PRIVACY POLICY

DEFINITIONS

Data controller - A controller determines the purposes and means of processing personal data.
Data processor - A processor is responsible for processing personal data on behalf of a controller. They need to keep records of personal data and processing activities.
Data subject - An individual who is the subject of personal data
Data sharing agreements/protocols - Set out a common set of rules to be adopted by the various organisations involved in a data sharing operation.
Personal data - Meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. For example: name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data - Personal data that is given greater regulatory protection (due to its sensitive nature) It is subject to more stringent conditions of processing. For example: Racial or ethnic origin, political opinion, physical or mental health conditions, Genetic and biometric data etc.
Processing - If an organisation or individual collects, records, stores, manages or disposes of personal data, they process it.
Data sharing - The disclosure of data from one or more organisations to a third-party organisation or organisations, or the sharing of data between different parts of an organisation. Can take the form of systematic, routine data sharing where the same data sets are shared between the same organisations for an established purpose; and exceptional, one-off decisions to share data for any of a range of purposes.
Third party - Means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Data breach - A data breach is more than just losing personal data; it means that the personal data is destroyed, lost, altered, or accessed or disclosed unauthorised
Information Commissioner’s Office (ICO) - This is the UK’s independent supervisory authority/body that upholds information in the public interest. They advise individuals and organisations on how to comply to Data Protection laws through openness.
Consent - Of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

GENERAL PROVISION

This policy explains when and why we collect personal information about people who visit our website and register with us: how we use it; the conditions under which we may disclose it to others; and how we keep your information secure.

For the purpose of the United Kingdom General Data Protection Regulation (GDPR), the Data Controller is Precise Consultants Limited (Company Reg. No. 08517073 - Registered Office: 14 Devonshire Sqaure, London, EC2M 4YT, UK). Precise Consultants is registered with the Information Commissioner’s Office (the supervisory body in the UK) under registration reference: ZA114256.

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information, by which you can be identified, when using this website; you can be assured that it will only be used in accordance with this privacy policy.

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. By using our website, you’re agreeing to be bound by this Policy.

Our Data Protection Appointed Person is Derya Aydogan our Operations Director, who can be contacted at derya@preciseconsultants.com or +44 (0) 2033 250 616.

What type of information is collected from you?

Precise Consultants processes your information to provide you with our services. In some cases, we collect information to meet our legal and contractual obligations. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

The personal information we collect includes your name, address, contact details, IP address, including sensitive personal data (medical details, information in your CV and other application documents such as passports and other certificates); and information regarding what pages are accessed and when; If you contact us, we keep a record of that correspondence; We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them; Details of your visits to our website including, but not limited to, location data, communication data, and the resources that you access; We may be required to take up references, credit checks and other lawful checks.

Special Categories Data - where we obtain and process any special category information, we do so in complete compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Explicit consent is required before this type of data can be processed and shared. Within our industry, special categories of data would be recording languages, physical conditions such as medical reports and allergies, and genetic and biometric data (bideltoid shoulder measurements, PPE and ID’s). Where we rely on consent for processing, this is explicit, with the right to modify or remove consent being clearly signposted.

As a recruitment business, we also collect and securely store the bank details of individuals, such as candidates as well as clients, to facilitate payment processing, payroll services, and other financial transactions related to our services. This information is necessary to ensure accurate and timely payments, including salaries, fees, or reimbursements. In certain circumstances, we may share personal information, including bank details, with financial institutions such as banks, payment processors, or finance providers to complete transactions, fulfil contractual obligations, or comply with legal and regulatory requirements.

Precise Consultants will not in any case submit your details to any client or other third party without your permission.

How do we collect information from you?

We obtain information about you when you use our website, for example, when you contact us about our services, when you apply for a job, when you register for a personal profile, when you submit your CV and when you sign up to receive our fortnightly newsletter. By providing any personal information, the User will agree to the collection and use of the data in accordance with this Privacy Policy.

The personal information provided by the User may be retained by Precise Consultants to keep track of the User's access to the website, to create a profile of the User to better serve it, or to contact the User either electronically or otherwise. Precise Consultants does not intend to retain User's personal information longer than is necessary for the purpose for which it was collected.

Uses made of the information

We will use your information and the subsequent information we collect about you in the following ways:

To provide our recruitment services to you and to facilitate the recruitment process in general. This includes sending CVs to our external formatting company before sharing with upcoming clients. Please note this information is safeguarded and kept confidential with explicit purposes instructed by Precise Consultants.
To assess your suitability, qualifications and skills for current recruitment assignments, and - in some specific instances - recruitment assignments which we think may be of interest to you in the future. We will always gain your permission before discussing your personal details with clients.
To contact and provide you with information and services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes. You may be contacted via, email, call, text or WhatsApp. This communication may include notifications about open positions, application updates, or recruitment events. Your contact information will only be used for this purpose and will not be shared with third parties without your explicit consent. You can opt-out of receiving messages through WhatsApp at any time by replying “STOP” or by contacting us at [team@preciseconsultants.com / 02033250630]. Please state your preference so we know how best to contact you and through which communication channel. Additionally, you can resubmit your answers to our Data Processing Form at any time if your preferences change.
To carry out our obligations arising from any contracts entered into between you and us.
To allow you to participate in interactive features of our service, when you choose to do so.
To notify you about changes to our service.

The purposes and reasons for processing your personal data

We mainly collect your personal data for the performance of a contract or to provide a service.

Precise Consultants takes your privacy very seriously and will never disclose or share your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice.

Lawful basis for candidate data processing:

Precise Consultants’ lawful basis for processing non-sensitive data is ‘legitimate interests’. We confirm that we hold your data on our database with the sole purpose of finding you jobs that match your skill sets and experience. Upon placement stage, when the processing of sensitive categories of data is required as per our clients’ requirements for HSE purposes – we will rely on your consent before processing and sharing this type of data.

Lawful basis for client data processing:

Precise Consultants’ lawful basis for processing non-sensitive client data is ‘legitimate interests’. We confirm that we hold your data on our database with the sole purpose of providing qualified personnel for project requirements you have. We do not process any high-risk categories of data of yours.

Lawful basis for 3^rd party data processing:

Precise Consultants’ lawful basis for processing non-sensitive 3^rd party data is ‘legitimate interests’. We confirm that we hold 3^rd party data on our database with the sole purpose of matching skilled personnel with our clients’ project requirements. We do not process any high-risk categories of data of yours.

Where we store your personal data, how long for and who we share it with?

The data that we collect from you is stored on Bullhorn (our CRM platform) and Outlook (our email server) and may be sent across to our clients and their end clients, for placement purposes, only upon receiving your permission for this type of sharing. Data will in some instances also be shared with payroll companies but only as per your instructions.

We have agreements in place with all of our Data Processors to ensure your data is processed safely. All Processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures. Our Data Processors are Xero (accounting software), Bullhorn (CRM provider), Microsoft Outlook (email server), Red Door IT (specialist IT company), Benchmark (direct marketing mailing platform), SurveyMonkey (customer satisfaction forms) and Top Resourcing (CV formatting company).

In addition to the primary stakeholders involved in data handling, sensitive data may also be shared with various additional third parties. These include medical assistance providers, particularly in emergencies where prompt medical intervention is necessary. Travel suppliers may also receive sensitive data to facilitate travel arrangements and ensure smooth logistical operations. Furthermore, insurance brokers and underwriters may access such data for conducting sanctions checks, managing insurance-related clearances, and to process claims efficiently.

Where you have chosen a password, which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We do not store this information on our end. We ask you not to share a password with anyone.

We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. These are available upon request.

Any documentation we have of yours with expiry dates (passports, medical and safety certificates, GHIC/EHIC, Seaman’s Books, Emergency Contact Forms and Payslip permissions.) we will delete safely from our CRM platform upon expiry. We will keep your personal details on our system until you request us to remove this data. Precise Consultants will first check whether there is a regulatory reason we need to keep this data; the regulatory reason would outweigh the individual's rights under the GDPR. For example, we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years, after which time it will be destroyed.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Your rights

As per the UK General Data Protection Regulation (GDPR), the user (data subject) is entitled to the following:

Right to Transparency: Precise will be transparent about what information is held on you, why we hold it and how it will be used.
Right to Access: You can request to see the information we hold on you at no cost. Please be specific and let us know what type of information you would like to see. Precise Consultants reserves the right to respond within 30 days to this request. Please find the Subject Access Request Form here.
Right to Rectify: You can ask us to correct the information we hold on you if you believe that the information is incorrect or incomplete.
Right to Restrict Processing: If you believe that the data we hold on you is inaccurate, processing can be restricted by you until the accuracy of the data is verified.
Right to Object: You can request us not to process your data (for example: for a certain time period or direct marketing)
Right to be Forgotten: You can request us to delete all the data we hold on you. We will comply with your request only if we do not have a legal obligation to retain that data. In the case of placement data, Precise Consultants have a legislative requirement to keep this data for at least 5 years and it cannot be deleted upon request. If you ask us to never contact you again, we will always keep a minimum amount of information on you on our system to ensure we have a record of this request and can prevent people from Precise contacting you again.
Right to Portability: Data can be requested from us and transferred elsewhere (Please note: this right only applies where the lawful basis is ‘consent’)
Rights related to Automated Decision Making including Profiling: Precise Consultants does not rely on automated decision making nor does it do any profiling. If we were to do this, the data subject would be informed and would have the right to opt-out of this.

Please note: Precise Consultants will not give out information that affects the privacy of someone else (i.e. we will not disclose any data that allows the individual to identify a third party).

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

Data Transfers outside the UK

We may share your personal data with:

Other entities of the Company: At the end of 2023 we expanded our operations globally with a new office in Singapore. We may share personal data with our other entities for the purposes of efficient management of business, compliance with legal and regulatory requirements and to provide our Services to you (include as matching) and to our clients.
Precise Clients: Within the scope of our services, including recruitment and provision of temporary work. For an overview of these clients, click here.
Third parties providing HR-related services to use (e.g. payroll service providers).
Third party providers of IT-related services (e.g. we use an external provider to support our IT-infrastructure; e.g. an important part of our software and databases sit in a cloud-environment which is operated by a third party service provider).
Third parties providers of marketing-related services (e.g. we may store your personal data in a cloud-based CRM-application that is hosted and provided by a third party service provider
Providers of professional services (e.g. to our auditors, our tax advisors, our legal advisors and for the checking of criminal records).
With banks and insurers (e.g. in order to pay the salaries of our contract workers we share some of their personal data with our bank).

We may also disclose your personal data to third parties:

In order to obtain references about you from those third parties if required within the scope of our Services

When we share your personal data as described above, such personal data may be transferred outside the UK.

In the event that we transfer your personal data internationally, we will only do so in line with applicable law, and we will require that there is an adequate level of protection for your personal data, and that appropriate security measures are in place.

Your personal data may be transferred from the UK to countries located within the EEA and to countries located outside of the EEA (such as the United States). In such cases, we will require that the following safeguards are observed:

The laws of the country to which your personal data is transferred ensure an adequate level of data protection. Click here for the list of the countries that, according to the UK Government, provide an adequate level of data protection; or
The transfer is subject to standard data protection clauses approved by the European Commission or International Data Transfer Agreements approved by the UK government. More information about those data protection clauses is available here; or
Any other applicable appropriate safeguards under the UK General Data Protection Regulation.

Safeguarding measures

Precise Consultants takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures including, but not limited to: a bi-annual information security training program, code of conduct, SSL security, firewalls, asset disposal strategies, internet and emails usage strategies, data retention and erasure policies, access authentications, no BYOD strategy, cyber insurance, malware protection, highest level of database encryptions on data entry fields and files, email encryption, access controls, password policies, desk policies, encryptions, data backup strategies, pseudonymization, access restrictions, and 24/7 specialist IT support.

Consequences of not providing your data:

You are not obligated to provide your personal information to us, however, as this information is required for us to provide you with our services, we will not be able to offer some/all our services without it.

Lodging a complaint:

We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.

Please contact the Information Commissioner’s Office, the UK’s supervisory body, to complain.

Last updated: 14/01/2025