Skip to main content

Privacy
Statement

Ensuring your privacy is key to
our business

No surprises

We will tell you clearly how your personal data is used in our business.

Your Partner

Your data is key to our business so we will mind it as if it was our own.

No spam

We will always aim to send you information that is relevant to you.

The bare essentials

We won’t collect information that we don’t need.

When it's no Longer needed - It's gone

We won’t hold onto information that we don’t need!

General - Data Protection Statement

  • If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us please contact:

    Data Protection Officer
    Org, Connaught House, 1 Burlington Road, Dublin 4 D04 C5Y6

    Email: privacy@thisisorg.com

  • Org is a member of the Morgan McKinley Group of companies. This Data Protection Statement describes how Org (referred to herein as “we”, “us”, “Our” and “Org”) collect, use, consult or otherwise process Personal Data.
    This Data Protection Statement provides detailed information about our processing activities so that you understand everything you need to know about how we will use that Personal Data as part of our services.

    Org is committed to transparency and fair processing of all Personal Data that you entrust to us. All information regarding the processing of your personal data, including your rights, what Personal Data we collect and who we share it with, is contained in this Data Protection Statement.

    We only collect and process your Personal Data in accordance with the General Data Protection Regulation (“GDPR”) and relevant local data protection laws (together the “Data Protection Laws”).

    For your convenience we have divided our Data Protection Statement into sections. This general section is applicable to everyone. The other sections set out specific information relating to the categories of Data Subject defined in section 3.

    This Data Protection Statement was last updated on 06/05/2021.

  • We are a Business Solutions Consultancy. We provide advisory services and project resources to support our Clients who need support with specialised projects through our Associates and network of specialist technology business contacts.

    Org is a member of the Morgan McKinley Group of companies. This Data Protection Statement applies to the following Org companies:

    • Imprint Consulting Limited t/a Org, 15 Fetter Lane, Holborn, LondonEC4A 1BW, United Kingdom.
    • Org Advisory and Managed Solutions DAC, 4th Floor, 6 Lapps Quay, Cork, T12 XE1V, Ireland Connaught House, 1 Burlington Road, Dublin 4 DO4 C5Y6.

    References to “we”, “us” and “Org” shall apply to the Org company that is processing your Personal Data. The Org companies may work together on relevant projects as part of the services and your Personal Data will be available to each company.

    We are a Business Solutions Consulting business that Advises, Resources and Delivers transformational change for organisations.

    This Data Protection Statement describes how we process Personal Data in order to fulfil the objectives specified above. It includes detailed information about the types of Personal Data that we process, and how we use, manage and protect that Personal Data.

  • This Data Protection Statement applies to Personal Data we process in relation to:

    • Associates & Partners
    • Business Contacts including our Clients
    • General Contacts

    This Data Protection Statement applies to the Personal Data we process about the following Data Subjects:

    Data Subject Description
    Associates includes any person We may identify or who engages with Us with a view to working on assignment or providing services to a Client of Org. References to Associates in this Data Protection Statement shall include Partners.
    Partners are a category of Associates who provide supplementary services which may include providing assurance services to Org and its Clients; and providing commercial and subject matter expertise with and on behalf of Org to secure new business opportunities, brand awareness and Client contacts for Org.
    Business Contacts includes clients and potential clients, suppliers, shareholders, trade, professional and membership organisations and other business contacts of Org.
    General Contacts includes all other individuals whose Personal Data we process that are not covered in the other sections above including:
    • website users
    • details of next of kin/emergency contact details
    • Partner and Associate Referees
    • Shareholders/investors and partners
  • This section describes the lawful basis we may use to process Personal Data.

    We process all Personal Data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds for processing Personal Data.
    When Org processes Personal Data any one of the following legal grounds will generally apply. Further detail about the lawful basis for our processing activities is included in the relevant sections of this Data Protection Statement.

    CONTRACT
    We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.

    CONSENT
    For certain processing activities we may rely on your consent. For example, certain marketing activity will only be undertaken if we have your consent. For Partners, this may also include featuring your biography, profile, image or relevant case studies in Org’s marketing collateral and/ or website for the purposes of showcasing your expertise and experience.

    Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

    You can withdraw consent provided by you at any time by contacting us at privacy@thisisorg.com

    LEGITIMATE INTEREST
    At times we will need to process your Personal Data to pursue our legitimate interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.

    We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.
    You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at privacy@thisisorg.com and We will review our processing activities.

    LEGAL OBLIGATION
    If we have a legal obligation to process Personal Data we will process Personal Data on this legal ground.

    DEFENCE OF LEGAL CLAIMS
    In limited circumstances and in accordance with the law we may use Personal Data in the defence of legal claims or enforcing legal rights, such as IP rights.

    ASSESSMENT OF WORKING CAPACITY
    In certain circumstances, we may be required to assess the working capacity of a Partner or an Associate and we may operate under this legal ground in relation to any tests or assessments undertaken involving the processing of health data or other special category Personal Data of the Partner or Associate.

  • We monitor for and do everything that we can to protect Personal Data and prevent security breaches.

    We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

    We monitor for and do everything we can to prevent security breaches of the Personal Data that we process. Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.

    We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

    If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

  • We may share Personal Data outside the EEA, however we will always ensure that this is done in compliance with the Data Protection Laws.

    In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.

    If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.

  • We may need to share your Personal Data in order to deliver Our services. We will always ensure that any transfer of Personal Data is undertaken in compliance with Data Protection Law and ensure that appropriate technical and organisational measures are undertaken to protect and secure any Personal Data that is transferred.

    Personal Data is shared in certain circumstances as follows:

    • between the Org companies identified in this Data Protection Statement, Org Advisory and Managed Solutions DAC and Imprint Consulting Limited for the purposes of administration, marketing and provision of our services
    • to other companies in the Morgan McKinley group of companies, including Morgan McKinley Group Limited and Premier Recruitment International UC, for the purposes of administration, marketing and provision of our services
    • to business partners and sub-contractors for the performance of any contract relating to services provided for the purposes of servicing our Clients, Partners and Associates, including email, chat, ticketing, Customer Relationship Management, Applicant Tracking System, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers
    • to Clients in the case of Personal Data relating to General Contacts such as referees, next of kin/emergency contacts
    • to Partners and Associates for the purposes of contacting Business Contacts
    • to Partners for the purposes of assessing suitable Associates to deliver a project for a Client
    • if a company in the Morgan McKinley Group or substantially all of its assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets
    • if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have
    • to official authorities to protect our rights, property, or safety, or those of other persons (including you)
    • to payment service partners for the processing of payments to and from Org,
    • to protect our rights, property, or safety, or that of our Clients, Partners, Associates or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection
    • to providers of services to Org including IT consultants and hosting companies, marketing, legal and finance
    • to analytics and search engine providers that assist us in the improvement and optimisation of our Website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google
    • to Org’s insurance brokers and providers where required for administering claims
    • to our email distribution partner and service providers in the case of marketing and newsletters.

    More specifically, we may share Partner and Associate Personal Data as follows:

    • to Clients and potential Clients of our services
    • to third party representatives of our Clients
    • for the purposes of third party screening and verification, including doctors or testing companies (for example, criminal record checks / pre-employment screening services and assessments)
  • We will only keep Personal Data for as long as it is needed for the purpose for which it was collected.

    We only keep your Personal Data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.

    Further information is set out in the relevant sections of this Data Protection Statement.

  • You have various rights relating to how your Personal Data is used including:

    • the right of access;
    • the right to rectification;
    • the right of erasure;
    • the right to restrict processing;
    • the right of data portability;
    • the right to object;
    • the right not to be subject to automated decision making; and
    • the right to make a complaint.

    You have various rights relating to how your Personal Data is used.

    Right of access to the Personal Data we hold on you

    You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.

    We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.

    We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.

    Right of rectification of Personal Data

    You should let us know if there is something inaccurate in your Personal Data.

    We may not always be able to change or remove that Personal Data, but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.

    Right of erasure of Personal Data (right to be forgotten)

    In some circumstances you can ask for your Personal Data to be deleted, for example, where:

    • your Personal Data is no longer needed for the reason that it was collected in the first place
    • you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
    • there is no lawful basis for the use of your Personal Data
    • deleting the Personal Data is a legal requirement

    Please note that we can’t delete your Personal Data where:

    • we are required to have it by law
    • it is used for freedom of expression
    • it is used for public health purposes
    • it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
    • it is necessary for legal claims.

    Right to restrict what we use your Personal Data for

    You have the right to ask us to restrict what we use your Personal Data for where:

    • you have identified inaccurate Personal Data, and have told us of it
    • where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether

    When Personal Data is restricted it can’t be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.

    Right to have your Personal Data moved to another provider (data portability)

    You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

    This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

    Right to object

    You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.

    Right not to be subject to automated decision-making

    You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.

    You can make a complaint

    You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place. Please see “Questions or Complaints” below for further information.

  • It is important to be careful when visiting third party websites and providing Personal Data to third parties. Org has no control over third party websites that you may access.

    Websites that you access via a link on the Org website are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect Personal Data from you, which will be used by them in accordance with their own Data Protection Statements, which may differ from ours. Please check the Data Protection Statements on those websites before you submit any Personal Data to them.

  • Please see our Cookie Notice.

    Please see Our separate Cookie Notice available at https://www.thisisorg.com/cookies-policy for further information.

  • We will update the date on this Data Protection Statement when we make changes to it.

    We will post any changes to this Data Protection Statement on the Website and when doing so will change the effective date at the top of this Data Protection Statement.

    In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

  • Please contact us if you have any questions or concerns about how your Personal Data is being used by us.

    Thank you for reading our Data Protection Statement. Please contact us at privacy@thisisorg.com if you have any questions. If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached

    The Supervisory Authority in Ireland may be contacted as follows:

    Online Form: https://forms.dataprotection.ie/contact
    Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
    Tel: +353 578 684 800 or +353 761 104 800

    The Supervisory Authority in the UK may be contacted as follows:

    Information Commissioner Office

    Contact Information: https://ico.org.uk/global/contact-us/
    Live Chat: ico.org.uk/livechat
    Helpline: 0303 123 1113

Data Protection Statement - Partners And Associates

  • We want to explain clearly how we process Partner and Associate Personal Data in the provision of our services.

    In addition to our General - Data Protection Statement this Partner and Associate Data Protection Statement provides further information about the Personal Data we process in relation to Partners and Associates.

    Please see the General - Data Protection Statement for information on:

    For information about Business Contacts click here

    For information about General Contacts click here

    For the purposes of this Partner and Associate – Data Protection Statement, a Partner or an Associate includes the following:

    Data Subject Description
    Associates includes any person We may identify or who engages with Us with a view to working on assignment or providing services to a Client of Org. References to Associates in this Data Protection Statement shall include Partners.
    Partners are a category of Associates who provide supplementary services which may include providing assurance services to Org and its Clients; and providing commercial and subject matter expertise with and on behalf of Org to secure new business opportunities, brand awareness and Client contacts for Org.
  • We have a variety of sources of Associate Personal Data. We will only ever source Personal Data that is necessary to provide our services and in a way that would be generally expected.

    We receive Personal Data about Associates from a variety of sources. Usually an Associate will register their interest with us or we will approach them through publicly available channels. We may also receive Personal Data about a Partner or an Associate when:

    • the Associate applies to a position advertised on a third party jobs website;
    • the Associate may be sourced from publicly accessible platforms such as LinkedIn;
    • the Associate may be sourced from third party CV providers such as jobs websites that provide CV search facilities and where users have made their CV data available to registered customers of these sites;
    • the Associate may be referred to us from a third party recruitment business which is a supplier to us; or
    • the Associate’s nominated referees or other individuals may provide us with Personal Data relating to the Associate.
  • This section describes the Personal Data that we collect about Associates. We only collect the Personal Data that we require in order to provide and deliver the services that you expect. We have described here in as much detail as possible the Personal Data that we use in order to provide our services.

    The table below sets out the general categories of Personal Data that we may collect in relation to Associates.

    Personal Data Category Description
    Contact Data may include a person’s email address, phone number, postal address, other communication details including social media links (e.g. Skype)
    Identification Data may include a person’s name, date of birth, driver’s licence, national tax identification number and passport information
    Professional Data may include profession, company, department, employment history, skills/ experience, membership of professional bodies
    Education Data may include degrees, certificates and diplomas awarded, languages, educational history, qualifications
    CV Data may include Contact Data, Identification Data, Professional Data, Education Data and information about achievements and hobbies
    Financial Data includes payment and bank details, tax information, professional fee rate expectations, Limited/Umbrella company details
    Test Data includes the Candidate tests answers and results for any application
    Health Data includes health information including information about any disability or illness.
    Registration Data includes Personal Data provided as part of an application for an assignment with Org. This may include Contact Data, Identification Data, Professional Data, Legal Data and Education Data. It may also include may include systems assigned identifiers, date record added, Work Finding Services Agreement (in relevant locations), Associate registration form, Associate Terms and Conditions
    Application Data may include Finance Data, Position Data, details of visa or eligibility to work, Media Data, CV Data, Legal Data.
    Media Data includes photographs, video data and recordings from any interview with the Candidate including, Contact Data, Professional Data, Education Data, Health Data, Registration Data and Communications Data.
    Legal Data includes criminal record and credit checks undertaken where required as part of the application process.
    Position Data includes information on rate of pay, working hours and job description and performance of the services by the Associate.
    Emergency Contact Data may include the name and contact details provided by an Associate in case of an emergency.
    Communications Data may include Personal Data included in communications with us over email, text, phone or letter.
    Marketing Data may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
    Special Category Data this can include diversity data such as gender, religion, racial or ethnic origin, sexual orientation, trade union membership or Health Data.
    Web Data may include information provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
  • We can only collect your Personal Data if we have a lawful basis for doing so. Please see our General Data Protection Statement for a description of each lawful basis.

    We have set out in the table below, the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.

    Purpose/Activity Type of Personal Data Lawful basis for processing
    Associate Sourcing and Relationship Management
    • to facilitate engagement through the Org website
    • to agree any contract between Org and the Associate for the provision of professional services to Org Business Contacts
    • to create a record/file for the Associate on our system and to link all notes and tracking throughout the engagement process including, interview, placement, onboarding and contracting process
    • to keep up to date information about Associates in relation to their requirements, in order to assess their suitability for current or future project opportunities, for example based on their previous skills and experience overall, their own statements about career aspirations, professional development, strengths and weaknesses, their level of technical experience, professional qualifications
    • to maintain our Associate database
    • screening and identification of Associates for assignments
    • to communicate with Associates about assignments that might be of interest to them
    • to receive and review Associate enquiries
    • to understand current and expected day rate requirements, notice periods and availability, current and required locations to enable Associates to participate in our professional development services
    • to tailor our products and services to better identify the right Associates for upcoming engagements with Org’s Business Contacts
    • to undertake profiling for the purposes of semi-automated or manual decision making about Associates
    • Contact Data
    • Identification Data
    • CV/ Profile Data
    • Communications Data
    • Marketing Data
    • Health Data
    • Application Data
    • Legal Data
    • Legitimate interest
    • Consent
    • Contract
    • Assessment of Working Capacity
    Associate Registration
    • responding to Associate queries
    • receiving and reviewing Associate applications received from Associates directly
    • communications with Associates re application
    • setting up meetings with the Associates
    • engaging with Clients in relation to the Associates. We are not responsible for the processing activities of Business Contacts once an Associate’s Personal Data has been shared. Please refer to the Privacy Statement of the relevant Business Contact
    • Contact Data
    • Identification Data
    • CV Data
    • Communications Data
    • Registration Data
    • Consent
    • Legitimate Interest
    • Contract
    Associate Meetings
    • to arrange and undertake Associate meeting
    • recording notes of Associate Meeting
    • to communicate with the Associate following meeting
    • Contact Data
    • CV Data
    • Communications Data
    • Media Data
    • Consent
    • Legitimate Interest
    • Contract
    Associate Screening
    • to identify if the Associate meets the engagement criteria and eligibility
    • Contact Data
    • CV Data
    • Health Data
    • Test Data
    • Legal Data
    • Consent
    • Assessment of Working Capacity
    Associate Project Management
    • to carry out our obligations under Client contracts
    • for performance management activities
    • Contact Data
    • Role Data
    • Position Data
    • Communications Data
    • Contract
    Associate Finance Activities
    • to ensure day rate expectations are met
    • to undertake financial audits
    • to communicate professional fee arrangements between Client and Associate
    • to pay referral fees
    • to make an offer of professional fees to an Associate on behalf of a Business Contact in relation to a specific engagement;
    • to generate placement activity on our central systems in order to invoice a Client;
    • to benchmark day rate expectations for Associates with similar experience or for companies with similar vacancies;
    • to undertake financial audits;
    • to communicate invoice and other financial information to Associates, any third party intermediaries of Associates and Business Contacts.
    • Contact Data
    • Identification Data
    • Role Data
    • Financial Data
    • Legitimate Interest
    • Contract
    Associate IT Activities
    • to facilitate insights into activities and develop new services
    • back-up and storage of Associate data
    • to make improvements and develop efficiencies in the services
    • Contact Data
    • Identification Data
    • Professional Data
    • Education Data
    • Communications Data
    • Marketing Data
    • Legitimate Interest
    • Contract
    Website Delivery
    • to respond to web forms completed by you;
    • to promote our products and services;
    • to administer the Website;
    • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
    • to ensure the safety and security of our website and our services.
    • Contact Data
    • Web Data
    • Consent
    • Legitimate Interest
    Marketing activities
    • to respond to any requests from you
    • to send newsletters and other information that may be of interest
    • to inform you of events or webinars that might be of interest
    • to deliver and organise our conferences, seminars, events
    • to develop relationships with Associates
    • to tailor our products and services to better identify the right Associates and present the right opportunities at the right time and meet the Associate’s needs more effectively
    • to personalise and make the marketing information sent as relevant as possible;
    • to ask for your help in relation to sharing information about opportunities we may have, with your network;
    • to aggregate data used as part of surveys or to produce market insights;
    • to segment and distribute targeted marketing;
    • to follow up with attendees of our events/webinars or to contact attendees about current or future opportunities;
    • to ask for your opinion about our products or services;
    • to produce aggregated models to predict trends and produce market insights.
    • Marketing Data
    • Contact Data
    • Web Data
    • Consent
    • Legitimate Interest
    Legal related processing
    • to meet equal opportunity and diversity requirements
    • to meet health and safety requirements
    • to capture consent/contract acceptance on paper or electronic registration forms, terms & conditions or forms;
    • to comply with our legal obligations in respect of: the collection of taxes, levies, contributions; the detection of crime; labour standards; anti-bribery legislation; and industry specific legislation;
    • to comply with Client requests relating to their employment practices;
    • to comply with the law in certain jurisdictions;
    • to fulfil contractual obligations with Clients and vendors, for example, in relation to the enforcement of intellectual property rights.
    • Contact Data
    • Identification Data
    • Legal Data
    • Health Data
    • Special Category
      Personal Data
    • Consent
    • Contract
    • Assessment of Working Capacity
    • Carrying out obligations under employment or social protection law
  • Our mission is to build lasting relationships with Associates, not just for one assignment but for the purposes of building a partnership over many years.

    Our aim is to build lasting relationships with our Associates and thus to contribute to long term career success and development.

    So our goal is to continue to engage and interact with Associates even after they have secured a new position - for example to keep them informed of market developments, invite them to topical seminars and networking events, and to be on hand to offer advice about career planning.

    We recognise that the level of engagement we have with different Associates may vary and so our retention policy is designed to reflect this.

    If you have a contract with us we will generally retain your Personal Data for a period of 7 years from the date when your last deployment under that contract ceased. If we have reliably sourced your Personal Data as described in this Data Protection Statement, and in compliance with Data Protection Laws, and we have meaningful engagement with you we will retain your Personal Data for a period of two (2) years since our last contact unless you request to have your Personal Data deleted. For this purpose “meaningful engagement” shall include:

    • the Associate engaging with Org to provide Services
    • the Associate meeting one of our consultants, to register for new opportunities, or for example to update on their situation and seek professional advice or some other professional input;
    • us sending an Associate's profile (with their approval) to a Client for consideration for an assignment;
    • us arranging a business meeting with the Associate or between the Associate and a Client of Org;
    • us exchanging email correspondence or having telephone conversations with the Associate;
    • the Associate interacting with us in other ways for example, clicking to open our market insights, newsletters, surveys etc.

    In some circumstances it is not possible for Us to specify in advance the period for which We will retain your Personal Data. In such cases We will determine the appropriate retention period based on balancing your rights against Our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Data Protection Statement – Business Contacts

  • We want to explain clearly how we process the Business Contact Personal Data that we hold.

    In addition to our General - Data Protection Statement this Data Protection Statement for Business Contacts provides further information about the Personal Data we process in relation to Business Contacts.

    Please see the General - Data Protection Statement for information on:

    For information about Associates click here

    For information about General Contacts click here

    For the purposes of this Business Contacts – Data Protection Statement, a Business Contact includes suppliers, partners, and other business contacts of Org including clients of our resourcing services (“Clients”).

  • We source Business Contact Personal Data in order to serve the business relationship. We will only ever source Personal Data that is necessary and in a way that would be generally expected.

    We will only ever source Personal Data relating to Business Contacts in a way that would be generally expected. We receive Personal Data about Business Contacts from a variety of sources, as follows:

    • the Personal Data is often provided by the Business Contact or created by Org as part of the relationship;
    • the Personal Data may be collected from public sources;
    • the Personal Data may be collected indirectly from another person within the company of the Business Contact;
    • the Personal Data may be collected through our website;
    • the Personal Data may be collected indirectly from a website or from a third party.
  • Org only collects the Personal Data that we require in order to ensure we can have a productive business relationship with Business Contacts.

    The table below sets out the general categories of Personal Data that we collect in relation to Business Contacts:

    Personal Data Category Description
    Contact Data may include a person’s name, email address, phone number, postal address, other communication details, including social media links (e.g. Skype, LinkedIn)
    Communications Data may include Personal Data included in communications with us over email, phone or letter.
    Position Data includes role, job title, reporting line etc
    Associate Data may include opinions or references provided about an Associate of Org including Client feedback about the Associate.
    Client Data may include certain Personal Data about the Client received as part of Associate feedback about the Client.
    Marketing Data may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
    Financial Data may include payment details, bank or credit card details
  • We want to ensure that the Personal Data is used for the purposes that you would expect.

    The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data that we collect.

    In limited circumstances we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen we will notify you of this new purpose.

    Purpose/Activity Type of Personal Data Lawful basis
    Managing payments and administration of the contract
    • to process payments to and from our business.
    • to negotiate and administer the relationship with the Business Contact
    • to fulfil our legal/contractual obligations
    • to manage/respond to complaint/issue
    • to generate placement activity on our systems for invoicing purposes
    • to communicate payroll and other financial information to Clients
    • Contact Data
    • Communications Data
    • Financial Data
    • Position Data
    • Client Data
    • Associate Data
    • Contract
    • Legitimate interest
    • Legal Requirement
    Service delivery activities
    • to keep in contact with the Client to discuss and review their requirements
    • to inform update and discuss a Associate that may be of interest to Clients
    • to organise and schedule meetings between an Associate and a Client
    • to inform the Client about progression of an Associate through the engagement process, to discuss the contracts and on-boarding of an Associate
    • to discuss any reference or other pre-screening information provided for an Associate
    • to discuss the on-boarding of an Associate
    • to consider an Associate for engagement with Org and its clients
    • to obtain information about the performance of an Associate including the provision of references by the Client
    • to understand the type of solutions (including type of Associates) required by the Client, and build up knowledge and understanding of the Client organisation and its structure
    • to create a record/file for the Client on our internal systems to associate all notes and tracking throughout the engagement process, meetings held, negotiation, on-boarding and contracting process
    • to send Client Contact information to Associates in relation to the interview and on-boarding process;
    • to carry out our obligations under our contract with the Client.
    • to manage relationship with Client
    • Contact Data
    • Communications Data
    • Financial Data
    • Associate Data
    • Position Data
    • Client Data
    • Contract
    • Legitimate Interest
    Website Delivery
    • to respond to web forms completed by you;
    • to promote our products and services;
    • to administer the Website;
    • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
    • to tailor our products and services to better identify the right opportunities at the right time and meet Client needs more effectively
    • to produce aggregated models to predict trends and produce market insights
    • to undertake modelling to produce lead scores in order to predict which Associates our Clients are most likely to deploy
    • to undertake modelling to identify improvements in efficiencies in the engagement process
    • to ensure the safety and security of our website and our services.
    • Contact Data
    • Web Data
    • Communications Data
    • Consent
    • Legitimate Interest
    Marketing activities
    • to keep in contact with Clients and review requirements for professional services
    • to personalise marketing communications
    • to respond to any requests from you
    • to send newsletters and other information that may be of interest
    • to inform you of events or webinars that might be of interest
    • to deliver and organise our conferences, seminars, events
    • to follow up with attendees of our events/webinars; and
    • to ask for opinions about our products or services.
    • to aggregate data used as part of surveys or to produce market insights;
    • to segment and distribute targeted marketing;
    • Marketing Data
    • Contact Data
    • Web Data
    • Consent
    • Legitimate Interest
  • Our mission is to build lasting relationships with our Business Contacts.

    If you have a contract with us we will generally retain your Personal Data for a period of 7 years from the date that contract was terminated. If we have reliably sourced your Personal Data as described in this Data Protection Statement, and in compliance with Data Protection Laws, and we have meaningful engagement with you we will retain your Personal Data for a period of five (5) years since our last contact unless you request to have your Personal Data deleted.

    In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Data Protection Statement - General Contacts

  • We want to explain clearly how we process the Personal Data of General Contacts which includes:

    • website users
    • details of next of kin/emergency contact details
    • Partner and Associate referees
    • Shareholders/investors and partners

    In addition to our General - Data Protection Statement this Data Protection Statement for General Contacts provides further information about the Personal Data we process in relation to General Contacts.

    Please see the General - Data Protection Statement for information on:

    For information about Partners and Associates click here

    For information about Business Contacts click here

    For the purposes of this General Contacts – Data Protection Statement, a General Contact includes:

    • website users
    • details of next of kin/emergency contact details
    • Partner and Associate referees
    • Shareholders/investors and partners
  • We source General Contact Personal Data in order to provide our services. We will only ever source Personal Data that is necessary and in a way that would be generally expected.

    We will only ever source Personal Data relating to General Contacts in a way that would be generally expected. We receive Personal Data about General Contacts from a variety of sources, as follows:

    • directly from the General Contact or created by Org as part of the relationship
    • through access to and use of the Org Website
    • from Partners and Associates in the case of next of kin/emergency contact details and referees
    • from Clients in the case of next of kin/emergency contact details/referees
  • We only collect the Personal Data that we require in order to deliver and improve the services we provide.

    The table below sets out the general categories of Personal Data that we collect in relation to General Contacts:

    Personal Data Category Description
    Contact Data may include a person’s email address, phone number, postal address, other communication details including social media links (e.g. Skype, LinkedIn)
    Identification Data may include a person’s name, date of birth, driver’s license and passport information, company role or position information.
    Communications Data may include Personal Data included in communications with us over email, phone or letter.
    Marketing Data may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
    Web Data may include information provided on any forms on our website and, to the extent that it includes Personal Data, information collected through cookies, pixel tags, and other technologies, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
  • We want to ensure that the Personal Data is used for the purposes that you would expect

    The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data that we collect.

    In limited circumstances we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen we will notify you of this new purpose before processing the Personal Data.

    Purpose/Activity Type of Personal Data Lawful basis
    Use of Next of Kin/Emergency Contacts
    • to communicate with the contact in the event of emergency
    • to ensure the safety of our Associates
    • to communicate with the Client in the event of an emergency
    • Contact Data
    • Communications Data
    • Legitimate Interest
    Use of Referrals
    • to assess the suitability of Associates
    • to contact the referee
    • to discuss Associate with the Business Contact
    • Contact Data
    • Communications Data
    • Legitimate Interest
    Website Delivery
    • to respond to web forms completed by you;
    • to promote our products and services;
    • to administer the Website;
    • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
    • to ensure the safety and security of our website and our services.
    • Contact Data
    • Web Data
    • Marketing Data
    • Consent
    • Legitimate Interest
    Management of Corporate Affairs
    • to take minutes at board meetings
    • to contact shareholders/investors
    • to enter into partnerships and other commercial relations
    • to undertake appropriate due diligence
    • Identification Data
    • Contact Data
    • Communications Data
    • Financial Data
    • Contract
    • Legitimate Interest
    • Legal Obligation
  • In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

    Our retention policy for Business Contact Personal Data is as follows:

    Purpose of Processing Retention Period
    Use of Next of Kin/Emergency Contacts For the duration of which the Associate remains active with Org or the Associate updates their details (see our retention policy for Associate data for more information)
    Use of Referee Contacts For the duration of which the Associate remains active with Org (see our retention policy for Associate data for more information)
    Website Delivery 2 years from the date of last contact. Please see cookie notice for further information
    Management of Corporate Affairs Data is retained in line with our statutory obligations