Data items to be shared - Applicable Personal Data
As applicable and without limitation:
- Names
- Addresses
- Dates of birth
- Telephone numbers
- Emails
- Job titles
- Work (and/or education) history
- Professional memberships and qualifications
- Historic pay details
- Right to work documentation (visas/passports)
- Criminal records
- Credit records
- Identification documents (driving licence, passports, identity cards)
- National Insurance Number
- Pension Contributions
- Other information required in connection with pre-employment screening
Description of Data Sharing Initiative
The Robert Walters Group ("RW) processes candidate data both before a client engages us on a particular recruitment project and also in response to a specific search. The purpose of the data processing is to identify suitable candidates that best meet your requirements and to share that data with the Client as part of our recruitment services.
Purpose of the Data Sharing Initiative
To assist the client to achieve its recruitment requirements.
Organisations involved in the data sharing
- RW
- Client
Lawful basis for sharing by supplier
Legitimate interest.
Permitted Processing of Applicable Personal Data
To build candidate profiles and to assist in the sourcing and placement of candidates sourced by RW.
Lawful basis for Processing Applicable Personal Data by Client
Performance of a contract between the Robert Walters Group and Client.
Telling Data Subjects about the Data Sharing Initiative
Both Parties.
Information to be provided to Data Subjects
All information required to comply with A14 of the GDPR.
Maintaining the quality of the Personal Data
Include facilities to:
prevent irrelevant and excessive amounts of data being shared:
ensure that the data being shared is accurate: and
compatible datasets are used and the data is recorded in the same way.
Method of transmission of Personal Data from Supplier to Client
- Telephone
- Client portals
Method and location of storage and access of Personal Data by Client
Within the EEA only, unless RW have provided their prior written consent.
Security of Personal Data applied to transmission and storage
Industry leading security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data and implement industry leading technical and organisational measures, to ensure a level of security appropriate to the risk of harm that might result from, unauthorised or unlawful processing, accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to personal data taking into account:
• the nature, scope, context and purposes of the Processing of the personal data to be protected,
• the state of the art in technological developments in information security; and
• the cost of implementing any measures; and
shall include, as a minimum, pseudonymising and encrypting the Personal Data, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to the Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it.
Retention of Personal Data by Client
As determined by the Client from time to time.
Data Subject Rights (DRM)
As determined by the parties from time to time in accordance with data protection legislation.
Personal data breaches
Notification without undue delay upon becoming aware of personal data breaches concerning the personal data shared between the Data Controllers.
Assistance between Data Controllers
Each of the Data Controllers shall provide reasonable assistance to each other to enable them to facilitate Data Subjects exercising their rights under the Data Protection Legislation.
Monitoring compliance
Monitoring compliance is the obligation of the party storing and using Personal Data.
Reviewing ongoing effectiveness of Data Sharing Initiative
Periodically as instigated by RW
Procedure for terminating Data Sharing Initiative
As per the termination provision in the contract that the Parties are subject to.
Points of contact
Each party shall appoint the following single point of contact who will monitor the correct operation of this Agreement and will work together to remediate any issues arising under it:
Robert Walters: gdpr@robertwalters.com
Client: