Welcome to Harrison Clarke’s Privacy Notice.
This Privacy Notice is aimed at Candidates and Clients who benefit from Harrison Clarke’s recruitment and staffing services within the United States (US) and within the United Kingdom (UK) and the European Union (EU). We ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event you have a complaint.
We are Harrison Clarke.
Harrison Clarke International, Inc., is registered in the State of California and has its registered office at 548 Market St, Suite 15352, San Francisco, California 94104, United States (Harrison Clarke US). Harrison Clarke US is also registered in the State of New York with an office at 230 Park Ave, 3rd Floor, New York, NY 10169, United States.
Harrison Clarke International Ltd. is a UK company registered under Company Number: 10541771 and has its registered office at Harrison Clarke International Ltd., 1 Canada Square, 37th Floor, Canary Wharf, London, E14 5AA, United Kingdom (Harrison Clarke UK).
In this Privacy Notice, Harrison Clarke US and Harrison Clarke UK shall collectively be referred to as “we”, “us”, “our” or “Harrison Clarke”, unless a specific distinction is made between our entities.
We have nominated a Data Protection Counsel, Charlotte Gerrish. You can contact her via our dedicated data protection email address: email@example.com.
As we are based outside of the EEA, we have appointed an EU representative for individuals based in the EEA. The role of our EU representative is to ensure that our clients and candidates based within the EEA have a local point of contact within the EEA to whom they can address queries and any complaints. Our EU representative facilitates such contact and ensures efficient communication with EEA-based supervisory authorities. Details of our appointed EU representative are as follows:
Name: Gerrish Legal SARL
Postal and Office Address: 15 rue de Surène, Paris, 75008, France
Please ensure that all correspondence sent by post is marked with ‘Harrison Clarke’ as a reference to ensure that your matter is dealt with efficiently.
To demonstrate its serious commitment to protecting personal data, Harrison Clarke US is a participant of the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data. Harrison Clarke US has certified to the US Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. Harrison Clarke US is committed to complying with the Privacy Shield Principles for as long as it processes relevant personal data. If you want to learn more about the Privacy Shield program, and view our certification, please visit the Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov/.
However, whilst Harrison Clarke US adheres to the Privacy Shield Principles and it remains in compliance with the requirements of such certification, from July, 16 2020, any transfers of personal data from the UK and the EEA to Harrison Clarke US are conducted by relying on the European Commission’s Standard Contractual Clauses in compliance with Chapter V of the GDPR, the UK International Data Transfer Agreement, the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses or any other appropriate transfer mechanism authorized under the GDPR. Any transfers of personal data between the Harrison Clarke entities are carried out in reliance on the European Commission’s Controller-to-Controller Standard Contractual Clauses. If there is any conflict between the terms in this Privacy Notice and the Standard Contractual Clauses, the Standard Contractual Clauses shall govern. Further information about our personal data transfers outside of the UK and the EEA are also set out below in this Privacy Notice.
Our business is primarily focused in the US, and Harrison Clarke’s client and candidate base comprises primarily companies and citizens based or residing in the US. Harrison Clarke therefore respects US data protection rules in respect of any processing carried out in the US. As Harrison Clarke UK is a key entity of the Harrison Clarke Group and is based in the UK, Harrison Clarke is also committed to respecting UK and European data protection rules when they are applicable to our activities.
As part of its recruitment and staffing activities, Harrison Clarke collects, uses and is responsible for certain personal data about candidates and clients. When we do this within the EU or UK or when we provide services to UK or EU residents, we are regulated under the General Data Protection Regulation or “GDPR” which applies across the EU (including in the UK due to national laws such as the Data Protection Act 2018). In this respect, we are a ‘controller’ of personal data for the purposes of those laws. Harrison Clarke UK therefore has strict privacy rules and standards in force pursuant to the GDPR and the Data Protection Act 2018.
Whilst our processing of personal data tends to concern US residents only, and such data is usually processed outside of the UK or the EEA, we still take privacy rights seriously and have therefore chosen to apply the highest standards of data protection to our business, which might not ordinarily apply to US residents.
Information collected by us
In the course of our activities as a recruitment and staffing company, we collect different kinds of personal data depending on whether you are a job seeker or a candidate wishing to utilise our recruitment services to find your next employer or role, or whether you are a client who has contacted us to help you to find your next member of staff.
When we refer to clients in this policy, we also refer to our commercial business suppliers, partners and vendors. As a Privacy Shield participant, we limit all personal data collected to the information relevant for the purposes of processing that we carry out. This is further described in this section.
For our clients, we store the following information when you provide it to us:
For our candidates, examples of information we store about you may include:
We do not directly collect any sensitive data (also known as special categories of personal data) about you but sometimes this might be incidental to information we require to carry out our recruitment services. Examples of sensitive data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or information about your health which might be collected if our clients require evidence of nationality for visa or work permit requirements or if you need assistance or adjustments to attend an interview. We do not collect any information about criminal convictions and offences. If the need for such information arises, we will always contact you to discuss this.
Information collected from other sources
We do not generally obtain personal data about our clients from other sources, but this can occur on occasion, such as information gained from:
In respect of our candidates, sometimes we will collect information from third parties such as previous employers, your school, university or college, professional regulators or government bodies based on information that has been provided by the candidates themselves. Here are examples of some of the categories of information collected and organisations who might provide us with that information:
For both our clients and candidates, we use any information we collect about you to:
Typically, for our candidates, the types of organisations with whom we may share your information include our clients to whom we provide recruitment services, who are seeking individuals with a profile similar to yours in order to offer employment opportunities. The purpose is so that we can help you find a new position and fulfil our clients’ recruitment needs. This data sharing enables us to best help you in your job search, and also allows us to fulfil our sourcing obligations to our clients.
However, candidates, please rest assured! We take our data protection obligations seriously and do not share your personal data with any other third party, unless we have your express consent to do so. As we are committed to providing high quality recruitment services, will never forward on your CV to any third party without first having obtained your approval to do so.
Similarly, we may share client information with our candidates when we think that we have found a good fit. This information is limited to details of the role available, the company and any specific requirements or details you provide to us. If the candidate is offered an interview with you, we will also provide the candidate with the hiring manager’s name, professional contact details and office address. The reason for this is so that we can introduce candidates to our clients so that we can fulfil our obligation to provide staffing services to all parties concerned. Again, we will only ever share such information provided that our client contact has confirmed to us that we can do so, and that they are happy to meet with the candidate.
We also share information with external suppliers such as our CRM database providers and providers of cloud- storage and hosting to ensure that we have a high quality, efficient and secure IT environment. We may also give your details to our third-party providers, such as external finance, external marketing managers, external information security and IT specialists or external lawyers to make sure that we are able to complete our contractual obligations to you and ensure the smooth running of our business.
If any transfers of your personal data with third parties constitutes a controller-processor relationship, we ensure that both parties are responsible for your personal data within the limits of the GDPR, including by entering into a data processing agreement where this is necessary. For all other transfers we remain responsible for third parties’ use of your personal data. We ensure that we have appropriate indemnities in place with these third parties. Whenever we share your personal data with third parties, we always ensure that the transfers are governed by contractual obligations (pursuant to a data processing agreement or other contractual mechanisms). In any case, we always make sure that we have appropriate technical, security and organisational methods in place to secure the confidentiality and proper processing of your data, and we require that our third-party providers adhere to these guarantees too. A list of our third-party suppliers with whom we may share your personal data is available on request by contacting our Data Protection Counsel at: firstname.lastname@example.org.
Some of those third-party recipients may be based outside of the UK or EEA — for further information including on how we safeguard personal data of EU or UK residents when this occurs, see ‘Transfer of your information out of the UK or EEA’ below.
Please note: We may also share personal data with law enforcement or other authorities if required by applicable law or for the purposes of litigation. This specifically includes the requirement for us to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements in force across the US, UK and/or EEA.
Sometimes we require specific information about you in order to properly provide you with our services. If you do not wish to provide us with certain information, then we will contact you on a case-by-case basis to explain the situation and to see how we can continue to provide you with our services in the absence of such information.
As a general rule, we will keep your personal data on file for a period of 4 years following our last meaningful contact with you, unless you expressly tell us otherwise. Before we delete your data, we will check with you to see whether our recruitment services are still of interest, unless you tell us otherwise. We consider that 4 years is a reasonable timeframe, as this is usually the length of time an individual remains in a role, and you may need our services again towards the end of this period, either to find a new employee or to look for a new job.
Sometimes, we might keep your personal data for longer than the 4-year period, for example, to allow us to keep any data in accordance with legal or fiscal obligations to in pursuit or defence of a claim. It may be that some personal data is retained on these documents, but this is purely incidental to documents which are generally required strictly for commercial, legal or fiscal purposes. Where possible, we will ensure that any personal data is anonymized where it is not strictly necessary.
These timeframes apply to our client contacts who are based within the EU or UK, but where practical, we also use our reasonable efforts ensure that these timeframes apply to our US based contacts, unless Harrison Clarke US has a business reason for doing otherwise. As a Privacy Shield participant, Harrison Clarke US also complies with data retention principles applicable to it under the Privacy Shield framework.
As far as our clients are concerned, we process your personal data: (i) with a view to entering into a commercial contract or to perform that commercial contract; (ii) in accordance with our legal obligations (for example, our accounting and HMRC and other tax obligations); and (iii) in our mutual legitimate interests – we both have the same or similar legitimate interests in collaborating together – to find you your next employee.
In respect of our candidates, we collect and use your personal data on the basis of our mutual legitimate interests. We rely on legitimate interests because we consider that our legitimate interests as a recruitment agency are not overridden by your interests or rights as a candidate. In fact, we consider that our mutual legitimate interests are likely to align with your interests in finding a job, especially when you have placed your CV on a job board with the intention of finding work or when you have selected an “Available for Work” option or “Please Notify Recruiters” on professional networking sites.
For EEA or UK-based candidates only we will nonetheless rely on your consent in instances where you have not selected an “Available for Work” option on your social networking profile. In this case, we will contact you to see if you would like to be included in our database or if you would like to benefit from our recruitment services.
If we ever need to process sensitive personal data, we will contact you at this stage and explain why we need certain information about you and obtain your express consent where this is legally required under the GDPR or UK Data Protection Act 2018.
You can of course object to us processing your personal data at any time and you are also able to withdraw your consent at any time. You may do this by contacting us at email@example.com. For more information, please review the section ‘Your Rights’ below.
We may transfer your personal data to the following locations, which are located outside the EEA and the UK as follows:
Some non-EEA countries do not have the same data protection laws as within the UK and the EEA, but Harrison Clarke commits to ensuring that EU and UK residents suffer no consequence or impact to their privacy rights in the event of an international transfer.
Our transfers of personal data from Harrison Clarke UK to Harrison Clarke US
To ensure that our clients and candidates benefit from the high privacy standards in force in the UK and the EEA, any transfer of personal data between Harrison Clarke UK and Harrison Clarke US is carried out pursuant to the obligations set out in the European Commission’s Standard Contractual Clauses (SCCs), and where applicable, the UK International Data Transfer Agreement (IDTA) and/or the IDTA Addendum to the SCCs (Addendum).
Harrison Clarke US also adheres to the Privacy Shield Principles, which impose strong obligations on companies in the US to protect personal data and stronger monitoring and enforcement by the US Department of Commerce and the Federal Trade Commission. Following Harrison Clarke US has been placed on the Privacy Shield List by the US Department of Commerce. However, Harrison Clarke does not rely on the Privacy Shield for any transfers of personal data from the UK and the EEA to the US – such transfers will always be conducted on the basis of the SCCs. For more information about the SCCs, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. For more information about the EU-US Privacy Shield, please visit the Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/PrivacyShield.
Whenever we transfer personal data out of the UK and/or the EEA or between the UK and EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring personal data out of the UK/EEA, please contact us at: firstname.lastname@example.org.
We will only ever contact you in accordance with established marketing rules and practices, including the Privacy and Electronic Communications Regulations where applicable. If you would like to unsubscribe from any email communications not related to the services we are providing you, or you no longer wish to receive marketing emails or if you simply wish to be removed from our database, you can contact us at any time at: email@example.com or click on the ‘unsubscribe’ button at the bottom of our emails to you. It may take up to thirty days for this to take place.
We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We also ensure that you are able to limit the use and disclosure of your data by practical or technical means, such as by seeking your consent for transfers to third parties (where appropriate) and ensuring that we have appropriate technical mechanisms in place, such as IT security involving the encryption of our database and data, and also the possibility to anonymise your personal data at your request, and where appropriate.
For California and New York residents, in order to comply with applicable laws regarding data breaches, Harrison Clarke US will notify you without unreasonable delay in the event of a breach of the security of our systems, following discovery or notification of such breach, where we are legally required to do so.
This notification will take place either via email or via a notice on our website. Where required to do so (depending on the nature and severity of a breach), we will also notify, without undue delay, the relevant Attorney General, the relevant Department of State and the State Police in accordance with applicable laws and our internal data breach policies. We will take all steps to mitigate any such breach in accordance with applicable law.
Under the GDPR both our candidates and clients residing within the EU or UK have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
As Harrison Clarke US is an EU-US Privacy Shield participant, individuals may also bring a complaint directly to us, which we will respond to within 45 days where the GDPR time limits do not apply. Furthermore, at no cost to the individual, Harrison Clarke US will also provide an independent recourse mechanism by which each individual’s complaints and disputes can be investigated and expeditiously resolved. Finally, Harrison Clarke US will respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield Framework.
If you would like to exercise any of your rights set out at the section directly above, please contact us at firstname.lastname@example.org with enough information to allow us to identify you (by providing proof of your identity and address) and let us know the information to which your request relates. If you are an EEA resident, you may also contact our EU representative in the first instance at: email@example.com to the attention of Charlotte Gerrish.
We hope that we can resolve any query or concern you raise about our use of your personal data.
However, the GDPR and UK Data Protection Act 2018 gives EEA and UK residents respectively the right to lodge a complaint with a supervisory authority, in particular in the UK, or within the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority governing Harrison Clarke’s data activities in the UK is the Information Commissioner (ICO) which may be contacted at http://ico.org.uk/concerns. Other EEA supervisory authorities and their contact information may be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-fr.
In compliance with the Privacy Shield Principles, Harrison Clarke commits to resolve complaints about our collection or use of your personal data. Notably, EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Harrison Clarke at: firstname.lastname@example.org.
Harrison Clarke has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
Harrison Clarke US is also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). As a Privacy Shield participant, Harrison Clarke US also commits to make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC if Harrison Clarke US becomes subject to an FTC or court order based on non-compliance.
We may change this Privacy Notice from time to time and when we provide the latest version on this website. This Privacy Notice was published on May 24, 2018 and last updated on May 10, 2023.
If you wish to contact us, please send an email to our Data Protection Counsel at: email@example.com.