top of page

Privacy Policy & GDPR

Privacy Policy

SPS International Ltd is a highly successful global search firm.  When collecting data it is done with utmost confidentiality and professionalism. SPS International Ltd endeavours to fully comply with the General Data Protection Regulations (GDPR) 2016/679.   

Should you have any concerns please do not hesitate to contact us.

 

Types of Data we collect from candidates:

Name, address & contact information.  Date of Birth.  Education & Employment.  Family, lifestyle or social circumstances relevant to Recruitment Services.  This data is termed as Personal Information under GDPR.

The data is collected directly from the candidate and used only with their consent in relation to recruitment services.  

 

Using Personal Data:

Personal details are collected to make your data available to clients. 

We will use information collected from a candidate to perform our client obligations within the contract of a recruitment search.  Only candidates with relevant requirements, as specified by the client will be passed on to them within the recruitment search.  The candidate will be notified of our intention to forward this information before it happens and can ask to be withdrawn from any search they feel is not relevant to their recruitment needs. 

​

We do not maintain or process sensitive personal data relating to ethnicity, race, political opinions, religious beliefs, trade union membership or data concerning health or sexual orientation.

 

Types of Data we collect from Clients: 

Article 6(1)(f) of the GDPR states that we can process your data where it "is necessary for the purposes of the legitimate interests pursued by the controller [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject [you] which require protection of personal data."

​

To ensure that we provide the best service possible, we store your personal data and/or the personal data of individual contacts within your organisation as well as keeping records of our conversations, meetings, registered searches and placements. We deem these uses of your data to be necessary for our “legitimate interests”. 

 

Types of Data we collect from Suppliers

Again Article 6(1)(f) of the GDPR is relevant in order to facilitate the receipt of services from you as one of our suppliers.  

We use and store the personal data of individuals within your organisation as well as your financial details in order for us to pay you for your services. We deem these uses of your data to be necessary for our “legitimate interests”. 

 

Consent

Article 4(11) of the GDPR states that (opt-in) consent is "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."

 

This means that:  you have to give us your consent freely, without us putting you under any type of pressure; you have to know what you are consenting to and you should have control over which processing activities you consent to and which you don’t.   We will always ask you before we forward your information to any of our clients. 

​

We will ask you for your consent early on in our contact, before we record the main pieces of personal information.  This will most likely be in the form of a tick box on an email. We will keep records of the consents that you have given in this way.  

Your consent is required in order for us to process your personal data, your details will be stored for a period of 36 months, at the end of this period you can confirm continued consent or that we remove you from our database.

 

You may withdraw your consent at any time by using the “contact us” section of the website. 

Since your personal information relates to recruitment services we would recommend that you confirm consent even if you are not looking to make changes in your career at that time.  That way you will remain in our database, accessible to all our executive search consultants.  We would only contact you in relation to relevant positions based on the information held.

 

Data collection prior to 25th May 2018.  

If you have had previous contact with us and provided personal Data this will be covered by the Data Protection Act legislation and will allow us to maintain our records.  However you will  receive future  requests for consent in line with the GDPR.

Consent obtained under Directive 95/46/EC:  Controllers that currently process data on the basis of consent in compliance with national data protection law are not automatically required to completely refresh all existing consent relations with data subjects in preparation for the GDPR. Consent which has been obtained to date continues to be valid in so far as it is in line with the conditions laid down in the GDPR.
 

Sharing of Personal Data

SPS International Ltd share candidate information with Clients with which we have a contract for recruitment services.  Candidate consent is required in order for us to do this. 

Should a candidate contact us to make a speculative search on their behalf, we will contact the companies as directed by the candidate or identified by us through either a previous recruitment search or further information gathering and consent. 

 

Monitoring Communications

We will record calls, emails, text messages and other communications in relation to your dealings with us.  We will do this in order to achieve best practise in our role of recruitment services and fulfilling client contracts.  

 

Confidentiality

We will ensure all forms of data recording are within compliance of the Data Protection Act and GDPR guidelines and that any data processors used are also compliant and have provided confirmation of this.  

We will ensure in-house best practice within these guidelines for the manual processing of expenses payments, filing and general office duties.

 

Electronic Information and communications systems

SPS has taken all reasonable steps available in order to prevent unauthorised access to our database, including but not limited to firewalls, cloud services and controlled distribution of passwords. 

This relates to: computer equipment, e-mail, the internet, telephones, Blackberries, personal digital assistants (PDAs) and voicemail, but it applies equally to the use of fax machines, copiers, scanners, CCTV, and electronic key fobs and cards.

All staff are expected to protect electronic communications systems and equipment from unauthorised access and harm at all times.  This involves use of passwords and antivirus software.  Staff should use antivirus software as directed by SPS International Ltd and their IT Managers.  

​

All staff are responsible for the security of the equipment allocated to or used by them, and must not allow it to be used by anyone other than as permitted by SPS International Ltd.
 

Information requests

DSAR: Data Subject Access Requests:  One of main objectives under GDPR is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us.  â€‹

Please us the “Contact us” section of the website if you wish to discuss these rights. We will endeavour to deal with your request without undue delay, and in any event to respond within one month. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

​

You may ask us to confirm what information we hold about you at any time, and request that we update, modify or delete that information.  

People whose data we receive from Candidates and members of staff, such as referees or emergency contacts.

If a candidate or member of staff has given your details as one of their referees we will deem this as necessary for our “legitimate Interests” as an organisation offering recruitment services and an employer. 

​

If a candidate or member of staff has given your details as one of their emergency contacts we will deem this as necessary for our “legitimate Interests” as an organisation offering recruitment services and an employer. We will only contact you in case of an accident or emergency. 

GDPR

HOW CAN YOU ACCESS, THE PERSONAL DATA THAT YOU HAVE GIVEN TO US?

One of the GDPR's main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us.

 

Data Subject Access Requests (DSAR): 

You may ask us to confirm what information we hold about you at any time, and request us to modify, update or Delete such information. 

We may ask you to verify your identity and for more information about your request. 

If we provide you with access to the information we hold about you, we will not charge you for this unless your request is "manifestly unfounded or excessive". 

If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. 

Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
 

Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements regarding data subject access requests and may refuse your request in accordance with such laws. .

 

Right to erasure:   You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria: 

  • the data are no longer necessary for the purpose for which we originally collected and/or processed them;

  • where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;

  • the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);

  • it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or

  • if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

 

Please note that in certain of the jurisdictions in which we operate, we comply with additional local law requirements regarding data subject right to erasure and may refuse your request in accordance with local laws. 

  • We would only be entitled to refuse to comply with your request for one of the following reasons: 

  • to exercise the right of freedom of expression and information;

  • to comply with legal obligations or for the performance of a public interest task or exercise of official authority;

  • for public health reasons in the public interest;

  • for archival, research or statistical purposes; or

  • to exercise or defend a legal claim.

When complying with a valid request for the erasure of data we will take all reasonably practicable steps to Delete the relevant data.
 

Right to restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you consent; or (iii) further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest.
 

The circumstances in which you are entitled to request that we restrict the processing of your personal data are: 

  • where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;

  • where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;

  • where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and

  • where we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims.

 

If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
 

 

Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

Please use the “Contact us” section of the website if you wish to discuss these rights. We will endeavour to deal with your request without undue delay, and in any event to respond within one month. 

​

Please note that we may keep a record of your communications to help us resolve any issues which you raise.

bottom of page