WHO WE ARE

This Policy is intended to apply across the SSQ Group of companies in Europe. In the UK, it applies to Shilton Sharpe Quarry Limited (our private practice search and recruitment business), a company registered in England at 167 Fleet Street, London EC4A 2EA with company number 04575013. It also applies to SSQ Contracts Limited (our in-house and interims recruitment business) a company registered in England at the same address with company number 08233510.  In the UK, we are an employment agency and employment business as defined by the Employment Agencies Act 1973.  Our subsidiaries in Europe are as follows:

Shilton Sharpe Quarry Spain SL, Gran Via 6, Madrid 28013, Spain

Shilton Sharpe Quarry s.r.l, Via Broletto 27, 20121 Milano, Italy

We help candidates find employment with employers and we also engage candidates to provide services to our clients as agency workers. In this Policy, “we” and “our” refers to each of these companies as they handle your data (as applicable).

Our data protection lead (DPL) responsible for communicating with you about our use of your data can be contacted at data.protection@ssq.com . You can also control your privacy settings by accessing our candidate portal if you are eligible for and have registered for this service.

WHY YOU NEED TO READ THIS

When you visit our website or use our services to help you find a job or enter into a contract with us as an agency worker, you will be giving us your information in a variety of ways as described in this policy (your personal data). This isn’t about giving you the small print. It is our commitment to you that we want to protect and respect your privacy. We want to try and make it as clear as possible to you what you are agreeing to when you visit our site and when you use our services. If you have any questions, simply email us at data.protection@ssq.com  and we will try and answer them.

This policy sets out the basis on which we will use, store, collect, disclose and transfer (process) your data.  It sets out the basis on which we send you marketing, use cookies and share your data with third parties amongst other issues. 

Sometimes in this policy, we will get technical with a few terms such as referring to:

- the General Data Protection Regulation (2016/679) (the GDPR)

- data processors (third parties who handle your data on our behalf)

- a data controller (the company which makes decisions about how it wishes to use your data) – in the UK, that’s either Shilton Sharpe Quarry Limited (if you are dealing with our search and recruitment business) or SSQ Contracts Limited (if you are dealing with our in-house and interims business).

UPDATES
 
We may need to update this Policy at any time and without notice and when we do this we will advertise this by including notices on the website and/or emailing you if we have your email address on our records.
 
WHAT INFORMATION WILL YOU COLLECT ABOUT ME AND WHY DO YOU NEED IT?
 
We will collect and process the following data about you:
 

Basic profile data

This is the information about you that you give us by: 

• filling in forms we give you or which are on our website which ask for basic profile information (for example when you fill in our contact us form or job application form). These may ask for your: name, title, email address, telephone number, areas of practice you might be interested in and a copy of your CV where applicable; 

• using our website, for example to message our consultants directly;

• corresponding with us by phone, e-mail, social media or otherwise (for example if you report a problem with our website or make an enquiry about our services); 

• registering to receive a newsletter from us or stating other marketing preferences;

• telling us it in an interview.

We need this information to operate our business effectively which is in our legitimate interests. For further details of how we use your data for marketing purposes, please see the Marketing section of this policy.

You know what information you are giving us and why we need the information as you are filling in the forms and requesting us to do things for you.

Candidate data

Our process
 
Data Collection
 
In order to see if you might be interested in our services, we gather data in two ways:
 
• We gather data about you directly. This happens when we set up a phone call or meeting with you to discuss our services. At this point you may provide us with your CV and other details of your experience, skills and interests (if you have not done so already) or you may wish to send this to us following the meeting. 
  
• We also gather data indirectly about you from online publicly available sources such as professional networking sites (such as LinkedIn) and websites such as the Law Society. 
We may then use this data for our mutual legitimate interests of establishing if we can provide you with advice on the legal market or if we can help you with your search for employment or can place you in work as an agency worker. We may then contact you for this purpose. 
 
 
First Contact
 
Our first contact with you will depend on a number of factors including the roles that may be of interest and your seniority.
 
• Our team may call you to see if you would be interested in receiving advice on the legal market or if we can help you with your search for employment or can place you in work as an agency worker. 
 
• Our consultants may meet with you to discuss if we can be of service to you or advise you on the legal market or if we can help you with your search for employment or can place you in work as an agency worker.
 
• You may visit our website and notify us that you are looking for roles using our job finder form.
 
This use is for our legitimate interests of establishing if we can provide you with advice on the legal market and identify suitable opportunities for you or place you in work as an agency worker. We will always make it clear to you how you may opt out of hearing from us again. See ‘Opting out’ below. If, after we are in first contact with you, you inform us that you are not pro-actively looking for a new role at that time, we will keep your records on our system for only as long as we consider this necessary in order to advise you on suitable roles that may occur in the future. This database is cleansed periodically in accordance with the law to ensure that we do not store your details for longer than necessary. If you inform us that you do not wish to hear from us again, we will of course, respect this. Please see ‘Opting Out’ below.
 
Taking the next step
 
If after speaking with us or registering your interest online, you do wish to engage with us or use our services then we begin the process of advising you on the market and/or potentially suitable roles. At this point, our collection of your personal data naturally expands. We may:
 
• undertake further online searches of professional networking sites (such as LinkedIn) and other backgrounds searches (see Background Searches below) to gather more relevant information about you;
 
• profile candidates to select the best candidate for a role. Although we use some searches of online databases and information, we do not conduct any fully automated decision making processes to shortlist candidates;
 
• process any further career history sent to us by you;
 
• process information relating to potential employers you have been introduced to, interviews you have undertaken, offers made to you, details of roles you have accepted;
 
• if you are engaged by us as an agency worker, process information relating to temporary assignments you undertake including but not limited to rates of pay, payments made to you, absences due to sickness, injury or holiday;
 
• process any data we are required to process by law; and
 
• store our ‘candidate and worker notes’ and ‘calling reports’ on our systems which are attached to each candidate/worker’s contact details. These specify when we last contacted you, your history of placements through our business and elsewhere and any further information that you may have provided to us or to clients that may be relevant to your search for a role. We only store information that is necessary for this purpose.
 
If you are a candidate for direct employment by a third party or seeking an assignment as an agency worker, then our reason for processing such data is our mutual legitimate interests of finding you a role.
At this point, if not before, if you are eligible, you may be directed to register with our candidate portal and provide your consent to our use of data as described in this Policy. If you are not directed to our portal, we will establish your consent verbally or by other means to continue with the data processing as described in this Policy.
 
Discussing roles with a client
 
Where we wish to discuss your profile with a client, we only ever do with this with your express permission. We never share candidates’ or workers’ personal details with clients without their consent. 
 
Securing a role
 
Where you are successful in securing an offer for a role, we may use your data to:
 
• undertake verification of your ID, right to work, references and qualifications;
• process payment information you provide to us (for example if seeking temporary work).
 
We may also ask you for your banking details so we can pay you and this is necessary to perform our contract with you
 
If you are engaged by us to perform an assignment as an agency worker, then our reasons for processing such data will include (i) to perform our contract with you; and (ii) for the mutual legitimate interest of managing the performance of your services; and (iii) for compliance with legal obligations including but not limited to the Conduct of Employment Agencies and Employment Businesses Regulations 2003, the Working Time Regulations 1998, prevailing law relating to tax, National Insurance contributions, pensions auto-enrolment and the statutory sick pay scheme. If you need further information about which condition applies to our use of your information then please email data.protection@ssq.com 
 
Executive Search 
 
We also offer our clients an executive search function whereby we will proactively identify potential highly skilled candidates for a role who may be working in other places of employment and who have not contacted us themselves. This is in our mutual legitimate interests. We protect your interests at all times by ensuring that if, when contacted, you have informed us that you do not wish to be contacted again by us, we will opt you out immediately from our services. See ‘Opting Out’ below. Where you choose to engage with us in relation to a role then we will obtain your consent to proceeding either verbally or via our candidate portal (if you are eligible to register on it).

Opting out 

If, at any time, you inform us that you do not wish to be contacted by us in relation to our services, we will, of course, promptly delete your records from our system although we will keep a note that you were not interested in our services so we do not contact you again unless you later contact us or you exercise your right to erasure (see Rights section below). To exercise this opt out, please inform the consultant you speak to or email us at any time at data.protection@ssq.com. If you have set up a profile on our candidate portal, then you may amend your contact preferences at any time using that portal. 
 
You always have the right to withdraw any consent you have given us. To do this, simply inform the consultant you are dealing with or email data.protection@ssq.com

Records

We will delete your records upon your request or if we have not heard from you for an extended period in accordance with our records retention policy and the principles of data minimisation with which we are bound to comply by law. We only hold records for as long as necessary. Different retention periods apply to different categories of data and are too numerous to set out here but depend on the legal requirements for our records, the nature of and amount of the data contained in the record, its sensitivity and the potential risk for harm from unauthorised use or disclosure of the data and whether we can achieve our purposes without holding onto that data. Please note that:

• If you are successful in finding a role with us then we will keep your records on our systems for a limited period in case we can be of service to you in the future. We may then contact you about other similar roles that we consider may be of interest to you unless you have expressly informed us that you do not wish us to do this. You can do this by visiting our candidate consent portal if you have set up a profile on that portal or by emailing data.protection@ssq.com or by informing your consultant. 

• If you are searching for a role but are not successful in finding a role initially, then we will keep your records for as long as you require us to find you a suitable position – we will seek to verify if you are still looking for work on a regular periodic basis to ensure our records do not become out of date. 

Sensitive Data 

Please avoid providing us with any data relating to any of the following ‘sensitive’ types of data (also known as special category data) unless we have expressly asked for it as we will need your separate express consent to capture this data:

• details of your physical or mental health and biometric ID  data;;

• details of your race, ethnicity, sexuality, political or philosophical opinions or religion;

• details of any trade union membership;

• criminal records. 

If you wish to provide us with this sensitive data then please contact data.protection@ssq.com  and we will provide you with the relevant consent forms.

If you are engaged by us to provide services as an agency worker, we may require and process details of your health in order to comply with process any entitlement to statutory sick pay.

If you provide us with information about your disability status, we may use this to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during interview and we may store this with your other records and pass this to clients so that they can use this for the same legally required purposes also.

Any information captured in our equality monitoring forms is anonymous and not stored with your other records.

Client Data 

We process data about our clients as well as our candidates. This comprises: contact details (name, email address), title, career history and details of any meetings between our clients and our candidates and information from publicly available sources such as the client’s website. We process this data for our legitimate interests of finding clients suitable candidates. We also send clients marketing from time to time – please refer to the Marketing section of this policy below.

Less Obvious Information you Give Us

Each time you visit our site, we collect certain technical data about you. This includes details about your equipment (such as mobile device type), your operating software, browsing behaviour (including your browser type and version, geographical location, referral source, time zone setting, browser plug in types and versions, IP address URL, clickstream to and from out site including date and time, pages you viewed or searched for, page response times, page interaction information such as scrolling, clicks and mouse-over and methods to browse away from the page. Our Cookies Policy explains how we share this with others and how we use it for our own purposes. The source of this data is our analytics tracking system and we require this to pursue our legitimate interests of improving our website and personalise your experiences on it as well as for our own business intelligence. 
 
We may also monitor and record our communications with you for the purpose of quality assurance and training and for fraud prevention. This is in our legitimate interests of our business quality and security standards.

Information we share with/obtain from other sources

Background Searches: 
 
As described above in the ‘Candidate Data’ section of this policy, we undertake background searches of publicly available information on you from websites such as LinkedIn, legal news websites and any professional societies relevant to your role such as the Law Society of England and Wales and overseas equivalents. This is in our legitimate interests of finding suitable roles for both you and our clients.
 
We may have to conduct credit referencing checks as part our recruitment services. We may search the files of credit reference and fraud prevention services and we may share our results with them. These searches will be recorded. Your information may be linked to others living at your address. Other credit providers may search these records. If you provide false information and we suspect fraud we will record this and report our suspicions to appropriate law enforcement agencies. This use of your information is needed for anti-fraud and money laundering purposes which are in our legitimate interests. 
 
Criminal records checks - We may also conduct DBS criminal records checks with your consent and where this is relevant for your role only. This may occur where your role requires a high degree of trust and integrity.
 
References: We may also ask any named referees you have given to us for references. We will ask for your consent for this.
 
It may not be possible to complete your application without these checks.
 
Service Providers: Sometimes, other businesses give us data about you which we need for our legitimate interests of conducting business with you and on occasion they are necessary to perform our contract with you. This happens when we engage third party contractors to provide us with technical or delivery services that we require to provide you with our services. We need these providers to provide us with their services for our legitimate interests of operating our business and our website effectively.
 
Professional Advisers: We may also share your data with professional advisers such as our lawyers, accountants and insurers to manage our business, risks and legal claims. This is in our legitimate interests.
 
Partnerships: We may also enter partnerships with third parties to exchange information about you where we think it will give you an opportunity to get a great product or service but we will always inform you about this and ask for your express permission to participate in this.
 
Group: We share your data within our group in order to improve our products and services and because some of our internal support services are shared across the group. This is in our legitimate interests. A full list of our group companies and their locations is available on our website. Where the EU has not assessed a third country to have adequate data protection rules in place, we have implemented model contracts in the form prescribed by the EU under its decision 2004/915/EC which gives personal data transferred outside the EU the same protection it has in Europe. It is possible we could sell our business to a third party or re-organise our business or enter into a joint venture or become insolvent. In that scenario, our database of customers is one of the biggest parts of that business and so we would need to share it with the third-party buyer/joint venture partner and their advisers. This is in the legitimate interests of selling our business.
 
Law Enforcement/Legal Compliance: We will cooperate with all third parties to enforce their intellectual property or other rights. We will also cooperate with law enforcement requests from within or outside your country of residence. This may include disclosing your personal information to government or law enforcement agencies, or private parties, when we have a good faith belief that disclosure is required by law or when we, in our discretion, believe that disclosure is necessary to protect our legal rights, or those of third parties and/or to comply with a judicial proceeding, court order, fraud reduction or legal process served on us. In such cases, we may raise or waive any legal objection or right available to us. These uses of your data are in our legitimate interests of protecting our business security. We may also use your data and share it with the recipients listed in this policy for the purpose of complying with our legal obligations. 
 
MARKETING 
 
Sending existing clients and our existing candidates and agency workers direct marketing about our services (such as job alerts emails, newsletters and information about events we are holding) is in our legitimate interests of growing our business although we will always ask new candidates, workers and clients with whom we have not worked before for their consent to receive any electronic (email, text, fax, phone or OTT) marketing and will review this consent regularly.
 
We will always offer a way out of receiving this marketing when you first register with us and in every marketing communication afterwards. We may on occasion send out postal marketing for the purpose of growing our business which is in our legitimate interests and in this scenario we will rely on you to let us know if you do not want to receive this by opting out of the marketing. You can always control your privacy permissions by emailing us at data.protection@ssq.com or visiting your profile settings on our candidate portal if you are eligible for and have registered for that service.
 
AUTOMATED DECISION MAKING AND PROFILING
 
We may conduct candidate profiling using automated means when building up a profile of appropriate candidates from online sources and screening them against the required set of skills, experience and qualifications. This is in our legitimate interests of finding the right candidate for a client and the right role for our candidates. It is not a solely automated process.
 
WHERE WE SEND YOUR PERSONAL DATA
 
The data that we collect from you will be kept in the UK/EEA except as follows:
 
• We use certain ‘cloud providers’ to provide us with technical solutions. Where this occurs, we require all such third parties to respect the security of your data and to treat it in accordance with the law ensuring appropriate safeguards are in place and we will always work with them to protect your privacy. We may use specific contracts approved by the European Commission which give personal data the same protection that it has in Europe or we may transfer data to them if they are part of the Privacy Shield programme which requires them to provide similar protection to personal data shared between Europe and the US.
 
• We transfer your data within our Group. A list of our group companies and their locations is on our website. Details of the safeguards we have implemented to protect these transfers are above. 
 
• We may transfer your data to overseas clients but we never provide your data to clients without your consent which we will obtain verbally or through our candidate portal.
 
BEING SAFE AND HOW WE PROTECT YOUR DATA
 
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. 
 
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. 
 
All information you provide to us online is stored on our servers and we have implemented reasonable and appropriate security measures to protect the data including making our site hypertext transfer protocol (https) secure which means that any communications between our website and your browser are encrypted. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee that data breaches will never occur. Our site may, from time to time, contain links to other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. Please do not provide us with any other person’s data unless we have specifically prompted you to do so.
 
Our services are not aimed at children and neither is our website.
 
YOUR RIGHTS  
 
You have various rights under law that assist you with verifying our lawful use of your data. The simplest way of exercising any of these rights is to do so within your profile settings on the candidate portal or by emailing data.protection@ssq.com.  A full list is below.

Data Subject Request

The right to be informed of our use of your data. This is met by the provision of this Policy.
 
The right of access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Please note that we may ask you to specify what you wish to see in order to focus our search, and we may have to verify your identity/authority. The simplest way to view your basic contact information is online on our candidate portal if you are eligible to register for that service. If you require other information, please contact our DPL using the details given in this policy.
 
The right to rectification - This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
 
The right to erasure - This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. For example:
• where you consider that we do not need it any longer for the purposes for which we originally collected it as explained to you in our Privacy Policy;
• where you have withdrawn your consent to our using it and we had relied on that consent to use it according to our Privacy Policy;
• where you consider that we cannot show a ‘legitimate interest’ in continuing to process it and we have relied on that legitimate interest to process it as further explained in our Privacy Policy. 
 
You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
 
The right to restrict processing - This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
 
The right to data portability - We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 
 
The right to object where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
 
Consent - where we are relying on consent to process your personal data you may of course withdraw it. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. 
 
QUESTIONS AND COMPLAINTS 
• Please contact our Data Protection Team at data.protection@ssq.com  if you have any questions about this policy.
• You may complain to your local supervisory data protection authority about us depending on where you are located. In the UK, please read: https://ico.org.uk/for-the-public/raising-concerns/ for details of how to do this.
  
 
End of Policy. Last Revised May 2018.