When we collect, use and are responsible for certain personal data about you we are subject to the UK General Data Protection Regulation (UK GDPR) in the UK; the EU General Data Protection Regulation (EU GDPR) in relation to services we offer to individuals and our wider operations in the European Economic Area (EEA); federal and state laws in the United States.
This website is not intended for children under the age of 16 years and we do not knowingly collect data relating to children. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please email [email protected].
- Key terms
- Personal data we collect about you
- How your personal data is collected
- How and why we use your personal data
- Who we share your personal data with
- Where your personal data is held
- How long your personal data will be kept
- Transferring your personal data out of the UK or EEA
- Third party sites
- Your rights
- Keeping your personal data secure
- How to complain
- How to contact us
It would be helpful to start by explaining some key terms used in this policy:
We, us, our, Group
We are registered in the UK as Austin Fraser Limited. This policy also applies to our subsidiaries, Austin Fraser, Inc. and Austin Fraser Gmbh.
We trade as “Austin Fraser” and “Austin Vita”.
Any information relating to an identified or identifiable individual.
Special category personal data
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership. Genetic and biometric data (when processed to uniquely identify an individual). Data concerning health, sex life or sexual orientation.
|Data subject||The individual who the personal data relates to.|
“Processing”, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:
a) organisation, adaptation or alteration of the information or data,
b) retrieval, consultation or use of the information or data,
c) disclosure of the information or data by transmission, dissemination or otherwise making available, or alignment, combination, blocking, erasure or destruction of the information or data.
Personal data we collect about you
We collect and use personal data to provide our services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.
We may collect and use the following personal data about you:
- your name and contact information, including address, email address and telephone number and company details;
- information to check and verify your identity, e.g. your date of birth, Social Security number, national identifier or other government-issued identification number;
- citizenship and work authorization status;
- your personal or professional interests;
- employment and education history;
- language proficiencies and other work-related skills;
- bank account information;
- your professional online presence, e.g. LinkedIn, Xing, corporate websites, job board websites, online CV libraries, your business card,
- your contact history, and applications.
We may collect personal information on your visits to this website including your IP address, browser, timestamp, traffic data, location data, weblogs, contact forms and other communication data and the resources that you access. Our collection of this personal information will make your visit to the website easier in the future as we will be able to suggest content that is relevant to you based on the location you access the website from, what content you access and how you interact with it. If you would like further information on this, please contact us at [email protected].
We may take photos and videos at community led events. These images may be used to share news about and publicise past, current and future events. Images may be used in press releases, printed publicity, social media and published on our website. They will be stored securely, and deleted after they are no longer needed for publicity purposes. If you would prefer not to be photographed or filmed, would like to see your images or would like us to delete them please contact [email protected].
We may also ask you to complete surveys that we use for research and quality purposes, although you do not have to respond to them.
We avoid processing special categories of data. However, by taking copies of passports or ID it may be that racial or ethnic origin can be revealed. Processing this data is necessary for us to comply with legal obligations.
On occasion our clients may ask us to obtain special category data in order to assist them with their monitoring of diversity and inclusion in their employment practices. Where this is the case we will always obtain your consent, anonymise the data where possible and put in place additional safeguards to protect and limit access to this data. This information will be retained for no longer than necessary before being deleted and may include:
- disabilities and health-related information;
- results of drug tests, criminal and other background checks;
- special categories of data, such as information about gender, ethnic origin, sexual orientation or religion or belief in order to monitor diversity in recruitment.
We are under an obligation to ensure that the candidates we submit to clients are suitable. As part of our registration process we require individuals to disclose any unspent convictions and may need to make further enquiries if necessary, with your consent.
How your personal data is collected
We collect most of this personal data directly from you – in person, by telephone, text or email and/or via our website. However, we may also collect information:
- from a third party with your consent, e.g. previous employers;
- by reference or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or even a present employer;
- from job boards or social media (e.g. LinkedIn, Xing) where you have submitted your personal data in the knowledge that it may be obtained and processed by recruitment businesses. Where this is the case we will notify you promptly that we have obtained your personal data and allow you the opportunity to ask for this data to be erased or rectified.
Where we collect your information through publicly available sources as set out above, we may do this with the aid of software programs. These programs are given parameters on the requirements of a role and search through publicly available sources to find such candidates. These programs are designed to only output information on candidates that meet the search criteria. The parameters of this program are restricted to only searching for candidate information from public sites where there is a reasonable expectation that such information may be collected and further processed by job recruiters for the purpose of sourcing candidates for different job roles.
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
- where you have given consent;
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A “legitimate interest” is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
As a recruitment business we introduce candidates to clients for permanent employment or independent professional contracts. The exchange of personal information of our candidates and our client contacts is a fundamental, essential part of this process.
We maintain a database of relevant personal information of prospective and engaged candidates and clients containing historical information as well as current resourcing requirements.
The table below explains in more detail what we use your personal data for and why.
What we use your personal data for
Providing services to you
To provide you with the services you expect us to; to best tailor content and resources according to your preferences; to respond to your request or questions when you contact us.
Marketing our services to:
— existing and former candidates and clients;
— third parties who have previously expressed an interest in our services;
— third parties with whom we have had no previous dealings
For our legitimate interests or those of a third party, i.e. to promote our business to existing and former candidates and clients.
Conducting checks to identify our candidates and verify their identity
To comply with our legal and regulatory obligations.
Updating and enhancing candidate records
To perform our contract with you or to take steps at your request before entering into a contract.
To comply with our legal and regulatory obligations.
For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our candidates about positions they may be interested in.
Backgroundchecks via external checking companies with a candidate’s consent
For our legitimate interests or those of our clients, i.e. to ensure a candidate is suitable for a vacancy.
Ensuring business policies are adhered to, e.g. policies covering security and internet use
For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so that we can deliver the best service to you.
Operational reasons, such as improving efficiency, training and quality control
For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you; to investigate and respond to complaints.
Ensuring the confidentiality of commercially sensitive information
For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information.
To comply with our legal and regulatory obligations
To comply with our legal and regulatory obligations.
External audits and quality checks, e.g. for accreditation and the audit of our accounts
For our legitimate interests or those of a third party, e.g. to maintain our accreditations so we can demonstrate we operate at the highest standards.
To comply with our legal and regulatory obligations.
Just so you are aware, our online recruitment systems do not use Automated Decision Making tools to assess the suitability of applicants. We utilise the skills and experience of our consultants to assess your capability and experience.
We may use your personal data to send you updates (by email, text message, telephone or post) about our services, including events and industry insights.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not always need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly and we will only send you direct marketing emails that promote our company or services if you have opted in to this.
You have the right to opt out of receiving marketing communications at any time by:
- contacting us at [email protected]
- using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts;
- To clarify, contacting you about specific job opportunities is not marketing because we are not advertising or marketing our services.
When you - representing or acting on behalf of a company or of any legal entity, private or public - provide us with your personal information by contacting us as a client or prospective candidate, you allow us to send you marketing communications normally by email. In that case, the processing of your personal information is based on our legitimate interest as legal ground to develop our customer database and to introduce our services, or future services, that may be of interest to you.
Opting out of receiving marketing messages does not apply to:
- Job alerts sent to you through the website in response to your request to receive specific job details. You can select your preferences by logging into your account on our website and changing your settings in the “Jobs” section and you can stop receiving these alerts at any time by clicking on the unsubscribe link within the job alert email; and
- Job alert emails which you will receive from our recruitment consultants which match your job search criteria confirmed with you during our registration process. If you no longer wish to receive work finding services, please let your recruitment consultant know.
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations outside the Group for marketing purposes. We do not host mailings on behalf of third parties.
Who we share your personal data with
We routinely share personal data with:
- companies within our Group;
- other third parties we use to help us run our business, e.g. background screening and verification services; data storage facilities including in the US and the Cloud; services hosting our Web servers; managing job posting applications via our 3rd party provider Broadbean; analysing data and producing statistics; legal, accounting, audit, finance, insurance and other professional services;
- our clients where we have your consent;
- individuals and companies who will be providing a reference for you, with your consent.
Where applicable, we will impose appropriate contractual, security, confidentiality and other obligations on 3rd party service providers and processors we have appointed, based on the nature of the services they provide to us. We will only permit them to process your Personal Information in accordance with the law and our instructions. We do not allow them to use your Personal information for their own purposes and when our relationship ends we will ensure your Personal Information is securely returned or destroyed or anonymised so that you can no longer be identified.
We may also need to:
- share personal data with external auditors, e.g. in relation to accreditation and the audit of our accounts;
- disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations;
- share personal data with IT consultants carrying out testing and development work on our IT systems, service providers who we may appoint as data processors and other service providers who may be based in the UK, EEA or United States;
- share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring – usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
Where your personal data is held
The personal data that we control is usually stored and processed in the EEA if you are in Europe or the United States if that is where you are located. However, to deliver our services to you it may be stored on, and processed on, servers situated in the United Kingdom, the EEA, or the United States. We and/or our service providers may also process data in some other countries for customer care, account management and service provisioning (see above: ‘Who we share your personal data with’).
Some of these third parties may be based outside the UK/EEA. For more information, including on how we safeguard your personal data when this happens, see below: ‘Transferring your personal data out of the UK and EEA’.
How long your personal data will be kept
We understand our legal duty to retain accurate data and only retain personal information for as long as it is required for carrying out the data processing activities mentioned above. Accordingly, we have a data retention policy and run data cleansing exercises to remove data that we no longer have a legitimate business interest in maintaining.
We will keep in touch with you regularly and will contact you via email at least annually to confirm all the information we hold is accurate and up to date and you still wish for us to hold your data, you can ask us at any stage to remove your information. Prior to making any introduction to our clients, we will check with you that we have the most up to date and accurate information.
We will keep your personal data while you are a contractor with us or we are providing services to you. Thereafter, we will keep your personal data for as long as is necessary:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law.
We will not keep your personal data for longer than necessary. Different retention periods apply for different types of personal data but it is typically 6 years. We determine the retention period by taking into account:
- the nature of the personal information;
- its perceived accuracy;
- our legal obligations;
- whether an interview or placement has been arranged; and
- our recruitment expertise and knowledge of the industry by country, sector and job role.
We may archive part or all of your personal information or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Management (CRM) system. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal information on to our database, unless requested to do so. For your information, pseudonymised data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
Transferring your personal data out of the UK or EEA
To deliver services to you, it is sometimes necessary for us to share your personal data outside the UK/EEA, eg:
- with our offices or other companies within our Group located outside the UK/EEA;
- with your and our service providers located outside the UK/EEA;
- if you are based outside the UK/EEA;
- where there is an international dimension to the services we are providing to you.
Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK or the EEA where:
- the UK government or, where the EU GDPR applies, the European Commission, has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
- a specific exception applies under data protection law.
These are explained below.
If you are in the UK or the EEA, we may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:
- all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);
- Gibraltar; and
- Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.
- The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.
At present, an adequacy decision can be used for transfers from the UK to the EEA, but not for transfers from the EEA to the UK. For transfers from the EEA into the UK, the EU GDPR rules on restricted transfers will apply. The UK Government is seeking a European Commission ‘adequacy decision' which will allow the free flow of data under those rules. To allow time for the EU to consider whether to grant such an ‘adequacy decision’, as part of the new trade deal, the EU has agreed to delay transfer restrictions for at least four months (known as the bridge). This may be extended to six months. In the absence of an EU ‘adequacy decision’ at the end of the bridge, these transfers will need to comply with EU GDPR transfer rules.
Other countries or international organisations we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.
Transfers with appropriate safeguards
Where there is no adequacy decision, we may transfer your personal data to another country or international organisation if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.
The safeguards will usually include using legally-approved standard data protection contract clauses.
Transfers under an exception
In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.:
- you have explicitly consented to the proposed transfer after having been informed of the possible risks;
- the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
- the transfer is necessary for a contract in your interests, between us and another person; or
- the transfer is necessary to establish, exercise or defend legal claims
We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.
Our site may, from time to time, contain links to other websites not under our control. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
You have the following rights, which you can exercise free of charge:
You are entitled to request confirmation of whether we process any of your personal information. Where this is the case, you may have access to your personal information and to certain information about how it is processed. In some cases, you can ask us to provide you with an electronic copy of your information.
If you can demonstrate that personal information we hold about you is not correct, you can ask that this information is updated or otherwise corrected.
Erasure (also known as the right to be forgotten)
In certain circumstances you have the right to have your personal information deleted. You may make such a request at any time and we will evaluate if your request should be granted, however this right is subject to any legal rights or obligations we may have to retain data. For situations where in accordance with the law, we determine that your request to have your personal information deleted must be granted, we will do so without undue delay. Please note that we may require you to provide us with proof of your identity and answer security questions before processing your request and if your data is deleted we will have no record and you may be contacted again in the future.
Restriction of processing
In certain circumstances you have the right to obtain restriction of the processing of your personal information, or to object to certain processing on grounds relating to your particular situation.
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations.
The right to object:
- at any time to your personal data being processed for direct marketing (including profiling);
- in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
For further information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below) or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights.
If you would like to exercise any of these rights, please:
- email, call or write to us – see below: ‘How to contact us’; and
- provide enough information to identify yourself and any additional identity information we may reasonably request from you;
- let us know what right you want to exercise and the information to which your request relates.
Keeping your personal data secure
We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Although we will do our best to protect your personal information, you should be aware that the transmission of information via the internet is not completely secure and we cannot guarantee the security of your personal information transmitted to this website or any third party; for this reason, any transmission is at your own risk.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
How to complain
Please contact us if you have any query or concern about our use of your information (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.
If you are in the UK or EEA, you also have the right to lodge a complaint with the Information Commissioner in the UK or any relevant European data protection supervisory authority. The Information Commissioner may be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.
This privacy notice was last updated on 26 January 2021. We may change this privacy notice from time to time – for significant changes we will inform you via our website or other means of contact such as email.
How to contact us
Austin Fraser Limited, Thames Tower, Station Road, Reading, Berkshire, RG1 1LX.
Email: [email protected]
Tel: +44 (0) 118 952 0156
Germany (and the EEA)
Austin Fraser GmbH, Lenbachplatz 1, 80333, München
Email: [email protected]
Tel: +49 (0) 89 2737 3800
Austin Fraser, Inc. 500 West 2nd St Suite 1500, Austin, TX 78701
Email: [email protected]
Tel: +1 (512) 823-0011