Privacy Policy

Sainty, Hird & Partners (we, us, our) was founded in 1996 and is one of the longest established independent executive search firms in the UK. We provide executive search (recruitment) services to our clients. This privacy policy sets out the ways in which collect and use your personal data (your personal information) in connection with our business. It also explains what rights you have to access or change your personal data.

About us

We are Sainty, Hird & Partners Limited (company number 3176892 and ICO Registration reference: Z6875303), the data controller of the personal information we collect and process about you as described in this privacy policy. We are committed to protecting your personal data.

You can contact us as follows:

FAO:  Robert Simpson, Data Protection Officer

Address:  1 Red Place, London, W1K 6PL

Email:  data@saintyhird.com

Phone number: + 44 (0) 20 7968 4000

How do we collect personal data about you?

We collect information that you provide to us when you:

• Make an enquiry, provide feedback or make a complaint over the phone (including by SMS or other electronic messaging services), or by email;
  
• Submit correspondence to us by post, email, SMS or other electronic messaging services;
• Are or might be a prospective or actual candidate in the context of our executive search services;
• Register to and/or attend our events;
• Submit a CV or an application or attend an interview, or meeting whether on a speculative basis or in the context of a specific executive search assignment being undertaken by us; and
• ’Follow’, ‘like’, post to or interact with our social media accounts, including LinkedIn and Twitter.

Do we source any personal data from publicly available sources and/or from third party data vendors?

In certain circumstances, we will receive information about you from third parties. For example:

Clients: we may receive personal information about you from our clients, for example feedback about applications or interviews.

Employers, colleagues and referees: we may receive personal information about you from your current and former employers, colleagues and referees, who may be based inside or outside the EU.

Publicly available sources: we use publicly available sources, including (but not limited to) company websites; LinkedIn; BoardEx; Bloomberg; newspapers, magazines and periodicals and advertisements on efinancialnews, for instance to gather relevant information about your professional background in order to provide you and/or our clients with relevant information in relation to our executive search services.

We might also receive information about you from third parties or referrals from third parties if you have indicated to such third party that you would like to hear from us.

What personal data are we collecting?

The information you provide to us may include (depending on the circumstances):

Identity and contact data: title, names, addresses, email addresses and phone numbers, age, gender, nationality.

Employment and background data relevant to our executive search services: in the process of executing our executive search services we may also collect information about your employment history, educational qualifications, compensation details, a record of our contact history with you and references from third parties.

We also collect the following information about you:

Information contained in correspondence: we will collect any information contained in any correspondence between us. For example, if you contact us by email or telephone, we may keep a record of that correspondence.

Do we collect special category data?

As a rule, we do not wish to collect and process special category personal data.  Special category data includes information relating to: race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sex life; or sexual orientation. These types of data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

However we may need to process such special category data in the following circumstances:

Occasionally, a specific search may require us to process special category data.  In this instance, we will obtain your consent to process the data, which will be processed in accordance with this Privacy Policy. You may withdraw your consent at anytime (please see below under “Your Rights”) and we will stop processing such special category data.

We do not keep such special category data longer than is necessary for the purpose of the search (please see further below for information of our data retention periods).

What is the purpose of collecting your personal data?

We will use your information for the purposes listed below either on the basis of:

Your consent (where we request it);

Where we need to comply with a legal or regulatory obligation; or

Our legitimate interests or those of a third party – where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you as explained below.

1. To conduct our executive searches: we collect your personal data in order to match you with a position with one of our clients (on the basis of our legitimate interest to provide a comprehensive executive search service to our clients). In the initial stages of a search, we may share basic data (typically your name and a brief employment and academic history), in order to provide the client with a summary of the most suitable candidates for the role in question.
2. To introduce you to our clients who you have expressed an interest in you: before presenting further details about you to our clients, or indicating any potential interest you might have in a role with one of our clients, we would make direct contact with you to confirm your agreement to our sharing more detailed personal data.
3. Relationship management: to manage our relationship with you, which will include notifying you about changes to our terms of use or privacy notice, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated.
4. Social media interactions: to interact with users on social media platforms including LinkedIn and Twitter, for example, responding to comments and messages, posting and ‘liking’ posts (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals).
5. Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).

What are your rights in relation to the personal data we hold?

We will use your information for the purposes listed below either on the basis of:

1. The right to be informed: You have the right to be informed about the collection and use of your personal data in a concise, transparent, intelligible and easily accessible manner.  This is the purpose of this Privacy Policy.
2. The right of access: You have the right to access your personal data and supplementary information (the details provided in this Privacy Policy), so that you are aware of, and can verify the lawfulness of, our processing of your data.
3. The right to rectification: You have the right to have inaccurate personal data rectified information that we hold about you which is out of date or incorrect, or the right to have your information completed if it is incomplete.
4. The right to erasure: You have the right to have your personal data erased.  This is also known as the ‘right to be forgotten’.  The right is not absolute and only applies in certain circumstances.
   If you request that we delete your personal data, we will do this, (providing that there is no other legal reason why we may need to retain your personal data)  We will also instruct any third parties (in our case our clients) that we have shared your data with to do the same.  We may, however, need to retain enough relevant information to record our compliance with a deletion request.
5. The right to restrict processing: You have the right to restrict the processing of personal data in certain circumstances.
   We will also inform any third parties (in our case our clients) of your request to restrict the processing of your personal data.
6. The right to data portability: You have the right to obtain and reuse your personal data (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format for your own purposes.  This only applies to personal data you have provided to us yourself and where we rely on your consent or a contractual requirement to process such personal data.
7. The right to object: You have the right to object to: processing of your personal data which is based on legitimate interests or the performance of a task in the public interest; direct marketing; and processing for purposes of historical research and statistics.
   If you object to us processing your personal data we will stop doing so, unless we have another lawful basis (such as compelling legitimate grounds) to continue the processing.  We will, however, need to retain enough information to record and to keep complying with your objection.
8. Rights relating to automated decision making including profiling: We do not make decisions solely by automated means without human involvement nor do we profile by using automated means.
9. The right to withdraw consent: On the rare occasions that we are required to process special category data we will obtain your consent.  You can withdraw this consent at any time.
10. The right to lodge a complaint: You have the right to lodge a complaint about our processing of your personal data with the relevant  supervisory authority in your country of work or residence.  In the UK, this is the Information Commissioner’s Office (ICO).  Their website is https://ico.org.uk/
    

Should you wish to access any of your rights detailed above, please make a request by contacting the Data Protection Manager, using the contact details at the top of this Privacy Policy.  Once we have verified your identity, we will respond within 30 days (if we are unable to respond within this timeframe we will contact you to explain why an extension is required). We will provide the information free of charge, but will charge a reasonable fee (based on the administrative costs of providing the information) for requests that are: manifestly unfounded; excessive; repetitive; or a request for information already provided. There may be occasions where will refuse to respond.  Should this be the case we will explain our reasons in writing and inform you of your right to make a complaint to the ICO and/or seek to enforce the rights detailed above through a judicial remedy.

What lawful basis are we relying on to process your personal data?

We have set out in this Privacy Policy the relevant lawful basis for each form of processing we undertake. Where we are relying on our “legitimate interests” in relation to our executive searches, research and introduction activities, it is on the basis that you are a senior professional in the financial services, legal and professional services sectors.  We believe that you therefore have a reasonable expectation that (as an executive search firm) we may be processing your personal data.  We also believe that, after undertaking a Legitimate Interests Assessment (LIA) as recommended by the ICO, on balance, our legitimate interests do not affect, nor are overridden by, the interests or fundamental rights and freedoms of you as a data subject.

How is your data kept secure?

Your personal data is stored in a secure, proprietary and highly confidential database accessible only by Sainty, Hird & Partners employees. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:

• Ensuring the physical security of our offices or other sites;
  
• Ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
• Maintaining a data protection policy for, and delivering data protection training to, our employees; and
• Limiting access to your personal information to those in our company who need to use it in the course of their work.

When we disclose your personal data to clients and other 3rd parties, we request that that they undertake to protect the security and confidentiality of such information in accordance with applicable law.

Is any data stored or handled outside the EEA (European Economic Area)?

Our suppliers outside of the EEA

Some of our data is stored on secure cloud based servers, which are located within the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implement:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
  
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, European Commission: Model contracts for the transfer of personal data to third countries; and
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, European Commission: EU-US Privacy Shield.

Clients outside of the EEA

We will notify you in the event that we wish to transfer your personal data to a client outside the EEA.  We will then request that the data is processed in accordance with this Privacy Policy.  We will give you the opportunity to withhold your permission for such a transfer.

Please contact us using the contact details at the top of this Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Is your personal data shared with other organisations?

We may share your personal data with a client if we believe that you have the relevant experience and capabilities for a specific search that we are undertaking.  In the initial stages of a search, we may share basic data (typically your name and a brief employment and academic history), in order to provide the client with a summary of the most suitable candidates for the role in question.  If a client is interested in your possible candidacy, we will contact you directly.  We will then, with your permission, share further details with them.

We may also share your personal data with the following third parties:

Our service providers:

• Website development and hosting services based in the United Kingdom.
  
• IT, system administration and security services based in the United Kingdom.
• Legal, accountancy, auditing and insurance services and other professional advisers based in the United Kingdom.

Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the United Kingdom where necessary to enable us to enforce our legal rights or where such disclosure may be permitted or required by law; and

Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets.

We have the appropriate level of confidentiality protection in our agreements with these service providers and we require third parties to maintain appropriate security to protect your information from unauthorised access or processing.

We do not share your personal data with any other organisation for any other reason.

What is our data retention policy?

We also do not wish to hold your personal data for longer than is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it.

We have established a time limit of 7 years for either the deletion of records or for a periodic review.

We believe that it is important to clarify the nature of the personal data we hold on you.  Most of the data we collect will either have been provided by you, or collected from publically available sources, and has been built up over a number of years.  We believe that retaining details of any previous contact between ourselves is mutually beneficial.  If we currently hold your personal data, it is treated in the same way as a doctor’s notes of a patient.  It is a record of past contact between ourselves.

However, it is important to recognise that being part of our internal database is neither an advantage nor disadvantage.  When undertaking an assignment we research the whole market and do not rely solely on the information that we already hold.

Please contact the Data Protection Manager using the contact details above if you would like further information about our data retention policy.

Personal information that this website collects and why we collect it

This website collects and uses personal information for the following reasons:

Site visitation tracking

• Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
  
• Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third-party data processor (see section below).
• GA makes use of cookies, details of which can be found on Google’s developer guides. FYI our website uses the analytics.jsimplementation of GA.
• Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
• In addition to Google Analytics, this website may collect information (already held in the public domain) attributed to the IP address of the computer or device that is being used to access it.

Our website

• If you are under 16 years of age you must obtain parental consent before supplying any personal information on the Sainty, Hird & Partners  website.
  

Contact forms and email links

• Should you choose to contact us using the contact form on any of our website pages, none of the data that you supply will be stored by this website, instead the data will be automatically entered into our website form system Webflow.
  

About this website’s server

This website is hosted by Webflow within and information about hosting can be found here. Some of the data centre’s more notable security features are as follows:

• Protection against distributed denial of service (DDoS) attacks.
  
• Webflow provides SSL certificates for all sites hosted in Webflow.
  

Full details of Webflow’s data centre can be found here. All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

Our third-party data processors

We use two third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in this Privacy Policy. These third parties are based in the UK and USA and the links through to their privacy policies are available below:

• Google (Privacy policy).
  
• Webflow (Privacy policy).
  

Security and data breaches

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Should there be any breach of your personal data, we will inform you within 72 hours of knowing of it. We strive to ensure your personal information is protected at all times.

How will we contact you?

We may contact you by telephone, email, SMS or other electronic messaging services or social media.  If you prefer a particular contact means over another please let us know.

Changes to this Privacy Policy

We keep our Privacy Policy under regular review.  If there are material changes to our Privacy Policy, we will detail the changes here.

This Privacy Policy was updated on 25 May, 2018.