PRIVACY NOTICE AND DATA PROTECTION POLICY

This Policy explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.

What services do we offer that requires the processing of information?

 

We are a small bespoke consultancy, qualified and accredited to offer the services we provide.  We process personal information to enable us to deliver consultancy and advisory services to clients in areas relating to business psychology and HR.  Our services might include for example undertaking psychometric tests for recruitment, selection and development purposes.  Sometimes we compile reports for clients as a result, based on the candidate’s completed data.  We may also design and analyse Staff Opinion Surveys, provide outplacement/career development support and other HR process design mechanisms.  Most of our work doesn’t involve obtaining personal information relating to individuals.  Where it does it is normally the individual who has sent us their CV’s or completed the personality / ability testing questionnaire, and consent for us to hold their data is requested at the outset; we ask you to ‘opt-in’, not ‘opt-out’.  

What are your rights over your personal data?

·       You have a right to be informed when and why we are collecting your data.

·       You have a right at any time to stop us from contacting you.

·       You have a right to ensure your data is accurate.

·       You have a right to ask to see your data.

·       You have a right to have your data transferred either to you or elsewhere.

·       You have a right to have any data we hold on you deleted.

What is the legal basis for us collecting and holding your data?

 

·       Legitimate Interest.  In certain circumstances, we need your personal data to comply with a contractual obligation with might have with our client.  For example, when a client of ours asks us to assist them in their recruitment or development process, such as undertaken psychometric assessment on their behalf.

·       Consent. We will only collect and process your data having first obtained your consent. We will always make clear to you why we are obtaining the information, so you can decide whether to allow this to happen.

·       Legal Compliance.  If we are required by law, we may need to pass on details of people potentially involved in fraud or other criminal activity. 

When do we collect your personal data?

 

Usually only if we are contracted to undertake work that requires completion of a psychometric test/questionnaire or if you choose to send your CV/career interests to us so that we can provide you with support and guidance.

What sort of personal data do we collect and why?

 

·       This might be personality/ability assessment data following your completion of a questionnaire.  We use only highly reputable and credible service providers for this purpose.  We know they have their own protective policies in place, and they are likely to seek your consent at the time of completion.  They normally need little information from you.  Typically, they will only ask for your name and email address, plus possibly your gender and age range.

·       In using your data for recruitment purposes, the results are usually provided to us in numerical format, positioned against a set of pre-determined behaviour traits as stated by the test provider.  We can provide you with examples of the data we gather ahead of you giving us consent if this is required.

·       We do not use your data to make automated decisions as it is only a small part of the client’s recruitment/selection process. The output should never be the only basis on which selection is determined, and our clients will consider your potential alongside other data they gather during the process.

·       The other personal data we might hold is if you choose to send us your CV or work history information because you want some career advice or outplacement support.

Who has access to your data?

 

·       Access to personal data is limited to our employees only.  Occasionally we use equally qualified and accredited associates to help on specific projects.  Any data passed to these associates is strictly controlled and the associate required to delete any personal data held on candidates immediately following completion of the assignment.

·       External sharing of your personal data for recruitment/selection purposes is limited to the contracting client only, and consent from you is required at the outset.

·       Once we have received your results we will send these to the recruiting company/client, having first made this clear to you and sought your consent.  Sometimes we compile written reports based on the questionnaire results, assessing you against various competencies for example.  Our assessments are always based on a selection of pre-determined criteria to ensure you are being assessed equitably and without bias or prejudice.  These reports are also sent to the client.  You have a right to see any personal data we hold on you including anything in paper format.  You will be advised of our clients’ own privacy policies, but always remain protected by the law.

How we protect your personal data

 

We ensure that your personal data is stored securely using modern software that is kept-up-to-date. Appropriate back-up of necessary data takes place and is stored safely.  Where personal data is deleted it will be done safely to ensure that the data is irrecoverable.  Where it is kept for a longer period it may be anonymised unless used for statistical trend purposes.

How long will we keep your personal data?

 

·       Normally, up to 18 months when undertaking client assignments, only in that you or the client might want access to it, and sometimes it might be used by us for comparative /trend purposes only. Any CV’s you send us will be held for no more than 18 months. However, if you request us to delete your data it will be done so immediately.

How do you ensure the data held is kept to a minimum and remains accurate?

 

·       We take reasonable steps to ensure personal data is accurate, up to date, relevant and limited to what is necessary for the purposes of our work.

·       Where psychometric assessment data is held the accuracy of the data is deemed correct at the time of candidate completion.  Updates are not required from candidates as the results are relevant to a point in time. Robustness of this type of data is acquired through having a feedback discussion with the candidate soon after completion.

Do we use information for marketing purposes?

We do not use or share any of your data for marketing purposes, nor do we ever pass it on to third parties. We do not use Cookies on our website, nor does it contain links to any other website.

Where will personal data be processed? 

·       On SJC Consulting London Ltd devices, which is based in Surrey, UK.

·       Data may also be processed by the test providers and stored by our clients.     

Access to your information and correction

You have the right to request a copy of the information that we hold about you. You may ask us to amend or remove information you think is inaccurate; to have it transferred or to have your data removed in its entirety. If you would like a copy of some or all your personal data or want it deleted or transferred, please email me at sue@suecolton.co.uk.  We will provide you with a copy of your data within 30 days.  There is no charge for the first request to provide you with your data.

Breach of Information

 

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we will promptly assess the risk to your rights and freedoms and if appropriate report this breach to the ICO.

What if you live outside the UK?

We will adhere to the prevailing laws of the UK as well as the client’s/candidate’s country. 

Is someone registered with the ICO as a Data Controller?

Being an organisation that processes personal data, Sue Colton (Director of SJC Consulting London Ltd’s) is responsible for ongoing compliance and has registered with the Information Commissioners Office (ICO) as a Data Controller. Should you have any concerns about the handling of your personal data, please contact the ICO at: https://ico.org.uk/concerns/

 

If you have any questions or concerns, please do get in touch with me, Sue Colton, Director of SJC Consulting London Ltd either by email at sue@suecolton.co.ukor by calling 0780 3137820.

 

SJC Consulting London Ltd is committed to processing data in accordance with its responsibilities under the GDPR. The contents of this Privacy Notice & Data Protection Policy is reviewed annually to make sure it remains compliant and up-to-date.  It was last revised in May 2018.