In this policy we explain how we handle your personal information when you use our services, as well as our website www.curtismurray.co.uk. When we say “we” and “us” we mean Curtis Murray Associates Ltd. When we say “third party”, this means anyone who is not you or us. This could be another person or organisation involved in personal information processing.
- About this Policy
- Who we are
- Information collection and use
- Information sharing
- Your rights and choices
- Data breach
- Contact us
We process personal data which relates to candidates for permanent engagements, and clients or their representatives who are individuals. This Policy also protects personal data obtained, recorded or held by us and the retrieval, use, disclosure or destruction of relevant data. We are committed to protecting the privacy and confidentiality of our customers and to upholding data protection principles in accordance with the General Data Protection Regulation (‘GDPR’). We monitor our compliance with the GDPR on a regular basis as a matter of good business practice and take all appropriate technical and organizational measures to guard against unauthorised or unlawful processing and accidental loss, destruction or damage to personal data held on our systems.
We are a recruitment consultant company searching and finding recruits for companies in the UK, EU as well as MENA and African countries. We are guided by a set of principles and we always seek to do the right thing, meaning that we consider the impact of our decisions on our customers and the community.
We are Curtis Murray Associates Ltd, 30 Crown Place, London, EC2A 4EB (Company no: 9527406 ).
For the processing of the information about candidates for permanent engagements we rely on their consent and for the processing of the information about our clients or their representatives we rely on a contract as well as legitimate interests pursued by us as a recruitment company. We will retain only details supplied by you, as are required to facilitate recruitment services, in particular, in relation to finding suitable permanent, contract or services opportunities or candidates for you.
If you are a client we will collect some personal data, such as name, email address, phone numbers and job titles from you for communications for the performance of a service or contract.
If you are a candidate we will collect your personal data that you provide to us, to assess your qualifications and suitability for a position as well as to manage your interactions with the prospective employer (our Client) and to contact you in the future if an appropriate position could be of your interest. The data we obtain from you may include:
- Email address
- Home address
- Phone numbers
- Visa, if work eligibility criteria is applied
- Date of birth
- Educational and professional history
- Photos (rarely)
- Current salary and recent/expected bonus
Other information, that you may decide to include into your CV or cover letter or that we may ask you to provide us with, including information about your family to facilitate relocation. We may use your email address to advise you on current available vacancies, but we will not submit your personal information for any vacancy without your prior consent.
Additionally, we may receive and store information which:
- If you are a candidate, we may receive from referees when we take up references;
- If you are a client, we may receive from credit reference agencies in respect of your creditworthiness, your trading history and other financial details as may be necessary for making or receiving payments or any other accounting requirement.
We do not knowingly solicit information from children and we do not knowingly market our services to children.
We will share our candidate’s personal information with our clients only with a prior candidate’s consent. We seek to ensure the same level of protection of your personal information when we transfer it overseas. Thus, for such transfers we rely on legal conditions permitted by the GDPR.
We will not sell or otherwise pass on your personal data and confidential details to any third party without your prior consent unless there is a statutory requirement to do so. We may disclose the information about you to the law enforcement and regulatory authorities when we must comply with laws, regulations, legal processes or legal requests.
You have a right to access information we hold about you. Any such request should be made by email to email@example.com.
We will keep your personal information as long as it is necessary to provide our services to you OR until you withdraw your consent to process your data, object to the data processing or restrict it.
It is in your interest to let us have updated details whenever your circumstances change so that the information we hold is accurate and up to date.
We will not contact you to ask you to update your details.
If at any time, you wish to have us amend, update, delete or transfer the information we hold about you, please advise firstname.lastname@example.org.
Every reasonable effort will be made so that all personal data is held on a secure GDPR compliant cloud-based service.
Where we consider it appropriate, we use encryption and/or authentication tools among other methods to protect your personal information. Emails you send us are not necessarily secure when they are transmitted to us. If your communication is sensitive or includes confidential information, such as, for example, payment details, you may chose to provide it by post or via the telephone instead.
Although we use all reasonable means to protect your personal information, we are not responsible for any improper use of your personal data that is beyond our control.
Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will notify those concerned directly by sending you email, containing the information about the type of risk. A ‘high risk’ means the threshold for notifying individuals is higher than for notifying the relevant supervisory authority. A notifiable breach will be reported to the relevant supervisory authority within 72 hours of when we became aware of it.
Our website may link to other websites and we wish to draw to your attention that we cannot be responsible with respect to privacy policies or data protection policies and procedures maintained or followed by the operators of such other websites.
Office address: 12th Floor, 30 Crown Place, London, EC2A 4EB