Background
Adaptive Financial Consulting Limited and its affiliated companies (“Adaptive”, “we”, “the company”) need to keep and process information about you in order to assess your suitability for a position within the company (the “Purpose”). This privacy notice covers how we collect, use, store and protect the data that is supplied to us by our job applicants, agencies and referees.
Our commitment to applicants
- We are committed to equal opportunities and will treat all applicants fairly with no discrimination.
- We will never knowingly provide misleading information about the nature of a role for which an applicant has applied.
- We are committed to managing your personal information securely and with respect in accordance with all applicable data protection legislation and regulations.
Why we hold and process your personal information
We will at all times use your personal information effectively, lawfully and appropriately, exclusively for the Purpose during the recruitment process. In doing so we will use your personal information to pursue Adaptive’s legitimate interests and to protect our legal position in the event of legal proceedings.
If you do not provide the required personal information, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision before taking any other relevant action.
As a firm providing professional services to large international financial institutions, we may sometimes need to process your personal information to pursue additional legitimate business interests; for example (i) to prevent fraud, (ii) to supply personal information to Embassies or Consulates of foreign governments to establish whether visas for overseas business travel could be obtained, or (iii) to perform background checks as may be required in order to meet our clients’ typical staff screening requirements. We will never process your personal information where these business interests are overridden by your own interests.
The sources from which we obtain your personal information
Much of the information we hold will have been provided by you (most notably your application letter, application form and/or CV). However:
some information may come from internal company sources, such as those who interview you and put notes on file; and
some information may come from external sources, such as individuals that you consent to us contacting for a reference or agencies providing background screening.
How we protect personal information
We protect personal information through application of the security measures that are defined our Data Protection Policy and IT Security Policy. These include such measures as strong firewall and anti-malware protection, very restrictive permissioning (enabling only authorised employees to access your personal information), processes for protection of physical documents and staff training in adherence to the relevant policies.
Our policy on holding sensitive personal information
We do not as a matter of course hold or process “sensitive personal information” as defined by the UK Data Protection Act (the “DPA”) or “special category data” as defined by the General Data Protection Regulation (“GDPR”) relating to your racial or ethnic origin, political opinions, alleged or proven criminal activity, religious and philosophical beliefs, trade union membership, medical history biometric and genetic data, sexual life or any other category of data defined by law as such.
If you wish to include such personal information in your CV or application documentation then we require your consent for us to hold and process that sensitive personal information. Where we are processing your sensitive personal information based on that consent, you have the right to withdraw the consent at any time, and if you do so we will explain the implications that flow from such action.
Our policy on automated decision making
We do NOT use automated decision making (including profiling) when processing your personal information.
Our policy on retention of candidate personal information
If you are unsuccessful in your initial application your personal information will be stored for the period during which your application is being considered and then for a period of 6 months in line with CIPD recommended best practice. At the end of the 6 month period we will delete your personal information unless prevented from doing so by law.
However, if you provide consent then we will retain your personal information on file to establish whether you may be suitable for a new position or opportunity with the company that may arise in the future. If you chose to do this you will have the right to withdraw such consent and we will then delete your personal information unless prevented from doing so by law.
If your application is successful then we will retain your personal information for the period defined by the applicable Employee Privacy Notice or Contractor Privacy Notice, as applicable.
If in the future we intend to process your personal information for a purpose other than that for which it was originally collected then we will provide you with information on that additional purpose before taking any action (unless forbidden to do so by law).
Disclosure of your personal information to third parties outside of Adaptive
Other than as mentioned below, we will only disclose information about you to third parties if there is legitimate interest pursuant to your application or we are legally obliged to do so.
Subject to you giving your consent:
We may disclose your personal information for the purpose it was collected to referees.
Where we require additional information for the Purpose, we may disclose your personal information to The Disclosure and Barring Service, your doctor or an occupational health professional but only after you have given your consent.
In limited and necessary circumstances, your personal information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. We would only take such action if we have in place safeguards to ensure the security of your personal information. Such safeguards would be covered by (i) the contractual terms executed with the party receiving the personal information, and/or (ii) assurance that the transfer of personal information will be to a recipient data processor certified by standards such as the SCC (Standard Contractual Clauses).
Your rights
Under the DPA , GDPR and Quebec Bill 64 (should it become law) you have a number of rights with regard to your personal information. You have the right to request from us access to and rectification or erasure of your personal information, the right to restrict processing, the right to object to processing as well as (in certain circumstances) the right to data portability.
If you have provided consent for the processing of your personal information you have the right (in certain circumstances) to withdraw that consent at any time. This will not affect the lawfulness of the processing performed before your consent was withdrawn.
Identity and contact details of controller
This Privacy Notice applies to candidates applying for temporary contract assignments or permanent employment with Adaptive.
Adaptive is the controller of personal data for the purposes of the DPA and GDPR. Adaptive Financial Consulting Limited is a private company with its registered office at St. Mary Axe London EC3A 8BE. The Supervisory Authority for Adaptive is the UK Information Commissioner’s Office.
Complaints
If you believe that we have breached your privacy rights then we will take the matter very seriously. In the first instance you should write to our Data Protection Compliance Manager (dpo@weareadaptive.com). In doing so you should set out the detail of your complaint with sufficient information to enable us to conduct a thorough investigation. We will promptly acknowledge your complaint and aim to resolve the matter within 5 days. However, depending on the complexity of the complaint and the responsiveness of relevant external parties (if applicable), it may on occasions take longer.
If you are not satisfied by our response you also have the right to make a complaint to the Information Commissioner’s Office (the “ICO”) which is the UK supervisory authority for data protection. Contact details can be found on its website (www.ico.org.uk).
