At ACTA Executive Search. “the Company”, we are committed to protecting the privacy of our users. This privacy policy applies to all personal information collected by the Company, including information collected through our website and mobile applications.
1) We are bringing to your attention the fact that your personal information is being used.
We assist clients in recruiting talent for them and with this process we are often required to collect personal information as part of our business.
We collect personal data from Candidates, Potential Candidates, References, Clients, Potential clients and website visitors.
The type of personal information that we collect are Contact information, such as name, email and phone number, employment information, such as job title, employer and other information that you voluntarily provide to us in any discussions and feedback.
Separate privacy notices may be made available when your personal information is collected when you access our website www.actaremoteworkingsolutons.com and when you or your employer engages the Company to provide a service.
The Company is required to collect only the personal information that is necessary for the purposes of conducting its business. This information may include names, contact details, educational and employment history, references, qualifications, resume/curriculum vitae, immigration status with considerations to the ability to be employed in the relevant jurisdictions.
We assume that, before providing us with any contact details for your references, you have obtained their permission to do so.
2) The purposes for which personal information is or might be used.
A potential candidate’s personal information will be used to evaluate if he/she is a good fit with the required experience, qualifications, and additional requirements for a role at a client.
We use personal information for the purposes for which it was collected, including to provide recruitment and consulting services to our clients, and to assist candidates in finding employment. We will not use personal information for any other purposes unless the use is required or authorized by law.
For recruitment candidates the following personal data could be requested and obtained which include CV’s, identification documents, educational records, work history, employment records and references and other correspondence or personal data provided by you as part of the evaluation or engagement process. We mainly collect this information directly from you during the evaluation process or recruitment process. The lawful basis for processing the information is necessary for our legitimate interests of evaluation the suitability of the potential roles, and suitable candidates.
We rarely process special category information such as racial, disability, trade union or health information where you have made available to us.
Sometimes we collect information from third parties, such as an agent acting on your behalf as an interim manager or from a third-party recommendation or a person giving a reference.
We do use some publicly available sources to find information about potential candidates, specifically LinkedIn and company websites.
If the candidate provides special category information voluntarily they should explicitly consent to its collection and sharing the information with the Company. The Company will treat the information provided as confidential and maintain the candidate's privacy. Avoid sharing this information with unauthorized individuals within the organization. The Company will comply with relevant data protection laws, such as the General Data Protection Regulation (GDPR) in the European Union or other applicable legislation in the relevant jurisdiction. The collection and processing of special category information, only if there is a lawful basis for doing so.
We may request Criminal background and credit checks for employees and consultants.
We may request social insurance, payroll tax or health insurance related information for employees and consultants.
We may request Bank account details for employees, consultants, and clients.
Where you or your employer are a client of ours to whom we are providing leadership, financial consulting and/or talent consulting services. The personal data that we obtain include, contact details, correspondence, CVs, educational records, work history, employment details, references, information provided during leadership sessions, responses, analysis of results and recommendations and opinions. Special category information such as health, disability or ethnicity or racial information is only processed if provided by you. This information is usually given to us by you. Sometimes we collect information from third parties, such as your current or prospective employer; a recruitment agency or executive search firm; or a psychometric assessment provider that you have been referred to by us or your employer. We may undertake feedback sessions with you or our client as part of a leadership assessment or development process, which may involve collecting information about you from other people known to or nominated by you. We use the information to carry out services for you or your employer. Using this personal data is in our legitimate interests as a business in performing our services.
Reference contact details may be given to us by candidates as part of an executive search or recruitment process. Other personal data about referees is given to us by you directly. This is in our legitimate interests as a business in obtaining references on candidates.
Individuals who contact us with general queries. Personal data obtained include contact details provided and correspondence. This information is given to us by you. It is used to respond to the query and keep a record of it. This is in our legitimate interests as a business in responding to and keeping a record of correspondence.
Clients and potential clients. The personal data include contact details provided and correspondence. Further personal data include project documentation and contracts. This information is given to us by you or from publicly available information. It is used for us to fulfil contracts and engage in business discussions. Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details.
Suppliers and contractors. Personal data include contact details and provided correspondence. This information is given to us by you or from publicly available information (for example on your website). It is used for us to fulfil contracts and engage in business discussions. Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details.
Website visitors. Personal data obtained include information obtained from cookies. For more details see our Cookie Notice. This information is collected via the cookies when you use our website. It is used for our analytics and marketing purposes. For more details see our Cookie Notice.
We will also keep record of formal correspondence with potential candidates and successfully placed candidates and appointed consultants.
Before collecting and/or using any special categories of data, or criminal record data, we will establish a lawful exemption which will allow us to use that information.
Sensitive personal information is used with lawful authority if and only to the extent that it is used in compliance with the privacy laws and regulations:
i. in accordance with an order made by either the court or the Commissioner;
ii. for the purpose of any criminal or civil proceedings; or
iii. in the context of recruitment or employment where the nature of the role justifies such use.
We do not sell or rent your personal information to third parties for their marketing purposes.
3) The identity and types of individuals or organizations to whom personal information might be disclosed.
Personal information will only be disclosed with the individual/company’s agreement with the Privacy policy to the hiring company and/or potential employee and relevant clients.
We may disclose your information to service providers we have engaged to perform services on our behalf. These service providers are contractually restricted from using or disclosing the information, except as necessary to perform services on our behalf or to comply with legal requirements. These third parties appropriately safeguard your data, and their activities are limited to the purposes for which your data was provided.
We may transfer personal information across geographical borders to affiliated entities or authorized service providers in other countries working on our behalf. We ensure these transfers are covered by agreements to ensure ongoing compliance with the privacy policy and country requirements. The privacy laws are often different from those in your home country. We may transfer personal data to the following countries with your agreement with the Privacy policy. We mainly share the relevant information directly from you during the evaluation process or recruitment process. The lawful basis for processing the information is necessary for our legitimate interests of evaluation the suitability of the potential roles, and suitable candidates. These include US, UK, Austria, Ireland, Netherlands, Spain, Sweden, Argentina, Philippines, Australia, Hong Kong, New Zealand, Uganda, South Africa, UAE, Canada, Cayman Islands, Bermuda, Jersey/Guernsey and Singapore.
For recruitment candidates, we share your personal data with the client who has a position to fill in order to determine with the client whether you are a good fit for an available position.
For recruitment candidates we may also conduct checks in order to verify information you have provided and where we do this we share your information with third party agencies that perform credit reference or Disclosure Barring Service checks and Managed Integrity Evaluations (MIE) checks which is a background screening and risk mitigation service provider. The background checks and due diligence services help employers and other organizations manage their risks and ensure integrity of their workforce.
For contractors and consultants, we share your personal data with the client who is engaging our consulting services in relation to your current or potential employment or engagement with your agreement with the Privacy policy.
For contractors and consultants, we may share your information with relevant third-party service providers if they are an integral part of the client project we are delivering with your agreement with the Privacy policy.. These third-party service providers have their own privacy policies you should refer to.
4) The Company including privacy officer can be contacted at howcanwehelp@actaremoteworkers.com about its handling of personal information.
5) The choices and means the Company provides to an individual for limiting the use of, and for accessing, rectifying, blocking, erasing, and destroying, his personal information.
a. By law, you have several rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.
b. We may charge a reasonable fee to cover our administrative costs of providing information of your request.
c. We may be entitled to refuse to act on the request in some circumstances.
d. The candidates and clients have the following rights.
i. The right to be informed.
ii. The right of access.
iii. The right of rectification.
iv. The right to erasure.
v. The right to restrict processing.
vi. The right to data portability.
vii. The right to object to processing.
viii. The right to lodge a complaint.
ix. The right to withdraw consent.
6) In South Africa, you can lodge a privacy complaint with the Information Regulator (IR). The IR is responsible for monitoring and enforcing compliance with the Protection of Personal Information Act (POPIA), which aims to protect personal information processed by public and private bodies.
Website: You can visit the Information Regulator's official website for more information on the complaint process, including any forms you might need to fill out.
Email: You can send an email detailing your complaint. The official email addresses are often listed on the IR’s website. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (European Economic Area) state where you work, where you normally live or where any alleged infringement of data protection occurred.
7) The supervisory authority in Bermuda is the Privacy Commissioner who may be contacted.
8) The supervisory authority in the UK is the Information Commissioner who may be contacted.
9) Security Measures. The Company takes reasonable measures to protect the personal information we collect from unauthorized access, use, or disclosure. This includes:
Using strong passwords: Passwords should be at least 8 characters long, include a mix of uppercase and lowercase letters, numbers, and symbols, and should be changed regularly.
Using multi-factor authentication on all accounts that store personal information, requiring an additional form of verification beyond a password, a one-time code sent via text or email.
Using encryption to protect sensitive personal information, both in transit and at rest. Encryption scrambles the data so that it cannot be read by unauthorized parties even if it is intercepted.
Maintain up-to-date security software, such as antivirus and anti-malware software, firewalls, and intrusion detection and prevention systems.
Training employees on how to identify and avoid phishing emails, suspicious links, and other potential security risks, and establish clear security policies and procedures that they must follow.
Regularly updating software and systems to ensure that known vulnerabilities are patched and addressed.
Limiting access to sensitive personal information to only those employees who need it to perform their job functions and monitor access to personal information to ensure that it is not being accessed or used improperly.
Only a specified data base administrator will be able to edit, add or remove personal information. The other staff members will only have read only access. All staff is bound by the privacy policy that they sign annually ensuring they will comply with all privacy laws and regulations in the respective jurisdictions.
The personal information is subject to periodic review and reassessment.
10) Access to Personal Information. Individuals have the right to access their personal information that we hold. Upon request, we will provide individuals with access to their personal information and allow them to correct any inaccuracies in that information.
11) Retention of Personal Information. We retain personal information only for as long as it is necessary for the purposes for which it was collected, or as required by law. Once the personal information is no longer needed, we will securely destroy it. We use a number of criteria for determining the retention period including obligations under law, our need to defend or bring contractual claims within the statutory limitation period and consideration of the original purpose we collected it for.
12) Personal information of children. We do not knowingly collect personal information from children.
13) Information Sharing and Disclosure. The Company does not share or disclose your personal information with third parties for their own marketing purposes. We may share your personal information with the following third parties. Service providers who assist us with our business operations, some examples include:
payment processing for appointed consultants, contractors, employees, recruitment partners, and clients.
website hosting which will collect personal data such as:
i. IP address: This is a unique identifier assigned to a device that connects to the internet and can be used to estimate a visitor's geographic location.
ii. Cookies: These are small files stored on a visitor's device that can track their browsing activity on the website and remember their preferences.
iii. Device and browser information: This may include the type of device and browser being used to access the website, and the operating system version.
iv. Website usage data: This includes information about how the visitor interacts with the website, such as which pages are visited and how long they spend on each page.
v. Contact information: This may include the visitor's name, email address, phone number, and any other information provided through a contact form or other submission form on the website.
vi. Demographic information: This may include age, gender, and other demographic information that the visitor has provided.
vii. Social media information: If the visitor connects to the website through a social media account, the website may collect information from that account, such as their name and profile picture.
HubSpot
i. Data collected on HubSpot may include names, email addresses, phone numbers, and employment status.
ii. Data Processing: Personal data are collected from LinkedIn or other public websites, from referrals and networking connections from our team of recruiters who will provide the data to the data administrator who will insert the data into HubSpot. We will only insert personal data into HubSpot with your agreement with this Privacy policy. The data is used to continue having contact information of the candidates to maintain an existing relationship. The data is not shared with anyone other than the data administrator, the recruitment team, management and the Directors.
iii. Data Retention: Personal data for ACTA Executive Search Pty Ltd. customers inserted into HubSpot will be retained for 7 years since the last active transaction of which thereafter it will be deleted. The purpose of the retention is to service existing relationships. Data will be retained in line with retention laws and regulations that will take precedence.
iv. Data Sharing: The relevant personal data collected through HubSpot is only used directly from you during the evaluation process or recruitment process.
v. Data Security: The HubSpot data base is password protected and only the recruitment team, management and the directors have password-controlled access to the database. Only the allocated database administrator is allowed to edit the database.
vi. User Rights: Customers have the following rights as described in section 5d.
vii. Contact Information: Customers can reach out to our Privacy officer with any questions or concerns regarding their personal data.
HubSpot security measures
i. Encryption: HubSpot uses encryption to protect data both in transit and at rest. Data is encrypted using industry-standard protocols, including TLS and SSL, when it is transmitted over the internet. Data is also encrypted when it is stored in HubSpot's databases and other storage systems.
ii. Access controls: HubSpot has implemented strong access controls to prevent unauthorized access to user data. Access to user data is restricted to authorized personnel, and access is granted on a need-to-know basis.
iii. Monitoring and logging: HubSpot continuously monitors its systems and logs all user activity to detect any unauthorized access or suspicious activity. This allows HubSpot to respond quickly to any security incidents and to identify potential security threats.
iv. Regular security testing: HubSpot conducts regular security testing to identify and address potential vulnerabilities in its systems and applications. This includes vulnerability scanning, penetration testing, and code reviews.
v. Compliance certifications: HubSpot is compliant with several industry and regulatory standards, including SOC 2 Type 2, GDPR, and CCPA. These certifications provide independent verification of HubSpot's data protection measures and compliance with applicable regulations.
Law enforcement or other government agencies, if required by law.
We only share Personal information via email to the clients during the evaluation process or recruitment process. Emails containing Personal information are encrypted. Access to the email accounts are password protected.
14) Procedures for making a request.
In order to obtain access to your personal information or make a request for a correction to personal information, the individual (in this section referred to as the “applicant”) shall make a written request to the Company setting out sufficient detail to enable the Company, with a reasonable effort, to identify the personal information in respect of which the request is made.
The applicant may ask for a copy of his personal information or ask to examine his personal information.
The Company shall promptly acknowledge in writing receipt of a request, including the date of the request, and the organization shall at the same time inform the applicant, if there is insufficient detail in the request, what information is required to complete his request.
When a completed request has been received, the Company shall respond to an applicant not later than:
i. 45 days from the day on which the Company receives the applicant’s written request;
ii. or the end of an extended time period if the time period is extended.
The Company may, extend the period for responding to the request by no more than 30 days, or for such longer period as the Commissioner may permit, if:
A large amount of personal information is requested or needs to be searched or corrected;
i. meeting the time limit would unreasonably interfere with the operations of the organization; or
ii. more time is needed to consult with a third party before the organization is able to determine whether or not to give the applicant access to the requested personal information.
If the period for responding is extended, the Company shall inform the applicant of the following:
i. the reason for the extension; and
ii. the time when a response from the organization can be expected.
The Company may charge an applicant who makes a request a fee not exceeding the prescribed maximum for access to the applicant’s personal information, except where any such request results in the correction of an error or omission in the personal information about the individual that is under the control of the organization.
A fee will not be charged if the Company is prevented from charging such a fee by its professional regulatory body.
If the Company is intending to charge an applicant a fee for a service, the Company may require the applicant to pay all or part of the fee in advance, as determined by the Company.
If the Company refuses to take action at the request of an applicant, the Company shall inform the applicant in writing of the reasons for the refusal and of the right to contact the Commissioner to make a complaint.
15) Where ACTA Executive Search Pty Ltd. obtains a consumer report using a Consumer Reporting Agencies (CRA’s) for employment purposes, the following FCRA provisions generally apply.
Written notice and authorization. The Company will clearly and conspicuously notify the individual in writing, in a document consisting solely of that notice, that a report may be used. The notice cannot be incorporated into an employment application. With limited exceptions, the Company will also get the person’s written authorization before asking a CRA for a report.
Pre-adverse action. If the Company decides not to hire an applicant or to take some other adverse action with regard to a current employee based in whole or in part on the consumer report, the applicant or employee will be provided with a copy of the report and given “a reasonable period of time” to present evidence challenging the information contained in the report.
Adverse action procedures. After the Company has taken adverse action based in whole or in part on the consumer report (as well as any information that the individual submitted in response to the pre-adverse action notice), the Company will give the applicant or employee notice that such action has been taken.
16) The Company reserves the right to update this privacy policy at any time to reflect changes to our personal information practices. We will post any changes to this privacy policy on our website, and we encourage you to review it periodically.
17) If you have any questions or concerns about this privacy policy or the personal information we collect, please contact us at howcanwehelp@actaremoteworkers.com
18) Overarching controls:
All information that we maintain that is not publicly available will only be obtained and retained for the specific purpose and your agreement with this Privacy policy, which include information inserted into our HubSpot database excluding website visitors (see controls at 13) that is obtained immediately upon accessing our website.
Personal information in our database will be reviewed annually to confirm accuracy and compliance with privacy laws and regulations.
A specified Data base administrator will be able to edit, add or remove personal information. The other staff members will only have read only access. All staff is bound by the privacy policy that they sign annually ensuring they will comply with all privacy laws and regulations in the respective jurisdictions.
Access to the database is restricted with strong password and these are renewed regularly.
Unauthorized access to the database is protected by up-to-date software which frequent checks are run to ensure no unauthorized access has been obtained.
Any personal information will be deleted once the specific purpose has been served except if privacy laws and the privacy policy instruct us to retain the data for a specific period.
Published: 11 March, 2024
Copyright © 2024 ACTA Executive Search Pty Ltd. All Rights Reserved. Disclaimer: No specific outcome is guaranteed in connection with your reliance upon or other use of the content on the website. The opinions offered in connection with the content and consulting are not an attempt to induce any particular business behavior or strategy. You should be aware of the risk of loss in following our recommendations or using our services discussed in this website and/or related communications.
Powered by GoDaddy