Exec Communities - Candidate Privacy Policy
Introduction
This Privacy Policy explains how Exec Communities (referred to as “we,” “us,” or “our”) collects, uses, and protects your personal data as part of our recruitment services. We are a “data controller,” which means we are responsible for deciding how we hold and use your personal data.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. The Data We Collect About You We may collect, store, and use the following types of personal data about you during the recruitment process:
Identity & Contact Data: Name, email address, phone number, and address. Professional Data: Your CV/resume, work history, education, qualifications, and salary expectations. Online Profiles: Details from your professional profiles, such as your URL from publicly available sources.
Right to Work Data: For placed candidates only, we will collect data to confirm your legal right to work in the UK. Criminal Records Data: For placed candidates only, we will collect data from criminal records checks where required by the role and with your explicit consent.
2. How We Collect Your Personal Data We collect your data through the following methods: Directly from you: When you send us your CV via email. From publicly available sources: We source data from public professional profiles on websites and social media. Via referrals: From other candidates or clients. From interviews, jobsites, and the public domain.
3. Our Lawful Basis for Using Your Personal Data Under GDPR, we must have a lawful basis for processing your data. We rely on the following: Legitimate Interests: This is our primary basis for processing your data. We have a legitimate interest in finding suitable candidates for our clients, and we believe this is in the interest of both our clients and the candidates we contact. Our legitimate interests cover: oSourcing your profile and contacting you about a specific job opportunity. oAssessing your suitability for a role. Submitting your profile to a client for consideration. Consent: We will ask for your explicit consent to keep your personal data on file for future opportunities. You are free to withdraw your consent at any time. Legal Obligation: We will process your Right to Work information to comply with UK law. Substantial Public Interest: Where a criminal records check is required for a specific role, we will process this sensitive data with your explicit consent and in accordance with the Data Protection Act 2018.
4. How We Use Your Personal Data We will use your personal data for the following purposes: To assess your skills, qualifications, and suitability for a specific role. To communicate with you about job opportunities and your application. To present your profile to a client/hiring company with your permission. To maintain a talent pool for future roles, but only with your consent.
5. How We Store and Protect Your Data Your personal data is stored securely in our cloud-based systems, including our CRM/ATS, sourcing tools, Microsoft Outlook, and Microsoft OneDrive. We have Data Processing Agreements (DPAs) in place with these providers to ensure they also comply with GDPR. We have also implemented appropriate security measures, such as multi-factor authentication and strong password policies, to protect your data from unauthorised access or loss.
6. Who We Share Your Personal Data With We will share your personal data only when necessary and in a controlled manner: Clients/Hiring Companies: We will share relevant parts of your profile (such as your CV) with a client after we have discussed the role with you and have your agreement to be submitted. Third-Party Services: For placed candidates, we will share relevant data with a payroll or contractor finance provider to facilitate your payment. Yourself: You have the right to request a copy of the personal data we hold about you.
7. How Long We Keep Your Data We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. Our retention policy is as follows: For unsuccessful candidates: We will retain your data for a maximum of 12 months from the end of the recruitment process. We may ask for your consent to retain your data for a longer period to be considered for future opportunities. For future opportunities (with consent): If you have given us consent, we will retain your data for a maximum of 24 months. At the end of this period, we will either delete your data or contact you to ask for fresh consent. For placed candidates/contractors: We will retain your data for a maximum of 6 years after the end of your contract or employment to comply with our legal and financial obligations.
8. Your Rights Under GDPR As a data subject, you have several important rights under GDPR. These include the right to: Be informed about how we use your data (this Privacy Policy). Access your personal data and receive a copy of it (Subject Access Request). Rectification of any inaccurate or incomplete data we hold about you. Erasure of your data in certain circumstances. Restrict processing of your data in certain circumstances. Data portability to receive your data in a structured, machine-readable format. Object to the processing of your data, particularly when based on legitimate interests. Withdraw consent at any time where we are relying on consent.
9. How to Exercise Your Rights or Make a Complaint If you wish to exercise any of your rights or have a query about this policy, please contact us at: Email: nick.finlay@execcommunities.com Address: 27 Old Gloucester Street, London, WC1N 3AX You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues. You can find their contact details on their website at www.ico.org.uk. 10. Updates to This Policy We may update this Privacy Policy from time to time. The most recent version will always be available on our website or upon request.
This Privacy Policy explains how Exec Communities (referred to as “we,” “us,” or “our”) collects, uses, and protects your personal data as part of our recruitment services. We are a “data controller,” which means we are responsible for deciding how we hold and use your personal data.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. The Data We Collect About You We may collect, store, and use the following types of personal data about you during the recruitment process:
Identity & Contact Data: Name, email address, phone number, and address. Professional Data: Your CV/resume, work history, education, qualifications, and salary expectations. Online Profiles: Details from your professional profiles, such as your URL from publicly available sources.
Right to Work Data: For placed candidates only, we will collect data to confirm your legal right to work in the UK. Criminal Records Data: For placed candidates only, we will collect data from criminal records checks where required by the role and with your explicit consent.
2. How We Collect Your Personal Data We collect your data through the following methods: Directly from you: When you send us your CV via email. From publicly available sources: We source data from public professional profiles on websites and social media. Via referrals: From other candidates or clients. From interviews, jobsites, and the public domain.
3. Our Lawful Basis for Using Your Personal Data Under GDPR, we must have a lawful basis for processing your data. We rely on the following: Legitimate Interests: This is our primary basis for processing your data. We have a legitimate interest in finding suitable candidates for our clients, and we believe this is in the interest of both our clients and the candidates we contact. Our legitimate interests cover: oSourcing your profile and contacting you about a specific job opportunity. oAssessing your suitability for a role. Submitting your profile to a client for consideration. Consent: We will ask for your explicit consent to keep your personal data on file for future opportunities. You are free to withdraw your consent at any time. Legal Obligation: We will process your Right to Work information to comply with UK law. Substantial Public Interest: Where a criminal records check is required for a specific role, we will process this sensitive data with your explicit consent and in accordance with the Data Protection Act 2018.
4. How We Use Your Personal Data We will use your personal data for the following purposes: To assess your skills, qualifications, and suitability for a specific role. To communicate with you about job opportunities and your application. To present your profile to a client/hiring company with your permission. To maintain a talent pool for future roles, but only with your consent.
5. How We Store and Protect Your Data Your personal data is stored securely in our cloud-based systems, including our CRM/ATS, sourcing tools, Microsoft Outlook, and Microsoft OneDrive. We have Data Processing Agreements (DPAs) in place with these providers to ensure they also comply with GDPR. We have also implemented appropriate security measures, such as multi-factor authentication and strong password policies, to protect your data from unauthorised access or loss.
6. Who We Share Your Personal Data With We will share your personal data only when necessary and in a controlled manner: Clients/Hiring Companies: We will share relevant parts of your profile (such as your CV) with a client after we have discussed the role with you and have your agreement to be submitted. Third-Party Services: For placed candidates, we will share relevant data with a payroll or contractor finance provider to facilitate your payment. Yourself: You have the right to request a copy of the personal data we hold about you.
7. How Long We Keep Your Data We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. Our retention policy is as follows: For unsuccessful candidates: We will retain your data for a maximum of 12 months from the end of the recruitment process. We may ask for your consent to retain your data for a longer period to be considered for future opportunities. For future opportunities (with consent): If you have given us consent, we will retain your data for a maximum of 24 months. At the end of this period, we will either delete your data or contact you to ask for fresh consent. For placed candidates/contractors: We will retain your data for a maximum of 6 years after the end of your contract or employment to comply with our legal and financial obligations.
8. Your Rights Under GDPR As a data subject, you have several important rights under GDPR. These include the right to: Be informed about how we use your data (this Privacy Policy). Access your personal data and receive a copy of it (Subject Access Request). Rectification of any inaccurate or incomplete data we hold about you. Erasure of your data in certain circumstances. Restrict processing of your data in certain circumstances. Data portability to receive your data in a structured, machine-readable format. Object to the processing of your data, particularly when based on legitimate interests. Withdraw consent at any time where we are relying on consent.
9. How to Exercise Your Rights or Make a Complaint If you wish to exercise any of your rights or have a query about this policy, please contact us at: Email: nick.finlay@execcommunities.com Address: 27 Old Gloucester Street, London, WC1N 3AX You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues. You can find their contact details on their website at www.ico.org.uk. 10. Updates to This Policy We may update this Privacy Policy from time to time. The most recent version will always be available on our website or upon request.