The Harvey Nash Group, including all Harvey Nash Group subsidiary companies together, (which includes Alumni, Spinks (We Are Spinks), NashTech, PAT Management, Talent-IT, Team4Talent, Talent2Test, Pro-Cured, eMenKa NV), referred to here as ‘Harvey Nash’ is a leading global recruitment consultancy and outsourcing company working on an annual basis with thousands of candidates and clients worldwide.
Our reputation is reliant on the trust of people we work with and, consequently, the effective and professional use of the information you provide us is paramount.
Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
This privacy notice explains what we do with your personal data, whether as part of helping you find a job, developing your career, providing you with a service that may be of interest, or simply as a result of you visiting our website.
We respect your right to privacy. Our overall aim is to ensure that our collection and use of personal information is appropriate to the provision of services to you and is in accordance with applicable data protection laws.
“You” are a candidate, potential candidate, consultant, client contact or contact at any other organisation involved in the introduction and/or supply of services.
References in this notice to “client contact” means a responsible owner at a client.
Data Protection Act 2018 as amended, and the United Kingdom General Data Protection Regulation, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 here referred to as “UK GDPR”.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) here referred to as “EU GDPR”.
Specifically, this privacy notice provides you with details about the personal information we collect and hold about you, how we use your personal information and your rights regarding your personal information.
This privacy notice applies to the collection, storage and use of personal information collected by Harvey Nash (“we” or “us”):
The personal information we collect about you where “you” are a contact at one of our clients.
We need to collect information about you as an essential part of providing our Services.
We may collect personal information about you when:
We will usually collect the following information from or about you:
Where “you” are a client:
We use the data we gather to perform a number of tasks, including:
Client contacts: we use the information collected from clients to ensure that we provide business services to you. This will involve identifying candidates that will meet your requirements or providing other business services from our portfolio.
Suppliers: we use the data collected to ensure the business arrangements between us run smoothly.
Our lawful basis for processing your data: we consider that it is necessary, for our legitimate interests as a business, to process your personal data. At different stages in the outsourcing processes we also have other lawful grounds for processing your data such as compliance with our legal obligations and where it is necessary for the performance of contracts related to the outsourcing process.
A full statement of our legitimate interest may be found in this document.
Where we are required, by law, to obtain your consent to the processing of your personal data we will obtain it.
All users of the site and our services
We collect, store and use your personal information for the following purposes:
Sometimes, our use of your personal information is for purposes which are ancillary to the provision of the Site and Services, or which are desirable to make them to operate more effectively. In those circumstances, we believe we have a legitimate interest in handling your personal information, and do not believe that this storage and use of your personal information will unduly prejudice your rights or freedoms.
For more detail about these circumstances please see Appendix 3 below.
Your personal data provided to us is processed by Harvey Nash Group.
We will ensure that:
We will disclose information under the following circumstances:
Service and Site usage information: When we share anonymous information generated by our services with our clients.
Third-party service providers: When we share information with third-party service companies for them to facilitate and support us in the provision of the services. This includes:
These organisations are appointed by Harvey Nash as data processors and authorised to use your personal information only as necessary to provide the relevant services to us. These organisations are required to process such information based on our instructions and in accordance with this privacy notice. They do not have any independent right to share this information.
Group companies: We provide your personal information to our subsidiaries or affiliated companies for the purpose of processing personal information on our behalf to provide the site and the services. These parties are required to process such information based on our instructions and in accordance with this privacy notice. They do not have any independent right to share this information.
Merger or acquisition: When we need to transfer information about you if we are acquired by or merged with another company. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified by email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Recruitment and resourcing services: When we are using your personal information in the context of our recruitment and resourcing services, then we may share your personal information with clients where we believe that you may be appropriate for a particular role or vacancy with that client.
Umbrella companies and personal service companies: When you inform us that you are supplying or intend to supply your services via Harvey Nash to a client through an umbrella company or personal service company.
Recruitment Process Outsourcing and Managed Service Providers: In certain cases, there may be an organisation such as a managed service provider acting as a gateway for the supply of Services made via Harvey Nash to the hirer. Where this is the case, we will share your information with such organisations to the extent that it is necessary for the purposes of the supply.
Where personal information is shared with clients, hirers, umbrella companies, personal services companies or managed service providers in the circumstances described above, then those organisations will handle your personal information in line with their own privacy policies.
We want to make sure that your data is stored and transferred in a way which is secure. We will only transfer data outside of the UK and European Economic Area where the recipient is compliant with the data protection legislation and the means of transfer provides approved safeguards.
These will include UK or EU approved standard contractual clauses, according to Article 46(2)(c) "UK GDPR" and "EU GDPR", or where the country concerned has been found adequate by the UK Secretary of State or European Commission (as applicable) in respect to the levels of data protection, according to Article 45 "UK GDPR" and "EU GDPR".
Please note that where a derogation to the above applies under Article 49 "UK GDPR" and "EU GDPR", you will be informed of this prior to the transfer taking place and will have the opportunity to object to that transfer.
As a business, we transfer personal data between our EU and UK entities, including storing EU data subjects’ personal data on UK servers. Your personal data will be processed to the same high standards, as Harvey Nash implements the "EU GDPR" and the “UK GDPR” across all of its EU and UK entities.
Harvey Nash is a global company and to effectively provide the best service to our clients we may utilise a delivery and business processing outsourcing (BPO) service in Vietnam. The services we use are provided by Harvey Nash Vietnam, a subsidiary of the Harvey Nash Group. A data transfer risk assessment has been carried out, and both data processing agreements and standard contractual clauses are in place to govern the secure processing of personal data in these instances.
We may send your information between Harvey Nash entities which may exist outside of Europe, to overseas clients or to clients within your country who may in turn transfer your data internationally. Appropriate safeguards and legal requirements will always be in place to govern the secure processing of your personal data.
The data may also be stored on cloud-based storage for parts of our overall business process.
Please be aware that countries which are outside the UK and European Economic Area may not offer the same level of legal protection for your personal information as under EU/UK law, although any collection, storage and use of your personal data by us (or on our behalf) will continue to be governed by this privacy notice.
Our website may offer you the opportunity to pass your personal information to us in relation to a particular role or service which is of interest to you. This information may be routed through one of our 3rd party suppliers before it is delivered electronically to us. All of our 3rd party suppliers have been vetted to ensure that they will meet our own privacy and security standards in the collection and processing of your personal information.
Our website may also link or direct you to other websites or external content which are not within our control. Links to other websites may be provided for your convenience and information. While we will use our best endeavour to ensure that we link or direct you only to websites that share our privacy and security standards, we are not in the position to guarantee the same and we will not be responsible for the protection and privacy of any personal data which you provide on those websites.
Technologies such as cookies, beacons, tags and scripts are used by us and our affiliates, or analytics or service providers. These technologies are used in analysing trends, administering the Site, tracking users’ movements around the Site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Harvey Nash is passionate about protecting your information. To this end we have put in place appropriate measures that are designed to prevent unauthorised access to and misuse of your personal data. These include measures to deal with any suspected data breach. If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately by emailing DPO@harveynash.com.
Your information is held on servers hosted by us or our Internet Services Provider. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
The period for which data is retained in each circumstance is determined by the balanced interests of the company and the data subjects concerned. If personal data needs to be retained to fulfil the documented business interests of the company, and that interest would align with the interests of the data subject, then we will continue to retain for a reasonable period.
However, we don’t keep data for any longer than is necessary. For most people where we have limited contact it will be for a maximum of two years from the date of last contact with us. Where we have engaged with you more extensively, for instance we have worked with you as client or supplier, or interviewed/placed you as a candidate, we may retain data longer.
We will delete personal data at the end of the legal retention period except where we need to keep any personal information to comply with our legal obligations, resolve disputes, or enforce our agreements.
We have legal obligations to retain emails as we operate across a number of jurisdictions including the United States. We use an archiving system to archive emails two years from the date sent or received, for up to ten years.
For more information on our data retention policy please contact DPO@harveynash.com.
You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at any time.
More details on your rights may be found in Appendix 5 below.
Harvey Nash tries to meet the highest standards when collecting and using personal information. We take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
If you wish to complain about our policies or any of the procedures please contact our Data Protection Officer via DPO@harveynash.com. You can also seek a remedy through local courts if you believe your rights have been affected.
EU Supervisory Authorities
You may make a complaint to any supervisory authority for data protection matters in the EU. Harvey Nash is registered as a data controller with the Information Commissioner’s Office in the UK, but also operates across the EU where other supervisory authorities operate.
In respect of the UK exiting the EU, we have designated a legal entity as a representative for data protection matters in the EU. This entity is Harvey Nash BV, (Netherlands).
To contact this entity about your rights or any concerns you have about processing being carried out in the EU, please email EU-DPO@harveynash.com.
Periodically we may send you information that we think you will find interesting or to ask for your expertise in completing a survey. We may also send you information to:
Subject to any applicable local laws and requirements we will not, as a matter of course, seek your consent when sending marketing materials relating to the above but we will always give you the option to unsubscribe of any such mails.
Where we have previously engaged with you, for example where you have submitted an online enquiry or CV to us, we will assume that you have given permission for us to contact you with details of services which we believe will be of interest to you.
If you do not wish to receive these communications you can unsubscribe by clicking on the relevant link on marketing emails, or contact email@example.com requesting to be opted-out of receiving marketing communications.
Not withstanding the above, your rights as a data subject under the GDPR provide that you can ask for all your personal data to be removed (as explained above) at any time.
Automated Decision Making:
Harvey Nash does not utilise any form of automated profiling currently. All of our activities involve human decision-making during the process. This may change in the future if we implement automated technologies or machine learning, but we will only do so where appropriate and in accordance with local laws and regulations. Any changes to this notice will be notified as set out below.
Harvey Nash utilises psychometric testing providers to conduct tests for our clients. Candidates sign into the testing provider and carry out this test. Specialists within Harvey Nash will review the results of the tests and conduct what may be described in the GDPR as profiling on the personal data. You have the right to object to profiling and can do this by refusing or withdrawing your consent to processing in the testing process at any time.
We collect anonymised details about visitors to our website for the purposes of aggregate statistics or reporting purposes. However, no single individual will be identifiable from the anonymised details we collect for these purposes.
Third party sites:
We will publish changes to this privacy notice from time to time. If significant changes are made to our processing activities, we will take reasonable measures to notify data subjects accordingly.
We may collect personal data when :
We may collect the following information from or about you:
You can update your personal data at any time by forwarding a copy to firstname.lastname@example.org.
We collect, store and use information that we obtain in relation to you for our legitimate interests:
This storage and use of your personal information allows you to be contacted about roles which may be of interest to you, now or in the future, and we do not believe that this storage and use will unduly prejudice your rights or freedoms.
We will store and use your personal information in order to comply with relevant legal obligations to which Harvey Nash is subject.
The relevant circumstances are:
In some, relatively limited, circumstances we need to handle your personal information in a certain way to be able to comply with our legal obligations. For example if we:
A cookie (small text files that store information on your hard drive) may be used in the processing of your personal data. A copy of this text file is sent to your computer and/or device whenever it communicates with our server. Cookies help us to understand which sections of our websites are frequently visited. With this information, we can adapt our website to suit your demands and provide you with a more customised and personalised user experience. We may collect the following information during your visit to our website and/or the fully qualified domain name from which you accessed our site, or alternatively, your IP address:
Some webpages may require you to provide a limited amount of personal information in order to enjoy certain services on a website (system login credentials, email addresses and contact information). This personal information will only be used for its intended purpose, i.e. to respond to your message or deliver the requested services.
You may configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent.
You have the right to request that we:
We will consider all such requests and provide our response within a reasonable period (and in any event within any time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
If you have made a request for erasure of your personal data records, we will usually retain a copy of your given email address on a ‘do not contact’ list to comply with our obligations under data protection legislation including the EU GDPR and UK Data Protection Act 2018, as well as the forthcoming UK GDPR and other international data protection legislation that may apply. For more information, please contact the Group Data Protection Officer.
You may request to unsubscribe from marketing material at any time. If you wish to contact us with respect to the above matters, please email us at DPO@harveynash.com.