WEBSITE PRIVACY STATEMENT

Hardman Grey Privacy Notice

Last Updated: 07/03/2023

Introduction

This Privacy Notice applies to all data collections and other data processing of Hardman Grey Ltd. For the purposes of this Privacy Notice any references to Hardman Grey (or “us” or “we” or “our”) means Hardman Grey Ltd.

At Hardman Grey we take your privacy seriously, this Privacy Notice explains how we treat your personal data to maintain your privacy. It describes how we collect, use and process your personal data, explaining what we do with it whether we are in the process of helping you find a job, continuing our relationship with you after finding you a role, providing you with a service, receiving a service from you, using your data to ask for your assistance in relation to one of our Candidates or you are a Website Visitor.

This Privacy Notice applies to the personal data of Candidates, Clients, Contractors, Staff, Suppliers, Website Visitors and other people whom we may contact in relation to our Candidates or whom they have indicated as an emergency contact. It also applies to the emergency contacts of our Staff.

Hardman Grey Ltd reserves the right to update this Privacy Notice at any time, please review the “Last Updated” details at the top of this page to determine when this Privacy Notice was last updated. Any change to this Privacy Notice will become effective on the “Last Updated” date indicated above. Hardman Grey Ltd will make every effort to communicate any significant changes to you via email and/or by posting a notice on Hardman Grey’s Site. Your continued use of Hardman Grey Ltd’s services will be deemed as acceptance of any amended Privacy Notice.

If you are dissatisfied with any aspect of our Privacy Notice, you may have legal rights and, where relevant, we have described these as well.

How We Use Your Personal Data

Hardman Grey Ltd collect your personal data in order to facilitate the recruitment process, you are under no obligation to provide your personal data, however, if you do not provide your personal data we may not be able to provide you with certain services. We only ask for details that will genuinely help us to help you, we do not collect more information that we require to fulfil our stated purposes and will not retain it for longer than is necessary.

It is not our policy to seek sensitive personal data unless required for further recruitment purposes, legally required or reasonably necessary for an ongoing relationship with you. Sensitive data includes data concerning race or ethnic origin, physical or mental health, sexual orientation, religious beliefs, political opinion, trade union membership or criminal records and proceedings. We therefore suggest that you do not offer sensitive personal data of this nature unless specifically requested to do so. If you do provide sensitive personal data for any reason, we accept this as your consent to use such data in the ways described in this Privacy Notice.

The personal data we hold is dependent upon your relationship with us, the information below describes the personal data held, how it is collected and used, the systems it is held in, the period we hold it for, who it is shared with and the lawful basis for processing.

The information described below is in addition to any personal data we are required by law to process in any given situation.

Unless otherwise stated Hardman Grey Ltd is the Data Controller for the personal data you provide. If you have any queries about how we handle your personal data, please contact us at info@hardmangrey.co.uk

Candidates

What Personal Data We Hold

Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to offer you employment opportunities that are tailored to your interests, skill set, experience and expectations.

Name

Date of Birth

Contact Details;

Address

Telephone Number (Home)

Telephone Number (Work)

Telephone Number (Mobile)

Email Address (Personal)

Email Address (Work)

LinkedIn Profile

Job Title

Current Employer;

Remuneration

Pension

Benefits

Desired Salary/Rate

Experience

Qualifications

Avatar

Photo Identification;

Copy of Driving License

Copy of Passport

Video

Telephone Conversation Voice Recordings

Please note the above list of personal data we may collect is not exhaustive.

How We Collect Personal Data

We collect your personal data in three primary ways:

Personal data provided by you, the Candidate;

Personal data we receive from other sources; and

Personal data we collect automatically.

  1. Personal Data Provided by You
    Hardman Grey Ltd needs to know certain information about you to be able to provide a tailored service. This personal information enables us to provide you with the best opportunities and to improve your job search experience with us.There are a number of ways you can share your personal information with us. These include, but are not limited to:Entering your details on the Hardman Grey Ltd website as part of the registration process;
    Leaving a hard copy of your CV at a Hardman Grey Ltd recruitment event, job fair or office;
    Emailing your CV to a Hardman Grey Ltd consultant or being interviewed by them; or
    Applying for jobs through a job aggregator, which then redirects you to the Hardman Grey Ltd website

  2. Personal Data We Receive from Other Sources
    In addition to personal data received directly from you Hardman Grey Ltd also receives personal data about Candidates from other sources. These may include personal data received in, but not limited to, the following situations:Your referees may share personal information about you with us;
    Our Clients may share personal information about you with us;
    We may obtain personal information about you from searching for potential Candidates from third-party sources, such as LinkedIn and other job sites; and
    If you “like” our page on Facebook or “follow” us on Twitter we will receive your personal information from those sites.

  3. Personal Data We Collect Automatically
    When accessing our website or if you read or click on an email from us we may collect your data automatically, or through you providing it to us.

More information can be found here.

How We Use Personal Data

We use the personal data we hold about you to provide and personalise the services we offer, enabling them to be more relevant and useful to you. We use it in three primary ways:

Recruitment activities;

Marketing activities; and

To help us establish, exercise or defend legal claims. 

  1. Recruitment Activities
    Our main area of work is recruitment, and as a Candidate, your personal data is processed for the purposes of providing you with work-finding services. This includes, but is not limited to:Contacting you about job opportunities;
    Assessing your suitability for those job opportunities;
    Updating our databases;
    Putting you forward for job opportunities (sending your information to Clients); and
    Developing and managing our services and relationship with you.

  2. Marketing Activities
    We may, from time to time, send you information we think you may find interesting. We may wish to use your personal information for purposes including, but not limited to:The development and marketing of other products and services;
    Marketing our full range of recruitment services to you;
    Sending you details of reports, promotions, offers, networking and client events, and general information about the industry sectors which we think may be of interest to you; and
    Displaying promotional excerpts from your details on Hardman Grey Ltd’s website(s) as a success story (only where we have obtained your express consent to do so).
    We need your consent for some aspects of these activities which are not covered by our legitimate interests and, depending on the situation, we’ll ask for this via an opt-in.If you have opted out from our marketing communications, either via the unsubscribe link in the footer of marketing emails or through your website profile, it is possible that your personal data may be recaptured from public sources in an unconnected marketing campaign. While we will endeavour to ensure this does not happen there may be instances, from time to time, where it does and would appreciate your understanding in these instances.Our marketing is based on what we think will serve our Candidates best. We may use your data to show you Hardman Grey Ltd adverts and other content on other websites. If you do not want us to use your data in this way, please turn off the “Advertising Cookies” option, details of how to do so can be found in our Cookies Policy. Even with “Advertising Cookies” turned off it is still possible that you may see a Hardman Grey Ltd advert, or other content, on other websites. In this case it won’t have been targeted at you personally, but rather at an anonymous audience.

  3. To Help Us Establish, Exercise or Defend Legal Claims
    In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

How Long We Keep Your Data For (Retention)

We will keep your personal data for a period of three years after our last meaningful contact with you (or our last meaningful contact with the company or entity that supplies your services if they are provided via a third-party company or entity). Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.“Meaningful contact” means, for example, written or verbal communication between us and you or where you are actively using our online services, including, but not limited to, uploading your updated CV to our website. We also consider communication from you regarding potential roles, either written or verbal, or clicking through from, or replying to, any of our marketing emails as meaningful contact.

Who We Share Your Personal Data With

Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:

Any of our group companies;

Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;

Tax, audit, or other authorities, we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);

Third-party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);

Third-party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;

Marketing technology platforms and suppliers;

Potential employers and other recruitment agencies/organisations to increase your chances of finding employment;

Third-party partners, job boards and job aggregators where we consider this will improve the chances of finding you the right job;

Managed Service Provider (MSP) suppliers as part of our clients’ MSP programmes;

Third-parties we have retained to provide services such as reference, qualification and criminal conviction checks, to the extent that these checks are appropriate and in accordance with local laws; and If Hardman Grey Ltd merges with or is acquired by another business or company in the future (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.


Lawful Basis for Processing

Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.

Article 6(1)(f) states that Hardman Grey Ltd can process your data where “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

In simpler language this is where Hardman Grey Ltd has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.

As a Candidate we believe it is reasonable to expect us to collect and use your personal information to provide recruitment services to you, to share your personal information with prospective employers and compare your skills against our current vacancies where you have either provided us with your information directly, posted your CV information on a job board or on professional networking sites. Once it looks like you may be offered a position with a prospective employer, they may want to check any information you have provided or to confirm your qualifications, experience or references. The providing of this information to prospective employers is required to help you, and other Candidates, get the jobs you deserve and allows us to function as a profit-making recruitment business.

We think it’s reasonable to process your personal data to provide a tailored recruitment service, offering you, the Candidate, a more pleasant job search experience and ensuring you receive the most appropriate content for your job search.

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

While we don’t believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.

Contractors

What Personal Data We Hold

Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to offer you employment opportunities that are tailored to your interests, skill set, experience and expectations.

Name

Date of Birth

Bank Details

Contact Details;

Address

Telephone Number (Home)

Telephone Number (Work)

Telephone Number (Mobile)

Email Address (Personal)

Email Address (Work)

LinkedIn Profile

Job Title

Current Employer;

Remuneration

Pension

Benefits

Desired Salary/Rate

Experience

Qualifications

Avatar

Photo Identification;

Copy of Driving License

Copy of Passport

Video

Telephone Conversation Voice Recordings

Please note the above list of personal data we may collect is not exhaustive.

How We Collect Personal Data

We collect your personal data in three primary ways:

Personal data provided by you, the Contractor;

Personal data we receive from other sources; and

Personal data we collect automatically.

1. Personal Data Provided by You

Hardman Grey Ltd needs to know certain information about you to be able to provide a tailored service. This personal information enables us to provide you with the best opportunities and to improve your job search experience with us.

There are a number of ways you can share your personal information with us. These include, but are not limited to:

Entering your details on the Hardman Grey Ltd website as part of the registration process;

Leaving a hard copy of your CV at a Hardman Grey Ltd recruitment event, job fair or office;

Emailing your CV to a Hardman Grey Ltd consultant or being interviewed by them; or

Applying for jobs through a job aggregator, which then redirects you to the Hardman Grey Ltd website

2. Personal Data We Receive from Other Sources

In addition to personal data received directly from you Hardman Grey Ltd also receive personal data about Contractors from other sources. These may include personal data received in, but not limited to, the following situations:

Your referees may share personal information about you with us;

Our Clients may share personal information about you with us;

We may obtain personal information about you from searching for potential Contractors from third-party sources, such as LinkedIn and other job sites; and

If you “like” our page on Facebook or “follow” us on Twitter we will receive your personal information from those sites.

3. Personal Data We Collect Automatically

When accessing our website or if you read or click on an email from us we may collect your data automatically, or through you providing it to us.

More information can be found here.

How We Use Personal Data

We use the personal data we hold about you to provide and personalise the services we offer, enabling them to be more relevant and useful to you. We use it in three primary ways:

Recruitment activities;

Marketing activities; and

To help us establish, exercise or defend legal claims.

1. Recruitment Activities

Our main area of work is recruitment, and as a Contractor, your personal data is processed for the purposes of providing you with work-finding services. This includes, but is not limited to:

Contacting you about job opportunities;

Assessing your suitability for those job opportunities;

Updating our databases;

Putting you forward for job opportunities (sending your information to Clients); and

Developing and managing our services and relationship with you.

2. Marketing Activities

We may, from time to time, send you information we think you may find interesting. We may wish to use your personal information for purposes including, but not limited to:

The development and marketing of other products and services;

Marketing our full range of recruitment services to you;

Sending you details of reports, promotions, offers, networking and client events, and general information about the industry sectors which we think may be of interest to you; and

Displaying promotional excerpts from your details on Hardman Grey Ltd’s website(s) as a success story (only where we have obtained your express consent to do so).

We need your consent for some aspects of these activities which are not covered by our legitimate interests and, depending on the situation, we’ll ask for this via an opt-in.

If you have opted out from our marketing communications, either via the unsubscribe link in the footer of marketing emails or through your website profile, it is possible that your personal data may be recaptured from public sources in an unconnected marketing campaign. While we will endeavour to ensure this does not happen there may be instances, from time to time, where it does and would appreciate your understanding in these instances.

Our marketing is based on what we think will serve our Contractors best. We may use your data to show you Hardman Grey Ltd adverts and other content on other websites. If you do not want us to use your data in this way, please turn off the “Advertising Cookies” option, details of how to do so can be found in our Cookies Policy. Even with “Advertising Cookies” turned off it is still possible that you may see a Hardman Grey Ltd advert, or other content, on other websites. In this case it won’t have been targeted at you personally, but rather at an anonymous audience.

3. To Help Us Establish, Exercise or Defend Legal Claims

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

How Long We Keep Your Data For (Retention)

We will keep your personal data for a period of seven years after our last meaningful contact with you (or our last meaningful contact with the company or entity that supplies your services if they are provided via a third-party company or entity). Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of seven years your personal data will be kept for the period required by law.

“Meaningful contact” means, for example, written or verbal communication between us and you or where you are actively using our online services, including, but not limited to, uploading your updated CV to our website. We also consider communication from you regarding potential roles, either written or verbal, or clicking through from, or replying to, any of our marketing emails as meaningful contact.

Who We Share Your Personal Data With


Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:

Any of our group companies;

Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;

Tax, audit, or other authorities, we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);

Third-party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);

Third-party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;

Marketing technology platforms and suppliers;

Potential employers and other recruitment agencies/organisations to increase your chances of finding employment;

Third-party partners, job boards and job aggregators where we consider this will improve the chances of finding you the right job;

Managed Service Provider (MSP) suppliers as part of our clients’ MSP programmes;

Third-parties we have retained to provide services such as reference, qualification and criminal conviction checks, to the extent that these checks are appropriate and in accordance with local laws; and

If Hardman Grey Ltd merges with or is acquired by another business or company in the future (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.

Lawful Basis for Processing


Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.

Article 6(1)(f) states that Hardman Grey Ltd can process your data where “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

In simpler language this is where Hardman Grey Ltd has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.

Article 6(1) (b) states that Hardman Grey Ltd can process your data where “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.

In simpler language this is where Hardman Grey Ltd have placed you in a role as a contractor and have a contract in place with you to fulfil that role.

As a Contractor we believe it is reasonable to expect us to collect and use your personal information to provide recruitment services to you, to share your personal information with prospective employers and compare your skills against our current vacancies where you have either provided us with your information directly, posted your CV information on a job board or on professional networking sites. Once it looks like you may be offered a position with a prospective employer, they may want to check any information you have provided or to confirm your qualifications, experience or references. The providing of this information to prospective employers is required to help you, and other Contractors, get the jobs you deserve and allows us to function as a profit-making recruitment business.

We think it’s reasonable to process your personal data to provide a tailored recruitment service, offering you, the Contractor, a more pleasant job search experience and ensuring you receive the most appropriate content for your job search.

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

While we don’t believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.

Clients


What Personal Data We Hold

The data we collect about Clients is actually very limited. Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to fulfil our obligations to you as a client.

Name

Contact Details;

Address

Telephone Number (Home)

Telephone Number (Work)

Telephone Number (Mobile)

Email Address (Personal)

Email Address (Work)

LinkedIn Profile

Job Title

Current Employer

Telephone Conversation Voice Recordings

Video

Please note the above list of personal data we may collect is not exhaustive.

How We Collect Personal Data

We collection your personal data in three primary ways:

Personal data provided by you, the Client;

Personal data we receive from other sources; and

Personal data we collect automatically.

1. Personal Data Provided by You

Hardman Grey Ltd needs to know certain information about you and your business to ensure that you have the best staff for your business.

There are a number of ways you can share your personal information with us. These include, but are not limited to:

Where you contact us proactively, usually by phone or email; and/or

Where we contact you, usually by phone or email, or through our consultants’ business development activities.

2. Personal Data We Receive From Other Sources

In addition to personal data received directly from you Hardman Grey Ltd also receive personal data about Clients from other sources. These may include personal information received in, but not limited to, the following situations:

Due diligence checks;

Marketing intelligence;

Delegate lists at relevant events; and

Other third parties, for example Candidates that provide your details to act as a referee for them.

3. Personal Data We Collect Automatically

When accessing our website or if you read or click on an email from us we may collect your data automatically, or through you providing it to us.

More information can be found here.

How We Use Personal Data

We use the personal data we hold about you to provide and personalise the services we offer, enabling them to be more relevant and useful to you. We use it in three primary ways:

Recruitment activities;

Marketing activities; and

To help us establish, exercise or defend legal claims.

1. Recruitment Activities

Our main area of work is recruitment, and as a Client, your personal data is processed for the purposes of providing you with employee-finding services. This includes, but is not limited to:

Providing you with Candidates, Recruitment Process Outsourcing (RPO) services and MSP programmes;

To contact you in relation to recruitment activities;

Keeping records of our conversations and meetings, to provide targeted services to you; and

Processing your data for the purpose of targeting appropriate marketing campaigns.

2. Marketing Activities

We may, from time to time, send you information we think you may find interesting. We may wish to use your personal information for purposes including, but not limited to:

The development and marketing of other products and services;

Marketing our full range of recruitment services to you;

Sending you details of reports, promotions, offers, networking and client events, and general information about the industry sectors which we think may be of interest to you; and

Displaying promotional excerpts from your details on Hardman Grey Ltd’s website(s) as a success story (only where we have obtained your express consent to do so).

We need your consent for some aspects of these activities which are not covered by our legitimate interests and, depending on the situation, we’ll ask for this via an opt-in.

If you have opted out from our marketing communications, either via the unsubscribe link in the footer of marketing emails or through your website profile, it is possible that your personal data may be recaptured from public sources in an unconnected marketing campaign. While we will endeavour to ensure this does not happen there may be instances, from time to time, where it does and would appreciate your understanding in these instances.

Our marketing is based on what we think will serve our Clients best. We may use your data to show you Hardman Grey Ltd adverts and other content on other websites. If you do not want us to use your data in this way, please turn off the “Advertising Cookies” option, details of how to do so can be found in our Cookies Policy. Even with “Advertising Cookies” turned off it is still possible that you may see a Hardman Grey Ltd advert, or other content, on other websites. In this case it won’t have been targeted at you personally, but rather at an anonymous audience.

3. To Help Us Establish, Exercise or Defend Legal Claims

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

How Long We Keep Your Data For (Retention)

We will keep your personal data for a period of three years after our last meaningful contact with you. Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.

“Meaningful contact” means, for example, written or verbal communication between us and you or where you are actively using our online services. We also consider communication from you regarding potential roles, either written or verbal, or clicking through from, or replying to, any of our marketing emails as meaningful contact.

Who We Share Your Personal Data With

Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:

Any of our group companies;

Tax, audit, or other authorities, we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);

Third-party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);

Third-party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;

Marketing technology platforms and suppliers; and

If Hardman Grey Ltd merges with or is acquired by another business or company in the future (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.

Lawful Basis for Processing

Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.

Article 6(1)(f) states that Hardman Grey Ltd can process your data where “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

In simpler language this is where Hardman Grey Ltd has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.

As a Client we believe it is reasonable to expect us to collect and use your personal information to provide the best recruitment services to you.

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

While we don’t believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.

Website Visitor

What Personal Data We Hold

Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to fulfil our obligations to you as a website visitor.

Technical Information;

IP Addresses;

Information about what types of device you use to connect to our website; and

How you interact with our website.

Please note the above list of personal data we may collect is not exhaustive.

How We Collect Personal Data

We collect your personal data when you browse our website. We also collect personal information when you contact us via the website, for example by completing the contact us form.

We collect the data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please click here.

How We Use Personal Data

We use the personal data we hold about you to monitor and improve the website experience for website visitors.

How Long We Keep Your Data For (Retention)

We will keep your personal data for a period of three years after you visit our website. Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.

Who We Share Your Personal Data With

Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:

Any of our group companies;

Tax, audit, or other authorities, we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);

Third-party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);

Third-party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;

Marketing technology platforms and suppliers;

If Hardman Grey Ltd merges with or is acquired by another business or company in the future (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.

Lawful Basis for Processing

Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.

Article 6(1)(f) states that Hardman Grey Ltd can process your data where “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

In simpler language this is where Hardman Grey Ltd has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.

As a Website Visitor we believe it is reasonable to expect us to collect and use your personal information to provide a positive browsing experience.

In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.

While we don’t believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.

Your Rights

The General Data Protection Regulation (GDPR) provides the following rights for individuals:

The right to be informed;

The right of access;

The right to rectification;

The right to erasure (to be forgotten);

The right to restrict processing;

The right to data portability;

The right to object;

Rights in relation to automated decision making and profiling; and

The right to withdraw consent.

1. The Right to Be Informed

Individuals have the right to be informed about the collection and use of their personal data in a concise, transparent, intelligible and easily accessible way that uses clear and plain language. This Privacy Notice serves to provide this information.

Where personal data is obtained from third-party sources we will endeavour to inform the individual of this privacy information in a timely manner and no later than one month after receiving the data.

2. The Right of Access

Under the GDPR, individuals have the right to obtain:

Confirmation that their data is being processed;

Access to their personal data; and

Other supplementary information.

This right of access has been provided to allow individuals to access their personal information, so they are aware of and can verify the lawfulness of the processing.

To find out if we hold any of your personal information, and what data we hold, a Subject Access Request (SAR) can be submitted.

If we do hold your personal information we will:

Provide a description of it;

Explain why we are holding it;

Explain who it could be disclosed to; and

Let you have a copy of the information in an intelligible form.

Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.

3. The Right to Rectification

Individuals have the right to request that any inaccurate personal data is rectified or completed if it is incomplete. Personal data is considered to be inaccurate if “it is incorrect or misleading as to a matter of fact”. This request can be made either verbally or in writing.

When a request for rectification is received we will take reasonable steps to confirm the identity of the individual making the request and to satisfy ourselves that the data provided is accurate and that rectification of the data is required. When considering the accuracy of the data you have the right to restrict the processing of your personal data until its accuracy has been established. Details of this right can be found here.

When we are satisfied of the accuracy of the new data we will update it within our systems. If we have shared the inaccurate personal data with third-parties, we will notify them of the rectification unless this is impossible or involves disproportionate effort.

We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.

We retain the right to refuse to comply with a request for rectification if the request is “manifestly unfounded or excessive”. Alternatively, we may request a “reasonable fee” to deal with requests considered to be “manifestly unfounded or excessive”.

Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:

The reasons why action is not being taken;

Their right to make a complaint to the ICO or another supervisory authority; and

Their right to seek to enforce this right through a judicial remedy.

This information will also be provided if we request a “reasonable fee” to comply with the request.

4. The Right to Erasure (To Be Forgotten)

Individuals have the right to request that their personal data is erased from our systems, this right is not absolute and only applies in certain circumstances. Normally, the information must meet one of the following criteria:

The personal data is no longer necessary for the purpose for which we originally collected and/or processed it;

Where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;

The data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);

It is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or

If we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

The right to erasure does not apply if processing is necessary for one of the following reasons:

To exercise the right of freedom of expression and information;

To comply with a legal obligation;

For the performance of a task carried out in the public interest or in the exercise of official authority;

For archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or

For the establishment, exercise or defence of legal claims.

When a request for erasure is received we will take reasonable steps to confirm the identity of the individual making the request. Once proof of identity has been obtained we will take all reasonably practicable steps to delete the relevant data and inform other organisations of the erasure if the personal data has been disclosed to others.

We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.

We retain the right to refuse to comply with a request for erasure if the request is “manifestly unfounded or excessive”. Alternatively, we may request a “reasonable fee” to deal with requests considered to be “manifestly unfounded or excessive”.

Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:

The reasons why action is not being taken;

Their right to make a complaint to the ICO or another supervisory authority; and

Their right to seek to enforce this right through a judicial remedy.

This information will also be provided if we request a “reasonable fee” to comply with the request.

5. The Right to Restrict Processing

Individuals have the right to request that we restrict our processing of their personal information, this right is not absolute and only applies in certain circumstances. This means that we can continue to store your personal information but the ways in which we can use your information is limited. This is an alternative to requesting the erasure of your data.

You are entitled to request that we restrict the processing of your personal information where:

You contest the accuracy of your personal information and we are verifying the accuracy of the data;

The data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);

Where we no longer need your personal information, but you need the data to establish, exercise or defend a legal claim; or

You have objected to the processing of your personal information and we are considering whether our legitimate grounds override yours.

If we have shared your personal information with third-parties, we will notify them of the request to restrict processing unless this is “impossible or involves disproportionate effort”.

We will notify you before lifting any restriction on processing your personal information.

We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.

We retain the right to refuse to comply with a request to restrict processing if the request is “manifestly unfounded or excessive”. Alternatively, we may request a “reasonable fee” to deal with requests considered to be “manifestly unfounded or excessive”.

Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:

The reasons why action is not being taken;

Their right to make a complaint to the ICO or another supervisory authority; and

Their right to seek to enforce this right through a judicial remedy.

This information will also be provided if we request a “reasonable fee” to comply with the request.

6. The Right to Data Portability

Individuals have the right to obtain and reuse the personal information for their own purposes across different services. In effect, this means you are able to transfer your personal information held by Hardman Grey Ltd between Data Controllers. To enable this transfer, we will provide you with your information in a structured, commonly used and machine readable format that is password-protected so that you can transfer the data to another Data Controller. The personal information provided will be restricted to the personal information you have provided to us.

The right to data portability applies when:

Our lawful basis for processing your personal information is consent or for the performance of a contract; and

We are carrying out the processing by automated means (i.e. without any human intervention).

We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.

We retain the right to refuse to comply with a request to restrict processing if the request is “manifestly unfounded or excessive”. Alternatively, we may request a “reasonable fee” to deal with requests considered to be “manifestly unfounded or excessive”.

Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:

The reasons why action is not being taken;

Their right to make a complaint to the ICO or another supervisory authority; and

Their right to seek to enforce this right through a judicial remedy.

This information will also be provided if we request a “reasonable fee” to comply with the request.

7. The Right to Object

Individuals have the right to object to:

Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);

Direct marketing (including profiling); and

Processing for purposes of scientific/historical research and statistics.

To be able to exercise this right you must have “grounds relating to his or her particular situation”.

If your objection relates to us processing your personal information because we deem it necessary for our legitimate interests, we must act on your objection by ceasing the activity in question unless:

We can show that we have compelling legitimate grounds for processing which overrides your interests; or

We are processing your data for the establishment, exercise or defence of a legal claim.

If your objection relates to direct marketing, we must act on your objection by ceasing this activity.

8. Rights in Relation to Automated Decision Making and Profiling

Individuals have additional rights with the fully automated decision making process, including profiling with legal or similarly significant effects restricted. This restriction only applies to fully automated individual decision making where there is no human involvement.

This restriction is lifted if one of the following three conditions apply:

It is necessary for the entry into or performance of a contract;

It is authorised by Union or Member state law applicable to the controller; or

Based on the individual’s explicit consent.

The Right to Withdraw Consent

Individuals have the right to withdraw previously given consent at any time, for example where consent has been given for direct marketing.

When consent is withdrawn we will cease to carry out the activity for which consent has been withdrawn unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose. Where we consider this to be the case we will inform you of this condition and the alternative reasons.

Details of how to get in touch about these rights can be found here. We endeavour to deal with any requests without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). We may keep a record of your communications to help us resolve any issues which you raise.

Where our lawful basis for processing your personal data is consent, you have the right to withdraw your consent at any time by contacting us.

If you withdraw consent, where consent is the legal basis for processing, we will cease to process your personal data for the activity which consent has been withdrawn unless we still need to process your data for legal or official reasons. If this is the case, we will inform you and will restrict the data to only what is necessary for the purpose of meeting those specific reasons.

If you believe that any of your data that we process is incorrect or incomplete, please contact us using the details above and we will take reasonable steps to check its accuracy and correct it where necessary.

Subject Access Requests

Individuals can raise a Subject Access Request (SAR) to exercise one or more of their rights, listed in the Your Rights section of this Privacy Notice. As part of any request you will be required to provide proof of your identity before the request is processed. Your request will be processed within one month of receipt of both your request and proof of identity, except in circumstances where requests are complex or numerous.

If a request is considered complex or numerous we may extend the period of compliance by a further two months, notification of this will be provided within one month of receipt of the request along with details of why the extension is necessary.

Subject Access Requests will be processed free of charge except where the request is deemed “manifestly unfounded or excessive”. Where this is the case a “reasonable fee” may be charged. A “reasonable fee” may also be charged to comply with requests for additional copies of the same information, this fee will cover the administrative costs involved in providing the information.

Where we consider a request to be “manifestly unfounded or excessive” we may refuse to respond to the request. If we refuse to respond we will provide details of why this decision has been made along with details of your right to complain to the supervisory authority (the ICO) and to a judicial remedy.

Safeguarding Your Data

We are committed to taking all reasonable steps by means of “appropriate technical and organisational measures” to safeguard the personal information we hold from misuse, loss or unauthorised access. These include measures to deal with any suspected data breach.

We secure the personal information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information is collected on our website and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

If you suspect any misuse, loss or unauthorised access to your personal information please let us know immediately. Details of how to contact us can be found here.

ICO Registration

Hardman Grey Ltd is registered with the ICO (Information Commissioner’s Office), details of our registration are available at https://ico.org.uk/ESDWebPages/Entry/Z9043389.

Cookies Policy

Cookies are small text files that are placed on your computer, smartphone or tablet by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies are used by nearly all websites and do not harm your system.

You can read more about how we use cookies on our Cookies Policy page.

Third-Parties

Hardman Grey Ltd may use third-parties to perform services in connection with our operations, to improve our website and our services, products and features, and to protect our users. These third-parties may include (but are not limited to) service providers and vendors.

Any sharing of personal information with a third-party will be done under contract with the third-party obliged to keep the data secure. The third-party will only use the information to fulfil the service(s) they provide and will delete all personal information when it is no longer needed to fulfil that service.

A list of the third-parties with whom personal data may be shared can be found here.

Links to Other Websites

Our website contains links to other websites. Please be aware that we are not responsible for the privacy practices of those other websites. When you leave our website, we encourage you to read the privacy notices of each and every website.

How to Contact Us

You can contact us by email, telephone or in writing:

Email: Khizer.pervez@hardmangrey.co.uk

Telephone: 0191 5357128


Address:

GDPR Manager

Hardman Grey Ltd

1 Marwell Drive

Washington

NE37 3LH


Glossary of Terms

Candidate – This category includes applicants for all roles advertised or promoted by Hardman Grey Ltd including permanent, temporary and interim positions with Hardman Grey Ltd’s Clients; as well as people who have supplied a speculative CV to Hardman Grey Ltd not in relation to a specific job. Employees of suppliers or other third-parties put forward for roles with Hardman Grey Ltd will be treated as candidates for the purposes of this privacy notice.

Client – This category includes our customers, clients and others to whom Hardman Grey Ltd provides services in the course of its business.

Contractor – This category includes Candidates who have been placed into a position by Hardman Grey Ltd.

Data Controller – A data controller determines the purposes and means of processing personal data.

Data Processor – A data processor is responsible for processing personal data on behalf of a controller.

General Data Protection Regulation (GDPR) – A European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.

Managed Service Provider (MSP) – Clients’ outsourcing of the management of external staff (including freelance workers, independent contractors and temporary employees) to an external recruitment provider.

Other People Whom Hardman Grey Ltd May Contact – This category may include Candidates’ and Hardman Grey Ltd’s Staff emergency contacts and referees. We will only contact them in appropriate circumstances.

Personal Data/Personal Information – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online


INFORMATION SECURITY AND DATA PROTECTION POLICY

As a recruitment company Hardman Grey processes personal data in relation to its own staff, candidates and individual client contacts. It is vitally important that we abide by the principles of the Data Protection Act 1998 set out below.

Hardman Grey holds data on individuals for the following general purposes:

  • Staff Administration

  • Advertising, marketing and public relations

  • Accounts and records

  • Administration and processing of candidate personal data for the purposes of work-finding services

The Data Protection Act 1998 requires Hardman Grey as data controller to process data in accordance with the principles of data protection. These require that data shall be:

  1. Fairly and lawfully processed

  2. Processed for limited purposes

  3. Adequate, relevant and not excessive

  4. Accurate

  5. Not kept longer than necessary

  6. Processed in accordance with the data subjects rights 7. Kept securely 8. Not transferred to countries outside the European Economic Area without adequate protection.

Personal data means data, which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of, or is likely to come into possession of, Hardman Grey.

Processing means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organising, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data. It is difficult to envisage any activity involving data, which does not amount to processing. It applies to any processing that is carried out on computer including any type of computer however described, main frame, desktop, laptop, palm top etc.

Data should be reviewed on a regular basis to ensure that it is accurate, relevant and up to date and those people listed in the appendix shall be responsible for doing this.

Data may only be processed with the consent of the person whose data is held. Therefore if they have not consented to their personal details being passed to a third party this may constitute a breach of the Data Protection Act 1998.

By instructing Hardman Grey to look for work and providing us with personal data contained in a CV work-seekers will be giving their consent to processing their details for work-finding purposes. If you intend to use their data for any other purpose you must obtain their specific consent.

However caution should be exercised before forwarding personal details of any of the individuals on which data is held to any third party such as past, current or prospective employers; suppliers; customers and clients; persons making an enquiry or complaint and any other third party.

As a recruitment business we are bound by Regulation 28 of the Conduct of Employment Agencies and Employment Businesses Regulations 2003 to obtain the prior consent of an individual before disclosing any information relating to them other than for the purposes of finding them work, or in relation to legal proceedings or to a professional body of which they are a member. Prior written consent must be obtained before disclosing any information relating to an individual work-seeker to their current employer.

Data in respect of the following is “sensitive personal data” and any information held on any of these matters MUST not be passed on to any third party without the express written consent of the individual:

Any offence committed or alleged to be committed by them

  • Proceedings in relation to any offence and any sentence passed

  • Physical or mental health or condition

  • Racial or ethnic origins

  • Sexual life

  • Political opinions

  • Religious beliefs or beliefs of a similar nature

  • Whether someone is a member of a trade union

From a security point of view, only those staff listed in the appendix should be permitted to add, amend or delete data from the database. However all staff are responsible for notifying those listed where information is known to be old, inaccurate or out of date. In addition all employees should ensure

that adequate security measures are in place. For example:

  • Computer screens should not be left open by individuals who have access to personal data

  • Passwords should not be disclosed

  • Email should be used with care

  • Personnel files and other personal data should be stored in a place in which any unauthorised attempts to access them will be noticed. They should not be removed from their usual place of storage without good reason.

  • Personnel files should always be locked away when not in use and when in use should not be left unattended

  • Any breaches of security should be reported to the Information Security Manager and may be treated as a disciplinary issue.

  • Care should be taken when sending personal data in internal or external mail

  • Destroying or disposing of personal data counts as processing. Therefore care should be taken in the disposal of any personal data to ensure that it is appropriate. For example, it would have been more appropriate to shred sensitive data than merely to dispose of it in the dustbin.

It should be remembered that the incorrect processing of personal data e.g. sending an individual’s details to the wrong person; allowing unauthorised persons access to personal data; or sending information out for purposes for which the individual did not give their consent, may give rise to a breach of contract and/or negligence leading to a claim against Hardman Grey for damages from an employee, work-seeker or client contact. A failure to observe the contents of this policy will be treated as a disciplinary offence.

Data subjects, i.e. those on whom personal data is held, are entitled to obtain access to their data on request and after payment of a fee. All requests to access data by data subjects i.e. staff, members, customers or clients, suppliers, students etc should be referred to the Managing Director whose details are also listed on the appendix to this policy.

Any requests for access to a reference given by a third party must be referred to your line manager and should be treated with caution even if the reference was given in relation to the individual making the request. This is because the person writing the reference also has a right to have their personal details handled in accordance with the Data Protection Act 1998, and not disclosed without their consent. Therefore when taking up references an individual should always be asked to give their consent to the disclosure of the reference to a third party and/or the individual who is the subject of the reference if they make a subject access request. However if they do not consent then consideration should be given as to whether the details of the individual giving the reference can be deleted so that they cannot be identified from the content of the letter. If so the reference may be disclosed in an anonymous form.

Finally it should be remembered that all individuals have the following rights under the Human Rights Act 1998 and in dealing with personal data these should be respected at all times:

  • Right to respect for private and family life [Article 8]

  • Freedom of thought, conscience and religion [Article 9]

  • Freedom of expression [Article 10]

  • Freedom of assembly and association [Article 11]

  • Freedom from discrimination [Article 14]

APPENDIX

Mr Khizer Pervez – Director

Mr Ali Pervez – Senior Consultant