The Harvey Nash Group, including all Harvey Nash Group subsidiary companies together, (which includes Alumni, Spinks (We Are Spinks), NashTech, PAT Management, Talent-IT, Team4Talent), referred to here as ‘Harvey Nash’ is a leading global recruitment consultancy and outsourcing company working on an annual basis with thousands of candidates and clients worldwide.
Our reputation is reliant on the trust of people we work with and, consequently, the effective and professional use of the information you provide us is paramount.
Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
This privacy notice explains what we do with your personal data, whether as part of helping you find a job, developing your career, providing you with a service that may be of interest, or simply as a result of you visiting our website.
We respect your right to privacy. Our overall aim is to ensure that our collection and use of personal information is appropriate to the provision of services to you and is in accordance with applicable data protection laws.
Important definitions in this notice
“You” are a candidate, potential candidate, consultant, client contact or contact at any other organisation involved in the introduction and/or supply of services.
References in this notice to “client contact” means a responsible owner at a client.
Specifically, this privacy notice provides you with details about the personal information we collect and hold about you, how we use your personal information and your rights regarding your personal information.
What does Harvey Nash do?
The core of what we do is twofold.
- To provide services to help candidates develop their careers
- We work with clients to provide consultancy and outsourcing services to help them solve technology challenges
Where does Harvey Nash collect data from?
This privacy notice applies to the collection, storage and use of personal information collected by Harvey Nash (“we” or “us”):
- via our website at www.nashtechglobal.com; or any other website operated by us (the “site”); or
- as a result of you responding to an advertisement posted by us on a job board, online CV library or via social media; or
- as a result of personal recommendations; or
- from company websites; or
- from your business card; or
- in the course of us providing recruitment, resourcing, outsourcing or consultancy services to you (“Services”)
What information do we collect on Client contacts?
Client contacts: the personal information we collect about you where “you” are a contact at one of our clients.
We need to collect information about you as an essential part of providing our services.
We may collect personal information about you when:
- we contact you with a view to providing services to you; or
- you email us expressing an interest in working with us;
- you provide us with your business card or other information provided to us, given to our employees at sales and marketing events;
- you post information or advertisements on job boards or social media websites;
- we provide services; or
- we complete contractual documentation relevant to the services,
We will usually collect the following information from or about you:
- your name;
- your postal address;
- your phone and e-mail details;
- details of your role, title and responsibilities within your organisation;
Where “you” are a client:
- any opinion or feedback you share with us regarding our services;
- details of any queries you raise with us regarding the services;
- details of any outsourcing requirements or plans you share with us.
What is our lawful basis for processing your personal data?
We use the data we gather to perform a number of tasks, including:
- placement of a candidate into a particular employment role as defined by our clients; or the provision of resourcing, outsourcing or consultancy
- maintaining our records of our candidates, clients and contacts;
- conducting marketing, profiling and business development activities as well as market research and statistical analysis regarding our products and/or services;
- complying with any legal or regulatory requirements and to make the necessary disclosure under the requirements of any applicable law, regulation, direction, court order, guideline, circular or code which are applicable to us for the prevention of crime;
- reporting requirements to clients where we offer Managed Services (RPO/MSP).
Client contacts: We use the information collected from clients to ensure that we provide business services to you. This will involve identifying candidates that will meet your requirements, or providing other business services from our portfolio.
Suppliers: we use the data collected to ensure the business arrangements between us run smoothly.
Our lawful basis for processing your data
We consider that it is necessary, for our legitimate interests as a business, to process your personal data. At different stages in the outsourcing processes we also have other lawful grounds for processing your data such as compliance with our legal obligations and where it is necessary for the performance of contracts related to the outsourcing process.
A full statement of our legitimate interest may be found here.
Where we are required, by law, to obtain your consent to the processing of your personal data we will obtain it.
All users of the site and our services
We collect, store and use your personal information for the following purposes:
- to make the site available to you; and
- to provide any services that you request.
Sometimes, our use of your personal information is for purposes which are ancillary to the provision of the Site and Services, or which are desirable to make them to operate more effectively. In those circumstances, we believe we have a legitimate interest in handling your personal information, and do not believe that this storage and use of your personal information will unduly prejudice your rights or freedoms.
For more detail about these circumstances please see appendix 3 below.
How do we share your personal information and who do we share it with?
Your personal data provided to us is processed by Harvey Nash Group. We will ensure that:
- access to your personal data is restricted to staff who are required to process such data as part of their job;
- only necessary information is released to the relevant employees;
- we seek your consent before sharing your details with any prospective employer or user of your services.
We will disclose information under the following circumstances:
Service and site usage information: When we share anonymous information generated by our services with our clients.
Third-party service providers: When we share information with third-party service companies for them to facilitate and support us in the provision of the services. This includes:
- IT support service providers;
- providers of credit reference, vetting and screening services;
- payment processors and software providers;
These organisations are appointed by Harvey Nash as data processors and authorised to use your personal information only as necessary to provide the relevant services to us. These organisations are required to process such information based on our instructions and in accordance with this privacy notice. They do not have any independent right to share this information.
Group companies: We provide your personal information to our subsidiaries or affiliated companies for the purpose of processing personal information on our behalf to provide the site and the services. These parties are required to process such information based on our instructions and in accordance with this privacy notice. They do not have any independent right to share this information.
Merger or acquisition: When we need to transfer information about you if we are acquired by or merged with another company. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified by email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Recruitment and resourcing services: When we are using your personal information in the context of our recruitment and resourcing services, then we may share your personal information with clients where we believe that you may be appropriate for a particular role or vacancy with that client.
Umbrella companies and personal service companies: When you inform us that you are supplying or intend to supply your services via Harvey Nash to a client through an umbrella company or personal service company.
Recruitment Process Outsourcing and Managed Service Providers: In certain cases, there may be an organisation such as a managed service provider acting as a gateway for the supply of Services made via Harvey Nash to the hirer. Where this is the case, we will share your information with such organisations to the extent that it is necessary for the purposes of the supply.
Where personal information is shared with clients, hirers, umbrella companies, personal services companies or managed service providers in the circumstances described above, then those organisations will handle your personal information in line with their own privacy policies.
We want to make sure that your data is stored and transferred in a way which is secure. We will only transfer data outside of the European economic area where the recipient is compliant with the data protection legislation and the means of transfer provides approved safeguards. These will include standard contractual clauses, according to Article 46(2)(c) GDPR, the EU – US Privacy Shield framework, or where the country concerned has been found adequate by the European commission in respect to the levels of data protection, according to Article 45 GDPR.
Please note that where a derogation to the above applies under Article 49 GDPR, you will be informed of this prior to the transfer taking place and will have the opportunity to object to that transfer.
As a business, we transfer personal data between our EU and UK entities, including storing EU data subjects’ personal data on UK servers. In preparation for the UK exiting the EU we have implemented standard contractual clauses between our EU and UK entities to provide appropriate safeguards for data transfers from the EU to the UK. Your personal data will be processed to the same high standards, as Harvey Nash implements the GDPR (including the “UK GDPR”) across all of its EU and UK entities.
Harvey Nash is a global company and to effectively provide the best service to our clients we may utilise a business processing outsourcing (BPO) service in Vietnam. The BPO service we use is provided by Harvey Nash Vietnam, a subsidiary of the Harvey Nash Group. We have ensured that we have an appropriate business relationship, with standard contractual clauses, to safeguard data transfer and ensure the privacy of your data.
We may send your information between Harvey Nash entities which may exist outside of Europe, to overseas clients or to clients within your country who may in turn transfer your data internationally.
The data may also be stored on cloud-based storage for parts of our overall business process.
Please be aware that countries which are outside the European Economic Area may not offer the same level of legal protection for your personal information as under EU/UK law, although any collection, storage and use of your personal data by us (or on our behalf) will continue to be governed by this privacy notice.
Personal information, cookies and websites
Our website may offer you the opportunity to pass your personal information to us in relation to a particular role or service which is of interest to you. This information may be routed through one of our 3rd party suppliers before it is delivered electronically to us. All of our 3rd party suppliers have been vetted to ensure that they will meet our own privacy and security standards in the collection and processing of your personal information.
Our website may also link or direct you to other websites or external content which are not within our control. Links to other websites may be provided for your convenience and information. While we will use our best endeavor to ensure that we link or direct you only to websites that share our privacy and security standards, we are not in the position to guarantee the same and we will not be responsible for the protection and privacy of any personal data which you provide on those websites.
Technologies such as cookies, beacons, tags and scripts are used by us and our affiliates, or analytics or service providers. These technologies are used in analysing trends, administering the Site, tracking users’ movements around the Site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
How we safeguard your personal data
Harvey Nash is passionate about protecting your information. To this end we have put in place appropriate measures that are designed to prevent unauthorised access to and misuse of your personal data. These include measures to deal with any suspected data breach. If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately by emailing DPO@harveynash.com.
Your information is held on servers hosted by us or our Internet Services Provider. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
The period for which data is retained in each circumstance is determined by the balanced interests of the company and the data subjects concerned. If personal data needs to be retained to fulfil the documented business interests of the company, and that interest would align with the interests of the data subject, then we will continue to retain for a reasonable period.
However, we don’t keep data for any longer than is necessary. For most people where we have limited contact it will be for a maximum of two years from the date of last contact with us. Where we have engaged with you more extensively, for instance we have worked with you as client or supplier, or interviewed/placed you as a candidate, we may retain data longer.
We will delete personal data at the end of the legal retention period except where we need to keep any personal information to comply with our legal obligations, resolve disputes, or enforce our agreements.
We have legal obligations to retain emails as we operate across a number of jurisdictions including the United States. We use an archiving system to archive emails two years from the date sent or received, for up to ten years.
For more information on our data retention policy please contact DPO@harveynash.com.
Your rights, complaints, questions and suggestions
You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at any time.
More details on your rights may be found in appendix 5 below.
Harvey Nash tries to meet the highest standards when collecting and using personal information. We take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
If you wish to complain about our policies or any of the procedures please contact our Data Protection Officer via DPO@harveynash.com. You can also seek a remedy through local courts if you believe your rights have been affected.
EU Supervisory Authorities
You may make a complaint to any supervisory authority for data protection matters in the EU. Harvey Nash is registered as a data controller with the Information Commissioner’s Office in the UK, but also operates across the EU where other supervisory authorities operate.
In preparation for the UK exiting the EU, we have designated a legal entity as a representative for data protection matters in the EU. This entity is Harvey Nash BV, (Netherlands).
To contact this entity about your rights or any concerns you have about processing being carried out in the EU, please email EU-DPO@harveynash.com.
Periodically we may send you information that we think you will find interesting or to ask for your expertise in completing a survey. We may also send you information to:
- market our full range of services
- send you details of networking and client events and information about the industry sectors we think may be of interest to you.
Subject to any applicable local laws and requirements we will not, as a matter of course, seek your consent when sending marketing materials relating to the above but we will always give you the option to unsubscribe of any such mails.
Where we have previously engaged with you, for example where you have submitted an online enquiry or CV to us, we will assume that you have given permission for us to contact you with details of services which we believe will be of interest to you. You will have the right to withdraw such permission at any time.
Profiling, anonymous data & third party sites
Automated Decision Making:
Harvey Nash does not utilise any form of automated profiling currently. All of our activities involve human decision-making during the process. This may change in the future if we implement automated technologies or machine learning, but we will only do so where appropriate and in accordance with local laws and regulations. Any changes to this notice will be notified as set out below.
We collect anonymised details about visitors to our website for the purposes of aggregate statistics or reporting purposes. However, no single individual will be identifiable from the anonymised details we collect for these purposes.
Third party sites:
Changes to our Privacy Notice
We will publish changes to this privacy notice from time to time. If significant changes are made to our processing activities, we will take reasonable measures to notify data subjects accordingly
We may collect personal data when :
- you access and browse the site (including when you submit personal information to us through data entry fields on the site); or
- you respond to an advert posted by us whether via a job board, LinkedIn or other social networking site; or
- we download details uploaded by you onto a job board, LinkedIn or other social networking site in connection with our internal market research ; or
- you contact us by phone, email or otherwise; or
- we provide services to you; or
- we contact you with a view to providing services to you; or
We may collect the following information from or about you:
- your name;
- your postal address;
- your phone and e-mail details;
- a copy of your passport details including your passport photograph;
- any information which has been published or made available on a social media profile or job board (whether by you or a third party), or in any news media;
- any e mail communications, including attachments, which you send to us.
You can update your personal data at any time by forwarding a copy to email@example.com.
We collect, store and use information that we obtain in relation to you for our legitimate interests:
- so that we can contact you (via email, SMS or phone) about opportunities and assignments that we believe you may be interested in;
- to enter into contracts which are necessary for your service to be supplied;
- to carry out market research for our internal use;
- for internal record-keeping purposes;
- to carry out services that we, you or our client have requested.
This storage and use of your personal information allows you to be contacted about roles which may be of interest to you, now or in the future, and we do not believe that this storage and use will unduly prejudice your rights or freedoms.
We will store and use your personal information in order to comply with relevant legal obligations to which Harvey Nash is subject.
The relevant circumstances are:
- detecting and preventing fraud;
- keeping our site, apps, products and IT systems secure;
- ensuring that our own processes, procedures and systems are as efficient as possible;
- analysing and enhancing the information that we collect;
- determining the effectiveness of our promotional campaigns and advertising; and
- contacting you with products and services which we think may interest you.
In some, relatively limited, circumstances we need to handle your personal information in a certain way to be able to comply with our legal obligations. For example if we:
- are requested to disclose your personal information to regulatory bodies;
- need to demonstrate our compliance with applicable law;
- are subject to any enquiry from the Employment Agencies Standards Inspectorate or HMRC.
A cookie (small text files that store information on your hard drive) may be used in the processing of your personal data. A copy of this text file is sent to your computer and/or device whenever it communicates with our server. Cookies help us to understand which sections of our websites are frequently visited. With this information, we can adapt our website to suit your demands and provide you with a more customised and personalised user experience. We may collect the following information during your visit to our website and/or the fully qualified domain name from which you accessed our site, or alternatively, your IP address:
- the date and time you access each page of our website
- the URL of any web page from which you accessed our site (the referrer)
- the web browser that you are using and the pages you accessed.
Some webpages may require you to provide a limited amount of personal information in order to enjoy certain services on a website (system login credentials, email addresses and contact information). This personal information will only be used for its intended purpose, i.e. to respond to your message or deliver the requested services. You may configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent.
You have the right to request that we:
- provide access to any personal information we hold about you;
- update any of your personal information which is out of date or incorrect;
- delete any personal information which we are holding about you;
- restrict the way that we process your personal information;
- prevent the processing of your personal information for direct marketing purposes;
- provide your personal information to a third-party provider of services;
- provide you with a copy of any personal information which we hold about you; or
- consider any valid objections which you have to our use of your personal information; or
- do not conduct profiling on your personal data, if you have consented to undergo testing with our third-party providers, by refusing or withdrawing your consent at any time.
We will consider all such requests and provide our response within a reasonable period (and in any event within any time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
If you have made a request for erasure of your personal data records, we will usually retain a copy of your given email address on a ‘do not contact’ list to comply with our obligations under data protection legislation including the EU GDPR and UK Data Protection Act 2018, as well as the forthcoming UK GDPR and other international data protection legislation that may apply. For more information, please contact the Group Data Protection Officer.
You may request to unsubscribe from marketing material at any time. If you wish to contact us with respect to the above matters please email us at DPO@harveynash.com.