At Rosie’s People, we are committed to protecting your data and privacy. We have provided this policy to ensure that you are fully aware of how and why we collect personal data about you when you are engaging with us. We will also provide you with information about why and when we may share your personal data and with whom.

Your Consent

You should ensure that you have read and understood this policy before providing your personal data to us. Whenever you submit information to us, whether online or offline, you consent to the collection, use and disclosure of that information in accordance with this policy.

The data we collect about you

Personal data (also known as personal information), means any information about an identifiable person which can be directly or indirectly assessed.

We may collect, use, store and transfer different types of personal data about you. These can be separated into the following different categories, however, and not all of these categories might apply to you:

• Identity Data includes first name, maiden name, last name, title, gender and age. If you are a registered company, this will include your company name and company number (where applicable).
• Contact Data includes your current address, email address and phone number. Where you are a candidate, this will be as listed on your curriculum vitae (“CV”)/résumé or relevant application form; where you are not a candidate, this will be as provided to us or extracted from your public profile, as set out below.
• Image Data includes your photograph if you have opted to include this in your CV/résumé and/or your LinkedIn profile. Image Data is only collected in respect of candidates.
• Education Data includes details about your current and/or previous education history. Education Data is only collected in respect of candidates.
• Employment Data includes details about your current and previous employment roles, your expected salary, and the specific sector that you work in. Employment Data is only collected in respect of candidates.
• Technical Data includes internet protocol (IP) address, browser type and version, universally unique identifiers, time zone setting and location, browser plug-in types and versions, operation system and platform, and other technology on the devices you use to access our website.
• Usage Data includes information about how you use our website and services.
• Marketing Data includes your preference in receiving marketing from us and our affiliated third parties and your communication preferences.
• Diversity Data includes details of your gender, sexual orientation, race or ethnicity or religious or philosophical beliefs if you choose to engage with our diversity questionnaire. Diversity Data is generally only collected in respect of candidates and only where reasonably required. Our use of Diversity Data is occasional and completely optional.

We may also collect, use, and share Aggregated Data such as statistical or demographic data. Aggregated Data could be derived from your personal data but is not considered personal data under UK law as it does not directly or indirectly reveal your identity. For example, we may aggregate your Contact Data and Employment Data to ascertain whether there is a specific geographical area where we are placing the most candidates. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data in accordance with this privacy policy.

Other than Diversity Data (which is collected by us only occasionally and when reasonably required) we do not collect any Special Category Personal Data about you (this includes details about your sex life, political opinions, trade union membership and genetic and biometric data). Nor do we collect any information about criminal convictions and offences, unless expressly disclosed.

How do we collect your personal data?

We only collect personal data (including information concerning your health) by lawful and fair means. We use different methods to collect data from and about you, depending on how and which of our services you interact with. We do this through the following:

• Direct interactions. You may give us certain personal data by providing us with a copy of your CV or résumé, completing any questionnaire we provide to you or by choosing to interact with us via phone, email, our website(s) or in any other way.
• Automated technologies or interactions. As you interact with our website(s), we will automatically collect personal data relating to your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookies policy here. Do Not Track Notice: Because there are not yet common, industry-accepted “do not track” standards and systems, our websites do not respond to Do Not Track signals.
• Third-party or publicly available sources. We may receive and collect personal data about you from various third parties from time to time. We may collect personal data available on your LinkedIn profile. Your personal data will not be extracted from LinkedIn to our own database where your personal LinkedIn preferences are set to ‘private’ (or equivalent). We may also collect publicly available personal data about you through the use of the PitchBook platform, which we use to collect information relevant to our services.

We do not intend for the above list to be exhaustive but rather provide you with some examples of the types of third parties from which we may receive data. This list may therefore be updated from time to time.

What personal data do we collect, how do we use this and what is our lawful basis for such use?

The table below sets out the personal data we collect from you, how we use it and our lawful basis for doing so.

Purpose/Activity	Type of Data	Lawful basis for processing including basis of legitimate interest
To register your interest as a prospective candidate for our candidate placement services which will include: · Adding you to our candidate database (this may be based on information obtained via LinkedIn or other public sources of information you provide directly to us); · Where requested by you, contacting you throughout the registration process; · Making you aware of any suitable up-and-coming job prospects;	(a) Identity (b) Contact (c) Education (d) Employment (e) Marketing (f) Diversity (where reasonably required)	Necessary for our legitimate interests of maximising our database of potential candidates to ensure we provide the best possible service to our clients and therefore are able to expand our business. In respect of Diversity Data, your explicit consent.
Providing your profile to our clients (potential employers) once you confirm you’re happy for us to do so.	(a) Identity (b) Contact (c) Image (d) Education (e) Employment (f) Diversity (where reasonably required)	Necessary for our legitimate interests of properly servicing our clients and your legitimate interests of finding an appropriate role.
To manage our relationship with you which will include: · notifying you about changes to our terms or policies; and · asking you to leave a review for feedback or take a survey.	(a) Identity (b) Contact (c) Marketing	Necessary to comply with a legal obligation. Necessary for our legitimate interests to understand and analyse what our clients think about us and how they use our service so that we can further grow our business.
To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).	(a) Technical (b) Usage	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Necessary to comply with a legal obligation.
To use data analytics to improve our website, services, marketing, customer relationships and experiences.	(a) Technical (b) Usage	Necessary for our legitimate interests to define types of candidates, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
To provide updates to you about open job opportunities which may suit your expertise. This may include marketing campaigns.	(a) Identity (b) Contact (c) Education Data (d) Employment Data (e) Marketing	Where such communications are marketing communications made by email, phone or SMS or other electronic message, with your consent. In all other cases, necessary for our legitimate interests to engage our prospective candidates and employers so that we can develop our business.
Where you are an employer client, to contact you about potential candidates, upcoming job vacancies and generally to provide our services to you.	(a) Identity (b) Contact Data	Necessary for the performance of a contract.

We may also use all types of personal data as necessary for the establishment, exercise and defence of legal claims.

Intended Audience of Websites; COPPA Compliance

The Children’s Online Privacy Protection Act (“COPPA”) does not apply to us because our websites are not directed to children under the age of 13. For purposes of clarity, our websites do not request or knowingly collect personal data from individuals under the age of 13. If you are not 13 or older, you should not visit or use our websites. If we learn that personally identifiable information of persons under 13 years of age has been collected on our websites without verified parental consent, then we will take appropriate steps to delete the information.

Where we store your personal data

Your personal data will be stored in one or more of our candidate databases (which are hosted by third-party service providers). We may also store your personal data in our cloud storage systems.

Sharing/disclosing your personal data

We may share your personal data with the parties below for the purposes set out in the table above.

• We may share your personal data internally as necessary to provide our services and because we use shared databases, this enables us to use the data we hold in the most efficient way.
• Externally to third parties such as:
  • Our service providers (who will only process personal data in accordance with our instructions unless you are notified otherwise);
  • Our professional advisers including, lawyers, bankers, auditors and insurers to provide consultancy, banking, legal and accounting services;
  • Regulators (such as the ICO), government agencies, accreditation bodies and other legal or enforcement bodies, to the extent required by law, rule, regulation or industry practice;
  • Any of our third-party researchers or consultants who we may employ from time to time for the legitimate aim of progressing our business needs; and
  • Any third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Contact Preferences; Opt-In and Opt-Out

We would like to keep in touch with you in ways that you find to be beneficial. You can ask us to stop sending you marketing or job notification messages at any time by following the opt-out links on any marketing message sent to you. Keep in mind that these particular preferences do not mean that we might not contact you for other reasons, such as those related to a matter you initiated on your account, a legally required notice and so on.

International transfers

Your personal data may be shared with other countries outside of your country of residence, as follows:

Transfers made by our third-party service providers:

When we record your personal data on our candidate database, this may involve a transfer of your personal data to another country, if the server upon which our candidate database is hosted is based in another country or countries, or if the client is based in another country and has branches in other countries.

Our third-party service providers have implemented adequate safeguards to ensure the protection of your privacy and fundamental rights and freedoms.

External Links

We may make available third-party applications through our websites and social media applications for your use. Links to such applications, any other websites included in our website or links on our social media accounts operate with privacy policies beyond our control. Unless otherwise indicated, once you have left our websites or our social media account, all use of information you provide is governed by the privacy policy of the other website’s or social media account’s operators. We are not responsible for any transactions that occur between you and a third-party website or social media account.

How do we protect your personal data?

We protect your personal data in the following ways:

• We will not request information which is excessive for our purposes.

• We try, with your assistance, to keep any information we hold about you up to date and accurate.

• We delete any information we hold about you that is no longer relevant per our retention policy.
• We anonymise information where we do not require personally identifiable information for the purposes for which it is used.
• Where reasonably possible, we store any Diversity Data we collect in a pseudonymised form (which means, by way of example, that data relating to your ethnicity is recorded in a coded way which is not accessible by third parties without access to further information that is not readily available to them). We do not collect Diversity Data unless reasonably necessary.

• We follow strict security procedures in the storage and disclosure of information that you have given to us to prevent unauthorised access.

• We have appropriate written agreements in place with those advertisers with which we may share any application form submitted by you.
• We have in place technical and organisational security measures to ensure the protection of your personal data, including an Annual employee training which includes, data protection and cyber security training

If you would like further information on the technical and security measures that we implement to protect your personal data, please contact our Data Protection Officer at info@rosiespeople.com

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Retention of personal data

We will retain the personal data provided to us in connection with the engagement of our services for the following periods:

• If you have engaged with our candidate placement or talent solutions services and have uploaded or provided a copy of your CV/Resume, the information contained therein, together with any other personal data we have collected about you (as set out above) will be stored on our relevant case management system for no longer than is necessary to pursue our legitimate interests (as set out above). In any event, your data will be deleted no more than 10 years following your last contact with us.
• If your personal data is obtained from your LinkedIn account, we will store the relevant data for no longer than is necessary to pursue our legitimate interest (as set out above) and in any event, it will be deleted no more than 10 years following its initial collection.
• If you are a client, we will hold your personal data for at least six years following the termination or expiry of our contract with you or your business/employer (as applicable).
• We retain Technical Data and Usage Data for up to 12 months following collection.

You have various rights pertaining to your personal data

You have various rights in respect of your personal data, as follows:

• a right of access to a copy of the personal data we hold about you;

• a right to object to processing that is likely to cause or is causing damage or distress to you;
• the right to object to our processing of your personal data for direct marketing purposes;

• a right to object to decisions being taken by solely automated means;

• a right in certain circumstances to have information transferred to you or a third party;
• a right in certain circumstances for the personal data we hold about you to be erased; and
• a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed.

If you wish to exercise any of these rights, please contact us by writing to us by email at info@rosiespeople.com. Alternatively, you can call us on 020 3289 3975.

We may make changes to our privacy policy

This privacy policy may be revised from time to time for any reason. Any changes we make to our privacy policy in the future will be posted on this website and notified to you the first time you access our website following such change. Be sure to check the privacy policy whenever you submit personal data to us or use one of our websites.

Your right to make a complaint in respect of our use of your personal data

You have the right to complain in respect of our use of your personal data. If you are a UK resident, your complaint would normally be addressed to the Information Commissioner’s Office (‘ICO’). Please contact us before you escalate your complaint.