This Privacy Notice is aimed at applicants who apply for positions at Harrison Clarke. We ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event you have a complaint.
We are Harrison Clarke.
Harrison Clarke International, Inc., is registered in the State of California and has its registered office at 548 Market St, Suite 15352
San Francisco, California 94104, US (Harrison Clarke US). Harrison Clarke US is also registered in the State of New York with an office at 230 Park Ave, 3rd Floor, New York, NY 10169, United States.
Harrison Clarke International Ltd. is a UK company registered under Company Number: 10541771 and has its registered office at 1 Canada Square, 37th Floor, Canary Wharf, London, E14 5AA, United Kingdom (Harrison Clarke UK).
In this Privacy Notice, Harrison Clarke US and Harrison Clarke UK shall collectively be referred to as “we”, “us”, “our” or “Harrison Clarke”, unless a specific distinction is made between our entities.
We have nominated a Data Protection Counsel, Charlotte Gerrish. You can contact her via our dedicated data protection email address: firstname.lastname@example.org.
As we are based outside of the EEA, we have appointed an EU representative for individuals based in the EEA. The role of our EU representative is to ensure that any applicants based within the EEA have a local point of contact within the EEA to whom they can address queries and any complaints. Our EU representative facilitates such contact and ensures efficient communication with EEA-based supervisory authorities. Details of our appointed EU representative are as follows:
Name: Gerrish Legal SARL
Postal and Office Address: 15 rue de Surène, Paris, 75008, France
Please ensure that all correspondence sent by post is marked with ‘Harrison Clarke’ as a reference to ensure that your matter is dealt with efficiently.
To demonstrate its serious commitment to protecting personal data, Harrison Clarke US is a participant of the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data. Harrison Clarke US has certified to the US Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. Harrison Clarke US is committed to complying with the Privacy Shield Principles for as long as it processes relevant personal data. If you want to learn more about the Privacy Shield program, and view our certification, please visit https://www.privacyshield.gov/.
However, whilst Harrison Clarke US adheres to the Privacy Shield Principles and it remains in compliance with the requirements of such certification, from July, 16 2020, any transfers of personal data from the UK and the EEA to Harrison Clarke US are conducted by relying on the European Commission’s Standard Contractual Clauses in compliance with Chapter V of the GDPR, the UK International Data Transfer Agreement, the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses or any other appropriate transfer mechanism authorized under the EU and UK GDPR. Any transfers of personal data between the Harrison Clarke entities are carried out in reliance on the European Commission’s Controller-to-Controller Standard Contractual Clauses. If there is any conflict between the terms in this Privacy Notice and the Standard Contractual Clauses, the Standard Contractual Clauses shall govern. Further information about our personal data transfers outside of the UK and the EEA are also set out below in this Privacy Notice.
We are committed to protecting the privacy and security of your personal data. This Privacy Notice describes how we collect and use personal data about you during and after your working relationship with us, in accordance with the General Data Protection Regulations ((EU) 2016/679) and the UK Data Protection Act 2018. This Privacy Notice is primarily aimed at applicants who are resident in the UK and the EEA. However, as Harrison Clarke take privacy rights seriously, it applies this Privacy Notice to all applicants (regardless of location of residence) unless specifically stated otherwise.
For the purposes of UK and European privacy laws, we are acting as a “data controller”. This means that we are responsible for deciding how we hold and use personal data about you. We are making a copy of this Privacy Notice available to you because you are applying for work with us (whether as an employee, worker, self employed consultant or contractor). This Privacy Notice makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the GDPR and the UK Data Protection Act 2018.
In relation to self-employed consultants and contractors, references to ’employer’ and employment related activities should be construed as referring to Harrison Clarke and its activities as the business with which the self-employed consultant or contractor is potentially contracting to carry out work, in so far as those activities relate to the arrangements entered into between the self-employed consultant or contactor and Harrison Clarke. Personal data will only be collected where it is relevant to the arrangements Harrison Clarke is proposing to enter into with each individual or company. Nothing in this Privacy Notice shall affect the status of a self-employed consultant or contractor or shall render them a potential employee, worker, agent or partner of Harrison Clarke.
We will comply with data protection law and principles, which means that your personal data will be:
In connection with your application for work with us, we will collect, store, and use the following categories of personal data about you:
We may also collect, store and use the following “special categories” of more sensitive personal data:
We may collect personal data about applicants from the following sources:
As a Privacy Shield participant, we limit all personal data collected to the information relevant for the purposes of processing that we carry out. This is further described in this section. We will use the personal data we collect about you to:
It is in our legitimate interests to decide whether to appoint you to work for Harrison Clarke since it would be beneficial to our business to appoint someone to the roles which we have advertised at any given time. We also need to process your personal data to decide whether to enter into a contract of employment, a contract for services or any other arrangement with you.
Having received the information you have provided to us as part of the application process, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then take up references and carry out any other pre-recruitment we need to do before confirming your appointment.
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.
We will use the details that you provide regarding your named referees in order to request a reference for you. If you provide personal contact details for your named referees, for example, for the purposes of a personal reference, by providing these details to us you are confirming that you have the named referees’ consent to provide such information to us. If you are named as a referee, we will use the personal contact details provided to us by the job applicant in order to contact you to request a reference. We will subsequently process any information you provide in response to a reference request (as set out above) in accordance with our legitimate business interests to carry out reference checks for prospective employees.
We may use your particularly sensitive personal data in the following ways:
We do not envisage that we will process information about criminal convictions before you commence employment with us. However, it may be necessary during your employment with us to ask you to undergo a DBS check if required by a client to carry out work for them as part of their vetting processes for their suppliers. If this becomes relevant to your role we will discuss it with you at the relevant time. Where possible we will only carry out checks with your explicit consent and if you do not want to have the check done we will arrange for someone else to provide services to that client.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Why might we share your personal data with third parties?
Harrison Clarke US is based in the United States of America (US) and is a participant in the EU-US Privacy Shield framework, as set out at the start of this Privacy Notice. This means that Harrison Clarke US provides a similar level of protection to your personal data as the protection afforded by the GDPR.
All our third-party service providers and other entities in the Harrison Clarke group are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
If any transfers of your personal data with third parties constitutes a controller-processor relationship, we ensure that both parties are responsible for your personal data within the limits of the GDPR, including by entering into a data processing agreement where this is necessary. For all other transfers we remain responsible for third parties’ use of your personal data. We ensure that we have appropriate indemnities in place with these third parties. Whenever we share your personal data with third parties, we always ensure that the transfers are governed by contractual obligations (pursuant to a data processing agreement or other contractual mechanisms). In any case, we always make sure that we have appropriate technical, security and organisational methods in place to secure the confidentiality and proper processing of your data, and we require that our third-party providers adhere to these guarantees too. A list of our third-party suppliers with whom we may share your personal data is available on request by contacting our Data Protection Counsel at: email@example.com
Generally, we do not transfer personal data relating to job applications to work at Harrison Clarke outside of the UK or the EEA. However, we may transfer your personal data from Harrison Clarke UK to Harrison Clarke US, as follows:
Some non-UK and non-EEA countries do not have the same data protection laws as within the UK and the EEA, but Harrison Clarke commits to ensuring that EU and UK residents suffer no consequence or impact to their privacy rights in the event of an international transfer.
As stated at the start of this Privacy Notice, Harrison Clarke US is a participant in the EU-US Privacy Shield framework and has certified to the US Department of Commerce that it adheres to the Privacy Shield principles. However, whilst Harrison Clarke US adheres to the Privacy Shield Principles and it remains in compliance with the requirements of such certification, since July 20, 2020, any transfers of personal data from Harrison Clarke UK to Harrison Clarke US are conducted by relying on SCCs for Controller-to-Controller transfers. For more information about the SCCs, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
Whenever we transfer personal data out of the UK and/or the EEA or between the UK and EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring personal data out of the UK/EEA, please contact us at: firstname.lastname@example.org.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
For California and New York residents, in order to comply with applicable laws regarding data breaches, Harrison Clarke US will notify you without unreasonable delay in the event of a breach of the security of our systems, following discovery or notification of such breach, where we are legally required to do so.
This notification will take place either via email or via a notice on our website. Where required to do so (depending on the nature and severity of a breach), we will also notify, without undue delay, the relevant Attorney General, the relevant Department of State and the State Police in accordance with applicable laws and our internal data breach policies. We will take all steps to mitigate any such breach in accordance with applicable law.
How long will you use my information for?
We will usually retain your personal data for a period of 6 months after we have made the relevant appointment, subject to any additional legal obligations and in accordance with any legitimate interests of the company. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against applicants on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal data in accordance with applicable laws and regulations.
As a Privacy Shield participant, Harrison Clarke US complies with data retention principles applicable to it under the Privacy Shield framework.
Your rights in connection with personal data
Under certain circumstances where you are a UK or EEA resident, by law you have the right to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
As Harrison Clarke US is an EU-US Privacy Shield participant, individuals may also bring a complaint directly to us, which we will respond to within 45 days where the GDPR time limits do not apply. Furthermore, at no cost to the individual, Harrison Clarke US will also provide an independent recourse mechanism by which each individual’s complaints and disputes can be investigated and expeditiously resolved. Finally, Harrison Clarke US will respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield Framework.
If you would like to exercise any of your rights set out at the section directly above, please contact us at email@example.com with enough information to allow us to identify you (by providing proof of your identity and address) and let us know the information to which your request relates. If you are an EEA resident, you may also contact our EU representative in the first instance at: firstname.lastname@example.org.
We hope that we can resolve any query or concern you raise about our use of your personal data.
However, the GDPR and UK Data Protection Act 2018 gives EEA and UK residents respectively the right to lodge a complaint with a supervisory authority, in particular in the UK, or within the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority governing Harrison Clarke’s data activities in the UK is the Information Commissioner (ICO) which may be contacted at https://ico.org.uk/concerns.
In compliance with the Privacy Shield Principles, Harrison Clarke commits to resolve complaints about our collection or use of your personal data. Notably, EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Harrison Clarke at: email@example.com
Harrison Clarke has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
Harrison Clarke US is also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). As a Privacy Shield participant, Harrison Clarke US also commits to make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC if Harrison Clarke US becomes subject to an FTC or court order based on non-compliance.
We may change this Privacy Notice from time to time and when we provide the latest version on this website. This Privacy Notice was published on May 24, 2018 and last updated on May 17, 2022.
If you wish to contact us, please send an email to our Data Protection Counsel at: firstname.lastname@example.org.