided with the Consent Form. We do not any collect any other Special Categories of Personal Data, such as religious beliefs, sexual orientation, political opinions, trade union membership, health and genetic information or biometric data about you.
WEBSITE USERS:
Technical Data
Profile Data
Usage Data and
Marketing Data.
REFEREES and BUSINESS CLIENTS:
Identity Data; and
Contact Data.

In respect of Candidates and Website Users only, we also handle the following types of data:

Aggregated Data, such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy; and
Anonymised Data, which is data created from your personal data where your identity has been removed.

Where do we source your personal data from and how?

INDIVIDUALS / CANDIDATES:

We generally collect your personal data directly from you.

We also use the following channels to collect your personal data:

Your referees
Your past educators and employers and relevant education authorities
The third party suppliers, including other recruitment and employment agencies, job board providers and job aggregators and our managed service providers who are within our supply chain
Your Technical, Profile and Usage Data from our analytics providers, such as Google Analytics, IBM Watson and various job boards
Publicly available sources – we may receive personal data about you from public sources as set out below:
- Your Identity and Historical Data from social media sites, such as LinkedIn, Twitter and Facebook;
- Your Identity, Contact Data from company and commercial registrars or electoral registers based inside the EU; and
- Your Identity, from qualification and membership lists of professional bodies.

WEBSITE USERS: we will collect all of your personal data via our third-party service providers, such as Google Analytics, IBM Watson and various job boards.

As you use our websites, we may automatically collect your Technical Data. We collect this personal data by using cookies, server logs and other similar technologies.

You may also receive Technical Data about you if you visit other websites employing our cookies.

REFEREES: we will collect all of your personal data from a Candidate.

CORPORATE STAFF: we will collect your personal data directly from you except where you have previously been a Candidate where we will have also collected personal data in such capacity.

What happens if you have not provided the information that we have requested from you?

If you don’t provide certain information to us, we may not be able to carry out the services for you.

We’ll make it clear to you which personal data is optional to provide and which personal data without which we cannot work with you.

What do we do with your personal data?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract, we are about to enter or have entered into with you;
Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests; and
Where we need to comply with a legal or regulatory obligation.

We have set out later a description of what we will specifically do with your personal data and our legal justification for doing so.

Who do we share your personal data with?

We may share your personal data with the following entities for the purposes:

Prospective employers or engagers
Other recruitment companies or intermediaries involved in managing the supply of personnel
Pre-employment screening and background checking organisations
Your referees
Your past educators and employers and relevant education authorities
Your professional bodies
Governmental and regulatory bodies such as such as tax and social security authorities
The third party suppliers, including other recruitment and employment agencies, job board providers and job aggregators and our managed service providers who are within our supply chain;

Pallot Cook Consulting do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, which includes this privacy policy.

What are the legal grounds for our collection, handling, use and sharing of your personal data?

Collection, Handling And Usage:

Individual Services e.g. CV review, LinkedIn Review; Background Checks, Job Search and placement.

We believe it is reasonable to expect that if you are looking for employment or have posted your professional CV information on a job board or professional networking site or submitted this information through PCC’s website, you are happy for us to collect and otherwise use your personal data to offer or provide our individual coaching / career development services to you, recruitment services to you, share that information with prospective employers and assess your skills against any vacancies we may be supporting. Once it’s looking like you may get the job, your prospective employer may also want to double check any information you’ve given us (such as the results from psychometric evaluations or skills tests) or to confirm your references, qualifications and criminal record, to the extent that this is appropriate and in accordance with local laws. We also believe that you will expect us to have an ongoing relationship over a number of years and will continue to hold your data providing that we retain reasonable periodic contact with you or until you inform us otherwise. We need to do these things so that we can function as a profit-making business, and to help you and other Individuals / Candidates get the jobs you deserve.

We believe it is reasonable to check the credentials and qualifications of individuals / candidates within applicable local laws provided that personal data is kept secure and only shared with the client who is making a decision whether or not to engage or employ an individual.

However, you do have the right to object to us processing your personal data on this basis. If you would like to know more about how to do so, please contact us using the details provided above.

Sharing Your Data:

We may share you data with:

1: Tax, audit and other authorities.

Personal data as described in above may be shared to comply with our legal and regulatory requirements in relation to taxation and financial compliance.

Third Party Service Providers to us including without limitation:

External consultants, professional advisors and business associates
Outsourced IT and document storage providers
Software as a services providers
Job board and aggregators

Referees and other individuals and organisations who hold information related to reference or application to work for verification of information provided to ensure you are successful in any roles that you obtain.
Marketing technology platforms and suppliers.

Personal data described above may be shared in connection with our HR service provision.

Potential employers and other clients of ours who can offer you a role within their organisation.

Personal data described above may be shared to assist you in gaining a new role.

Where do we send your personal data to for storage or other specific purposes?

PCC will not typically transfer your personal data outside the EEA.

The personal data we collect from you may be transferred outside the EEA either by us and/or by any of the third parties to whom your personal data may be disclosed to as listed above. Such transfers will occur only where they are necessary as part of the recruitment and/or related intermediary services we provide, e.g. where you apply for a vacancy or position outside the EEA, or where the transfer is authorised by law.

PCC, our third party data storage providers and/or the third parties to whom we may disclose your personal data may store your personal data on a server overseas.

If PCC do transfer your personal data outside the EEA, we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply, or we are authorised to do so.

How will we look after your personal data?

PCC hold your personal data in a combination of secure computer storage facilities and paper-based files.

We put in place an appropriate level of security around your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage to it.

We shall implement appropriate technical measures to ensure a level of security appropriate to the risk of harm that might result from, unauthorised or unlawful processing accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to your personal data including:

Locks and security systems;
Usernames and passwords;
Virus checking;
Auditing procedures and data integrity checks; and
Recording of file movements.

PCC limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and via the access controls listed above. They are also subject to a duty of confidentiality.

If there is any suspected personal data breach we will notify you and any applicable supervisory authority where we are legally required to do so.

If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately by contacting us.

How long will we keep your personal data for?

PCC will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We will appropriately and securely dispose of your personal data when it is no longer required.

To determine the appropriate retention period for personal data, we consider the following factors:

Amount and nature of the personal data
It’s sensitivity
The potential risk of harm from unauthorised use or disclosure of the personal data
The purposes for which we handle your personal data
Whether we can achieve those purposes through other means and
The applicable legal requirements.

Based on those factors, we have determined that the following retention periods should apply in respect of personal data of the following categories of individuals (unless the law or any data supervisory authority or regulator requires otherwise):

Individual Clients where PCC have provided a tailored individual service such as CV review, mentoring etc we will keep your personal data for as long as you continue to engage with PCC using an active service. We will stay in regular contact with you. However, if this is not possible, we will continue to process your personal data in the usual manner for up to 2 years from the last meaningful contact we had with you (or such longer period which we believe in good faith circumstances and the law allows for legitimate interest to continue). Meaningful contact may include a consultant contacting you directly by phone or you may receive an email from us reminding you that we hold your personal information and asking you to let us know if you are no longer interested in hearing about new offers.

After this time your personal data will no longer be immediately accessible from our live systems or will be archived. As a result, you will not receive marketing from us, and your information will not be readily accessible by our consultants. If after a further year you or we have not re-established communication your personal data that we hold will be deleted other than basic identification information, information relating to placements which you have been engaged on through us, records of any payments made to you or tax which we have deducted. We hold this information for 7 years from the end of the last time we placed you. We hold this information in case there is a legal claim or tax investigation.

Placed Candidates – where we placed you with one of our clients, we will keep your personal data for as long as you continue your placement or are actively looking for another one through us.

We will stay in regular contact with you. However, if this is not possible, we will continue to process your personal data in the usual manner for up to 2 years from the last meaningful contact we had with you (or such longer period which we believe in good faith circumstances and the law allows for legitimate interest to continue). Meaningful contact may include a consultant contacting you directly by phone or you may receive an email from us reminding you that we hold your personal information and asking you to let us know if you are no longer interested in hearing about new opportunities.

Non-placed Candidates – If we did not manage to place you we will continue to process your personal data in the usual manner for up to 2 years from the last meaningful contact we had with you (or such longer period which we believe in good faith circumstances and the law allows for legitimate interest to continue).

After this time your personal data will no longer be accessible from our live systems. As a result, you will not receive marketing from us, and your information will not be readily accessible by our consultants. If after a further year you or we have not re-established communication your personal data that we hold will be deleted.

In either of the case where we have placed a candidate or not, where we believe that the holding of your personal data no longer constitutes a legitimate interest, we will delete it to the extent necessary.

Website Users – PCC will keep your personal data for 2 years after your last use of, or navigation around, any of our websites;
Referees – PCC will keep your personal data for as long as the Candidate for whom you were a referee is placed with one of our customers. If they move on from that position, PCC will keep your personal data for a further 2 years after that date; and
Business Staff – we will keep your personal data for as long as the entity that you work for is connected to us in any way. Where we end our relationship with that entity for any reason, we will keep your personal data for a further 7 years after that date.

In some circumstances, you can ask us to delete your personal data. Please see the Right of erasure below for further information.

We will keep and use Anonymised Data indefinitely without further notice to you.

Keeping your personal data up to date

We take reasonable steps to ensure that your personal data is accurate, complete and up to date.

We may contact you from time to time to check that the personal data is still correct.

Please let us know of any changes to your details as soon as you reasonably can so that we can uphold our commitment to accuracy, completeness and currency.

What are your legal rights in respect of your personal data that we handle?

We set out below a list of the legal rights that all individuals have under data protection laws in relation to our handling of your personal data. They don’t apply in all circumstances:

Right to be informed – about your personal data and details of the handling and processing of that personal data and information, including the safeguards used to protect any of your personal data in the event that we transfer it outside the EEA
Right of access – to your personal data and to obtain information about how we handle and process it
Right to have inaccuracies corrected – this is a right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
Right of erasure – of your personal data, which is also known as the “right to be forgotten”
Right to restrict handling and processing – of your personal data, which includes requesting us to suppress your personal data file
Right to move, copy or transfer– your personal data to another organisation, also known as “data portability”
Right to object – to the handling and processing of your personal data for certain purposes, in particular to personal data processed for direct marketing purposes and to personal data that is handled and processed for certain reasons based on our legitimate interests
Right to withdraw consent – you may withdraw any consent or permission that you have previously provided to us in relation to our handling and processing of your personal data, such as for the purposes of marketing by electronic means
Rights in relation to automated decision making – where such automated decision making has a legal effect on you or otherwise significantly affects you and
Right to complain – in all circumstances, you may complain to:

us in relation to the handling of your personal data; or

the regulatory body which enforces data protection law in your locality.

Procedure to exercise your legal rights

Contact us – if you wish to exercise any of your legal rights, please contact us. In this instance, we’ll explain first whether or not the right you wish to exercise applies. We will then facilitate your request in accordance with the procedure below if it does apply.

Fees – you will not have to pay a fee to access your personal data or to exercise any other rights that apply. We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Our request for further information – we may need to request certain information from you to help us confirm your identity and ensure that your right to access your personal data (or to exercise any of your other rights that apply). This is a security measure to ensure that any personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Response time – we will respond to all legitimate requests as soon as we can. It should not take longer than a month to do so. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Other use related information

Opting out/withdrawing consent – you can ask those third parties or us to stop sending you promotional or marketing messages at any time by contacting us at any time.
Change of purpose – we will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like us to explain how the handling of the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.