This notice sets out how, why and the way that Arthur Edward (“We”, “Our” and “Us”) will collect and use information about you. It also sets out how we process the information about you and the circumstances in which we may disclose it to other entities. We shall do so in a way that is consistent with Our responsibilities and your rights under relevant privacy law. Please read it carefully.
Who we are
We are an exclusive search and selection recruitment agency operating in the Cosmetics, Toiletries, Perfume and Personal Care Industries.
We regard the lawful and correct treatment of personal data as critical and integral to the way We work, and to maintain the confidence of those with whom We deal and Our reputation in the industry.
We (Arthur Edward Associates Limited) is a private limited company incorporated in England & Wales under Company Number 4503542.
We are committed to complying with the Data Protection Act 2018 and the EU General Data Protection Regulation (“GDPR”) for the purposes of data protection and privacy.
As a person of interest either as a potential client, candidate or associate, We take your privacy and the protection of your personal data very seriously.
If you do not formally provide consent, We will be legally obliged to remove you from Our database and shall no longer able to do business with you, inform you of industry events, activities and opportunities.
Information we may collect from you
Regarding that information which we may collect from you, We use the GDPR definition of personal data. This is defined as:– “ any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Specifically, We may collect and process the following data about you:
- your contact details,
- your employment and education history.
In addition, We will hold records of communications between you, Us, clients and referees.
The information We hold is obtained from information you send to Us, for example CVs, information obtained from the internet for example and not by way of limitation, LinkedIn or networking contacts.
Why we hold your Data
We will hold your personal data to help guide you in your business and career. We will only make your personal information available to the organisations We are working with, once We have spoken to you and only with your permission.
We will hold your data for the connected period, we will not hold your data if you choose not to connect or remove connection with us later.
We may also contact you from time to time with marketing information, requests to take part in surveys and industry specific information or requests for your assistance to put us in touch with other potential contacts.
Under the terms of the Data Protection Act 2018 and the GDPR, We are registered as a “data controller” with the UK Information Commissioner’s Office. Details of Our registration may be found at www.ico.org.uk/ESDWebPages/Entry/ZA191317.
The GDPR gives you certain rights in relation to the privacy of your personal information. We have summarised these particular rights below.
If you make any request to us in respect of any of the rights that you have under GDPR, We shall endeavour to respond to your request as quickly as possible but in any event within 1 (one) month of receipt of your request. We are allowed to extend this time period by up to 2 (two) months if your request is particularly complicated or time consuming.
A) The Right of Access
“Subject Access Requests” allow you to obtain a copy of all of the information that We hold about you. You have the right to ask Us to provide you with this information free of charge. However, should your request be deemed to be manifestly excessive, unfounded or repetitive, then We are permitted to charge you a reasonable fee (varied by Us from time to time) for providing you with the information requested. In such circumstances, We may as an alternative, refuse to comply with your request. If We do decide to refuse your request, We shall let you know the reasons for Us doing so. In the event that We do decide to refuse your request, you have the right to appeal Our decision through the UK Information Commissioner’s Office. For further information visit www.ico.org.uk.
Subject access requests must be sent to the Data Controller.
B) The Right to Rectification
You are entitled to have the information that we hold about you rectified if it is inaccurate or incomplete. If you believe that the personal information that We hold about you is inaccurate, incomplete or that it is out of date, please contact the Data Controller.
Where applicable, We shall also inform third parties that your personal information has been updated so that they might update their records too.
C) The Right to Erasure
You have the right to request that We delete all the personal information that We hold about you where We have no compelling reason for its continued processing. This right to erasure (or “right to be forgotten” as it is sometimes known) will apply:
- Where retention of the data is no longer necessary for the purposes that it was originally collected or processed; or
- Where you have withdrawn consent; or
- Where you object to us processing the data and there is no overriding legitimate interest for us to continue to do so; or
- When the personal data has to be erased for us to comply with a legal obligation; or
- When the data has been unlawfully processed.
This right shall not apply:-
- Where We are exercising the right of freedom of expression and information; or
- Where We are complying with a legal obligation; or
- Where We are archiving data in the public interest, for scientific research or for statistical purposes; or
- When We need the data to exercise or defend a legal claim.
Erasure requests can be oral or in writing. Please ensure that written erasure requests are sent to the Data Controller. Oral requests can be made to the Data Controller.
D) The Right to Restrict Processing
You can request that we restrict the processing of your information. This means that you may have contacted us to exercise one of your other rights under the GDPR and until such other request is dealt with, We will suspend the processing of your data, although We will still hold it. If We have passed your data to a third party, We will also inform them that they must restrict the processing of your data. Your right to restrict processing will apply:-
- Where you contest the accuracy of the information that We hold about you and you request that we restrict processing while We investigate
- You have told us that you object to Us processing your personal data, but We believe that processing is in the performance of Our legitimate interests and that these are legitimate grounds to override your interest
- Where you believe that processing is unlawful and you request restriction instead of deletion
- Where We no longer need that data, but you require the data stored in order to pursue a legal claim
Please send requests for us to restrict processing to Our Data Controller.
E) The Right to Data Portability
You have the right to request that the personal information that We hold on you be supplied to you in a portable format. This will allow you to take your information from Our IT environment to another IT environment. We shall supply your personal data in a commonly used, machine readable format.
Portable data requests may be sent to the Data Controller.
F) The Right to Object
You have the right to object to your personal information being processed by Us. This means:
- If you object to Us processing your data for marketing purposes, let Us know and We will stop sending you marketing material
- If you object to Us processing your data at all, let Us know and We will completely remove your personal information from Our system
Objection requests must be sent to the Data Controller.
Privacy Notice – UK Website
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies and other such software on Our website contain information that is transferred to your computer’s hard drive. They help us to improve the website and to deliver a better and more personalised service. This includes, but is not limited to:
- your IP address;
- your operating system;
- your browser type;
- the name of your internet service provider;
- the date, time and duration of your visit; and
- the name and URL of pages you access.
The purpose of this is for system administration.
The website may, from time to time, contain links to and from the websites of Our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Where We Store Your Personal Data
The personal information that We collect from you may be transferred to, and stored at, a destination outside the European Union (“EU”). By submitting your personal information, you agree to the transfer, storage and processing of it. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR.
We use physical, technological and administrative safeguards to protect your personal information against loss, misuse or alteration. All your personal information is stored securely and may only be accessed by employees with a legitimate business need to access the information. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted to the website. Any transmission is at your own risk.
Direct Marketing Communications
We may use your data to enable us to send you post and emails with information about services that We believe may be of interest to you.
You have the right to withdraw from or amend the receipt of direct marketing communications. If you wish to do so, please contact Our Data Controller.
We may contact you from time to time by telephone, email or SMS to ask you to complete surveys and feedback forms. We do this in order to improve Our customer service and the services that We offer.
Disclosure of Your Information
We may disclose your personal information to third parties:
- In the event that We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets;
- If substantially all of the assets of Arthur Edward Associates Ltd are acquired by a third party, in which case personal data held by Us will be one of the transferred assets; and
- If We are under a duty to disclose or share your personal data in order to comply with any legal obligation.
In addition to the information that We share in order to comply with Our legal obligations, We also may share or disclose the information:
- To third parties that process data on Our behalf
- To any other party with your prior consent
We may also exchange your information with other companies and organisations for the purposes of fraud protection. Where false information or fraud is suspected, We may pass this information to fraud prevention and law enforcement agencies.
Retention of Data
We retain your information for 10 (ten) years. This enables us to maintain an ongoing relationship with you.
OUR CONSENT TOOL
Gated Talent is an automatic data processing tool, which We use to manage data protection communications. Gated Talent communicates with Our secure database, but DOES NOT have access to your data, unless you decide to register independently with them.
Registering with Gated Talent is not necessary for you to manage your relationship with Us.
In the event that personal information that you have supplied to Us is compromised, We shall without delay notify you and the UK Information Commissioner’s Office.
Changes to This Privacy Notice
We review this notice at least annually or after any significant change to Our service, website, processes, systems or because of government regulations. Any changes We may make to Our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail.
Date of Next Review: 1st June 2021
The Data Controller
Our Data Controller may be contacted in writing at:
2 Highgrove Place
By email at email@example.com
By telephone on 0207 052 1038
The Data Protection Officer
Our Data Protection Officer may be contacted in writing at:
2 Highgrove Place
By email at firstname.lastname@example.org
By telephone on 0207 052 1038
If you have a complaint relating to Our data protection or data privacy, then please email the Data Protection Officer.
If you are unhappy with the final response that you receive from us in relation to a complaint, then you have the right to complain to Our supervisory authority – the UK Information Commissioner’s Office. For further information, please visit www.ico.org.uk/concerns.