This Client Data Policy outlines how we manage the data that is exchanged between the Client ("you"), and the Agency ("us"), collectively referred to as "Parties". This is to include compliance with all applicable laws pertaining to Data Protection.

 

Definitions

The following definitions will have the meanings given to them under the Data Protection Legislation: “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Data Subject”, “processing” and “process”.

Both Parties will comply with all applicable requirements of the Data Protection Legislation and will ensure that they have all necessary consents and notices in place to enable lawful transfer of Personal Data to the other Party for the duration and purposes of these Terms.

The Parties acknowledge that for the purposes of the Data Protection Legislation:

The Client is the Data Controller and Agency is the Data Processor of the Client’s Personal Data.

Both the Agency and the Client are Data Controllers of any Candidate Personal Data.

​

Processing of Data

Both Parties shall, in relation to Personal Data processed during the delivery of recruitment and sourcing services:

• Process that Personal Data only to the extent required to enable it to comply with its obligations under these Terms, or otherwise in accordance with (i) the written instructions of the other Party (when acting as a Data Processor) or (ii) applicable laws which otherwise enable it to process Personal Data.

• Ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data.

• Not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the other Party has been obtained and appropriate safeguards and an adequate level of protection of any Personal Data transferred have been reasonably ensured.

• Assist the other Party, at the other Party’s cost, in (i) responding to any request from a Data Subject and (ii) ensuring compliance with its obligations under the Data Protection Legislation.

• Notify the other Party without undue delay on becoming aware of a Personal Data breach affecting the other Party.

• At the written direction of the other Party (when acting as a Data Processor), delete or return Personal Data and copies thereof to the other Party on termination of these Terms unless required by applicable law to store the Personal Data.

 

The Client agrees that the Agency may process Personal Data using digital recruitment systems, software and programs, via its own IT systems and/or using third party programs and software.

The Client acknowledges and agrees that the Agency may:

• Engage third party IT system providers as subprocessors in the provision of its digital recruitment systems, software and programmes; and

• Engage other third-party subprocessors as required in connection with the processing of Personal Data within the sphere of these Terms.

 

The Agency confirms that it has entered or (as the case may be) will enter with any third-party subprocessor into a written agreement incorporating terms which are substantially similar to those set out in this clause 11. The Agency will regularly monitor the performance of its subcontractors and will remain fully liable for all acts or omissions of any third-party sub-processor appointed pursuant to this clause 11.

 

The Agency shall make available to the Client its current list of subprocessors engaged upon request, which will include the identities of those sub-processors and their country of location. In case of any additions or changes to the current list, the Agency will notify the Client in writing. If the Client has a reasonable basis to object to the Agency’s use of a new subprocessor, the Client shall notify the Agency promptly in writing within 15 Business Days after receipt of the Agency’s notice.