Under the EU General Data Protection Regulation (GDPR), we must comply with certain regulations which are designed to ensure that any data you provide to us is processed with due care and attention.
Morgan West is registered as a data controller in the United Kingdom for the purposes of the EU General Data Protection Regulation (GDPR). We ensure that the data you supply to us is processed fairly and lawfully, and with skill and care. We take our responsibilities in respect of your Personal Data extremely seriously.
Clients: our customers, clients and prospective customers and clients to whom we provide or market our recruitment services in the course of our business.
Website Users: any individual who accesses our website.
It does not apply to Morgan West staff and employees who will be issued with separate fair processing information.
For the purposes of the data protection legislation from time to time in force, Morgan West is the data controller and is responsible for your personal data.
What kind of information do we collect?
Depending on the circumstances, we may collect some or all of the information listed below to enable us to offer you employment opportunities tailored to your circumstances and interests. This may include: your name, contact numbers, email addresses, curriculum vitae, photograph, education details, employment history, links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, business Facebook or corporate website, immigration status, financial information (where we need it to carry out financial background checks or pay you), national insurance number and tax related information, referee details, details about your current remuneration, pensions and benefits arrangements and emergency contact details. In addition, you may choose to share other information with us that you think is relevant.
Where appropriate or necessary (and in accordance with legal requirements) we may also collect information related to your health or details of any criminal convictions (where this is required for a role that you are applying for). We may ask you to provide diversity information (on a voluntary basis) for the reasons and in the circumstances set out below.
We collect your personal data (such as name and contact details) when we receive it directly from you such as where you contact us proactively (by phone, email, in person) or where you connect with our consultants on business networking sites or through our consultant’s business development activities more generally.
We may seek more information about you from analysing online and offline media and we may be supplied with information about you by Candidates (for example when you are named as a referee).
We need a small amount of personal data to ensure our relationship with you runs smoothly such as contact details of relevant individuals at your organisation so that we can communicate with you and we may need bank details so that we can pay you for the services you provide.
How do we collect personal data?
We collect information about Candidates when you register as a Candidate with Morgan West by completing the registration form on our website www.internalauditrecruitment.com or by sending us your CV or by corresponding with our consultants by phone, e-mail or in person.
You may also provide us with your personal data when you use our website, subscribe to our services, participate in salary and other market surveys, attend our events, participate in discussion boards or other social media functions on our site, apply for jobs with us via a job board which then redirects you to our website and if you report a problem with our website.
We may also receive personal data about you from other sources such as referees, our Clients and from third party sources, such as LinkedIn and other job board websites, your business card and personal recommendations. For example, if you ‘like’ our page on Facebook or ‘follow’ us on Twitter we will receive your personal information from those sites and if you were referred to us through a recruitment process outsourcer (RPO) or other Supplier – they may share personal information about you with us.
We also work closely with third parties including our group companies, business partners, sub-contractors in technical, professional, payment and other services, advertising networks, analytics providers, search information providers, credit reference agencies, professional advisors. We may receive information about you from them for the purposes of our recruitment services and ancillary support services.
What information do we collect about website users?
When you visit our website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content.
How do we use your personal data and what is the legal basis for the processing?
We use Candidate data as follows:
- Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to recruitment services.
- Providing you with our recruitment services and to facilitate the recruitment process.
- Assessing data about you against vacancies which we think may be suitable for you.
- Sending your information to Clients (with your prior consent) in order to apply for jobs or to assess your eligibility for jobs.
- Enabling you to submit your CV, apply online for jobs or to subscribe to alerts about jobs we think may be of interest to you.
- Carrying out our obligations arising from any contracts entered into between us.
- Carrying out our obligations arising from any contracts entered into between Morgan West and third parties in relation to your recruitment.
- Facilitating our payroll and invoicing processes (when Morgan West is responsible for paying you).Carrying out market surveys and market reports.
- Verifying details you have provided, using third party resources (such as psychometric evaluations and regulatory checks).
- To request information (such as references, qualifications and potentially any criminal convictions, to the extent that this is appropriate and necessary with respect to roles you are applying for).
- Complying with our legal obligations in connection with the detection of crime or the collection of taxes or duties.
- Processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.
We use Client data as follows:
- To provide our Clients with the best service possible.
- We store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations, meetings, registered jobs and placements on our database.
- From time to time, we may also ask you to undertake a customer satisfaction survey.
- Processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.
We use Supplier data as follows:
- To facilitate receipt of services from you and we hold your financial data so that we can pay you for your services.
- To enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into a placement agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligations – including where you are applying for roles or are placed in a role in a regulated environment.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce a Candidate to a Client and in relation to sending third party marketing communications to you via email.
With respect to marketing – you have the right to opt out of receiving marketing from us at any time by contacting us on firstname.lastname@example.org. If you have previously engaged with us (for example submitting a job application or CV or registering for a vacancy to be filled) and we are marketing other recruitment related services we will take your consent as given unless or until you opt out (this is called soft opt-in consent).
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Our Legitimate Business Interests
Our legitimate interests in collecting and retaining your personal data are described below:
- In order to support our Candidates’ career aspirations and our Clients’ resourcing needs we require a database of Candidate and Client personal data containing historical information as well as current resourcing requirements.
- As a recruitment business and recruitment agency we introduce Candidates to Clients for permanent employment, temporary worker placements or independent professional contracts. The exchange of personal data of our Candidates and our Client contacts is a fundamental, essential part of this process.
- We think that it is reasonable to expect that if you are looking for employment or have posted your professional background and information on a job board or professional networking site which allows the public (including recruiters) to view your information – that you are happy for us to collect and otherwise use your personal data to offer or provide our recruitment services to you, assess your skills against our bank of vacancies and, with your consent, share that information with prospective employers.
- Once an offer of a role is made to a Candidate, your prospective employer may also want to double check any information you’ve given us (such as the results from psychometric evaluations or confirm your references, qualifications and criminal record) to the extent that this is appropriate and necessary for the role.
Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time (as set out below).
Establishing or defending legal claims
- Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, special category personal data in connection with exercising or defending legal claims.
- This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
Equal opportunities monitoring
- We are committed to ensuring that our recruitment processes are aligned with our approach to equal opportunities.
- We may ask you to provide personal data about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs in order that we can use this information – on an anonymised basis – to monitor our compliance with our equal opportunities policy.
- We may also disclose this anonymised data to Clients where this is contractually required or the Client specifically requests such information to enable them to comply with their own diversity goals and employment processes.
- You will be asked to explicitly and clearly tell us that you agree to us collecting and using this information (i.e. opting in).
- You have the right to withdraw your consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Automated Decision Making or profiling
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.
Cookies are files that are recorded in temporary Internet folders on your PC. They’re a useful tool as, by recording the way you use our site, they enable us to get to know you better. For example, we’re able to recognise you when you return to the site, identify your preferences so as to provide you with a more personalised service and speed up searches that you conduct when visiting.
Disclosure of your information inside and outside of the EEA
We may share your personal information within our organisation both in the EEA and outside of the EEA and with selected third parties including:
- Clients for the purpose of introducing Candidates to them.
- Candidates for the purpose of arranging interviews and engagements with Clients.
- Clients, business partners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you.
- Cloud based storage providers.
- Subcontractors including email marketing specialists, event organisers, payment and other financial service providers.
- Credit reference agencies, our insurance broker, compliance partners and other sub-contractors for the purpose of assessing your suitability for a role where this is a condition of us entering into a contract with you.
We will disclose your personal information to third parties:
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of service and other agreements; or to protect the rights, property, or safety of Morgan West our Candidates, Clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where a third party processes your personal data – the lawful basis for the third-party processing will include: •
- Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs.
- Satisfaction of their contractual obligations to us as our data processor.
- For the purpose of a contract in place or in contemplation.
- To fulfil their legal obligations.
- We require all third parties to respect the security of personal data and to treat it in accordance with the law. We do not allow third-party service providers with whom we may work to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Please contact us at firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
It is important to be aware that unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. All information you provide to us is stored on our secure servers in the UK. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
How long we keep your data for
We are required by law to hold your Personal Data for as long as is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as a data controller. We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date.
However, you are under a duty to inform us of any and all changes to your Personal Data to ensure that it is up to date and we will update or delete your Personal Data accordingly. If we have no contact with you then following the expiry of a reasonable period as we consider appropriate we will archive for file or may delete it.
Access to your personal information
You have the right to request a copy of the personal information Morgan West holds about you and to have any inaccuracies corrected.
You can contact us to request for your details to be removed from our database at any time. Please address request to Data Protection Office, Morgan West, Kemp House, 152 City Road, London, EC1V 2NX.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so we encourage you to contact us in the first instance.