Global Privacy Policy
November 2023
This policy applies to the group of companies that are ultimately owned by Robert Walters plc (company no. 03956083) of 11 Slingsby Place, St Martin's Courtyard, London, WC2E 9AB, United Kingdom, trading under the Robert Walters, Resource Solutions and Walters People brands (collectively referred to as the “Robert Walters Group”).
References in this policy to “we”, “us” or “our” are references to the Robert Walters Group.
The Robert Walters Group provides:
We operate through a global network of affiliated entities and utilise vendors where needed, to ensure we provide the best solutions to our clients across the countries where we perform services.
If you are uncertain about who the data controller of your personal data is, please contact us using our contact information set out in section 13 of this policy.
The purpose of this Global Privacy Policy (“policy”) is for us to inform you how we collect, use and disclose your personal data. It is important that you read this policy in conjunction with any notices or statements relating to data, data protection, fair processing and/or privacy that we may issue at the time of collecting your personal data where applicable in the jurisdiction. They are not intended to override the policy unless stated otherwise by us in such policy, notice or statement.
1. What personal data do we collect?
Personal data is any information relating to an identified or identifiable person.
We will only collect personal data that we are permitted to collect by law on a jurisdictional basis. We have set out below a non-exhaustive list of the types of personal data that we most commonly collect.
Type of Personal Data |
Description of Personal Data |
Identity data |
Your title, first name, last name, maiden name, date of birth, gender, photograph, national insurance number (or equivalent in your country), nationality and other information relating to residency and citizenship which may be required to establish a right to work in a given country, marital status and number of dependents. |
Contact data |
Your delivery address, email address and telephone numbers, emergency contact details and contact details history. |
Historical data |
Your educational history and credentials, employment history, criminal background history, social media, skills and qualifications, and results from any other background and disclosure checks in countries where it is lawful to carry out such checks. |
Employment-related data |
Your current remuneration, pension and benefits, what role you are looking for, what work-related areas interest you, third party references (if taken) and interview and assessment feedback created either ourselves or by our client following an interview or assessment. |
Verification data |
A copy of your driving licence, passport, identity card or another form of identification and referee details. |
Financial data |
Your bank sort code and account number and tax-related information and credit checks. |
Diversity data |
We may collect diversity data for governmental reporting purposes, which may include racial or ethnic origin, religious or other similar beliefs and physical or mental health, including disability-related information. |
Technical data |
Your internet protocol (IP) address, MAC address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, mobile phone location data and other technology on the devices you use to access our website and our services. |
Profile data |
Your usernames applicable to accessing our services, interests in so far as these are applicable to the services we provide to you and other preferences and other insights or determinants that we have gained from our analysis and profiling of you. |
Usage data |
How you use and navigate around our websites and what you browse within them. We also may have any CCTV footage collected when you have attended our premises. |
Marketing data |
Your preferences in receiving marketing from our third parties and us and your communication preferences. |
Visa application data |
Your contact and identity information, immigration history (including residency, immigration status and travel history), character disclosures (including offences, disclosures and information relevant to meeting character requirements), health disclosures and information relevant to meeting health criteria. |
Video |
If video surveillance operates in or near our offices we may capture images of you where permitted by law. We may also capture video of you if you attend an event organised by us where you have given your express consent for us to do so. |
Sensitive or special category personal data - during the recruitment process or in the course of the services we operate, we may collect personal data that is considered sensitive or special category in certain countries. We may be required by local privacy laws to obtain your explicit consent to handle this type of personal data. You will be provided with a consent form if your express consent is required. Please contact us if you have not been provided with a consent form and you believe we hold your sensitive or special category personal data.
In respect of candidates and users of Robert Walters Group websites, we also handle the following types of data:
The age at which an individual is regarded as a child differs per country. We do not typically collect personal data relating to individuals under 18.
2. How we collect personal data
We generally collect your personal data directly from you. For example, we collect your personal data when you:
We may also use the following third party channels to collect your personal data:
We may also collect your personal data from publicly available sources where permitted in the jurisdiction, including:
We allow you to sign up or login to a Robert Walters Group account with a LinkedIn, Facebook or Google account (“Social Media Account”) so you can use our online services simply and easily without having to create a specific account with us. If you choose to use this feature, we will process your name and primary email address on your Social Media Account in accordance with this policy.
Cookies are small text data stored on your PC or mobile device and are created by the website's servers. We collect your personal data automatically via cookies when you visit Robert Walters Group websites, in line with the cookies settings in your browser. You can find out more about these cookies, including how we use them and what choices are available to you, by reading our Cookies Policy. You can find out more about the use of cookies on http://www.allaboutcookies.org/.
3. How we use personal data
We will only use your personal data when the law permits us to, and the uses set out below will be subject to that requirement.
Candidates
Your personal data will be collected and handled by us in order to:
Business contacts (personnel of our prospective clients, clients, prospective suppliers and suppliers)
Your business information will be collected and processed by us in order to:
Website users:
Your personal data will be collected and handled by us in order to:
Depending on the contact preferences you select, we will communicate with you by post, telephone, SMS, email or other electronic means such as via social and digital media. We may use your usage data to help ensure that this messaging is personalised and relevant to you.
Referees:
We will use your personal data purely for the purpose of conducting a reference check on a candidate.
Visa Applicants:
Your personal data will be collected and handled by us for the purpose of preparing and processing your visa application and related immigration services.
4. Who your personal data is shared with
Subject to local regulations in the jurisdiction, we may disclose your personal data to:
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, which includes compliance with this policy.
5. Legal grounds
In certain countries our companies that act as a data controller are required to establish legal grounds as set forth by applicable law to process your personal data. Depending on our relationship with you, if required to do so, we will rely on one or more of the following legal grounds:
Legal Ground |
Permitted Purpose |
Where you have given us consent to use your personal data for one or more permitted purposes. |
For example:
|
Where we need to process your personal data to comply with a legal or regulatory obligation. |
For example:
|
Where we need to process your personal data to perform the contract, we are able to enter or have entered into with you. |
For example:
|
Where the processing of your personal data is necessary for the pursuit of our legitimate business interests and your interests and fundamental rights do not override those interests. |
For example:
|
If you would like to know what legal grounds we rely upon to process your personal data, please contact us using our contact details in section 13 of this policy.
6. Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We view our relationship with you as being one which is to support your career through numerous roles and assignments. Accordingly, we may retain your data for a period of time which is materially greater than simply one placement if we reasonably believe that we will continue to have an ongoing relationship with you.
We will appropriately and securely dispose of your personal data when it is no longer required. To determine the appropriate retention period for personal data, we will consider the following factors:
When we act as a data processor to our clients, the data controllers, we will retain your personal data in accordance with the retention periods prescribed by our clients..
7. Your rights
The country you are located in and the applicable privacy laws determine your rights in respect of your personal data. These may include:
Right |
Description of Right |
Right to be informed |
about your personal data and details of the handling and processing of that personal data and information, including, as applicable the safeguards used to protect your personal data in the event that we transfer it outside the territory it was collected in; |
Right of access |
to your personal data and to obtain information about how we handle and process it; |
Right to have inaccuracies corrected |
if your personal data is inaccurate, including to have incomplete personal data completed; |
Right of erasure |
of your personal data, which is also known as the “right to be forgotten”. We do not delete personal data from our back-up files that are created for disaster recovery purposes and are not easily accessible; |
Right to restrict handling and processing |
of your personal data, which includes requesting us to suppress your personal data file; |
Right to move, copy or transfer |
your personal data to another organisation, also known as “data portability”; |
Right to object |
to the handling and processing of your personal data for certain purposes, in particular to personal data processed for direct marketing purposes and to personal data that is handled and processed for certain reasons based on our legitimate interests; |
Right to withdraw consent |
or permission that you have previously provided to us in relation to our handling and processing of your personal data, such as for the purposes of marketing by electronic means; |
Rights in relation to automated decision making |
where such automated decision making has a legal effect on you or otherwise significantly affects you; and |
Right to complain |
to us in relation to the handling of your personal data; or the regulatory body which enforces data protection law in your locality. |
Please contact us using our contact details set out in section 13 of this policy if you wish to exercise any of your legal rights.
Where permitted by law, you may be charged a fee to access your personal data or to exercise any other right that may apply. We will let you know if a fee applies to your request before we complete it.
We may also request certain information to help us confirm your identity, ensure your right to exercise any of rights in the table above and to prevent your personal data being disclosed to any person who has no right to receive it.
We will respond to all legitimate requests within any legal timeframes.
8. Technology
We will always use your personal data fairly. We may on occasion use technological filters to sort through the job applications we receive and to match candidates to specific job vacancies. If we have used technological tools to a significant extent when assessing your job application, we will inform you of this. Please let us know when we contact you if you feel there are other factors that we should consider as part of your job application.
9. Data security
We hold your personal data in a combination of secure computer storage facilities and paper-based files.
We have in place an appropriate level of security around your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage to it.
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of harm that might result from unauthorised or unlawful processing, accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to your personal data including:
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They must only process your personal data on our instructions and subject to the access controls listed above. They are also subject to a duty of confidentiality.
We have agreed on security-related measures with the third parties we share your personal data with to ensure that it is treated by those third parties in a way that is consistent with how we safeguard your personal data.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority where we are legally required to do so.
If you suspect any misuse, loss of or unauthorised access to your personal data, please contact us immediately using our contact details in section 13 of this policy.
10. Personal data storage and transfer
Personal Data originating from the UK or European Economic Area (“UK or EEA Personal Data”)
Due to the global nature of our business we may need to transfer UK and EEA Personal Data outside of the UK and EEA. For example, we may transfer personal data to Robert Walters Group companies, service providers and government or public authorities in order to perform our recruitment services and comply with our legal obligations.
If we do transfer UK and EEA Personal Data outside of the UK and EEA, we will make sure that appropriate safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply, or we are authorised to do so. If requested, we will provide you with details of the safeguards that we have implemented.
We, our service providers and/or the third parties to whom we may disclose UK and EEA Personal Data may transfer such data outside of the UK and EEA.
Personal Data originating from outside the UK or EEA (“Non-UK and Non-EEA Personal Data”)
We collect personal data relating to individuals in the following countries outside the UK and EEA: Africa, Australia, Brazil, Canada, Chile, China (including Hong Kong and Taiwan), India, Indonesia, Japan, Malaysia, Mexico, Middle East, New Zealand, Philippines, Singapore, South Africa, South Korea, Switzerland, Thailand, United States of America and Vietnam.
Due to the global nature of our business we may need to transfer Non-UK and Non-EEA Personal Data outside the original territory in which the data was collected (“Original Territory”). For example, we may transfer personal data to Robert Walters Group companies or potential employers internationally in any of the countries listed above, and to service providers and government or public authorities in order to perform our services and comply with our legal obligations.
If we do transfer Non-UK and Non-EEA Personal Data outside the Original Territory, we will make sure that such transfers are performed in compliance with applicable law. We, our service providers and/or the third parties to whom we may disclose Non-UK and Non-EEA Personal Data may transfer such data outside of the Original Territory.
11. Privacy policies of third parties
This policy explains how the Robert Walters Group handles your personal data. Please also read the privacy policies of the social media platforms and third party websites through which you arrive at a Robert Walters Group website. We encourage you to read the privacy policies provided by these sites before giving them your personal data.
12. Changes to this policy
We reserve the right to change this policy from time to time. Changes will be notified on our website seven days before taking effect. We may make emergency changes to this policy when we believe it is reasonable to do so e.g. to comply with legal or regulatory requirements.
13. How to contact us
If you have questions or comments about our privacy practices, or if you would like to submit a request exercising your privacy rights, please contact us. You can:
Email us at the mailbox for your country below:
Africa and the Middle East |
|
Australia and New Zealand |
ANZPrivacyOfficer@robertwalters.com.au |
Brazil |
|
European Economic Area (EEA) and UK |
dataprotection@robertwalters.com or dataprotection@resourcesolutions.com |
Greater China and Southeast Asia (India, Indonesia, Malaysia, the Philippines, Thailand, Vietnam) |
|
Japan |
|
Singapore |
|
South Korea |
|
Switzerland |
|
USA and Canada |
dataprotection@robertwalters.com or dataprotection@resourcesolutions.com |
Brazil, Chile and Mexico |
Contact our Data Protection Officer (DPO):
Richard Harris
DPO@robertwalters.com
Contact our EU representative (RESOURCE SOLUTIONS UK ONLY):
Sandy Scott
eu.representative@robertwalters.com
14. Country Specific Information
United States of America, California |
The data processing activities we carry out on the personal information of California residents (“California data”) does not currently fall within scope of the California Consumer Privacy Act (CCPA). Should this change over time, we will update this policy accordingly. Please rest assured that we do and will continue to ensure that we follow best industry practice when processing California data. |
||||||||||||
Australia |
Process for lodging a complaint if you believe your personal data has been mishandled by us:
|
||||||||||||
Mainland China |
For the purposes of this Policy, references to “personal data”, “sensitive or special category personal data”, “process/processing”, “data processor”, and “supervisory authority” shall have the same meaning as “personal information”, “sensitive personal information”, “process/processing”, “entrusted party” and “supervisory authority” as defined in the Personal Information Protection Law of the People’s Republic of China (the “PIPL”). The personal information processor located in China responsible for the processing and protection of your personal information is Robert Walters Talent China Limited (“we”). By agreeing to this Policy, you consent to our processing of your personal information in accordance with this Policy. To the extent required under applicable law, we will obtain separate consent from you before processing your sensitive personal information, providing your personal information to other personal information processors, exporting your personal information, etc. What personal data do we collect? Despite the types of personal data listed in Chapter 1 of this Policy, we may collect and use your personal information for the following purposes.
The Processing of Sensitive Personal Information With regard to the “sensitive or special categories of personal data” referred to in Chapter 1 of this Policy, we will only process your sensitive personal information if there is a specific purpose and sufficient necessity to do so, and if strict protection measures are taken. In mainland China, we may collect and process your sensitive personal information, including your medical and health data, and financial account. You understand and are aware that sensitive personal information is personal information that, if disclosed or used illegally, could easily lead to the infringement of a natural person’s human dignity or the endangerment of the safety of his or her person or property. Unless otherwise provided by laws, before processing your sensitive personal information, we will obtain your separate consent, i.e., in addition to your consent for this Policy, we will also obtain your separate consent for the processing of sensitive personal information by providing a separate checkbox. If you are the parent or guardian of a minor under the age of 14 (“Child”), we will obtain your separate consent before processing the personal information the Child. Legal grounds Depending on our relationship with you, if required to do so, we will rely on one or more of the following legal grounds:
In most cases, we will process your personal information based on your consent or HR management necessity. Who your personal data is shared with We may entrust third parties in Chapter 4 of this Policy your personal information to fulfil the purposes set out in Chapter 3 of this Policy. In case where your personal information is provided to other third-party personal information processors who can independently determine the purpose and means of processing, we will inform you with the information as required by applicable laws and obtain your separate consent or rely on other appropriate legal grounds. Personal Information Export Due to the global nature of our business, we may need to transfer your personal information outside your country of residence to a Robert Walters Group company in order to perform our services and comply with our legal obligations. Where personal information is transferred to another jurisdiction outside mainland China, your personal information will be secured by appropriate safeguards as set forth under applicable law, including without limitation, where applicable by conducting a personal information protection impact assessment, concluding the standard contract published by the supervisory authority for the transfer of personal information between RW’s mainland China entity and the overseas recipient, as well as filing the standard contract in accordance with relevant regulatory requirements, etc. To the extent required under applicable law, we will obtain separate consent from you before the export of your personal information. Specifically, we may export your personal information to the following overseas recipient:
|
||||||||||||
Thailand |
Personal Data originating from outside the UK or EEA (“Non-UK and Non-EEA Personal Data”) We collect personal data relating to individuals in the following countries outside the UK and EEA: Africa, Australia, Brazil, Canada, Chile, China (including Hong Kong and Taiwan), India, Indonesia, Japan, Malaysia, Mexico, Middle East, New Zealand, Philippines, Singapore, South Africa, South Korea, Switzerland, Thailand, United States of America and Vietnam. Due to the global nature of our business we may need to transfer Non-UK and Non-EEA Personal Data outside the original territory in which the data was collected (“Original Territory”). For example, we may transfer personal data to Robert Walters Group companies or potential employers internationally in any of the countries listed above, and to service providers and government or public authorities in order to perform our services and comply with our legal obligations. If we do transfer Non-UK and Non-EEA Personal Data outside the Original Territory, we will make sure that such transfers are performed in compliance with applicable law. However, we highlight that some countries may have less stringent personal data protection framework and standards. We, our service providers and/or the third parties to whom we may disclose Non-UK and Non-EEA Personal Data may transfer such data outside of the Original Territory. |
||||||||||||
Vietnam |
Notification of processing personal data With effectiveness from 1 July 2023, we would like to inform you about our processing of your personal data and updating the Policy’s contents in relation to personal data processing in your jurisdiction in this Country Specific Information. Contents in this Vietnam part together with the above contents of the Policy will constitute a complete personal data processing notice and provide you with information, including but not limited to the following: (i) Types of personal data (including sensitive personal data) to be processed (as specified in Section 1 of this Policy); (ii) How personal data is processed and processing methods (as specified in Sections 2 and 3 of this Policy) (iii) Parties involved in the processing of personal data (as specified in Section 4 of this Policy); (iv) Retention, with the start time and end time of personal data processing (as specified in Section 6 of this Policy); (v ) Consequences and unexpected damages that are likely to occur; and your rights and obligations (as specified below in this part of Section 14 Country Specific Information). Accordingly, you as a data subject will have the following rights regarding your personal data in accordance with the applicable laws:
By giving consent to this Policy, you acknowledge and confirm that you are fully aware of your rights and obligations pertaining to personal data stipulated under the applicable laws in your jurisdiction. During personal data processing, we use appropriate technical, physical, and administrative security measures to protect your personal data and to mitigate the risk of loss, misuse, unauthorized access, disclosure, or modification of such data. Nevertheless, data loss and information leakage may still occur due to technical reasons, bad actors, unlawful or unauthorized destruction, loss, alteration, access, disclosure, use, or other unforeseen circumstances that are beyond our control. No Internet transmission is 100% secure or error-free, nor is stored data free from vulnerabilities. Robert Walters cannot guarantee the security of our websites, databases or services, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the Internet. To the extent permitted by the applicable laws, we will proceed to notify the violation (if occur) the concerned parties and competent authorities within the statutory time limit. If you suspect any misuse, loss of or unauthorised access to your personal data please contact us immediately using our contact details in Section 13 of this Policy. |