FinTech Recruitment

Privacy Policy

Excelsior Search Ltd (“Excelsior”, “we, “us” or “our”) is a Recruitment and Executive Search company, headquartered in the United Kingdom and providing services globally.  Our excellent industry reputation is reliant on the trust of our customers (both clients and candidates), through the professional and effective use of personal data we process to provide our services, and the procedures that we have in place to safeguard your personal data (information relating to an identified or identifiable natural person).
 
We are committed to protecting your personal data in accordance with the Data Protection Act, and the European Union General Data Protection Regulation (GDPR).  As these are recognised as some of the most stringent data protection laws in the world, you can be rest assured that your personal data is being managed to the highest possible regulated standards.  We are committed to these standards whilst performing our services to the benefit of all our customers. 
 
This privacy policy transparently explains:
  • The nature of the personal data we process.
  • How personal data is collected.
  • How personal data is used.
  • The legal bases on which we process personal data.
  • How long we retain personal data.
  • Sharing of personal data.
  • International transfers.
  • Data security and where personal data is held.
  • Your rights.
  • Changes to this privacy notice.
  • How to contact us.
 
If you would not like us to process your personal data in accordance with this privacy policy, then we request that you do not provide it to us.  For personal data we already hold, please see the “your rights” section below.

 
The nature of the personal data we process
 
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
 
We process personal data to provide tailored services to our clients and candidates, and the data may be provided to us by you and/or collected from a lawful source.  Personal data added to our secure database may include any of the following:
  • Name, postal address, email addresses, telephone numbers and other contact details.
  • Job history, including job titles, details of roles and companies.
  • Personal and professional skills and experience. 
  • Education history and professional qualifications.
  • Remuneration details.
  • Current employment circumstances.
  • Personal motivates and preferences for a new job.
  • On occasions other “Sensitive Personal Data” (see below)
  • Other information not categorised here that you may choose to provide us either verbally and/or in writing such as on a resume, CV or professional profile.
 
As a candidate (personal seeking a new job) our only purpose in collecting your personal data is to maintain contact with you in order to provide our services, and assist both us in understand if your profile satisfies a job profile requirement for any of our client assignments (open jobs). 
 
As a client (hiring company representative) our purpose in collecting information on you is to maintain contact with you and provide our services for your hiring processes.
 
Sensitive Personal Data (“SPD”) is data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.  We respect that the processing of SPD has additional compliance obligations for us, including the need for explicit consent from you to be holding any SPD.  In the vast majority of cases we do not need any SPD to perform our services to you, and therefore we request that you do not provide us with any SPD unless absolutely necessary.  If however you freely provide us with any SPD we will delete it upon receipt if we deem that we don’t need to hold the information, or we will only hold it if you provide explicit consent to it’s processing by us. 
 
 
How personal data is collected
 
In order to provide our services, we lawfully collect personal data in the following ways;

From you freely providing us with your personal data, through verbal or written means i.e. such as from an email, a resume / CV, or job application.

From 3rd party and publicly available sources, including:
  • Social media, i.e. LinkedIn, Xing, Facebook and Twitter etc.
  • CV databases for which you will have provided your personal data.
  • Other candidates and clients.
  • Industry directories and news sites.

 
How personal data is used
 
We process your personal data in order to conduct the following activities:
  • To provide our professional services to you as a recruitment services company.
  • To perform a contract with you.
  • To maintain our business relationship with you.
  • To enable you to apply for specific jobs or contact us to help you hire. 
  • To answer your enquiries.
  • To study how our candidates and clients use our services and develop them.
  • To maintain our own accounts and records and to support and manage our employees
  • to respond to any complaint that you might make.
  • To market our services, advise you of roles, news and industry intelligence and other information you may find helpful. Where we do so, you will be able to unsubscribe from such communications.
 
 
The legal bases on which we process personal data
 
All personal data we process is for the sole purpose of providing our recruitment services to candidates and clients, and we will only use your personal data when the law allows us to.  Most commonly we will process your personal data on the lawful basis of one of the following:   
 
Legal or regulatory obligations
We are required to comply with legal or regulatory obligations relating to our business generally and the provision of our recruitment services.   For example with employment, tax, crime prevention and data protection legislation, and co-operating with regulatory authorities.   One such piece of statutory legislation is the Conduct of Employment Agencies and Employment Businesses Regulations 2003, which amongst other obligations requires us to assess your suitability for a job role and maintain records.
 
Consent
Generally we do not rely on consent as a legal basis for processing your personal data.  However at times we may process your data because you have provided your consent either verbally or in writing for us to do so for a specific purpose, for example this may be when you are asked when applying for a role you have seen advertised.  If you have provided consent you have the right to withdraw it at any time (see the “your rights” section of this policy).
 
Legitimate Interests
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.  Legitimate interest means the interest of our business in conducting and managing our business to provide our services to you, and enable us to give you the best possible recruitment service experience. We make sure we consider and balance any potential impact on you and your rights, before we process your personal data for our legitimate interests.  We do not use your personal data where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted to by legal obligations. 
 
Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
 
 
How long we retain personal data
 
We have been in business since 1999 and over this long time period we have been a recruitment partner to many candidates through multiple moves during their career, and assisted clients with multiple hires over many years. Unless we are asked at any time to delete it (right to be forgotten, see your rights), we will hold personal data only as long as necessary to provide you with our services as a candidate or client.  Personal data we have no lawful basis to process or deem is no longer required to be held, will be deleted from our data base.
 

Sharing of personal data
 
We will not share your personal data unless we are entitled to do so. 
 
As a candidate your personal data will only be shared with our clients at an appropriate stage on a role by role basis, whereby we will forward your CV and additional personal data as required for us to perform our contract with the client.  As is best industry practise, your approval to do this will be expressly sought by our team for each role we shortlist you.
 
As a client your personal data will only be shared with our candidates as required for us to perform our contract for services with you.
 
We will not share your personal data with any company outside our company for general marketing purposes, unless we obtain your prior consent.
 
In the event of a purchase or sale of our business, personal data will be transferred as part of the transaction. However, we will ensure to the best of our ability that the privacy of your personal data is maintained on an ongoing basis.
 
 
International transfers
 
We provide our recruitment services globally, and so there may be occasions when personal data needs to be transmitted outside of the European Economic Area (EEA).  For transfers to non-EEA Countries we will only transfer personal data provided we have a legal basis to do so under GDPR, and in doing so we will ensure an adequate degree of data protection is afforded to it as recognised by the European Commission i.e. the EU-U.S. Privacy Shield framework. 
 
If you are located within the EEA we will notify you in the event we need to transmit your data outside of the EEA i.e. in respect of a particular job or client company you are interested in.  You have the right to withhold your consent to such transfer. 
 
If you are located outside of the EEA, in order for us to successfully communicate and provide our services to you, you understand and accept that your personal data will be transmitted in and out of the EEA without the need for additional notifications or consent.
 
 
Data security and where data is held
 
We are committed to ensuring that all your personal data we hold is secure.  To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure all personal data we hold.
 
The online Customer Relationship Management database system we use is GDPR compliant, and the data is stored in a highly secure data facility in the United Kingdom.  The data is encrypted both “at rest” in the database and also in transit, and all of the website services to access the data are encrypted using SSL certificates.  User access is also controlled with appropriate security measures.
 

Your rights
 
You may contact us at any time to exercise any of your following rights:
  • To request a copy of the personal data we hold on you.
  • To have any inaccuracies corrected (update).
  • To place restrictions on us processing the data.
  • To request data be ported (data portability).
  • To opt-out of receiving communications from us.
  • To withdraw consent to our processing of your data.
  • To delete the data (right to be forgotten).
 
To exercise any of the above rights, write to dataprotection@excelsiorsearch.com.  
 
In response to requesting a copy of the data we hold, we will respond by email within 30 days of receiving the written request with a PDF document containing copies of the data we hold. 
 
To update your data please either register and log into our secure online candidate portal, otherwise phone or email us providing us with the correct information.
 
If you withdraw your consent to our processing of your data, please note that we may continue to retain or use your personal data only where we have a legitimate interest, contractual or legal obligation to do so.
 
For a deletion of personal data request, we will action within 2 business days and confirm deletion by email.  If you have provided us with consent as the basis to process your data, this consent may be withdrawn at anytime and we will action as a deletion of data request, subject to any legal or regulatory requirements that necessitates us holding any of your personal data.
 
Before actioning any of the above rights to amend or delete data, we reserve the right to verify your identity.
 
 
Changes to this Privacy Notice
 
This Privacy Notice may be changed by us at any time due to revised legislation or business reasons to ensure our compliance with current data protection legislation and best practices.
 
 
How to contact us
 
For further clarification on the information provided in this policy, to make a complaint about our handling of data, or to exercise your data subject rights, please contact us by emailing us at dataprotection@excelsiorsearch.com.