Privacy Policy

This Privacy Policy is provided by Pacific International Recruitment Limited, Pacific International Recruitment GmbH and Pacific International Recruitment inc. (“Pacific”, “we” or “us”), and is addressed to individuals outside our organisation with whom we interact, including (but not limited to) Candidates, Participants, Sources and visitors to our websites (together, “you”).

We take your privacy seriously, and want to ensure that everyone who uses our services and those of our associated brand, Improvement and Innovation, is confident that we will protect your information and your rights.

The General Data Protection Regulation (GDPR) is replacing existing data protection acts in EU countries, including the UK. This regulation affects all EU and UK citizens, strengthening their digital rights and creating a stricter framework within which firms collect, retain, and process your personal data. As an international company, Pacific has taken the decision to uphold GDPR compliant practices globally, ensuring a consistent experience and greater confidence for all our customers worldwide.

What is the purpose and legal basis of Pacific’s Data Processing

Pacific aims to connect the best talent to our clients through the provision of market information, networking, executive search and placement activity. We deal extensively with Personally Identifiable Information (henceforth Personal Data) to facilitate our services, and under GDPR perform the function of both Data Controller and Data Processor.

Lawful basis for Processing Personal Data: In Processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases:

• we have obtained your prior express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);
• the Processing is necessary in connection with any contract that you may enter into with us;
• the Processing is required by applicable law;
• the Processing is necessary to protect the vital interests of any individual; or
• we have a legitimate interest in carrying out the Processing, which is not overridden by your interests, fundamental rights, or freedoms. Where we rely on this legal basis, our legitimate interests are:

• • our legitimate interest in the management and operation of our business;
  • our legitimate interest in the promotion of our business; and
  • our legitimate interest in the provision of services to our Clients.

Purposes for which we may Process your Personal Data

The purposes for which we may Process Personal Data, subject to applicable law, include:

• Recruitment activities on behalf of Clients: recruitment operations; advertising Client opportunities; providing services to our Clients; enabling Clients to understand which Candidates are interested in their opportunities; record-keeping; and performing background checks.
• Leadership consulting: providing leadership consulting services to Clients.
• Provision of services to you: providing our Sites and other services to you; attending meetings with you; attending telephone calls with you; and otherwise communicating with you in relation to those services.
• Operating and managing our websites; providing content to you; displaying information to you; and communicating and interacting with you via our Sites.
• Providing you with training and preparation for interviews
• Newsletters and other marketing communications: communicating with you via any means (including via email, telephone, text message, social media, post or in person) news items and possible opportunities in which you may be interested
• Communications and IT operations such as management of our communications systems, operation of IT security, and IT security audits
• Health and safety assessments and record keeping; and compliance with related legal obligations.
• Financial management: sales; finance; corporate audit; and vendor management.
• Engaging with you for the purposes of obtaining your views via surveys on relevant issues and topics.
• Conducting your Skills assessment for the purpose of future employment
• Improving our services: identifying issues with existing services; planning improvements to existing services; creating new services.
• Future planning: succession and organizational planning, including budgeting.

Disclosure of Personal Data to third parties

We may disclose your Personal Data to other entities within our corporate group, for legitimate business purposes (including providing services to you and operating our Sites), in accordance with applicable law. We may also share aggregate demographic information with our Clients, trusted affiliates and advertisers for the purposes outlined in this Policy. While we make all reasonable efforts to ensure that such information is anonymized, it is possible that small amounts of your Personal Data may be included.

In addition, we may disclose your Personal Data to:

• legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
• our Clients, for the purposes of providing services to those Clients, in accordance with the provisions of this Policy;
• accountants, auditors, lawyers and other outside professional advisors, subject to binding contractual obligations of confidentiality;
• third party Processors (such as providers of background checking services), located anywhere in the world,;
• any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights;
• any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
• any relevant third party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); and
• our websites may use third party plugins or content (e.g., Twitter and LinkedIn). If you choose to interact with any such plugins or content, your Personal Data may be shared with the relevant third party

The recipients of Personal Data are limited to Pacific and are shared with trusted third party providers including: Microsoft Dynamics, Colleague Software, TextKernel and Sage. Your data will not be used by these organisations other than for the purposes of Pacific’s internal processing.

All of our suppliers are vetted to ensure their compliance with GDPR. Pacific will not share your data with any non-compliant organisation.

What will the Controller Collect and Process?

Pacific will collect your name, your job title, location, company name, company address, business and personal email and telephone / mobile numbers. If you have submitted your CV/resume to us we will retain and process the information contained therein, including your areas of expertise and specialisms, work history and educational institutions attended, and certificates obtained.

Depending on the jurisdictions we operate, we may also retain your date of birth, profile photograph and other information pertinent to a job application. Where this information is not required, or prohibited from being part of the application process, we will not collect or retain this information (for example certain US States).

Will the Data Leave the EU?

Our consultants operate globally – therefore your data will be accessible by consultants in non-EU jurisdictions. All our operations are GDPR-compliant by design, as are our global suppliers. Therefore, the same protections apply as within the EU.

How long will the Data be Kept For?

We will keep your data for as long as is necessary in connection with the purposes set out in this Policy.

The criteria for determining the duration for which we will keep your Personal data are as follows: we will retain your Personal Data for as long as we have your permission to contact you. Should you wish to withdraw that permission, you may do so using the contact details provided below.

Your Rights under GDPR

The right to be informed: In addition to the standard terms above, we will seek consent where we share your personal data with a client in order to facilitate the recruitment process by sharing your profile.

The right of access: You have the right to access all your Personal Data held and processed by Pacific. Within one month of the request we will confirm your identity and provide you with a copy of the data we hold regarding your person.

The right to data portability: where you request the right of access, Pacific will provide your personal data in a structured, readable format.

The right to rectification: You have the right to request that Pacific rectify any inaccurate information we hold. We will comply with this within one month of the request being submitted.

We will also inform any third parties that process your information on our behalf.

The Right to be Forgotten: you have right of erasure where you choose to withdraw consent. This means that Pacific will undertake to erase your personal data from our system and those of our partners in its entirety, except that data which must be retained for tax reporting purposes. The latter will be kept until the 7-year expiration date required by UK law.

The right to restrict processing: You have the right to request the restriction of processing of your data, for instance where you object to the processing of your data for a specific purpose but consent to our continued retention and processing of your data in general.

In addition, where we have been informed your data must be rectified, we will restrict processing of your data until we have updated it.

The right to object: You have the right to object to the processing of your data in circumstances relating to your specific situation.

In addition to this, you always have the right to object to the use of your data for the purposes of direct marketing: even if you consent initially to the use of your Personal Data for GDPR, you may opt out of direct marketing at any time.

Rights in relation to automated decision making and processing: Pacific’s recruitment offering is based on our consultant’s experience and understanding of their markets. We do not undertake decisions impacting our recruitment process based on automated processing.

Where automated processing takes place, this is only to streamline human decision-making and data retrieval activities to expedite our recruitment activities more quickly to the benefit of our candidates and clients. This includes the parsing of CVs which creates structured data allowing us to make better use of our database.

Data Minimisation

We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably required in connection with the purposes set out in this Policy.

Who is the Data Controller and who do I contact in reference to GDPR?

The Data Controller is Pacific International Recruitment Limited, The Control Tower, Witchcraft Way, Rackheath, Norwich, NR13 6GA.

The Data Controller’s representative is the Data Protection Officer, David Howells.

To contact us regarding GDPR, please send an email to gdpr@pacific-international.com
 or call +44 (0)20 7478 7727

We are registered with the Information Commissioner’s Office, Registration Number ZA284380