Privacy
Gelfand, Rennert & Feldman Online Employment Candidate Privacy Notice
Effective Date: January 1, 2023
Gelfand Rennert and Feldman UK Limited (the “Firm”or “GRF”) respects and is committed to protecting the privacy and security of all Personal Information provided to it by job applicants.
GRF is a personal data controller, which means the firm in charge of determining how we store and use personal information about you. This Job Applicant Privacy Policy (“Policy”) outlines the types of sensitive Personal Information the Firm might gather, use, or share about you, the reasons behind gathering, using, or sharing data, the duration for which data is maintained, your options for how we use your information, how we protect that information, and how to get in touch with us about our privacy practises.
GRF does not sell or otherwise disclose this personal data to third parties for monetary or other consideration.
PERSONAL INFORMATION COLLECTED
The Firm collects, uses, and stores, the following categories of Personal Information for the purposes described below, in accord with applicable law:
- Application data: Resume, cover letter, name, title, residential address, email address, phone number, DOB, academic and professional qualifications, diversity profile (age, gender etc.), citizenship, compensation details, employment history, qualifications, nationality, social media accounts, profession, professional memberships, educational achievements, diplomas, transcripts, languages, computer skills,.
- References– Any personal data provided to us about you by your referees [ where applicable].
- Assessment data: Candidate testing (such as technical, or behavioural tests), interviews and any other information collected to evaluate your candidacy;
- Pre-employment screening data: date of birth, personal identification, tax status, internet presence, medical information and declarations, criminal record, credit rating, employment, and regulatory references and status, individual location information, and dependents
Sources Of Personal Information Collected
The Firm gathers personal data that you voluntarily give us when you apply for a job or otherwise get in touch with us in the context of recruitment.
The Firm may combine the Personal Information you voluntarily provide to us with the personal data obtained from other sources, such as:
- Your named referees
- Recruiters
- Prior employers (e.g., for references)
- Professional business references you provide to us
- Educational institutions
- Pre-employment screening services
- Credentialing and licensing organisations
- Publicly available sources such as your social media profile (e.g., LinkedIn, Twitter, and Facebook)
- Other sources as directed by you
How We Use Your Personal Information
The Firm uses the categories of Personal Information listed above for the following purposes:
- Process and manage your application: The Firm utilises your Personal Information to process job applications, create applicant profiles for open positions, determine your suitability for a particular position with us, arrange and conduct interviews, and get in touch with you. We may collect audio and visual information of job applicants for identification purposes. With your consent, we may record video of you in connection with the application process. Additionally, if you are hired by us, we may use your Personal Information in the employee onboarding process.
- Conduct reference and background cheques (as permitted by applicable law): The Firm uses the personal data we collect to carry out background and credit cheques, employment, education, and credential verifications (as authorised by the applicant and permitted by applicable law). The Firm may also perform reference cheques and assess your qualifications and experience.
- Provide immigration support: If applicable, we may collect your personal data to assist with immigration support, (e.g., visas or work permits) as permitted by applicable law.
- Analyse and improve our recruitment process and tools: We analyse applicant pool trends and use personal data to better understand and improve our recruitment process and tools (including improving diversity and inclusion). We gather personal data in this category when you apply for a job using our online application process.
- Record-keeping: If necessary, for the purposes specified above, personal data is stored where statutory retention periods specify. When data storage is necessary, the Firm maintains records of your Personal Information in compliance with our record retention policies and as mandated by law. Application materials from hired candidates will be kept in the employee’s personnel file. Candidate personal data is periodically purged after periods of inactivity, based on the controlling entity’s statutory retention periods.
- Meeting legal requirements and enforcing legal terms: To comply with any applicable law, regulation, court order, or other legal process, the Firm must collect and use your Personal Information for specific purposes. These include preventing, detecting, and investigating security incidents and potentially unlawful or prohibited activities; defending the rights, property, or safety of you, us, or another party; verifying employment eligibility; enforcing any agreements with you; responding to claims; and settling disagreements. Additionally, we may use information about protected characteristics to analyse and monitor the diversity of our job applicants in accordance with applicable laws.
- Communicate with you: about the recruitment process and/or your job application(s)
Why We Collect And Use Your Personal Information
Recruitment Purposes
The Firm has a legitimate interest in processing your personal data during the recruitment process because appointing a suitable candidate to a particular role would be beneficial to the business.
We also need to process your personal data to decide whether to enter a contract with you.
Legal Obligation
The Firm needs to process your personal data to ensure compliance with its legal, regulatory, and corporate governance obligations.
Failure to provide personal data
The Firm may be unable to process your application if you fail to provide personal data when requested that is required to complete your application (such as evidence of qualifications or work history).
How We Use Sensitive Personal Data
The Firm will only use your sensitive personal data to the extent permitted by law:
- The Firm will use data about your disability status to determine whether we need to make appropriate accommodations during the hiring process, such as during a test or interview.
- We will use data about your nationality or ethnicity to determine whether a work permit and visa are required for the position.
The Firm only retains sensitive data with your express consent, when it is required to carry out its obligations, or exercise its legal rights (or enable you to exercise your legal rights).
Automated Decision-making
The Firm does not use automated decision-making.
Disclosure Of Personal Information
For the purposes outlined in this Policy, the Firm may disclose your personal data as needed, including internally with staff members involved in the hiring process. We may provide the following parties with access to your personal data:
- Service Providers: Our hiring and recruitment process is run, hosted, and facilitated by service providers. This includes background and reference cheque screening services, hiring process management tools, security and fraud prevention consultants, analytics providers, hosting, technology, and communication providers.
- Government authorities and law enforcement: We might need to turn over personal Information to respond to valid requests from government agencies, like those relating to maintaining the country’s security or enforcing the law.
- Business transfers: If the event of a merger, acquisition, bankruptcy, or other transaction where that third party takes over control of our Firm, your personal data might be transferred (in whole or in part) to that third party
- Legal advisors: Your personal information might be disclosed to our legal counsel.
All our third-party service providers are required by our policies to implement appropriate security measures to protect your personal data. We do not permit our third-party service providers to use your personal information for their own benefit. We only allow them to use your personal information for specific purposes and in accordance with our instructions.
Data Security:
We maintain appropriate administrative, technical, physical, and organisational safeguards designed to help protect personal data from unauthorised disclosure or access and accidental or unlawful destruction, loss, or alteration. We use practises that are consistent with industry standards to protect your privacy and ensure that your personal data is protected. Although we use reasonable efforts to safeguard personal data, we cannot guarantee the security of personal data obtained or stored electronically.
We cannot be held liable for data breaches that are beyond our reasonable control. In the event of a data breach, we will, however, abide by all applicable laws, including taking reasonable measures to limit any harm and, where required by law, notifying you right away and any relevant regulator of a suspected breach.
Data Retention
We will keep your personal information for as long as is necessary to comply with our legal obligations or to accomplish the goals for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period, we consider:
- the requirements of our business and the services provided;
- any statutory or legal obligations;
- the purposes for which we originally collected the personal data and whether we can achieve those purposes through other means;
- the lawful basis for the processing;
- the amount, nature and sensitivity of the personal data; and
- the potential risk of harm from unauthorised use or disclosure of the data.
According to our terms of engagement, we keep records for a minimum of six years after we provide our services or for a minimum of six years after the end of the accounting/tax year to which the data relates. In other cases, we retain data a minimum period of six years after our relationship with the data subject ceases to be active or relevant.
Unless subject to the considerations listed above or otherwise required by applicable law, at the end of the retention period we will securely remove personal data from our systems and records.
Rights And Choices
Under certain circumstances, by law you have the right to:
- request access to your personal data (commonly known as a data subject access request) and request certain information in relation to personal data processing;
- request correction of your personal data;
- request the deletion of your personal data;
- request that we restrict our processing of your personal data;
- object to our processing of your personal data; and
- request the transfer of your personal data to another party.
You can submit these requests by email at privacy@grfllp.com. We may need to request specific information from you to help us confirm your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
We will provide you with appropriate opportunities to opt out of sharing your personal data as required by law, and will request opt-in consent prior to using personal data for a purpose other than the purpose for which it was originally collected.
If you provided your consent to the processing of your personal data, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us at privacy@grfllp.com.
You also have the right to lodge a complaint with your supervisory authority. You can find information about your data protection regulator at https://edpb.europa.eu/about-edpb/board/members_en or make a complaint to the UK ICO at https://ico.org.uk/make-a-complaint/.
Our practises with respect to personal data may vary from time to time. We reserve the right to update this Policy at any time. Changes will be effective immediately upon posting of the revised Candidate Notice, as indicated by the ‘Last Updated’ date at the top of this page.
You may contact our Head of Privacy by email at privacy@grfllp.com or by telephone on 020 7430 9777.
Gelfand Rennert and Feldman UK
Attn: Head of Privacy
2nd Floor Northumberland House
303-306 High Holborn
London, WC1V 7JZ.