We take your privacy seriously, and want to ensure that everyone who uses our services and those of our associated brand, Improvement and Innovation, is confident that we will protect your information and your rights.
The General Data Protection Regulation (GDPR) is replacing existing data protection acts in EU countries, including the UK. This regulation affects all EU and UK citizens, strengthening their digital rights and creating a stricter framework within which firms collect, retain and process your personal data. As an international company, Pacific has taken the decision to uphold GDPR compliant practices globally, ensuring a consistent experience and greater confidence for all our customers worldwide.
What is the purpose and legal basis of Pacific’s Data Processing
Pacific aims to connect the best talent in Change and Transformation to our clients through the provision of market information, networking, search and placement activity. We deal extensively with Personally Identifiable Information (henceforth Personal Data) to facilitate our services, and under GDPR perform the function of both Data Controller and Data Processor.
What will the Controller Collect and Process?
Pacific will collect your name, your job title, company name, company address, business and personal email and telephone numbers. If you have submitted your CV to Pacific we will retain and process the information contained therein, including your areas of expertise and specialisms, work history and educational institutions attended and certificates obtained.
Depending on the jurisdictions we operate, we may also retain your date of birth, profile photograph and other information pertinent to a job application. Where this information is not required, or prohibited from being part of the application process, we will not collect or retain this information (for example certain US States).
Who Will have Access to the Data?
The recipients of Personal Data are limited to Pacific’s sales, marketing and accounting functions, and are shared with trusted third party providers including: Canddi, Volcanic, Microsoft Dynamics, Colleague Software, MailChimp, TextKernel and Sage. Your data will not be used by these organisations other than for the purposes of Pacific’s internal processing.
All of our suppliers are vetted to ensure their compliance with GDPR. Pacific will not share your data with any non-compliant organisation.
We use external data processors including Indeed, CV Library, LinkedIn and Twitter to source individuals and contacts, but will not store this data on our internal systems unless explicit permission has been given by the Data Subject.
Will the Data Leave the EU?
Our consultants operate globally – therefore your data will be accessible by consultants in non-EU jurisdictions. All our operations are GDPR-compliant by design, as are our global suppliers. Therefore the same protections apply as within the EU. Data shared in the US
How long will the Data be Kept For?
Your data will be kept for a period of no longer than 3 years. This is consistent with the average time an FTE remains in a role, and therefore is linked to the relevance of the information we collected at the time of your initial consent.
When this period expires, we will contact you and request your renewed consent to our retention and processing of your personal data.
Where that consent is absent and Legitimate Interest insufficient grounds to hold your data, whether through active withdrawal of consent or non-response, we will delete your data from our systems.
You’ve Contacted me after I’ve asked to be removed from your System – why?
Because we delete all personal data in line with GDPR requirements, this means that none of your information will exist in our system for reference purposes.
Therefore there is a small likelihood that your profile will appear in the course of our research and one of our researchers will contact you.
We will only store your name and contact details under Legitimate interest, and remove these on request.
Your Rights under GDPR
The right to be informed: In addition to the standard terms above, we will seek consent where we share your personal data with a client in order to facilitate the recruitment process by sharing your profile.
The right of access: You have the right to access all your Personal Data held and processed by Pacific. Within one month of the request we will confirm your identity and provide you with a copy of the data we hold regarding your person.
The right to data portability: where you request the right of access, Pacific will provide your personal data in a structured, readable format.
The right to rectification: You have the right to request that Pacific rectify any inaccurate information we hold. We will comply with this within one month of the request being submitted.
We will also inform any third parties that process your information on our behalf.
The Right to be Forgotten: you have right of erasure where you choose to withdraw consent. This means that Pacific will undertake to erase your personal data from our system and those of our partners in its entirety, except that data which must be retained for tax reporting purposes. The latter will be kept until the 7-year expiration date required by UK law.
The right to restrict processing: You have the right to request the restriction of processing of your data, for instance where you object to the processing of your data for a specific purpose but consent to our continued retention and processing of your data in general.
In addition, where we have been informed your data must be rectified, we will restrict processing of your data until we have updated it.
The right to object: You have the right to object to the processing of your data in circumstances relating to your specific situation.
In addition to this, you always have the right to object to the use of your data for the purposes of direct marketing: even if you consent initially to the use of your Personal Data for GDPR, you may opt out of direct marketing at any time.
Rights in relation to automated decision making and processing: Pacific’s recruitment offering is based on our consultant’s experience and understanding of their markets. We do not undertake decisions impacting our recruitment process based on automated processing.
Where automated processing takes place, this is only to streamline human decision-making and data retrieval activities to expedite our recruitment activities more quickly to the benefit of our candidates and clients. This includes the parsing of CVs which creates structured data allowing us to make better use of our database.
Who is the Data Controller and who do I contact in reference to GDPR?
The Data Controller is Pacific International Recruitment Limited, The Control Tower, Witchcraft Way, Rackheath, Norwich, NR13 6GA.
The Data Controller’s representative is the Data Protection Officer, David Howells.
To contact us regarding GDPR, please send an email to firstname.lastname@example.org or call +44 (0) 207 478 7727
We are registered with the Information Commissioner’s Office, Registration Number ZA284380