Privacy Notice for Job Applicants
Effective Date: 30 April 2018
- What we do
- About this Privacy Notice
- What is personal data?
- Quadrangle as a Data Controller
4.1 Our role as a Data Controller
4.2 Information we must provide you
4.3 Cross-border flows of personal data
4.4 Data storage, data access and data retention
4.5 Sharing with Service Providers
4.6 Tracking technologies
4.7 Disclosures required by law or to fulfil a business transition
4.8 Notification of changes
4.9 User data supplementation
- Security measures
- Privacy questions, access rights, incident reporting
- Do you need extra help?
Quadrangle is a Customer Consultancy; we help our clients to understand what matters to their customers. This often involves us conducting studies on our clients’ behalf with their customers, prospective customers and the wider general public to improve their understanding of what people like, dislike, are satisfied with or want in the future.
We also undertake research to help our clients communicate better and more effectively with their customers.
We conduct surveys using a variety of methodologies including by telephone, face to face, online, by email and by SMS.
Quadrangle is a trading name of Quadrangle Research Group Limited, a company incorporated in England with Company Number 8064640 and whose registered office is at The Butlers Wharf Building, 36 Shad Thames, London, SE1 2YE.
Your privacy is important to us, and we ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share your personal data, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
This privacy notice relates to personal data of:
- Visitors to Quadrangle controlled websites including, by way of example, www.quadrangle.com, www.redquadrangle.com and www.redstoreworks.co.uk and if you are visiting one of our websites, please also refer to our Cookie Notice;
- Applicants for jobs at Quadrangle Research Group.
The practices covered include what information is gathered, with whom the information is shared, how long it is retained and where it is stored.
Under Data Protection laws of the United Kingdom, the term “personal data” means any information relating to a person who can be directly or indirectly identified, in particular, by reference to an identifier. This definition provides for a wide range of personal identifiers including name, address, email address, identification number, location data or online identifier. Personal data applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. If an individual cannot be identified from the data held then that data is not classified as personal data.
There are “special categories” of more sensitive personal information which require a higher level of protection. This includes information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or their sexual life.
As a business we may have your personal data because you have applied for a role at Quadrangle. You may have applied to us directly about a specific vacancy, speculatively or via a recruitment agent.
We collect personal information in order manage your application. We may collect personal information that can identify you, such as:
- your name, job title, company name, your work or home address, your work or personal email address and your telephone number;
- details of your emergency contact;
- your education and employment history and current employment information;
- your right to work status and documents regarding your eligibility to work in the UK e.g. passport, National Insurance number;
- information and results of any training, tests or tasks you complete as part of the recruitment process;
- personal and employment references from contact details you provide to us;
- details of any health conditions, allergies or disabilities you choose to share with us; or
- any other personal information that you include in your application.
It is important that the personal information we hold about you is accurate. Please keep us informed if your personal information changes during the course of the recruitment process.
We will also collect personal information if you fill in forms on our websites or email us, for example if you download a report or sign up to receive our newsletter. The information we collect includes information which could identify you, such as your name, job title, company name, email address and telephone number.
When using our websites, we may also collect technical data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites, together with usage data which includes information about how you use our websites, products and services.
Our websites are not directed at children and we have no intention of collecting personal data from young people. If we become aware that personal data from a child under 16 has been collected without the consent of such child’s parent or guardian, we will use all reasonable efforts to delete such information.
We will only use your personal data for the reasons specified in this Privacy Notice, unless you have specifically consented to, or opted in to, any other use of your personal data. Unless specified otherwise below, the legal basis for the processing of your personal data during the recruitment process is the legitimate interests of the company, namely the efficient management of the recruitment process as set out below.
The personal data we collect may be used for the following purposes:
- to respond to requests you may make of us, including updating you (and your recruitment agent if relevant) regarding the status of your application;
- to make any necessary arrangements for interviews;
- to assess your application;
- to assess and record information about your qualifications and experience as part of the selection process;
- to manage the recruitment exercise effectively to decide to whom to offer a job;
- to assess whether any reasonable adjustments are required to any aspect of the recruitment process in respect of any disability. The legal basis for this processing is to comply with our legal obligations and to comply with our obligations under employment law;
- to resolve any disputes;
- to send you future reports and newsletters written by Quadrangle;
- to manage and improve our websites and services;
- to share with agents, contractors or partners of Quadrangle in connection with services that these individuals or entities perform for, or with, our company. These agents, contractors or partners are restricted from using personal data in any way other than to provide services for Quadrangle;
- to respond to duly authorised information requests of governmental authorities or where required by law;
- to investigate suspected fraudulent activity in connection with our websites or violation of another party’s rights;
- to comply with our obligations under any contracts with recruitment agencies; or
- in connection with the sale, assignment, or other transfer of our business to which the information relates, in which case we will require any such buyer to agree to treat personal data in accordance with this Privacy Notice.
From time to time we may employ other companies and individuals to perform functions on our behalf. If we are required to share your details with these third parties it will be to enable us to work with you or to evaluate if we could work with you in the future. The third parties will have access to the personal data needed to perform their functions, but may not use it for other purposes. They should never use your information to market to you. They must also process the personal data as set out in this Privacy Notice and as permitted by the UK’s data protection laws. Furthermore, we have put in place the appropriate contractual provisions as required under the General Data Protection Regulation (GDPR).
We will not sell your personal data to third parties.
We will only process data as outlined in Section 3.3. You may contact Quadrangle in order to invoke your rights as a data subject under applicable laws in accordance with Section 6 below.
a) Quadrangle is an entity acting as the Data Controller.
b) Contact details of the data protection officer are available in section 6 below.
c) The purposes of the processing are:
- to evaluate your job application;
- to contact you regarding a job application (including speculative applications);
- to verify your identity;
- to undertake the processing activities identified in Section 3.3.
If you no longer wish to receive communications from us, you may opt-out by following the unsubscribe instructions located at the bottom of any marketing email communication, or by emailing us at email@example.com, or by contacting us by phone and telling us you do not want to be contacted in future. We will require your name, phone number, address, email address and the reason why we contacted you, where possible.
If you wish to opt-out from marketing emails provided by third parties, you must contact that third party directly.
d) The recipients of your personal data will be selected Quadrangle employees and third-party providers under contract with Quadrangle ensuring data protection levels equivalent to those set forth in this Privacy Notice. Where personal data collected in the EEA is transferred to a subcontractor in a third country outside of the EEA and which country is not deemed to meet the adequacy standards of the EU Commission, Quadrangle shall have ensure that it only transfer your personal data with appropriate safeguards in place and in accordance with GDPR.
e) We will retain personal data we process about job applicants for as long as needed to evaluate your application and conclude the recruitment process to which your application relates. Quadrangle will retain such personal data as necessary to comply with our legal and contractual obligations and to resolve disputes. Following the end of the recruitment process, in the event that your application is not successful, or you do not accept an offer of employment, we will retain your personal data in order to contact you regarding job opportunities at Quadrangle that may interest you in the future.
f) You have the right to seek access to, a copy of, and rectification or erasure of your personal data in accordance with applicable laws as set forth in section 6 below.
g) Where the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time as set forth in section 6 below.
h) Where applicable laws so prescribe, you have the right to lodge a complaint to a supervisory authority as set forth in section 6 below.
Quadrangle conducts research and has partners globally. Our privacy practices are designed to provide protection for your personal data in accordance with the laws applicable to each respective location.
We will not transfer personal data of citizens of EU countries outside of the EU unless this has been notified to you and any transfer is under a contract which includes the use of EU approved standard contractual clauses (Model Clauses) or otherwise in accordance with GDPR.
Personal data that is collected from you may, subject to adequate confidentiality undertakings, and for the sole purpose of processing your job application, be accessed by our personnel and to or by third party companies and subcontractors that help us process your job application. In any such case, the personnel granted access to your personal data will have been deemed by their managers to have a reasonable business need to do so.
We will retain personal data for as long as needed to evaluate your application and conclude the recruitment process and to contact you regarding job opportunities at Quadrangle that may interest you in the future. Quadrangle will retain personal information of job applicants (including secure encrypted off-site back-up retention) only as necessary to comply with our legal and contractual obligations and to resolve disputes. In order to enable us to resolve any disputes, to contact you about future job opportunities and to complete your application process:
- If you applied for a specific role and are unsuccessful in your job application we will retain your contact details, employment and education history, your curriculum vitae/application form and any notes or comments about your application for a period of up to 12 months after the recruitment process has finished;
- If you applied speculatively and we have no suitable vacancies we will retain your contact details, employment and education history, your curriculum vitae and any notes or comments about your application for a period of up to 12 months after the date we received your details;
- If your application is successful and you accept a job offer from us the retention period of your data will be informed to you as part of your employment onboarding;
- We may keep a record of your name and the method of your application (either direct or via a recruitment agency) for up to 7 years to enable us to comply with our contracts with recruitment agencies and to resolve any disputes.
We may share your information with third parties who provide services on our behalf to help with our recruitment activities under contractual terms providing adequate protection to your information. These companies are authorised to use your personal data only under our instructions and only as necessary to provide the contracted services to us. These services may include:
- applicant tracking services;
- personality profiling services;
- recruitment agencies; and
- legal advisers.
We may also disclose your personal data as required by law such as to comply with a court order or other legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
If Quadrangle is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email or a prominent notice on our website of any change in ownership, uses of your personal data, and choices you may have regarding your personal data.
We may also disclose your personal data to any other third party with your prior consent.
We may update this Privacy Notice to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
We may receive information about you from other sources including from your referees. This helps us to manage our recruitment process. If you provide us personal data about others or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Examples of the types of personal data that may be obtained from public sources or purchased from third parties and combined with information we already have about you may include personal or employment references.
The security of your personal data is important to us.
Quadrangle operates under a strong security and privacy regime. We have successfully undergone third party auditing in relation to our Information Security Management System, and we are accredited by the British Standards Institution that we have met the requirements of ISO27001 in relation to information security.
The ISO27001 audit report provides assurance that we have designed and implemented effective security controls as defined in the ISO standards. During the examination, the independent auditors evaluated and tested controls over the following domains:
- Organization and management;
- Communications and training;
- Risk management, design, and implementation of controls;
- Monitoring of controls;
- Logical and physical access controls;
- Systems operation and backups;
- Personnel and third-party screening and controls;
- Change Management.
Quadrangle is also accredited by IQCS (Interviewer Quality Control Scheme) and conducts all research in accordance with the Market Research Society (MRS) code of conduct. Further information about the MRS code of conduct can be found at https://www.mrs.org.uk/standards/code_of_conduct .
If your personal data is stored by Quadrangle, you are welcome to read more about how we protect your personal data by applying industry-leading security measures and performing ongoing security tests and controls. Please refer to pur Security Measures, which are available to download here.
As part of its accreditation process, IQCS audits our interviewers’ policies and procedures to ensure that they have been adequately trained and that sufficient quality control checks have been made that the data they collect is accurate and complete.
If you have any questions about how we use your personal data or about this Privacy Notice, you can send an email to firstname.lastname@example.org. You can also contact us by post at Quadrangle Research Group Limited, The Butlers Wharf Building, 36 Shad Thames, London, SE1 2YE.
You can contact Quadrangle’s Data Protection Officer as follows:
By email: DataProtectionOfficer@quadrangle.com
The Data Protection Officer,
Quadrangle Research Group Limited,
The Butlers Wharf Building,
36 Shad Thames,
If you have an unresolved privacy or personal data use concern that we have not addressed satisfactorily, please contact us and we will address it as a priority. If you wish to complain about Quadrangle’s handling of your data you can complain to the supervisory authority in the jurisdiction in which you reside. In the United Kingdom this is the Information Commissioner’s Office (ICO).
You can contact the ICO as follows:
Phone: 030 3123 1113
Information Commissioner’s Office,
Under the GDPR, you have a number of important rights free of charge. In summary, those include rights to:
- the fair processing of information and transparency over how we use your use personal information;
- access your personal information and to certain other supplementary information that this Privacy Notice is already designed to address;
- require us to correct any mistakes in your information which we hold;
- require the erasure of personal information concerning you in certain situations*;
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to request the transmission of this data to a third party in certain situations;
- object to our continued processing of your personal information in certain circumstances*;
- otherwise restrict our processing of your personal information in certain circumstances.
For further information on each of those rights and other rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the GDPR.
If you would like to exercise any of those rights, please contact us emailing email@example.com or by writing to us at Quadrangle, The Butlers Wharf Building, 36 Shad Thames, London, SE1 2YE marking your correspondence for the attention of the Data Protection Officer.
Before Quadrangle is able to assist you, provide you with any information, or correct any inaccuracies, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will endeavour to respond within an appropriate timeframe.
If you are enquiring or exercising any of your legal rights or want to withdraw your consent on behalf of personal data we collect and process under the instructions of our clients (see section 12 above), please direct your query to our client, which is the Data Controller. If you contact our company in relation to this, we are under obligation to refer your enquiry to the Data Controller.
Should you wish to report an incident relating to Quadrangle’s security, confidentiality, or privacy, you are welcome to file a report by emailing firstname.lastname@example.org or by writing to us at Quadrangle, The Butlers Wharf Building, 36 Shad Thames, London, SE1 2YE marking your correspondence for the attention of the Data Protection Officer.
* We are not obliged to uphold your objection where the legitimate interest relied on outweighs the reason for your objection.
If you would like this notice in another format (for example: audio, large print, braille) please contact us by emailing email@example.com or by writing to us at Quadrangle, The Butlers Wharf Building, 36 Shad Thames, London, SE1 2YE.
Quadrangle Research Group Limited