Privacy Statement

Quest Search & Selection Ltd.’s Privacy Policy is our commitment statement to the EU General Data Protection Regulation (GDPR) which aims to support and enhance the privacy of individuals in the EU and their rights over the data that is collected and stored about them. GDPR is effective regardless of the UK’s membership status within the European Union. As a recruitment company providing recruitment services we transact business with client organization in the EU using personal data belonging to EU national. As such Quest will fully comply with the GDPR legislation as of 25th May 2018.

Quest Search & Selection Ltd., as a recruitment company is a data processor and data controller. We are committed to ensuring we comply with all the applicable GDPR regulations. As an international recruitment business based in the United Kingdom and the United Arab Emirates, Quest operate using a shared CRM and data across both locations for the Quest companies which are the UK limited company, its UAE DMCC freezone company and its UAE LLC business.

Quest is the Data Controller of the personal data we are provided with. As such we take people’s data privacy very seriously.  Our Privacy Policy describes how we will use information on individuals who visit this website or participate in our recruitment services. As a company providing global recruitment solutions all of our recruiters operate across the same CRM systems and software which are Jobscience and Bond Adapt. Our offices are connected via cloud based systems and storage. Quest take all reasonable precautions to ensure your data is securely stored and accessible only to our members of staff. All Quest staff across both countries are compliant with GDPR when processing the data of EU nationals, operating within the EU states and the UK.

 

Data Processing Notice: Quest are obliged to supply a ‘Data Processing Notice’ when we store personal data in our company’s database and this Privacy Policy serves as the Data Processing Notice.

Below we outline Quest’s data processing and privacy points:-.

1. What information and personal data we collect.

2. How we collect personal data and from what sources.

3. Why we hold your personal data and the legal premise for processing your personal data

4. How your personal data is shared

5. Your legal rights.

6. How long we keep personal data for

7. Subscription preferences and marketing communications

8. Cookie policy

9. Points of contact for GDPR and data enquiries

10. Disclaimer of warranties

1.  What Information and personal data Quest collect.

 

Quest will collect personal data to help us align individuals with the most suitable vacancies and career opportunities. The data we collect includes, but is not limited to, your name and contact details which will include email address[es], phone number[s] and your curriculum vitae. For UK and EU opportunities we will collect full name, address, skills, job preferences, work history, salary details, nationality, and (when requested by a client), a passport copy and or other documentation and certificates. Sometimes this will include ethnic origin, religion and/or health (known as ‘special category data’ in GDPR) and criminal convictions where such sensitive information is legally required and appropriate.

For international employment we will often require other personal data such as gender, date of birth, and family status including ages and number of children. Other personal data relating to your professional profile may be obtained from sources in the public domain such as LinkedIn, Twitter, Facebook and news sites.

2.  How we collect personal data and from what sources

 

Quest will source and collect personal data through several means:-

  • You forwarded a CV through a direct application on Quest’s website
  • You uploaded your CV onto Quest’s website
  • You applied for a position through an advertising channel where Quest had advertised.
  • We approached/headhunted you as we found your details on a job-board, a CV bank or similar profiles database
  • We approached you from having seen your profile on LinkedIn, Xing or similar online media
  • You were headhunted directly after a personal recommendation

When your CV and profile details have been received, we will store the information provided on our CRM system. Our recruiting staff will review your data and profile and where your application is suitable, they will make contact to inform you that we are interested in your profile and holding your personal data for recruitment purposes and related communications.

Where an application is made on your behalf to a client you will have been informed about the position and have given your express consent.

Quest may share your personal data with clients for prospective career opportunities and vacancies where our recruiting staff have specified the clients that will be contacted on your behalf.

3.  Why we hold your personal data and the legal basis for processing this data

 

Quest hold your personal data for legitimate business interests in order to carry out our core business activity of recruitment services and solutions. Below are the main reasons regarding why we hold your data:-

  • To provide you with recruitment services.
  • To enable your CV to be submitted for current job applications
  • To retain your CV for future vacancies over and above the initial vacancy for which you were considered.
  • To follow up and make contact after an application has been submitted.
  • To continue your business relationship with Quest as a candidate, a client or a user of our website and services.
  • To identify you and answer questions and enquiries
  • To provide appropriate marketing communications such as Job Alerts, News, Events Competitions and Surveys (with opt-out and unsubscribe options).
  • To provide you with personalized content for relevant communications
  • To comply with law enforcement or regulatory agencies and to defend against legal claims or seek to apply or enforce Quest’s terms of business or other agreements that protect the company’s rights or those of our customers and other parties.

 

The legal basis for processing and holding data.

We will process personal data for the following purposes:-

  • For the compliance of legal obligations and requirements we are required to process and hold personal data. We will sometimes be required to disclose personal data for law enforcement agencies or regulatory bodies.
  • For entering into a contract for recruitment services with Quest so that we provide these services to candidates, clients and related third parties which will enable parties to engage and conduct business.
  • For the purposes of legitimate interest where Quest or a third party has a need to process your data. This is where (further to our having carried out a legitimate interest assessment) we have established we are not overriding your freedoms and rights which include the right to have your personal data protected. Quest will exchange relevant and up to date information requests from you and third parties in accordance with this legitimate interest. On the grounds of legitimate interest we will also access and use personal data to provide relevant information and services about career opportunities and appropriate market insights.

 

The above points are used to enable Quest to develop business and be an effective recruitment services provider. We record personal data of candidates and prospective candidates and will hold this information for up to 6 years from the previous contact which is regarded as a reasonable period. At any time you can opt out of all recruitment services or specific parts such as the marketing communications by writing to dpo@questsearch.co.uk (see Points of Contact).

Where Quest have placed a candidate with a client we have an obligation to retain your personal data and records for 6 years.  This is for both evidence and tax record requirements where we require proof of placements and revenue records.

4.  How your personal data is shared

 

Quest will share your personal data with clients and other third parties in the circumstances and scenarios detailed below:-

  • For providing recruitment services
  • For the purposes of operating an effective CRM which is shared by multiple offices.
  • To clients where we will disclose information having had your prior consent in order to service vacancies and opportunities as part of our recruitment services.
  • To other third parties such as reference checking service providers which will sometimes include qualification and criminal refence checking.
  • For law enforcement and regulatory agencies, where this is permitted within GDPR and other laws.
  • For data analytics purposes, for IT purposes, for research and targeted marketing communications related to recruitment services.
  • For an event where we sell or buy a business or asset which requires the disclosure to new companies or their advisors.

Transferring of Personal Data and Information overseas

Personal data is held in the cloud and accessible by both of the company’s offices (based in the United Kingdom and the United Arab Emirates who share the same Jobscience CRM).
Where personal data is transferred outside the EEA for processing it is only to a country or countries that have received a positive ‘adequacy provision’ decision under art. 45 of the General Data Protection Regulation (GDPR – EU 2016/679.) Such processing is subject to strict confidentiality agreements.

Personal data may also be viewed by Quest Search & Selection personnel located in Dubai, also subject to strict confidentiality rules. Where specifically you wish to explore international opportunities outside of the EU we will apply the same approach to the security of personal data.

5.  Your legal rights

 

GDPR provides legal rights with regards to your personal information. Below are details of the rights you have and how you can exercise them (note that we require proof of your identity in order to action a request or instructions in relation to your personal data).

Some of these rights are complex, and therefore the summaries below are not exhaustive.

  • Right to access

You have the right to request access for a copy of personal information. We will provide this within 30 days. In some circumstances under GDPR we can refuse your request or certain elements of the request. Providing the rights and freedoms of others are not compromised we will supply a copy of your personal data and, if we refuse a request, we will then provide reasons for the refusal.

  • Right to correction or completion

When personal information is not accurate, out of date of incomplete then you have the right to have this corrected and updated.

  • Right to erasure

In some circumstances you have the right to request the erasure of your personal data. Circumstances for erasure might be that the data is no longer necessary in relation to the purposes for which it was collected or where your information was processed based on your consent. General exclusions include where data is held or processed because it is required for compliance with legal requirements or defense of legal claims or permissible with the freedom of information.

  • Right to restrict processing or object to processing

You can object to us processing your personal data in certain circumstances by contacting us. You can object and opt out of the use of personal data for marketing communications and/or direct marketing. We will cease processing of data following an objection unless there is a compelling reason where your data is held on the basis that legitimate interest overrides your rights.

  • Right to data portability

You have rights to receive any personal information held about you in a printed format which we can provide to you or a third party with your consent. This content of this will be only the information you provided to us and what has been processed by us from your submitted information. We cannot comply where the request infringes the privacy of others.

  • Right to complain to a supervisory authority; and
  • Right to withdraw consent.

With the above, your rights are subject to exceptions. If we cannot comply with your requests we will provide reasons within 30 days of a request. Where you feel that our processing of your personal data is infringing your rights you have the right to lodge a complaint to the authority responsible for data protection. See the Points of Contact section.

 

The extent of the legal basis we have for processing your personal data is:

(a) consent; or

(b) that it is necessary for the contract to which you are party to perform effectively.

You have a right to object where:

[a] the personal information is being used for direct marketing purposes, and

[b] the personal information, which is based on legitimate interests of Quest, is not part of a compelling legitimate basis for our continued processing.

6. How long we keep personal data for

 

We will store personal data for up to six years following the receipt of your CV, your last application or last recorded communication. Quest will frequently service candidates with career opportunities and market insights throughout their careers over many years.

We advise clients (through our standard terms and conditions) that if they hold personal data from applications that they then make notifications, as data controllers, that they will hold your data for a set period which is typically one year. Unless we have your consent we will not forward postal or email addresses, or phone contact details to any client.

7.  Subscription preferences and marketing communications

 

Your personal data can be used for job alert emails and for marketing communications such as industry news. Our data team will match your profile to ensure that the content we communicate such as news, insights and opportunities are targeted. You can unsubscribe from these communications as they are optional.

 

Quest use Cookies on our website. These are packets of information that are stored on your computer’s hard drive and allow us to keep track of the areas of the website you visit and thereby offer you easy access to the information you find most relevant.  No secure information or information about your personal identity is ever contained within our cookies.

9.  Points of Contact for GDPR and data enquiries

 

Please note that we will require proof of identity in order to action a request or instruction in relation to your personal data.

If you have any questions or enquiries regarding GDPR or your personal data please contact us either by email or letter to:-

Email Address: dpo@questsearch.co.uk
Post: Jon Cawaling, Data Protection, Quest Search & Selection Ltd., 4 Cavendish Square, London W1P 0PG
Company Registration No: 03088424
Registered Office: 40 The Glades, Walsall, England, WS9 8RN
The data controller is: Quest Search & Selection Ltd., 4 Cavendish Square, London W1P 0PG

We will acknowledge receipt and respond within 30 days.

 

Complaints about privacy.

Complaints concerning the privacy of your personal information processed by Quest should initially be addressed to the Data Protection Officer (dpo@questsearch.co.uk). If a satisfactory resolution of the problem cannot be achieved, please contact the UK Information Commissioner’s Office using the below contact methods:-

Website: https://ico.org.uk
Post: Information Commissioner’s Office, Wycliffe House. Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 11113

10.  Disclaimer of Warranties

 

The information, materials, services and products included on this website may include inaccuracies or typographical errors. Quest Search & Selection Limited may make changes or improvements to this website at any time. The materials on this website are provided ‘as is’ and without warranties of any kind either expressed or implied.