We are a global recruitment business. We connect specialised talent with leading employers across multiple industries and disciplines and we collect personal data in order to provide these services.
In Ingenio the protection of your personal data is very important to us because we recognise how important it is to you, and quite simply, YOU are OUR business.
In most cases Ingenio is the controller of personal data processed as described in this Privacy Statement for the purposes of the General Data Protection Regulation in Europe (“GDPR”). This Privacy Statement applies to the processing of personal data by Ingenio in its role as controller of personal data under the GDPR. Personal data includes any data about a person that enables them to be identified from that data.
What information do we store and what do we do with it
We store your CV including date of birth, employment history, skills/ experience, languages, educational history, qualifications, membership of professional associations, contact details of employer references/character references, licenses held, interests and hobbies, contact details and contact notes with details relevant to your professional career and availability that is volunteered to us. We only store the information we need to understand your professional work experience and your career goals. We use this information to identify current and future roles you may be interested in and suited to. We will contact you about roles that we think will suit your particular professional experience and only send mass-marketing emails to you if you give us authorization to.
Consent may be collected when a Candidate applies to a position advertised on our websites, or when a candidate completes our registration process (see Sources of Personal Data). Where we are unable to collect consent for a particular processing activity we will only process personal data if we have another lawful ground.
Clients & Suppliers
Client Contacts include individuals working for businesses that employ the types of Candidates that we specialise in sourcing.
For the purposes of this Privacy Statement, a Client Contact includes members of Client staff, whose contact details we hold, and members of staff of a company who we deem a potential Client of ours, and whose contact details we hold.
Supplier Contacts include individuals working for businesses who may provide services to us.
For the purposes of this Privacy Statement, Supplier Contacts include anyone working in a business that is a supplier or potential supplier of services to us.
Sources of personal data
We source Client Contact and Supplier Contact information in order to serve the business relationship. We will only ever source personal data that is necessary and in a way that would be generally expected.
We receive personal data about Client Contacts and Supplier Contacts from a variety of sources, as follows:
- the information is often provided by the Client Contact or Supplier Contact, or created by Ingenio as part of the business relationship;
- the information may be collected from public sources;
- the information may be collected indirectly from another person within the Client or Supplier Business;
- the information may be collected through our website as part of registration;
- the information may be collected indirectly from a website or from a third party.
We have to process personal data legally. We will process Client Contact or Supplier Contact personal data in a manner that is compliant with the GDPR and in line with reasonable expectations.
We have to have a lawful basis for processing all personal data. The GDPR sets out the grounds where processing of personal data can be undertaken lawfully. The main lawful grounds used by Ingenio to process personal data of Client Contacts and Supplier Contacts are as follows:
If we have a legal obligation to process personal data, such as the payment of taxes to revenue.
The GDPR states that we may process personal data “if necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”. It is considered reasonable to use Client Contact and Supplier Contact personal data for our legitimate interests for our business relationship or potential relationship with Clients and Suppliers.
Defense of legal claims
In limited circumstances and in accordance with the law we may use Client Contact and Supplier Contact information in the defense of legal claims.
We store your contact details, and contact notes with details relevant to our engagement. We use this information to identify current and future candidates to satisfy your hiring needs. We will contact you about the roles that we are working on and send mass-marketing emails to you if you give us authorization to.
We will not share your information with third parties without your consent.
If we haven’t had any contact from you in 4 years we will delete your data from our systems. You also have the right to withdraw your consent and to have your details erased at any time.
How do we keep your information safe
Our ATS system is cloud-based and secure with constantly changing passwords. We keep our computers, files and buildings physically secure and use anti-virus software and security technologies to protect our systems.
Our cloud-based Applicant Tracking System (ATS) provider also uses a secure certified data centre. They do not store data locally and have a number of layers of firewall and security in place and perform regular penetration testing to ensure the highest security standards are adhered to.
We monitor for and do everything that we can to prevent security breaches.
We will take all steps reasonably necessary to ensure that all personal data is treated securely in accordance with this Privacy Statement and the relevant law.
In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the information we manage and collect.
To protect the privacy and security of personal data, we will also take reasonable steps to verify your identity before granting access to information as appropriate.
Once we have received your information, we will use strict procedures and security features for the purpose of preventing unauthorised access.
We also use secure connections to protect personal data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
If you think that there has been any loss or unauthorised access to personal data of any individual please let us know immediately.
Your rights in relation to your personal data
You have various rights relating to how your personal data is used including the right:
- to ask for access to the information we hold on you;
- to change information you think is inaccurate;
- to delete information (your right to be forgotten);
- to ask us to limit what we use your data for;
- to have your personal data moved to another provider (data portability);
- to make a complaint.
You have various rights relating to your personal information and how it is used by Ingenio as follows:
You can ask for access to the information we hold on you. When we receive a request from you in writing, we must give you access to the information you have requested as well as details of the processing, the categories of personal data concerned and the recipients of the personal data. We will provide the first copy of your personal data free of charge but we may charge you a reasonable fee for any additional copies.
You can ask to change information you think is inaccurate. You should let us know if you want to change the personal data we hold. We may not always be able to change or remove that information, but we will correct factual inaccuracies and may include your comments in the record.
You can ask to delete information (your right to be forgotten). In some circumstances you can ask for your personal information to be deleted, for example, where:
- your personal information is no longer needed for the reason that it was collected in the first place;
- you have removed your consent for us to use your information (where we have no other legal reason us to use it);
- there is no legal reason for the use of your information;
- deleting the information is a legal requirement.
Where your personal information has been shared by Ingenio with others, we will do what we can to make sure those using your personal information on our behalf as processors comply with your request for erasure. Please note that we can’t delete your information where:
- we are required to have it by law;
- it is used for freedom of expression;
- it is used for public health purposes;
- it is used for scientific or historical research or statistical purposes where deleting the data would make it difficult or impossible to achieve the objectives of the processing; or
- it is necessary for legal claims.
We cannot give you access to a copy of your data if this would adversely affect the rights and freedoms of others. For security reasons we will not give you access to credit/debit card details but will delete these from our systems at your request.
You can ask us to limit what we use your personal data for
You can ask to have your personal data moved to another provider (data portability)
You can make a complaint
Amendments to this Privacy Statement
We will update the date on this Privacy Statement when we make changes to it.
We will post any changes on the website and when doing so will change the updated date at the top of this privacy statement. If you are not happy with any changes that we have made, we understand you may wish to cease using our services
In some cases, we may provide you with additional notice, for example by email, of changes to this Privacy Statement. If we deem the changes to be material, we will provide you with such additional notice well in advance of the changes taking effect.
HOW TO CONTACT US
If you wish to get in touch with us about these rights related to your data, please email us at firstname.lastname@example.org with “GDPR right of access request” in the subject line.