Barclay Simpson Associates Limited and Barclay Simpson Solutions (referred to as Barclay Simpson or we or our or us) is committed to protecting and respecting your privacy.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The GDPR aims to harmonize data protection legislation across the European Union, enhancing privacy rights for individuals and providing a strict framework within which commercial organizations can legally operate.
Clients: our customers, clients and prospective customers and clients to whom we provide or market our recruitment services in the course of our business.
Website Users: any individual who accesses our website.
It does not apply to Barclay Simpson staff and employees who will be issued with separate fair processing information.
For the purposes of the data protection legislation from time to time in force, Barclay Simpson is the data controller and is responsible for your personal data.
Depending on the circumstances, we may collect some or all of the information listed below to enable us to offer you employment opportunities tailored to your circumstances and interests. This may include: your name, contact numbers, email addresses, curriculum vitae, photograph, education details, employment history, links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, business Facebook or corporate website) immigration status, financial information (where we need it to carry out financial background checks or pay you), social security number and tax related information, referee details, details about your current remuneration, pensions and benefits arrangements and emergency contact details, In addition, you may choose to share other information with us that you think is relevant.
Where appropriate or necessary (and in accordance with legal requirements) we may also collect information related to your health or details of any criminal convictions (where this is required for a role that you are applying for). We may ask you to provide diversity information (on a voluntary basis) for the reasons and in the circumstances set out below.
Finally, the building in which our office is located has CCTV installed in the ground floor reception and common areas and therefore if you visit us at our premises we may collect CCTV footage.
We collect your personal data (such as name and contact details) when we receive it directly from you such as where you contact us proactively (by phone, email, in person) or where you connect with our consultants on business networking sites or through our consultant’s business development activities more generally.
We may seek more information about you from analysing online and offline media and we may be supplied with information about you by Candidates (for example when you are named as a referee).
We need a small amount of personal data to ensure our relationship with you runs smoothly such as contact details of relevant individuals at your organization so that we can communicate with you and we may need bank details so that we can pay you for the services you provide.
How do we collect personal data?
We collect information about Candidates when you register as a Candidate with Barclay Simpson by completing the registration form on our website (www.barclaysimpson.com) or by sending us your CV or by corresponding with our consultants by phone, e-mail or in person.
You may also provide us with your personal data when you use our website, subscribe to our services, participate in salary and other market surveys, attend our events, participate in discussion boards or other social media functions on our site, apply for jobs with us via a job board which then redirects you to our website and if you report a problem with our website.
We may also receive personal data about you from other sources such as referees, our Clients and from third party sources, such as LinkedIn and other job board websites, your business card and personal recommendations. For example, if you ‘like’ our page on Facebook or ‘follow’ us on Twitter we will receive your personal information from those sites and if you were referred to us through a recruitment process outsourcer (RPO) or other Supplier – they may share personal information about you with us.
We also work closely with third parties including our group companies, business partners, sub-contractors in technical, professional, payment and other services, advertising networks, analytics providers, search information providers, credit reference agencies and professional advisors. We may receive information about you from them for the purposes of our recruitment services and ancillary support services.
What information do we collect about website users?
When you visit our website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content.
How do we use your personal data and what is the legal basis for the processing?
We use Candidate data as follows:
We use Client data as follows:
We use Supplier data as follows:
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into a placement agreement with you or your organization or any other contract to provide services to you or receive services from you or your organization.
We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligations – including where you are applying for roles or are placed in a role in a regulated environment.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce a Candidate to a Client and in relation to sending third party marketing communications to you via email.
With respect to marketing – you have the right to opt out of receiving marketing from us at any time by contacting us on email@example.com. If you have previously engaged with us (for example submitting a job application or CV or registering for a vacancy to be filled) and we are marketing other recruitment related services we will take your consent as given unless or until you opt out (this is called soft opt-in consent).
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Our Legitimate Business Interests
Our legitimate interests in collecting and retaining your personal data are described below:
Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time (as set out below).
Establishing or defending legal claims
Equal opportunities monitoring
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us firstname.lastname@example.org. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Automated Decision Making or Profiling
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.
It is important to be aware that unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. All information you provide to us is stored on our secure servers in the UK. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retention of your data
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and where you are happy for us to do so. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudonymize parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so. For your information, Pseudonymized Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by sending an email to email@example.com.
Your legal rights
Under the GDPR you have the right to:
If you wish to exercise any of the rights set out above, please contact the DPR at firstname.lastname@example.org.
Barclay Simpson Associates Limited
3rd Floor, 20 Farringdon St, London EC4A 4AB
+44 (0) 207 936 2601
Instant EU GDPR Representative Ltd
+ 353 15 549 700
EU Dublin Address
INSTANT EU GDPR REPRESENTATIVE LTD 69 Esker Woods Drive, Lucan Co. Dublin Ireland
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so we encourage you to contact us in the first instance.
Approved by the Board of Directors Ian Coyle, Chairman