Commuters on way to work down orange corridor

GDPR

Data items to be shared - Applicable Personal Data

As applicable and without limitation: 

  • Names
  • Addresses
  • Dates of birth
  • Telephone numbers
  • Emails 
  • Job titles 
  • Work (and/or education) history
  • Professional memberships and qualifications 
 
  • Historic pay details 
  • Right to work documentation (visas/passports)
  • Criminal records
  • Credit records 
  • Identification documents (driving licence, passports, identity cards) 
  • National Isurance Number 
  • Pension Contributions 
  • Other information required in connection with pre-emplyment screening 

Description of Data Sharing Initiative 

  • The Robert Walters Group (RW) processes candidate data both before a client engages us on a particular recruitment project and also in response to a specific search. The purpose of the data processing is to identify suitable candidates that best meet your requirements and to share that data with the Client as part of our recruitment services. 

Purpose of the Data Sharing Initiative 

  • To assist the client to achieve its recruitment requirements. 

Organisations involved in the data sharing 

  • RW 
  • Client 

Lawful basis for sharing by supplier 

  • Legitimate interest. 

Permitted Processing of Applicable Personal Data 

  • To build candidate profiles and to assist in the sourcing and placement of candidates sourced by RW. 

Lawful basis forProcessing Applicable Personal Data by Client 

  • Performance of a contract between the Robert Walters Group and Client. 

Telling Data Subjects about the Data Sharing Initiative 

  • Both Parties. 

Information to be provided to Data Subjects 

  • All information required to comply with A14 of the GDPR. 

Maintaining the quality of the Personal Data 

Include facilities to: 

  • prevent irrelevant and excessive amounts of data being shared:
  • ensure that the data being shared is accurate: and 
  • compatible datasets are used and the data is recorded in the same way.

Method of transmission of Personal Data from Supplier to Client

  • Email 
  • Telephone
  • Client portals 

Method and location of storage and access of Personal Data by Client 

  • Within the EEA only, unless RW have provided their prior written consent. 

Security of Personal Data applied to transmission and storage

Industry leading security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data and implement industry leading technical and organisational measures, to ensure a level of security appropriate to the risk of harm that might result from, unauthorised or unlawful processing, accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to personal data taking into account:

  • the nature, scope, context and purposes of the Processing of the personal data to be protected, 
  • the state of the art in technological developments in information security; and
  • the cost of implementing any measures; and

shall include, as a minimum, pseudonymising and encrypting the Personal Data, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to the Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it.

Retention of Personal Data by Client 

  • As determined by the Client from time to time. 

Data Subject Rights (DRM)

  • As determined by the parties from time to time in accordance with data protection legislation. 

Personal data breaches 

  • Notification without undue delay upon becoming aware of personal data breaches concerning the personal data shared between the Data Controllers. 

Assistance between Data Controllers 

  • Each of the Data Controllers shall provide reasonable assistance to each other to enable them to facilitate Data Subjects exercising their rights under the Data Protection Legislation. 

Monitoring compliance 

  • Monitoring compliance is the obligation of the party storing and using Personal Data. 

Reviewing ongoing effectiveness of Data Sharing Initiative

  • Periodically as instiagted by RW

Procedure for terminating Data Sharing Initiative 

  • As per the termination provision in the contract that the Parties are subject to. 

Points of contact 

  • Each party shall appoint the following single point of contact who will monitor the correct operation of this Agreement and will work together to remediate any issues arising under it: 

Robert Walters: gdpr@robertwalters.com