Client’s Privacy Policy

Last updated – 14/12/2023

Overview

Changes made to our privacy notice

We exercise our right to update this Privacy Notice at any time, including to keep up to date with data protection law and accurately reflect Mackenzie Stuart’s practices surrounding data processing. Any changes made to our Privacy Notice come into effect when posted on this page (date of latest update can be found at the top of this page).

 

Personal data collected

For us to find the most suitable candidates for your organisation we need to collect and use certain information about you, or individuals who work at your organisation. The information that we collect from you is:

  • Your organisation name and contact details (address, central telephone number, etc);
  • Contact details of the individual we are liaising with at your organisation (name, telephone number, email address);
  • Details of the job vacancy and type of candidate you require; and
  • Any other information an individual from your organisation chooses to tell us.

Data processed by Mackenzie Stuart is collected in several ways. This information can be provided by you directly, provided by a third party or collected automatically via our website.

By using our website and sending any email communications our systems may obtain your IP address

Collecting the data directly from you

You may provide your personal data to us via one of the following ways:

  • Contacting us directly to discuss your vacancy requirements (usually by phone or email);
  • Submitting a vacancy via the client services area of our website; or
  • If you are a current/previous client when we have contacted you directly (usually by phone or email).

Collecting the data from other sources

We may gather some of your personal data, such as name and contact details, from publicly available sources online. For example, professional networking sites, such as LinkedIn, or job boards if you are advertising a vacancy.

 

What we use your personal data for and the legal basis we rely on

We process your personal data for the following purposes:

Recruitment purposes:

To identify suitable candidates for the job vacancy you have and to ensure the contractual arrangement between our two organisations operates effectively.

We rely on the following legal basis for this:

  • Contractual obligation – Article 6(1)(b) of GDPR

Marketing purposes:

As an existing client, to re-contact you in the future to see if you have any new job vacancies to fill or to send anonymised candidate profiles of individuals who we think may be suitable for your organisation.

As a prospective client to contact you to discuss any potential job vacancies you may have or to send anonymised candidate profiles of individuals who we think may be suitable for your organisation.

We rely on the following legal basis for this:

  • Legitimate Interests – Article 6(1)(f) of GDPR

We don’t think it unreasonable for clients, both prospective and existing/lapsed, to want to know about our services and how we can help recruit the right person for your job vacancy or for you to know of any potential candidates that we feel may make suitable employees of your organisation.  In fact, it can benefit your organisation to know when a highly skilled executive level individual is looking for new employment opportunities.

You can always opt out of any of our marketing communications at any time by contacting our Data Protection Manager.

 

Who we will share your personal data with

We will always ask for your express and informed consent to send your personal data to existing or prospective clients.

When a new recruitment business is set up under Mackenzie Stuart, all data subjects and their data processed whilst working for Mackenzie Stuart will be transferred across to the new company. The new business is still owned and controlled in the majority by Mackenzie Stuart.

Your personal data may be accessed and seen by our third-party outsourced IT provider, whilst they undertake work on our behalf. We have a data processor contract in place which sets out both parties’ responsibilities and obligations under GDPR. Data will not be used by third parties for any of their own purposes.

If you enter personal data into our website then it may be accessed and seen by our third-party website host and web data storage provider, whilst they undertake work on our behalf. We have a data processor contract in place which sets out both parties’ responsibilities and obligations under GDPR.

 

How we keep your personal data safe

Mackenzie Stuart takes the security of your personal data seriously and we have put in place the most appropriate organisational and technical measures to safeguard personal data. Our measures include:

  • Encrypting devices and servers where appropriate
  • Password access to computers and mobile devices
  • Secure premises
  • Restricting access to those staff who need to see the information
  • Internal policies and procedures on data protection and information security
  • Staff training
  • The relevant procedures to report and deal with potential data breaches

When we use third-party providers to process and/or store personal data we undertake relevant assessments of their business to establish their level of compliance with GDPR and only use those that provide sufficient guarantees to implement appropriate technical and organisational measures to safeguard personal data.

Our website, emails, databases and data storage are all on servers based in the UK and EU.

If you suspect your personal data has been lost or misused, please contact our Data Protection Manager.

Transferring personal data outside of the UK and EU

If a candidate, who is located outside of the UK and EU (a ‘third country’), applies for your job vacancy we will need to provide them with some of your data in relation to that job. This means that we sometimes must transfer client personal data to a third country.

If there is no adequacy decision in place for the country we are transferring client data to, we will only transfer the personal data if:

  • the transfer is necessary for the conclusion or performance of a contract between ourselves (i.e. we are contracted to find a suitable candidate for the job vacancy you have); or
  • we have obtained your explicit consent to transfer your personal data.

How long we will keep your personal data for

We keep client data for as long as we have an active communication with you, and once this ceases we will keep your personal data for 10 years since last updated before it is deleted from our systems and securely destroyed.

We have documented retention periods for all the information we obtain and process. If you would like to request a copy, please contact our Data Protection Manager.

 

Your rights

You have various rights in relation to how we process your personal data, as defined by the General Data Protection Regulations

  • You can access the personal data we keep about you and be given specific information about the processing, also known as the Right to be informed.
  • You can ask us to update inaccurate personal data we hold about you, also known as the Right of access or a data subject access request.
  • You can ask us to delete your personal data but only when specific grounds apply, also known as the Right to erasure. Please note that your ability to exercise this right may not always be possible due to legal requirements, in which case you will be informed of this.
  • You can ask us to restrict the processing of your personal data, also known as the Right to restrict processing.
  • You can ask us to update any inaccurate information we hold about you, also known as the Right to rectification.
  • You can object to the processing of your personal data if you do not agree with our legitimate interest grounds and for direct marketing purposes, also known as the Right to object.
  • You can transfer your personal data from us to another service provider but only when certain grounds apply, also known as the Right to data portability.

Rights in relation to automated decision-making including profiling does not apply as we do not undertake any automated decision-making, including profiling.

Should you wish to exercise any of your rights please contact our Data Protection Manager. All requests will be processed within one month unless the request is excessive in which case you will be informed and kept updated throughout.

We do not charge a fee for responding to the above requests unless the request is unfounded or excessive; or if requests are repetitive.

If you are not happy with the way we have been processing your personal data or have not dealt with one of your rights correctly when you have asked us to you may lodge a complaint with the Information Commissioners Office (ICO). The ICO has several ways in which you can contact them, including post, email, and online forms. To find out how click here.

 

Our contact details

You can contact our Data Protection Manager via one of the following ways:

  • Telephone: 0113 233 9520
  • Post: Mackenzie Stuart Ltd, P/t 2nd Floor, 6 Wellington Place, Leeds, LS1 4AP
  • Email: data.protection@mackenziestuart.com