Harrison Clarke – Job Applicant Privacy Notice


This Privacy Notice is aimed at applicants who apply for positions at Harrison Clarke. We ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event you have a complaint.

Who we are

We are Harrison Clarke.

Harrison Clarke International, Inc., is registered in the State of California and has its registered office at 548 Market St, Suite 15352
San Francisco, California 94104, US (Harrison Clarke US). Harrison Clarke US is also registered in the State of New York with an office at 230 Park Ave, 3rd Floor, New York, NY 10169, United States.

Harrison Clarke International Ltd. is a UK company registered under Company Number: 10541771 and has its registered office at 6 Mitre Passage, 8th Floor, London, SE10 0ER, United Kingdom (Harrison Clarke UK).

In this Privacy Notice, Harrison Clarke US and Harrison Clarke UK shall collectively be referred to as “we”, “us”, “our” or “Harrison Clarke”, unless a specific distinction is made between our entities.

We have nominated a Data Protection Counsel, Charlotte Gerrish. You can contact her via our dedicated data protection email address: privacy@harrisonclarke.com.

Our appointed representative in the European Economic Area (EEA)

As we are based outside of the EEA, we have appointed an EU representative for individuals based in the EEA. The role of our EU representative is to ensure that any applicants based within the EEA have a local point of contact within the EEA to whom they can address queries and any complaints. Our EU representative facilitates such contact and ensures efficient communication with EEA-based supervisory authorities. Details of our appointed EU representative are as follows:

Name: Gerrish Legal SARL

Postal and Office Address: 15 rue de Surène, Paris, 75008, France

Email:privacy@harrisonclarke.com to the attention of Charlotte Gerrish.

Please ensure that all correspondence sent by post is marked with ‘Harrison Clarke’ as a reference to ensure that your matter is dealt with efficiently.

Privacy Shield Commitment

To demonstrate its serious commitment to protecting personal data, Harrison Clarke US is a participant of the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data. Harrison Clarke US has certified to the US Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. Harrison Clarke US is committed to complying with the Privacy Shield Principles for as long as it processes relevant personal data. If you want to learn more about the Privacy Shield program, and view our certification, please visit the Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov/.

However, whilst Harrison Clarke US adheres to the Privacy Shield Principles and it remains in compliance with the requirements of such certification, from July, 16 2020, any transfers of personal data from the UK and the EEA to Harrison Clarke US are conducted by relying on the European Commission’s Standard Contractual Clauses in compliance with Chapter V of the GDPR, the UK International Data Transfer Agreement, the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses or any other appropriate transfer mechanism authorized under the EU and UK GDPR. Any transfers of personal data between the Harrison Clarke entities are carried out in reliance on the European Commission’s Controller-to-Controller Standard Contractual Clauses. If there is any conflict between the terms in this Privacy Notice and the Standard Contractual Clauses, the Standard Contractual Clauses shall govern. Further information about our personal data transfers outside of the UK and the EEA are also set out below in this Privacy Notice.

Scope of the Privacy Notice

We are committed to protecting the privacy and security of your personal data. This Privacy Notice describes how we collect and use personal data about you during and after your working relationship with us, in accordance with the General Data Protection Regulations ((EU) 2016/679) and the UK Data Protection Act 2018. This Privacy Notice is primarily aimed at applicants who are resident in the UK and the EEA. However, as Harrison Clarke take privacy rights seriously, it applies this Privacy Notice to all applicants (regardless of location of residence) unless specifically stated otherwise.

For the purposes of UK and European privacy laws, we are acting as a “data controller”. This means that we are responsible for deciding how we hold and use personal data about you. We are making a copy of this Privacy Notice available to you because you are applying for work with us (whether as an employee, worker, self employed consultant or contractor). This Privacy Notice makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the GDPR and the UK Data Protection Act 2018.

In relation to self-employed consultants and contractors, references to ’employer’ and employment related activities should be construed as referring to Harrison Clarke and its activities as the business with which the self-employed consultant or contractor is potentially contracting to carry out work, in so far as those activities relate to the arrangements entered into between the self-employed consultant or contactor and Harrison Clarke. Personal data will only be collected where it is relevant to the arrangements Harrison Clarke is proposing to enter into with each individual or company. Nothing in this Privacy Notice shall affect the status of a self-employed consultant or contractor or shall render them a potential employee, worker, agent or partner of Harrison Clarke.

Data protection principles

We will comply with data protection law and principles, which means that your personal data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

The kind of information we hold about you

In connection with your application for work with us, we will collect, store, and use the following categories of personal data about you:

  • The information you have provided to us in your curriculum vitae and covering letter.
  • The information you have provided on our application form, including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications.
  • Any information you provide to us during an interview.
  • Any other information you provide to us during the application process in any format, including any tender documents (where applicable).

We may also collect, store and use the following “special categories” of more sensitive personal data:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Information about your health, including any medical condition, health and sickness records.
  • Information about criminal convictions and offences.

How is your personal data collected?

We may collect personal data about applicants from the following sources:

  • You, the applicant.
  • A background check provider.
  • A credit reference agency.
  • Your named referees.

How we will use information about you

As a Privacy Shield participant, we limit all personal data collected to the information relevant for the purposes of processing that we carry out. This is further described in this section. We will use the personal data we collect about you to:

  • Assess your skills, qualifications, and suitability for the role.
  • Carry out background and reference checks, where applicable.
  • Communicate with you about the recruitment process.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements.

It is in our legitimate interests to decide whether to appoint you to work for Harrison Clarke since it would be beneficial to our business to appoint someone to the roles which we have advertised at any given time. We also need to process your personal data to decide whether to enter into a contract of employment, a contract for services or any other arrangement with you.

Having received the information you have provided to us as part of the application process, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role.  If we decide to offer you the role, we will then take up references and carry out any other pre-recruitment we need to do before confirming your appointment.

If you fail to provide personal data

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

How we process references

We will use the details that you provide regarding your named referees in order to request a reference for you. If you provide personal contact details for your named referees, for example, for the purposes of a personal reference, by providing these details to us you are confirming that you have the named referees’ consent to provide such information to us. If you are named as a referee, we will use the personal contact details provided to us by the job applicant in order to contact you to request a reference. We will subsequently process any information you provide in response to a reference request (as set out above) in accordance with our legitimate business interests to carry out reference checks for prospective employees.

How we use particularly sensitive personal data

We may use your particularly sensitive personal data in the following ways:

  • We may use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview or at any other stage in the process.
  • We may use anonymised and aggregated information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Information about criminal convictions

We do not envisage that we will process information about criminal convictions before you commence employment with us. However, it may be necessary during your employment with us to ask you to undergo a DBS check if required by a client to carry out work for them as part of their vetting processes for their suppliers. If this becomes relevant to your role we will discuss it with you at the relevant time. Where possible we will only carry out checks with your explicit consent and if you do not want to have the check done we will arrange for someone else to provide services to that client.

Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Data sharing

Why might we share your personal data with third parties?

  • We will only share your personal data with the following third parties for the purposes of processing your application: Harrison Clarke US and our legal or professional advisers, where required.
  • Where your application involves the use of a recruitment agent, we may also pass information regarding the progress of your application, including feedback on your performance in the recruitment process, and the terms on which we are prepared to make a job offer, if applicable, to your recruitment agent.

Harrison Clarke US is based in the United States of America (US) and is a participant in the EU-US Privacy Shield framework, as set out at the start of this Privacy Notice. This means that Harrison Clarke US provides a similar level of protection to your personal data as the protection afforded by the GDPR.

All our third-party service providers and other entities in the Harrison Clarke group are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

If any transfers of your personal data with third parties constitutes a controller-processor relationship, we ensure that both parties are responsible for your personal data within the limits of the GDPR, including by entering into a data processing agreement where this is necessary. For all other transfers we remain responsible for third parties’ use of your personal data. We ensure that we have appropriate indemnities in place with these third parties. Whenever we share your personal data with third parties, we always ensure that the transfers are governed by contractual obligations (pursuant to a data processing agreement or other contractual mechanisms). In any case, we always make sure that we have appropriate technical, security and organisational methods in place to secure the confidentiality and proper processing of your data, and we require that our third-party providers adhere to these guarantees too. A list of our third-party suppliers with whom we may share your personal data is available on request by contacting our Data Protection Counsel at: privacy@harrisonclarke.com


Transfers of your information out of the UK or EEA

Generally, we do not transfer personal data relating to job applications to work at Harrison Clarke outside of the UK or the EEA. However, we may transfer your personal data from Harrison Clarke UK to Harrison Clarke US, as follows:

  • We may transfer your personal data between Harrison Clarke UK and Harrison Clarke US in order to share data between the Harrison Clarke Group which enables us to properly perform recruitment services for each of our entities.
  • Where you have made an application to Harrison Clarke UK but the position you have applied for is located in one of Harrison Clarke US’ offices.
  • You are based in the US but applied to Harrison Clarke UK for a position.

Some non-UK and non-EEA countries do not have the same data protection laws as within the UK and the EEA, but Harrison Clarke commits to ensuring that EU and UK residents suffer no consequence or impact to their privacy rights in the event of an international transfer.

Our transfers of personal data from Harrison Clarke UK to Harrison Clarke US

As stated at the start of this Privacy Notice, Harrison Clarke US is a participant in the EU-US Privacy Shield framework and has certified to the US Department of Commerce that it adheres to the Privacy Shield principles. However, whilst Harrison Clarke US adheres to the Privacy Shield Principles and it remains in compliance with the requirements of such certification, since July 20, 2020, any transfers of personal data from Harrison Clarke UK to Harrison Clarke US are conducted by relying on SCCs for Controller-to-Controller transfers. For more information about the SCCs, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Other International Transfers outside of the UK and the EEA

Whenever we transfer personal data out of the UK and/or the EEA or between the UK and EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Where the individual concerned has specifically consented after being informed of the risks due to the absence of an adequacy decision or other appropriate safeguards.
  • Where the individual themselves is a resident outside of the UK or EEA.
  • We will only transfer personal data from the UK or EEA to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers who process personal data outside of the UK and the EEA and outside of a country that has been deemed to provide an adequate level of protection, we will enter into specific contracts approved by the European Commission and/or the UK Information Commissioner’s Office (the SCCs, the IDTA or the Addendum) which give personal data the same protection it has in the UK and in the EEA.
  • Where we transfer personal data from the UK to the EEA after December 31, 2020, we rely on the UK’s finding that EEA countries are deemed to provide an adequate level of protection of personal data.
  • Where we transfer personal data from the EEA to the UK, we rely on the European Commission’s finding of adequacy of June 28, 2021 for the free flow of personal data.
  • In accordance with the latest SCCs issued by the European Commission on June 4, 2021, where we transfer personal data outside the EEA, we have established a Transfer Impact Assessment (TIA) to analyse the impact and security implications of such transfers.

Please contact us if you want further information on the specific mechanism used by us when transferring personal data out of the UK/EEA, please contact us at: privacy@harrisonclarke.com.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

For California and New York residents, in order to comply with applicable laws regarding data breaches, Harrison Clarke US will notify you without unreasonable delay in the event of a breach of the security of our systems, following discovery or notification of such breach, where we are legally required to do so.

This notification will take place either via email or via a notice on our website. Where required to do so (depending on the nature and severity of a breach), we will also notify, without undue delay, the relevant Attorney General, the relevant Department of State and the State Police in accordance with applicable laws and our internal data breach policies. We will take all steps to mitigate any such breach in accordance with applicable law.

Data retention

How long will you use my information for?

We will usually retain your personal data for a period of 6 months after we have made the relevant appointment, subject to any additional legal obligations and in accordance with any legitimate interests of the company. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against applicants on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal data in accordance with applicable laws and regulations.

As a Privacy Shield participant, Harrison Clarke US complies with data retention principles applicable to it under the Privacy Shield framework.

Rights of access, correction, erasure, and restriction

Your rights in connection with personal data

Under certain circumstances where you are a UK or EEA resident, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.
  • For issues arising in respect of the EU-US Privacy Shield, you have the possibility, under certain conditions, to invoke binding arbitration for any dispute that has not been resolved by other recourse and enforcement mechanisms.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

As Harrison Clarke US is an EU-US Privacy Shield participant,  individuals may also bring a complaint directly to us, which we will respond to within 45 days where the GDPR time limits do not apply. Furthermore, at no cost to the individual, Harrison Clarke US will also provide an independent recourse mechanism by which each individual’s complaints and disputes can be investigated and expeditiously resolved. Finally, Harrison Clarke US will respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield Framework.

If you would like to exercise any of your rights set out at the section directly above, please contact us at privacy@harrisonclarke.com with enough information to allow us to identify you (by providing proof of your identity and address) and let us know the information to which your request relates. If you are an EEA resident, you may also contact our EU representative in the first instance at: privacy@harrisonclarke.com to the attention of Charlotte Gerrish.

How to complain

We hope that we can resolve any query or concern you raise about our use of your personal data.

However, the GDPR and UK Data Protection Act 2018 gives EEA and UK residents respectively the right to lodge a complaint with a supervisory authority, in particular in the UK, or within the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority governing Harrison Clarke’s data activities in the UK is the Information Commissioner (ICO) which may be contacted at https://ico.org.uk/concerns. Other EEA supervisory authorities and their contact information may be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-fr.

In compliance with the Privacy Shield Principles, Harrison Clarke commits to resolve complaints about our collection or use of your personal data. Notably, EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Harrison Clarke at: privacy@harrisonclarke.com

Harrison Clarke has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.

Harrison Clarke US is also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). As a Privacy Shield participant, Harrison Clarke US also commits to make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC if Harrison Clarke US becomes subject to an FTC or court order based on non-compliance.

Changes to this Privacy Notice

We may change this Privacy Notice from time to time and when we provide the latest version on this website. This Privacy Notice was published on May 24, 2018 and last updated on November 8, 2023.

How to contact us

If you wish to contact us, please send an email to our Data Protection Counsel at: privacy@harrisonclarke.com.