This policy is effective from March 2018.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
Write to: c/o Samuel Martin, 19 London Limited, 48 Charlotte Street, London, W1T 2NS
Our lawful basis to process your personal data
We use your data to pursue our legitimate interests in a way which is reasonably expected as part of running our recruitment business and recruitment service to you, which does not materially impact your rights, freedom or interests.
Candidates – we will use your personal data within your CV and your online profile on our website 19london.com (if you have made one) to match you to suitable roles and opportunities as part of our service to you
Clients – we will use your personal data to contact you with suitable candidates as part of our service to you
Partners and Suppliers – we will use your personal data to contact you in order to liaise with each other as part of our service to you
We have implemented controls to balance our interests with your rights.
Improving our services, for example by:
Contacting you via email to offer you information about a change to our policies/terms/services or providing information about forthcoming industry events and news, or changes to industry legislation e.g.
Forwarding information about training courses, sending you updates about the services we provide and to poll your opinions through surveys or questionnaires
When do we collect your personal data?
- When you register with us via our website
- When you contact us via our website
- When you contact us directly via email
- When you engage with us on social media
- When you contact us by any means with queries, correspondence, feedback etc.
- When you choose to complete any surveys that we send you
- When you complete any forms, for example, our Registration Form or Terms of Business
- When you’ve given a third-party permission to share with us the information they hold
- When we collect data from publicly available sources when you have given your consent to
- information or where the information is made public as a matter of law
What sort of personal data do we collect?
All information found on your CV: name, date of birth, address, email and contact numbers, qualifications, work experience, current work details and experience including job title and previous roles
Other information relevant to job applications and experience e.g. taken from certificates which provide proof of qualifications
Demographic information such as preferences and interests
Information stated on DBS certificates (the Disclosure and Barring Service which helps employers
make safer recruitment decisions – it has replaced the CRB and SA) as some of our clients ask for DBS checks to be provided
Information stated on medical certification e.g. ENGI
Information from documents to provide proof of identity e.g. passport. This will include details of your full name, address, date of birth, your place of birth, gender, nationality and facial image
Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback
Clients and Partners and Suppliers
Address, email and contact numbers
MLC certification details
Emergency 24/7 contact numbers
Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback
Why do we use your personal data?
We require this information due to our legitimate interest in providing you with the best service and to understand your needs, in particular for the following reasons:
To match you to suitable roles and opportunities
To contact you with suitable candidates
For internal record keeping
To improve our services
To periodically send you emails or other information which we think you may find interesting
To contact you, from time to time, for market research purposes
For security and qualification screening
To respond to your queries and correspondence (we may keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout)
To display the most interesting content to you on our website by placing cookies or similar technology on your device
To comply with our contractual or legal obligations to share data with law enforcement
To send you survey and feedback requests to help improve our services
If you choose not to share your personal data with us, or refuse certain contact permissions, we will not be able to provide the service you’ve asked for.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to user needs We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites via our website
How do we protect your personal data?
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. In addition, we limit access to your personal data to those employees, clients, partners and service providers who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected
How long we retain your data can vary based on context of the service we provide you and our legal obligations.
The following factors influence retention periods:
How long is the personal information needed to provide our services? This includes such things as maintaining and improving the performance of our service, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most of our data retention periods.
Is the personal information sensitive? If so, a shortened retention time is generally appropriate.
Have you provided consent for a longer retention period? If so, we will retain data in accordance with your consent.
Are we subject to a legal, contractual/ or similar obligation to retain your personal information?
Examples can include mandatory data retention laws, government orders to preserve data relevant to an investigation, or personal information retained for the purposes of litigation.
At the end of a retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Who do we share your personal data with?
We share your personal data with trusted service providers and or clients. For example, we will send candidate details to our clients when assisting to fill a vacancy.
Here’s the policy we apply to those clients and service providers to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
Sharing your data with third parties for their own purposes, we will only do this in very specific circumstances:
When required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our candidates, clients and partners into consideration.
We may, from time to time, expand, reduce or sell the Company and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant/be transferred to the new owner or controlling party, under the terms of this Privacy Notice and with your consent if another recruitment agent is seeking a candidate to fill one of their vacancies, we will seek your consent first.
Examples of the kind of service providers we work with to help store, process, manage and protect your data are:
- Hello Sign
- Stopfords Accountants
- Red 13 Digital Web Hosting
- Recruit So Simple Database
Where your personal data may be processed – International Transfers
Sometimes we will need to share your personal data with service providers and clients outside the European Economic Area (EEA) for example:
We may put your details forward for a vacancy within an international office/corporation, or a private household overseas or if you are a yacht crew candidate, then aboard a non-EU flagged vessel
All – we may transfer personal data that we collect from you to non-EU service providers/data processors to store and manage your data e.g. Google Drive (cloud storage)
Protecting your data outside the EEA
(The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway)
We ensure your data receives the same protection as if it were being processed inside the EEA. For example, their Terms and Conditions must state that they comply with the GDPR regulations at all times.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
What are your rights over your personal data?
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- Your right to withdraw consent. Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
You can contact us to request to exercise any of these rights at any time as follows:
If we choose not to action your request, we will explain to you the reasons for our refusal.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling
0303 123 1113
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)
If you are based outside the United Kingdom, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
For all non-UK customers:
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
Sometimes we’ll need to transfer your personal data between countries to enable us to provide the services you’ve requested In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure o your personal data outside your country of residence for our ordinary business purposes
This may occur because our information technology storage facilities and servers are located outside your country of residence and could include storage of your personal data on servers in the UK
We’ll ensure that any third parties process your personal data only in accordance with their legitimate interests. These third parties may be subject to different laws from those which apply in your country of residence. Please note that we do not take active steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.
If you have any questions that haven’t been covered, please contact us and we will be pleased to help you.
Please email: email@example.com
Or write to us at:
19 London Limited,
48 Charlotte Street, London, W1T 2NS