GDPR

Data items to be shared - Applicable Personal Data

As applicable and without limitation: 

  • Names
  • Addresses
  • Dates of birth
  • Telephone numbers
  • Emails 
  • Job titles 
  • Work (and/or education) history
  • Professional memberships and qualifications 
  • Historic pay details 
  • Right to work documentation (visas/passports)
  • Criminal records
  • Credit records 
  • Identification documents (driving licence, passports, identity cards) 
  • National Isurance Number 
  • Pension Contributions 
  • Other information required in connection with pre-emplyment screening 

 

Description of Data Sharing Initiative 

The Robert Walters Group ("RW) processes candidate data both before a client engages us on a particular recruitment project and also in response to a specific search. The purpose of the data processing is to identify suitable candidates that best meet your requirements and to share that data with the Client as part of our recruitment services. 

 

Purpose of the Data Sharing Initiative 

To assist the client to achieve its recruitment requirements. 

 

Organisations involved in the data sharing 

  • RW 
  • Client 

 

Lawful basis for sharing by supplier 

Legitimate interest. 

 

Permitted Processing of Applicable Personal Data 

To build candidate profiles and to assist in the sourcing and placement of candidates sourced by RW. 

 

Lawful basis forProcessing Applicable Personal Data by Client 

Performance of a contract between the Robert Walters Group and Client. 

 

Telling Data Subjects about the Data Sharing Initiative 

Both Parties. 

 

Information to be provided to Data Subjects 

All information required to comply with A14 of the GDPR. 

 

Maintaining the quality of the Personal Data 

Include facilities to: 

prevent irrelevant and excessive amounts of data being shared:

ensure that the data being shared is accurate: and 

compatible datasets are used and the data is recorded in the same way.

 

Method of transmission of Personal Data from Supplier to Client

  • Email 
  • Telephone
  • Client portals 

 

Method and location of storage and access of Personal Data by Client 

Within the EEA only, unless RW have provided their prior written consent. 

 

Security of Personal Data applied to transmission and storage

Industry leading security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data and implement industry leading technical and organisational measures, to ensure a level of security appropriate to the risk of harm that might result from, unauthorised or unlawful processing, accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to personal data taking into account:


• the nature, scope, context and purposes of the Processing of the personal data to be protected,
• the state of the art in technological developments in information security; and
• the cost of implementing any measures; and


shall include, as a minimum, pseudonymising and encrypting the Personal Data, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to the Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it.



Retention of Personal Data by Client 

As determined by the Client from time to time. 

 

Data Subject Rights (DRM)

As determined by the parties from time to time in accordance with data protection legislation. 

 

Personal data breaches 

Notification without undue delay upon becoming aware of personal data breaches concerning the personal data shared between the Data Controllers. 

 

Assistance between Data Controllers 

Each of the Data Controllers shall provide reasonable assistance to each other to enable them to facilitate Data Subjects exercising their rights under the Data Protection Legislation. 

 

Monitoring compliance 

Monitoring compliance is the obligation of the party storing and using Personal Data. 

 

Reviewing ongoing effectiveness of Data Sharing Initiative

Periodically as instiagted by RW

 

Procedure for terminating Data Sharing Initiative 

As per the termination provision in the contract that the Parties are subject to. 

 

Points of contact 

Each party shall appoint the following single point of contact who will monitor the correct operation of this Agreement and will work together to remediate any issues arising under it: 

Robert Walters: gdpr@robertwalters.com

Client: