Data Protection and Privacy
Last Updated: Tuesday, 8 January 2019
By engaging with Society, either as a candidate or as a client, you are placing us in a position of trust. This is a responsibility we take very seriously. Any sensitive information you submit will be treated with discretion. Protecting your personal data is of the upmost importance to Society.
All personal data obtained by our trading divisions (in the UK and the USA) is held and processed in accordance with the relevant data protection legislation. By submitting your personal data (and any sensitive personal data) to us, you consent to Society processing your data in accordance with those principles.
Society has a comprehensive Data Protection Policy, which explains how we collect, use, disclose, protect and dispose of the personal data we obtain. This policy forms a crucial part of the training we provide for all new colleagues. The policy, as well as our wider procedures and security measures, is regularly reviewed in order to ensure that we always follow best practice standards.
Please note that we may share your personal data with other Society offices in our trading divisions. Society Ltd – the parent company of Society US Inc – is registered with the Information Commissioner's Office for the purposes of the UK Data Protection Act. Our registration number is Z1812828.
Your privacy is important to us. This privacy statement explains what personal data we collect from you and how we use it. We encourage you to read the summaries below if you'd like more information on a particular topic.
What personal data do we collect?
In order to operate, Society has to collect and use certain information about the people with whom we work. These people include colleagues, clients, candidates, and suppliers, as well as potential colleagues, clients, candidates, and suppliers.
You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that we deem necessary, then you may not be able to be considered for an appointment that Society is handling (if you are a candidate), or we may not be able to fulfil our obligations to you (if you are a client).
The data we collect depends on the nature of our relationship, but can include the following:
- name and contact data – we may collect your first and last name, email addresses, postal addresses, phone numbers, Skype IDs, and other similar contact data;
- biographical information;
- correspondence – this may include emails, telephone/Skype calls, notes from calls, notes from face-to-face meetings, instant messages (eg. WhatsApp messages) and text messages;
- CVs or any other documents you share with us, including on rare occasions copies of passports, visas and other official papers;
- a photo of you freely available in the public domain, or specifically shared by you.
On rare occasions we may also collect Special Category Data, but only with your explicit consent, and only (a) if it is essential in order to fulfil our contractual obligations to a client - for example, candidates for a role with a Genuine Occupational Requirement may be asked to disclose their religious views, (b) if it will exclusively be used for the purposes of diversity and equality of opportunity monitoring, or (c) if it will be for the benefit of the candidate – for example in the case of a Disability Confident client. In each case, explicit consent will be sought from the data subject in advance.
We ask that candidates do not include any information that can identify children or any Special Category Data in their CV or other application documents. Any voluntary inclusion of such information will be understood by us as express consent to Society holding and processesing this information going forward. Candidates should also remember not mention anyone else's personal details (eg. referees) without first securing the agreement of the individuals in question.
How do we use personal data?
- we collect and process data on colleagues in order to run our company, to fulfil our legal obligations, and to administer services like payroll and employee benefits;
- we collect and process data on clients in order to perform our contractual obligations to them and for credit control purposes;
- we collect and process data on current suppliers and prospective suppliers in order to ensure the smooth running of our business in support areas such as IT, accountancy, cleaning, and so forth;
- we collect and process data on the company’s contacts (primarily consisting of potential/actual candidates, and potential/actual sources of advice and recommendations, but also including colleagues, client contacts and some suppliers) in order to fulfil our contractual obligations to our clients by providing recruitment services to them, or in order to fill internal vacancies within Society itself.
Why would we share your personal data?
If you express an interest in an appointment we are handling, then we may share your information with the client for that appointment. Such sharing will be on the condition of confidentiality, usually in documents which are password protected and circulated only to an agreed group of individuals.
In addition, we may share personal data among Society-controlled affiliates and subsidiaries. We may also share personal data with vendors or agents we've hired to secure our systems or provide support services to us. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.
Finally, we will access, transfer, disclose and preserve personal data when we have a good faith belief that doing so is necessary to:
- comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
- protect our clients or candidates, for example to prevent spam or attempts to defraud, or to help prevent the loss of life or serious injury of anyone;
- operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks; or
- protect the contractual rights or property of Society.
What is our lawful basis for processing your data?
We have undertaken a careful assessment of our lawful basis for all our data processing activities, relying on the definitions provided in the General Data Protection Regulation (GDPR). For example, our lawful basis for collecting and processing data on current clients is Contractual Necessity.
In relation to contacts undertaken as part of our core headhunting work (ie. candidates, prospective candidates and sources of advice and recommendations), our lawful basis is Legitimate Interests (whereby personal data may be processed on the basis that the controller has a legitimate interest in processing those data, provided that such legitimate interest is not overridden by the rights or freedoms of the affected data subjects). This determination is underpinned by a Legitimate Interests Assessment, based on guidance provided by the Data Protection Network. In summary our rationale is:
- that the data subjects would have a reasonable expectation that we will process their data in this way;
- that we believe our interests and those of the data subjects are broadly aligned;
- that the impact of our data processing is highly unlikely to be of any detriment to the data subjects;
- that appropriate safeguards and compensating controls have been put in place;
- that we make it clear at every stage, through this Data Protection and Privacy Statement, the rights that the data subjects have.
We believe we have fully considered the necessity and purpose of our processing activities, and that we have given appropriate and serious consideration to the privacy rights of the individuals we interact with.
If the scope or nature of our processing operation changes then this rationale will be immediately reviewed.
How can you review and control your personal data?
You can request that we show you what data we hold about you, update your data, or delete your data. In order to make a request of this nature, please email DataProtection@society-search.com or your established Society contact.
What are your data rights?
You have the following rights:
- to request confirmation that your data is held by, and being processed by, us;
- to have access to any personal data we hold about you;
- to request that we rectify or update your personal data;
- to object to the processing of your personal data;
- to withdraw your consent;
- to lodge a complaint with a data protection authority;
- to request that we delete whatever data we hold about you (your ‘right of erasure’ or ‘right to be forgotten’);
- the right to data portability; and
- rights in relation to automated decision making and profiling.
As applicable under French law, you can also send us specific instructions regarding the use of your personal data after your death.
It should simply be noted that exercising some of the above rights may prevent you from being considered for an appointment that Society is handling (if you are a candidate), or prevent us from being able to fulfil our obligations to you (if you are a client).
How secure is your personal data?
Society is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential data (such as multiple candidate CVs) over the Internet, we protect them with passwords. All our computers have authorised and current anti-virus protection software. No unauthorised software can be installed on our system. Our system is regularly backed up, and these backups are encrypted.
How long will we retain your personal data?
We hold data on our contacts for a period of time, since we believe people we have previously interacted with will have a reasonable expectation that an executive search firm would remember them and the nature of their previous interactions with us. In 2017, the UK Office for National Statistics reported that average job tenure for UK public sector employees was 9.8 years, and average job tenure for UK private sector employees was 6.7 years. It is also true that average job tenure in the UK is among the lowest in the OECD. On balance we have therefore determined that seven years is a reasonable period.
Absent of a request by someone to have their data deleted, Society therefore retains personal data on its contacts for no more than seven years following that person’s last contact with Society.
What happens if we update this statement?
We will update this privacy statement when necessary to reflect feedback and changes in legislation/regulations. When we make changes to this statement, we will revise the "last updated" date at the top of the statement. We encourage you to periodically review this privacy statement to learn how Society is protecting your information.
How can you contact us?
If you have a privacy concern or a question, please contact us. We will respond to questions or concerns within 30 days. You can email us on DataProtection@society-search.com. Our main postal address is Society, Ariel House, 74a Charlotte Street, London, W1T 4QJ, United Kingdom. Our main switchboard number is +44 (0)207 935 40241..