“What is GDPR?”
GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It ensures that we put in place appropriate technical and organisational measures to protect your personal data when it is processed. Data processing includes collecting, saving, using, deleting, or sharing your personal data.
“What data do you collect?”
To fulfil our service to you, we may collect personal data which includes:
- Assessment results, e.g. cognitive, numeracy, psychometric
- Bank details (if you are supplied as a contractor via Nicholson Glover)
- Contact information, e.g. email address, phone number
- Demographic information, e.g. location, salary
- Education records
- Employment history
- Identification e.g. national insurance number, passport
- Interview notes
- Name and job title
“How do you collect my data?”
We will process the personal data that you give us consent to use, as well as your publicly available data. This data may be attained:
- Directly from you, e.g. by email or over the phone
- Via job applications and job boards, e.g. Indeed
- From our website, e.g. cookies (see below), registrations
- On social media sites and other websites, e.g. LinkedIn
“What are cookies and why do you use them?”
A cookie is a small file that asks for permission to be placed on your computer’s hard drive. Once you agree and the file is added, it logs web traffic and monitors you when you visit a website. Cookies allow web applications to respond to you personally by tailoring their operations to suit your needs, likes, and dislikes, by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This enables us to analyse data about web page traffic, to monitor which pages you find useful and which you do not so that we can improve our website and enhance your experience. A cookie does not give us access to your computer or any information about you, other than the data you choose to share with us. Once we have used cookies for analysis, we remove the data from our systems.
“Why do you need my data?”
We collect your personal data to understand your needs and provide you with a better service, as well as to undertake other business activities. Specifically, we may process your personal data to:
- Improve products and services
- Keep internal records up to date
- Market and promote information about our services that may interest to you
- Personalise our website according to your preferences
- Submit a job application to our clients on your behalf (explicit consent is sought on each application)
- Undertake business administration, e.g. financial and HR processing
We will not share or disclose any of your personal data externally without your consent, other than where there is a legal requirement to do so. You are not required to provide your personal data to us. However, as we require this data to provide a service to you, we will not be able to offer you our service without it.
“Where is my data processed?”
Your personal data may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction. In this instance, the data protection laws may differ from those in your jurisdiction. If you are located outside the United Kingdom and choose to provide personal data to us, please note that we will transfer the data to the United Kingdom and process it there.
We work with 3rd party suppliers who will process your personal data on our behalf. For example, these include job boards, CRM, and cloud storage providers. We require all our 3rd party suppliers to comply with GDPR, to limit the processing of your personal data, and to evidence it.
“Is my data safe?”
To protect you and your personal data from unauthorised access, alteration, disclosure, or destruction, we have put in place suitable physical, electronic, and managerial procedures. We have several layers of security, including:
- Firewalls and current market antivirus/malware
- IT authentication
- Restricted access IT systems
“How long will you keep my data for?”
We will only retain your personal data for as long as it is necessary, and in line with our information control and retention policy. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years. After such time, it will be destroyed or redacted in line with our retention policy, which is available upon request from our Data Processing Officer.
Where you have consented to us using your personal data for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
“Can I see what data you hold about me?”
You can request details of your personal data which we hold under the Data Protection Act 1998. If you would like a copy of your personal data that we hold, please write to us at Nicholson Glover Associates Ltd, Unit 2, The Village, Guards Avenue, Caterham On the Hill, Surrey, CR3 5XL. A small administration fee will be payable.
You have the right to access any personal data that we process about you, about:
- The type of personal data we process
- The purpose(s) of the processing
- The recipients to whom the personal data has/will be disclosed
- If we did not collect the data directly from you, information about the source
- How long we intend to retain your personal data for
If you believe we hold incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information. We will strive to do this within 4 weeks unless there is a valid reason for not doing so, at which point you will be notified.
“How can I stop you from processing my personal data?”
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. You may, however, choose to restrict the collection or use of your personal data by writing to or emailing us at DPO@nicholsonglover.co.uk.
You have the right to request the deletion of your personal data or to restrict processing (where applicable) under the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use. You are not required to provide your personal data to us. However, as we require this data to provide a service to you, we will not be able to offer you our service without it.
At the first point of contact, we will request your consent to process your data in line with this policy. Should you wish to withdraw consent from us processing your data for one or more of the activities stated within this policy, we will do so within 5 working days.
“How do I make a complaint?”
We have a Complaint Handling Policy and procedure in place to comply with GDPR. Should you wish to request our Complaint Handling Policy, it will be provided by email within 48 hours. All complaints regarding data protection should be submitted to our Data Protection Officer (DPO), who can be contacted via email (DPO@nicholsonglover.co.uk), or phone (+44 207 223 1440). We ask that you raise any complaint as soon as possible.
Nicholson Glover Associates Ltd. is registered with the Information Commissioners Office (ICO). You have the right to complain with the ICO where you believe that the processing of your personal data infringes GDPR and/or if you believe that we have breached data protection law.