Highland Consulting Group understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who utilizes our services, and will only collect and use personal data in ways that are described here, and in a manner, that is consistent with Our obligations and your rights under the law.
What Does This Policy Cover?
What Information Do We Collect?
The types of information requested from you and the manner in which that information is collected and accessed are determined by the requirements of the country in which the position is located, not the country in which you reside. While specific data requirements vary by country and the position being filled, the following categories of data will generally be collected:
- Business/Company Name;
- Contact information such as email addresses and telephone numbers (both personal and business);
- Address and location information;
- Data you submit in resumes / CVs, letters, writing samples, and other written materials;
- Data generated by interviewers and recruiters, based on their interactions with you or basic Internet searches;
- Data provided by third‐party placement firms, recruiters, or job‐search websites, where applicable;
- Recommendations provided on your behalf by others;
- Data about your current job title and profession, as well as prior employment and salary history, education;
- Data about your health or disability where it is relevant to your ability or availability to work or to a workplace accommodation, subject to legal limits on the timing of collection of such data and other applicable limitations.
- Data about race / ethnicity / religion / disability / gender for purposes of government reporting where required
- Personal interests and hobbies
- Family details; marital status
Your submission of personal data constitutes your consent to our use of your data and your verification that it is accurate. By submitting your information, you acknowledge that all representations made by you are true and correct to the best of your knowledge and belief, and you have not knowingly omitted any related information of an adverse nature. Providing any inaccurate information may make you ineligible for employment.
How Do We Use Your Data?
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected, or for which reason(s) you have provided consent. We will comply with Our obligations and safeguard your rights under the GDPR at all times.
Our use of your personal data will always have a lawful basis, either because it is necessary for Our performance of a contract with you, because you have consented to Our use of your personal data (e.g. by subscribing to emails), or because it is in Our legitimate interests. Specifically, we may use your data for the following purposes:
- Assess your suitability for employment for the role for which you are applying, as well as future roles that may become available, only if given consent as a Candidate;
- Share an anonymous profile of your qualifications to potential employers to determine general interest, only if given consent as a Candidate. We will seek your express consent to share identifying information, such as name or resume, if interest is identified.
- Market to you regarding your open positions to offer Our services, if given consent as a Client or identified as a legitimate interest.
- Perform administrative functions (e.g. reimburse you for interview‐related expenses);
- Perform analysis of our applicant pool in order to better understand who is applying to Our positions and how to attract top talent;
- In some cases, record your online interview for review by additional recruiters and hiring managers. In such cases, we will seek your express consent to be recorded;
- Perform any legally‐required reporting, and respond to legal process.
With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by [email] AND/OR [telephone] AND/OR [text message] AND/OR [post] with information, news and offers on Our [products] AND/OR [services]. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the EU ePrivacy legislation.
From What Sources do we Obtain your Information?
We may obtain data about you from the following sources:
- From you, when you submit resumes or other information online or directly to us via email;
- From conversations with recruiters and interviews with hiring managers and other personnel or representatives, some of which may be recorded (with their express knowledge and consent) as well as from Internet searches that these individuals may perform, or data that they may obtain from job search or professional networking websites (e.g. Monster.com, LinkedIn, etc.) where you may have made data about yourself publicly available;
Who will have access to your personal data? Where are they located?
In general, access to your personal data will be restricted to minimize the number of people in Our organization who need it in order evaluate your application for employment, perform functions supporting our Recruiting and Talent Management functions, or to whom we are compelled to provide it by applicable law.
The following categories of individuals will have access to your personal data:
- Recruiters working within Our company;
- Hiring managers and other interviewers, with your express consent relating to the Hiring Company. Often these individuals will be based in the country where the position is based, but in some cases, they may be located in other countries;
- Individuals performing administrative and IT support functions;
- Authorized personnel at our service providers, including:
- Main Sequence Technologies, which hosts and supports PCRecruiter, our Applicant Tracking Database. PCRecruiter is hosted in Cleveland, OH
- MRINetwork Corporate, Our franchisor. Only in cases of support.
- Government officials where legal reporting requirements may exist, or law enforcement agencies or private litigants in response to valid law enforcement process (warrant, subpoena, or court order); and
- A successor to Our Company in the event that it sells or divests all or part of its business.
How long will we retain your personal data?
Data about individuals will be kept in accordance to their status as defined in our Data Retention Policy below.
How we protect your personal data.
We employ organizational, technical, and physical security measures in order to protect your data from loss or misuse. Where we contract with third‐party suppliers to provide services that may enable them to access your personal data we require them by contract to have similar security controls in place.
As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
- The right to be informed about Our collection and use of personal data;
- The right of access to the personal data We hold about you. You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable and We will provide any and all information in response to your request free of charge. Please contact Us for more details at email@example.com;
- The right to rectification if any personal data We hold about you is inaccurate or incomplete. Please contact Us for at firstname.lastname@example.org;
- The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in Our Data Retention Policy but if you would like Us to delete it sooner, please contact Us at email@example.com;
- The right to restrict (i.e. prevent) the processing of your personal data. You may contact us to revoke consent for processing as a Candidate or a Client. Contact us at firstname.lastname@example.org;
- The right to data portability (obtaining a copy of your personal data to re‐use with another service or organization);
- The right to object to Us using your personal data for particular purposes; and
- Rights with respect to automated decision making and profiling.
If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided below and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with your local EU supervisory authority (e.g. in the UK the Information Commissioner’s Office).
How and Where Do We Store Your Data?
We only keep your personal data for as long as We need to in order to use it as described above, and/or for as long as We have your permission to keep it.
Some or all of your data may be stored outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). You are deemed to accept and agree to this by using Our Services and submitting information to Us. If We do store data outside the EEA, it would be stored with our Data Processor as host of Our Applicant Tracking Database:
Main Sequence Technology, Inc.
4420 Sherwin Road
Willoughby, OH 44094
We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EU including:
- End‐to‐End encryption for data transferred over the Internet
- Strong password policies
Data is stored for as short a period of time as required for the purposes of processing. We maintain a Data Retention policy determining the length of time depending on the purpose of processing.
Do We Share Your Data?
Data may only be shared as we have received consent for doing so. For example, individuals that have consented to be considered as a candidate for our clients as potential employees will be asked for their consent to share anonymized profiles of skills and experience. Candidates will be asked for express interest to transfer more information such as name or resume to clients for consideration for an employment opportunity.
The third party data processors used by Us and listed above are located outside the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Where We transfer any personal data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.
In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal requirements, a court order, or a governmental authority.