Lex Consultancy respects your right to privacy and is committed to protecting the privacy of users of lexconsultancy.ie (the “Website”) and complying with our obligations under the General Data Protection Regulation (the “GDPR”) 2018. We are aware that as a job applicant, and/or a user of our Website you care about the security and privacy of your information. The purpose of this Privacy Notice (the “Notice”) is to outline how we deal with any personal data you provide to us either in person or while visiting the Website. You should not use the Website if you are not satisfied with this Notice.
By visiting the Website, you are accepting the terms of this Notice. Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of those other websites. When we link to another website it does not constitute an endorsement of that website by Lex Consultancy.
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, as job applicants, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- processing is fair, lawful and transparent
- data is collected for specific, explicit, and legitimate purposes
- data collected is adequate, relevant and limited to what is necessary for the purposes of processing
- data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- data is not kept for longer than is necessary for its given purpose
- data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- we comply with the relevant GDPR procedures for international transferring of personal data
TYPES OF DATA HELD
When individuals interact with the Website, we retain two types of information:
You can browse the Website without telling us who you are or revealing any personal information about yourself. Like most websites, we gather statistical and other analytical information collected on an aggregate and anonymous basis from all visitors to our Website. This “Non-Personal Data” comprises information that cannot be used to identify or contact you, such as your domain name, browser type, operating system, and information such as the website that referred you to us, the files you downloaded, the pages you visit, and the dates/times of those visits, and other anonymous statistical data involving the use of our Website.
“Personal Data” is data that identifies you or can be used to identify or contact you. Personal Data is collected only with your knowledge and permission and is retained by Lex Consultancy in a secure manner.
If you choose not to provide Personal Data, you can still browse and use the Website, but certain functions/services may not be available without providing the necessary Personal Data.
As the recruitment process progresses, and where you upload your CV or request a call back, we may be required to keep several categories of personal data on you as a job applicant.
Specifically, we process the following types of data:
a) personal details such as name, address, phone numbers;
b) name and contact details of your next of kin;
c) your photograph;
d) your gender, civil status, information of any disability you have or other medical information;
e) right to work documentation;
f) information on your race and religion for equality monitoring purposes;
g) information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter;
h) references from former employers;
i) details on your education and employment history etc;
j) driving licence;
k) criminal convictions.
This is a non-exhaustive list and each client/placement will require us to process some or all of this data.
“Special Categories of Data”
Special categories of data are data relate to: -
b) sex life
c) sexual orientation
e) ethnic origin
f) political opinion
h) trade union membership
i) genetic and biometric data.
Most commonly we will process special categories of data when the following applies:
a) we must process the data in order out carry out our legal obligations
b) you have given explicit consent to the processing
c) we must process data for reasons of substantial public interest
d) you have already made the data public.
“Criminal Conviction Data”
We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected by a third party, the NRF, however, may also be collected during your employment. We use criminal conviction data to determine your suitability, or your continued suitability for the role. We rely on the lawful basis to process this data, where processing is necessary for the performance of a contract to which the data subject is party to, or in order to take steps at the request of the data subject prior to entering the contract.
COLLECTING YOUR DATA
You will provide several pieces of data to us during the recruitment process whether online or in person. In the course of our normal business, we will, where you have readily given consent, collect data about you from third parties, such as other employment agencies, former employers etc when gathering references.
We may also process information about you where it is available from public sources. For example, if you have a professional profile online, we may combine that type of information with the information you provide directly to us or in the case of clients what your organisation has provided us.
In cases where you are employed directly by us we will gather further information from you, for example, your bank details and next of kin details, once your employment begins.
PURPOSE AND LAWFUL BASIS FOR WHICH WE HOLD AND USE YOUR INFORMATION INCLUDING RETENTION PERIOD.
Purpose for Non-Personal Data – The Website:
Purpose for Personal Data – The Website & In Person:
(a) If you are seeking employment and register with Lex Consultancy to benefit from our employment services, have access to our newsletter, become involved in our charity partnering etc you will be asked to provide personal data such as your e-mail address. Where you have willingly and actively engaged with our website, we will rely on this (opt-in) explicit consent as the legal basis for processing this data.
If you choose to opt-out, we will not retain any personal data relating to you. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each mailing.
(b) If you complete the “upload your CV/contact/call/email back/request for further information” option on our website, you will be asked to provide personal data such as your CV, name, email address, and phone number. The Company are relying on legitimate interest as the legal basis for processing this data, and we will retain your details. This information is used by Lex Consultancy to:
- Provide recruitment services to you; as a client/candidate or a user of our website;
- Enable you to submit your CV generally, to apply for specific jobs;
- Answer your enquiry;
- Provide information on suitable job opportunities to those who have registered their consent with us, to match your profile with suitable job vacancies and to assist us in finding a position that is most suitable for you;
- Provide other services related to or supplementary to the above, market products and services directly to the specific address you have provided.
Where we have your consent, we will also use your information to:
- Send your personal information to clients in order to apply for jobs;
- Market products and services directly to your personal email address where opt-in applies;
- We process data using secure cloud applications. Our suppliers are based in the EEA and only use secure data centres and where the data is accessible outside the EU for the purpose of analytics, development, and testing Lex Consultancy ensures that suppliers are GDPR compliant.
- To provide you with an efficient service, your information may be shared by consultants working only within Lex Consultancy.
The law on data protection allows us to process your data for certain reasons only.
The information below categorises the types of data processing we undertake and the lawful basis we rely on.
Activity requiring your data
Carrying out checks in relation to your right to work in the Republic of Ireland
Making reasonable adjustments for disabled employees
In the service of clients and candidates. Making recruitment decisions in relation to both initial and subsequent employment e.g. further opportunities.
Our legitimate interests
Making decisions about salary and other benefits
Our legitimate interests
Making decisions about contractual benefits to provide to you
Our legitimate interests
Assessing training needs
Our legitimate interests
Dealing with legal claims made against us
Our legitimate interests
Our legitimate interests
We will only hold your information for as long as is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as data controller.
Where we have sought consent to keep your data on file for future job vacancies, and you have provided that consent, we will keep your data until such period as you have exercised your legitimate right to be erased or forgotten. At which time, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data and there will be no consequences of withdrawing consent.
Job applicants who are employed directly by Lex Consultancy, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognise your browser and capture and remember certain information.
If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly.
For more information on cookies, see our Cookie Statement.
FAILURE TO PROVIDE DATA
Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you or progressing you as a candidate.
WHO WE SHARE YOUR DATA WITH
We do not sell, trade or share your data with third parties except with your explicit consent and only in the normal course of conducting our business, or servicing you, so long as those parties agree to keep this information confidential as part of their contract with us or under our terms and conditions of business.
Employees within our company who have responsibility for recruitment will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processed in line with GDPR.
We may share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us.
We make use of third party software and we have a data processing agreement in place with such third parties to ensure that they are GDPR compliant and your data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
PROTECTING YOUR DATA
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
AUTOMATED DECISION MAKING
Automated decision making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making.
Lex Consultancy takes its security responsibilities very seriously, including by employing appropriate physical and technical security measures, and generating awareness, and regular reviews of these responsibilities. We will take all reasonable precautions to prevent the loss, misuse or alteration of Personal Data you volunteer.
Our website uses HTTPS to transmit information. Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures. You should note however, that Internet transmissions are never completely private or secure.
You accept that any information or message you send to the Website may be intercepted or read by others. You hereby acknowledge and accept that we have no responsibility and shall accept no liability whatsoever for loss, injury or damage occasioned by the interception by third parties of your transmissions, or the disclosure of information, nor do we offer any guarantees, warranties or indemnities as to the security or otherwise of any information which you volunteer.
SALE OF BUSINESS
We reserve the right to transfer information (including your Personal Data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our company provided that the third party agrees to adhere to the terms of the Website Privacy Notice and provided that the third party only uses your Personal Data for the purposes that you provided it to us. You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out.
You have the following rights in relation to the personal data we hold on you:
a) the right to be informed about the data we hold on you and what we do with it;
b) the right of access to the data we hold on you. We operate a separate Subject Access Request policy and all such requests will be dealt with accordingly;
c) the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
d) the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
e) the right to restrict the processing of the data;
f) the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
g) the right to object to the inclusion of any information;
h) the right to regulate any automated decision-making and profiling of personal data.
In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact our Data Protection Officer.
CHANGES TO PRIVACY NOTICE
This Privacy Notice will be the subject of change and the use of information that we gather shall be subject to the privacy notice in effect.
THIRD PARTY SOFTWARE
Lex Consultancy make use of third party software and we endeavour to ensure that they are GDPR compliant.
CRM: We partner with BULLHORN.
Job Distribution: We partner with IDIBU.
Applicant Tracking: We partner with IDIBU.
MAKING A COMPLAINT
If you think your data rights have been breached, you are able to raise a complaint with the Office of the Data Protection Commissioner. You can contact the ODPC at Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois or by telephone on +353 57 8684800 or +353 (0)761 104 800 or Lo Call 1890 252 231 or email [email protected].
DATA PROTECTION COMPLIANCE
Our Data Protection Officer is:
15-17 South Leinster Street, Dublin 2