Privacy Policy
Introduction
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation
which replaces the Data Protection Regulation (Directive 95/46/EC). The GDPR aims to
harmonise data protection legislation across the European Union, enhancing privacy rights
for individuals and providing a strict framework within which commercial organisations
can legally operate.
This Privacy Policy sets out how we, Altus Search Limited, Barnet (UK), Zug Branch, collect, store and use information about candidates, clients, suppliers and website users. This Privacy Policy is effective from 25th of May 2018.
Data controller:
Altus Search Limited, Barnet (UK), Zug Branch.
What Information We Collect:
We collect the information such as full name, date of birth, postal address, contact
details, CV, renumeration package and salary expectations, visa status, company name
or business name and address (if applicable), registrations number (if applicable), VAT
number (if applicable), bank details (if applicable), passport and proof of address (when
we are required to perform reference check).
How we collect or obtain information about you:
• when you provide it to us (e.g. by contacting us via e-mail, phone, meeting in person
or responding to our adverts on job boards and professional networking websites).
• from your use of our website, using cookies.
• occasionally, from third parties (e.g. recommendation from friend or colleague, clients
or social media sites like LinkedIn).
How we use your information:
For administrative and business purposes (collecting, saving and storing your information
on our database particularly to contact you regarding new job opportunities we might
have that match your skill set and record keeping, send your details to our clients in
order to secure an interview and fulfil your employment needs, to fulfil our contractual
obligations, and in connection with our legal rights and obligations.
Our legitimate business interests in collecting and retaining your personal data is below:
• We are a recruitment agency and introduce Candidates to Clients for permanent employment,
temporary worker placements or independent contracts. The exchange of personal data of
our Candidates and our Client contacts is a necessary part of this relationship.
• In order to support our candidates’ career progress and our clients’ requirements we
need a database of candidate and client personal data containing historical information
as well as current recruiting requirements.
• If you are looking for employment or have posted your information on a job board or
professional networking site which allows the public (including recruiters) to view your
information - that you are happy for us to collect and otherwise use your personal data
to offer or provide our recruitment services to you, assess your skills against our bank
of vacancies and, with your consent, share that information with prospective employers.
• To maintain, expand and develop our business we need to record the personal data of
prospective candidates and client contacts.
• We will rely on contract if we are negotiating or have entered into a placement agreement
with you or your organisation or any other contract to provide services to you or receive
services from you or your organisation.
• We will rely on legal obligation if we are legally required to hold information on to
you to fulfil our legal obligations.
• To carry out our obligations arising from any contracts we intend to enter into or have
entered into between you and us and to provide you with the information and services
that you request from us or we think will be of interest to you because it is relevant
to your career or to your organisation.
• We will in some circumstances rely on consent for particular uses of your data and you
will be asked for your express consent, if legally required. Examples of when consent
may be the lawful basis for processing include permission to introduce you to a client
(if you are a candidate).
Disclosure of your information to third parties:
Only to the extent necessary to run our business, to our service providers such as a
background screening company and IT support, to fulfil any contracts we enter into with
you, where required by law or to enforce our legal rights.
Do we sell your information to third parties (other than in the course of a business
sale or purchase or similar event):
To whom we may choose to sell, transfer, or merge parts of our business or our assets.
Alternatively, we may seek to acquire other businesses or merge with them. If a change
happens to our business, then the new owners may use your personal data in the same way
as set out in this Privacy Policy.
How we secure your information
• We take appropriate technical and organisational measures to secure your information
and to protect it against unauthorised or unlawful use and accidental loss or destruction,
including:
• only sharing and providing access to your information to the minimum extent necessary,
subject to confidentiality restrictions where appropriate, and on an anonymised basis
wherever possible.
• using secure servers in Europe to store your information.
• verifying the identity of any individual who requests access to information prior to
granting them access to information.
Transmission of information to us by email:
• Transmission of information over the internet is not entirely secure, and if you submit
any information to us over the internet (whether by email, via our website or any other
means), you do so entirely at your own risk.
• We cannot be responsible for any costs, expenses, loss of profits, harm to reputation,
damages, liabilities or any other form of loss or damage suffered by you as a result
of your decision to transmit information to us by such means.
Use of cookies and similar technologies:
We use Google Analytics cookies on our website.
Transfers of your information outside the European Economic Area:We will only transfer your information outside the European Economic Area if we are required to do so by law or we are able to offer new employment propositions for candidates or introduce prospective candidates to clients (country names to be disclosed on individual case by case scenario before sending data out). Where information is to be so transferred, it may be to a country in respect of which there is an adequacy decision from the EU Commission. However, if this is not the case, it is our policy to take steps to identify risks and in so far as is reasonably practicable, ensure that appropriate safeguards are in place.
Use of automated decision making and profiling:
We do not use automated decision making and/or profiling as a person will always be involved
in decision making process.
Your rights in relation to your information:
• Subject to certain limitations on certain rights, you have the following rights in relation
to your information, which you can exercise by sending an email to
information@altussearch.ch:
• to request access to your information and information related to our use and processing
of your information.
• to request the correction or deletion of your information.
• to request that we restrict our use of your information.
• to receive information which you have provided to us in a structured, commonly used
and machine-readable format (e.g. a CSV file) and the right to have that information
transferred to another data controller (including a third party data controller).
• to object to the processing of your information for certain purposes
• to withdraw your consent to our use of your information at any time where we rely on
your consent to use or process that information. Please note that if you withdraw your
consent, this will not affect the lawfulness of our use and processing of your information
on the basis of your consent before the point in time when you withdraw your consent.
• the right not to be subject to a decision based solely on automated processing, including
profiling which produces legal affects concerning you or similarly significantly affects
you.
In accordance with Article 77 of the General Data Protection Regulation, you also have
the right to lodge a complaint with a supervisory authority, in particular in the Member
State of your habitual residence, place of work or of an alleged infringement of the
General Data Protection Regulation. For the purposes of the Switzerland, the supervisory authority
is The Federal Data Protection and Information Commissioner (FDPIC), the contact details of which are available here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
Verifying your identity where you request access to your information:
Where you request access to your information, we are required by law to use all reasonable
measures to verify your identity before doing so.
These measures are designed to protect your information and to reduce the risk of identity
fraud, identity theft or general unauthorised access to your information.
How we verify your identity:
Where we possess appropriate information about you on file, we will attempt to verify
your identity using that information.
If it is not possible to identity you from such information, or if we have insufficient
information about you, we may require original or certified copies of certain documentation
in order to be able to verify your identity before we are able to provide you with access
to your information.
We will be able to confirm the precise information we require to verify your identity
in your specific circumstances if and when you make such a request.
Sensitive Personal Information:
• ‘Sensitive personal information’ is information about an individual that reveals their
racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade
union membership, genetic information, biometric information for the purpose of uniquely
identifying an individual, information concerning health or information concerning a
natural person’s sex life or sexual orientation.
• We do not knowingly or intentionally collect sensitive personal information from individuals,
and you must not submit sensitive personal information to us.
• If, however, you inadvertently or intentionally transmit sensitive personal information
to us, you will be considered to have explicitly consented to us processing that sensitive
personal information under Article 9(2)(a) of the General Data Protection Regulation.
We will use and process your sensitive personal information for the purposes of deleting
it.
• we do not knowingly or intentionally collect what is commonly referred to as ‘sensitive
personal information’. Please do not submit sensitive personal information about you
to us.
How long we retain your information:
We will not hold your information for no longer than necessary, taking into account any
legal obligations we have (e.g. to maintain records for tax purposes), any other legal
basis we have for using your information (e.g. your consent, performance of a contract
with you or our legitimate interests as a business) and certain additional factors described
below.
Criteria for determining retention periods:
• In any other circumstances, we will retain your information for no longer than necessary,
taking into account the following:
• the purpose(s) and use of your information both now and in the future (such as whether
it is necessary to continue to store that information in order to continue to perform
our obligations under a contract with you or to contact you in the future).
• whether we have any legal obligation to continue to process your information (such as
any record-keeping obligations imposed by relevant law or regulation).
• whether we have any legal basis to continue to process your information (such as your
consent); how valuable your information is (both now and in the future).
• any relevant agreed industry practices on how long information should be retained.
• the levels of risk, cost and liability involved with us continuing to hold the information.
• how hard it is to ensure that the information can be kept up to date and accurate.
• any relevant surrounding circumstances (such as the nature and status of our relationship
with you).
Details of retention periods for different aspects of your personal data are available
in our retention policy which you can request from us by sending an email
information@altussearch.ch.
Changes to our Privacy Policy:
We update and amend our Privacy Policy from time to time.
Minor changes to our Privacy Policy:
Where we make minor changes to our Privacy Policy, we will update our Privacy Policy
with a new effective date stated at the beginning of it. Our processing of your information
will be governed by the practices set out in that new version of the Privacy Policy from
its effective date onwards.
Major changes to our Privacy Policy or the purposes for which we process your information:
Where we make major changes to our Privacy Policy or intend to use your information for
a new purpose or a different purpose than the purposes for which we originally collected
it, we will notify you by email (where possible) or by posting a notice on our website.
We will provide you with the information about the change in question and the purpose
and any other relevant information before we use your information for that new purpose.
Wherever required, we will obtain your prior consent before using your information for
a purpose that is different from the purposes for which we originally collected it.
Contact:
The data controller is Altus Search Limited, Barnet (UK), Zug Branch of Baarerstrasse 75, 6300 Zug. You can contact the data controller by writing to Altus Search Limited, Barnet (UK), Zug Branch of Baarerstrasse 75, 6300 Zug or sending an email to information@altussearch.ch. The Data Controller’s data protection representative is Rosa Iannotta. Please contact us on +41 (0) 41 560 0221. If you have any questions about this Privacy Policy or would like to exercise one of your rights in relation to your information, please contact the data controller.