Harvey Sutton Limited is committed to ensuring that your privacy is protected. We want to reassure you that we take the collection, use and retention of your personal data very seriously and have outlined below how we use the information we have about you.
Who are Harvey Sutton?
Harvey Sutton specialise in the identification and placement of individuals within the legal, accounting and consultancy sectors.
Explaining the legal basis we rely on
Harvey Sutton is registered as a data controller in the United Kingdom for the purposes of the Data Protection Act 1998. The law on data protection sets out six ways which a company may collect and process your personal data. Having analysed our customer database and business model, Harvey Sutton have assessed that Legitimate Interest is the primary basis for candidates and Contractual use for clients.
Our Legitimate Interest
As a recruitment business and recruitment agency Harvey Sutton introduce candidates to clients for permanent employment, temporary worker placements or independent professional contracts. The exchange of personal data of our candidates and our client contacts is a fundamental and essential part of this process.
In order to support our candidates’ career aspirations and our clients’ resourcing needs, Harvey Sutton require a database of candidate and client personal data, containing historical information as well as current resourcing requirements.
To maintain, expand and develop our business Harvey Sutton need to record the personal data of prospective candidates and client contacts.
When do we collect your personal data?
Personal data is collected from enquiries via this website, through personal contacts, referrals, headhunting, retained search assignments, CVs submitted by individuals to the business as well as through external websites (e.g. LinkedIn, Law Society)
What personal data do we collect?
The personal data we may collect is limited to the level we need to provide and deliver our recruitment services and made up as follows:
How and why do we use your personal data?
We only use the data you provide us with to understand your needs, aid the recruitment process and in the following administrative functions as listed below:
How we protect your personal data
Harvey Sutton are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information. These include:
You should be aware however, that we are not responsible for the content and security of any external website.
How long will we keep your personal data?
Harvey Sutton will retain your personal data for as long as necessary in order to provide the recruitment service to you and for the purposes of satisfying any legal, accounting, regulatory or reporting requirements. Harvey Sutton will carry out the following to ensure data is accurate:
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Who do we share your personal data with?
Your personal data is only shared with potential clients that you have given us permission to contact on your behalf to facilitate the recruitment processes.
Where your personal data may be processed and protecting your data outside the EEA
Harvey Sutton may transfer personal data that we collect from you to third-party data processors in countries that our outside the European Economic Area (”EEA”) for example, Australia or the USA. In this event, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. Any transfer of your personal data will follow applicable laws and we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. For example, our contracts with third parties stipulate the standards they must follow at all times.
What are your rights over your personal data?
Please be assured that both our website and services provided by our consultants are GDPR compliant. You can remove your data at any point, by contacting us at firstname.lastname@example.org or writing to us at Harvey Sutton, 8b Mallow Street, London EC1Y 8RQ
The GDPR provides the following rights for individuals:
Where any subject access request is made there is a requirement to prove identity before any information is divulged. This may involve physical presence with accompany ID.
Where a request to “be forgotten” is made, that can only be complied with if there are no other legal frameworks that overrule GDPR. Examples would be HMRC, FCA etc.
Regulation changes and remedial actions
The GDPR is going live on 25 May 2018 and the UK Data Privacy Bill does not have a final date as yet. This notice, therefore, is based on the regulations as they exist with a review process set up to make any adjustments required to become and stay compliant. In the event of any changes or processes which need remedial action, the review procedure will capture those issues and remedy them.
Contacting the Regulator
If you feel that your data has not been handled correctly, or if you are unhappy with our response to any requests you have made to us, regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office and they can be contacted by calling them on 0303 123 1113. You may also visit their website https://ico.org.uk/concerns/ .
If you are based outside of the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.