Privacy policy

November 2020

Who are we?
Sheffield Haworth provide executive search, consulting solutions and talent advisory services to clients looking to recruit talent for their businesses. We are headquartered in London, with additional offices in New York, Geneva, Dubai, Mumbai, Delhi, Hong Kong, Singapore, Melbourne and Sydney.

Headquarters address: Sheffield Haworth Ltd, The Forum, 33 Gutter Lane, London, EC2V 8AS.

What does this policy cover?
This policy:

sets out the types of personal data that we collect about you
explains how and why we collect and use your personal data
explains how long we keep your personal data for
explains when, why and with who we will share your personal data;
sets out the legal basis we have for using your personal data;
explains the effect of refusing to provide the personal data requested;
explains the different rights and choices you have when it comes to your personal data; and

What personal information do we collect about you?
We collect the information necessary to identify available and relevant opportunities and any additional information needed to assess your eligibility through the different stages of the search process.

This information includes CVs, identification documents, educational records, work history, employment history and references and any other information that is provided by you throughout the course of the search.

We may also collect sensitive personal data about you, in the form of visa status, nationality, gender, and compensation details. We only collect sensitive personal data from you, and further process this data, where you have given your explicit consent.

What personal information do we collect from the people that visit our blog, website or app?
When registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number or other details to help you with your experience.

Where do we collect personal data about you from?
The following are the different sources we may collect personal data about you from:

Directly from you. This is information you provide while searching for a new opportunity, or throughout the executive search, consulting solutions, and talent advisory process.
Through publicly available sources. We use the following public sources:
LinkedIn
Bloomberg Terminal
Company websites
By Reference or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague, or even a present employer.
Subscribing to a newsletter, filling out a form email, or entering information on our site.

How and why do we use your information?
We use your personal data to match your skills, experience and education with a potential employer. We will initially collect basic information on you such as contact details, job role and experience and then pass this on to the client in search of personnel. If you are chosen by the client and go through to the next stage of the process, we will proceed in collecting more information about you at the interview stage and moving forward in the process.

How long do we keep your personal data for?
We only retain your information for as long as is necessary for us to fulfil those requirements outlined above, or to comply with our legal obligations. Please be advised that we may retain some of your information after you cease using our services if this is necessary to meet our legal obligations, for example retaining the information for tax and accounting purposes.

When determining the relevant retention periods, we will consider factors including:
(a) our contractual obligations and rights in relation to the information involved;
(b) legal obligation(s) under applicable law to retain data for a certain period of time;
(c) our legitimate interest where we have carried out a balancing test (see legal basis below);
(d) statute of limitations under applicable law(s);
(e) (potential) disputes;
(f) if you have made a request to have your information deleted; and
(g) guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information once this is no longer needed.

Sheffield Haworth has set a six-year time frame for processing and holding data (beginning May 25th, 2018) as per the AESC official recommendation. If there has been no communication between a data subject and Sheffield Haworth in more than said time frame, then all records associated with that data subject will be deleted from the database. Sheffield Haworth plans to review the data retention policy, as well as the six-year retention period for non-communicated data subjects on a regular and recurring basis in order to ensure general compliance. If you would like more information for specifics, or on the steps we are taking to clean the data we hold, please contact the data protection office at: dataprotectionoffice@sheffieldhaworth.com.

Who do we share your personal data with?
Sheffield Haworth communicates your personal data to clients who wish to hire for a position that may be relevant to you. We may also use that personal data to inform you about key trends in the marketplace that can increase your awareness about your industry. We provide our services to organisations around the world within the Financial Services, Business & Professional Services and Technology Industries. Personal data that is classified as non-sensitive is also available for viewing by any Sheffield Haworth employee.

We will share information only as outlined within this privacy policy and wherever appropriate, try to limit disclosure to information in aggregated form, to avoid or limit identifying you personally.

We may also conduct checks on you to verify the information you have provided and where we do this we share your information with only the data protection team within the operations group of Sheffield Haworth.

We may also provide information to third party service providers who process information on our behalf to help run some of our internal business operations including email distribution, IT services and customer services, as well as the internal Finance or Operations team at Sheffield Haworth. Where applicable, these 3^rd parties will be based within the location relevant to their usage, with the exception of our key 3^rd party providers such as IT services and database platform, which are based in the U.K.

What legal basis do we have for using your information?
For prospective candidates, referees and clients, our legitimate interest in your information is driven by the need to assess suitability for potential roles, to find potential candidates, to build insight into our relevant markets, and to contact clients and referees.

We carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests before we go ahead with such processing. We keep a record of these balancing tests. You have a right to and can find out more about the information in these balancing tests by contacting us using the details below.

If you are shortlisted as a candidate, then this may involve the processing of more detailed personal data including sensitive data such as health information that you or others provide about you. We will always ask for your consent before recording sensitive data.

What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal data necessary or withdraw your consent for the processing of your personal data, we may not be able to match you with available job opportunities or provide you with any relevant market intelligence.

Do we make automated decisions concerning you?
We may make automated decisions about you during the assessment stage of the recruitment process. We put assessment candidates through a structured screening process to assess whether each candidate meets the specific criteria for a position. These assessments may be fully automated, for example online pre-screening tests. As these assessments may result in a candidate being deemed not suitable for a position by means of a solely automated assessment, we only undertake this activity with the candidate’s explicit consent. We also carry out personality profiling on candidates with the candidate’s consent when the client requests that information as part of the interview process.

Do we transfer your data outside the EEA?
To better match your employee profile with current opportunities we may transfer your personal data to clients and partners in countries outside the EEA. The privacy laws of other countries may be different from those in your home country. If we transfer your data to a country which has not been deemed to provide adequate data protection standards we always have security measures and approved model clauses in place to protect your personal data.

At present we transfer personal data to the following countries outside the EEA:

United States
United Arab Emirates
Hong Kong
China (Shanghai)
Singapore
Australia
India
Switzerland

To find out more about how we safeguard your information as related to transfers contact us on: dataprotectionoffice@sheffieldhaworth.com.

Keeping information secure
We invest significant resources to protect your personal information, from loss, misuse, unauthorised access, modification or disclosure. However, no internet-based site can be 100% secure and so we cannot be held responsible for unauthorised or unintended access that is beyond our control.

What rights do you have in relation to the data we hold on you?
By law, you have rights when it comes to protecting your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.

The right to be informed	You have the right to be provided with transparent, coherent information about how we use your data and your rights in relation to the use of your data. That is the purpose of this privacy policy.
The right of access	You have the right to obtain access to your information (if we’re processing it), and certain other information (like that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
The right to rectification	You are entitled to have your information corrected if it is inaccurate or incomplete.
The right to erasure	This enables you to request the deletion or removal of your information where there is no compelling reason for us to continue using it. There are exceptions to the right to erasure.
The right to restrict processing	You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. A note will be made on your record to ensure the restriction is respected in the future.
The right to data portability	You have rights to obtain and reuse your personal data for your own purposes across different services. For example if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
The right to object to processing	You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
The right to lodge a complaint	You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
The right to withdraw consent	If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

We will act on requests and provide a detailed report of your information free of charge and will ask that you submit these requests by emailing: dataprotectionoffice@sheffieldhaworth.com.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

baseless or excessive/repeated requests, or
further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it.

We will respond within 30 days of the request being sent to: dataprotectionoffice@sheffieldhaworth.com. If it will take longer to process your request, we will inform you accordingly.

Do we use cookies?
We use cookies to help us improve your experience on our website. To find out more about how we use cookies and to manage you cookie preferences, please read our cookie policy.

Third-party disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.

Third-party links
We do not include or offer third-party products or services on our website.

Updates
We keep this Policy under regular review and update it from time to time. Please review this policy periodically for changes.

How will we contact you?
We may contact you by phone, email or social media. If you prefer one contact means over another, please let us know.

Complaints Procedure:
If you would like to lodge a complaint with the Information Commission’s Office (ICO) regarding your concerns about how Sheffield Haworth holds and protects data, call this number below to speak with a representative:

+44 303 123 1113

How can you contact us?
If you are unhappy with how we’ve handled your information, or have further questions on the processing of your personal data, contact us here:

Data Protection Office
The Forum
33 Gutter Lane
London, EC2V 8AS
United Kingdom
dataprotectionoffice@sheffieldhaworth.com.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_75BJ6ML4DR	2 years	This cookie is installed by Google Analytics.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
F24_autoID	10 years	This is a temporary identifier on a local machine or phone browser that helps us track anonymous information to be later married up with f24_personid. If this is left anonymous it will be deleted after 6 months . Non-essential, first party, 10 years, persistent.
F24_personID	10 years	This is an ID generated per individual contact in the Force24 system to be able to track behaviour and form submissions into the Force24 system from outside sources per user. This is used for personalisation and ability to segment decisions for further communications. Non-essential, first party, 10 years, persistent.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.