Go Back

Privacy Policy

v3.0

This Privacy Notice sets out the basis on which ECMS (Managed Solutions) Limited and ECMS HK Limited will process personal information provided to us, this information is also referred to as ‘personal data’. ECMS (Managed Solutions) Limited and ECMS HK Limited are referred to throughout as “we”, “us”, “our” and “ours”.

We take our obligations in respect of the privacy of personal data very seriously, and we will only process personal information as detailed in this notice, unless we inform you otherwise. In order to ensure that the personal data we hold is accurate and up to date, we request that you inform us of any relevant changes to the personal information we hold about you.

Our core business activity is consulting services. For the purposes of this Privacy Notice, our commercial activities and services for individuals and businesses are referred to as ‘Consulting Services’, and our customers are referred to as ‘Clients’.

The person responsible for data protection matters within our group organisation is Lauren Seal, Partner & Director - Group Operations and can be contacted via email: dataprotection@eames-group.com.

If you do not wish us to process personal data in accordance with this policy, then please do not provide it to us. Please refer to Section 4, ’Your Rights‘, in respect of data that we already hold, or which we receive from third parties.

Section 1: This section applies to individuals wishing to use or already using our Consulting Services and/or working with us as a Consultant:

The personal data we collect or receive includes the following as applicable:

  • Name

  • Address

  • Email and other contact details

  • Date of birth

  • Pre-Employment Data including; Job history, Educational history, qualifications & skills, legal right to work documentation which may include Passport, Visa and other right to work or identifying information

  • Bank details

  • National insurance and tax (payroll) information

  • Next of kin and family details

  • Contact details of referees

  • Personal information relating to hobbies, interests and pastimes

  • Information contained in references and pre-employment checks from third parties

  • Other sensitive personal information such as health records (see ‘Sensitive Personal Data’ section below)

  • Your marketing preferences

We may obtain your personal data from the following sources (please note that this list is not exhaustive):

  • You (e.g. a Curriculum Vitae, or job application)

  • A client

  • Other Consultants

  • Online job sites

  • Marketing databases

  • The public domain

  • Social Media

  • At interview

  • Conversations on the telephone or video conferencing (which may be recorded)

  • Notes following a conversation or meeting

  • Our websites and software applications

  • References or referrals

Where you are an actual or potential Consultant and we have obtained your personal data from a third party such as an online job board, it is our policy to advise you of the source when we first communicate with you.

How we will use your personal data:

The processing of your personal information may include:

  • Collecting and storing your personal data, whether in manual or electronic files

  • Notifying you of potential opportunities

  • Assessing and reviewing your suitability for Consulting Services

  • Introducing and/or supplying you to actual or potential Clients

  • Engaging you for a role with us or with our Clients, including any related administration

  • Collating market or sector specific information and providing the same to our Clients

  • Sending information to third parties with whom we have or intend to enter into arrangements which are related to our Consulting Services

  • Providing information to regulatory authorities or statutory bodies where relevant, and our legal or other professional advisers including insurers

  • To market our Consulting Services

  • Retaining a record of our dealings

  • Establishing quality, training and compliance with our obligations and best practice

  • For the purposes of backing up information on our computer systems

Section 2: This section applies where you are an individual working for a third party, including a Client, with whom we have dealings

We may collect your personal data in the course of our dealings and this may include the following:

  • Your contact information, which may include your full name, job role, contact telephone number and email

  • Your statements and opinions about Consultants and/or other personnel e.g. a reference

  • Information relating to our relationship with you or the party for whom you work including records of any meetings or discussions

  • Your marketing preferences

We may obtain your personal data from the following sources (please note that this list is not exhaustive):

  • You, including where you have provided us with your contact details or other information for the purposes of using our Consulting Services

  • Staff or other representatives of an organisation you represent

  • Consultants

  • Marketing databases

  • Social media

  • The public domain

  • Conversations, with you or others, on the telephone or video conferencing (which may be recorded subject to you providing consent for us to do this) or in meetings

  • Notes following a conversation, with you or others, or meetings you attend

How we will use your personal data:

We will process your personal data in the context of our dealings with the third party for whom you work and as part of our Consulting Services. Processing may include:

  • Collecting and storing your personal data, whether in manual or electronic files

  • Using the data to communicate with you

  • Sending information to third parties with whom we have or intend to enter into arrangements which are related to our Consulting Services and relate to you or the organisation within which you work

  • Actions necessary to further any obligation on us pursuant to a contract between ourselves and the third party you work for

  • Collating market or sector-specific information

  • Providing information to regulatory authorities or statutory bodies and our legal or other professional advisers, including insurers

  • Retaining records of our dealings with you and the organisation whom you represent

  • Establishing quality, training and compliance with our obligations and best practice

  • For the purposes of backing up information on our computer systems

Section 3: This section applies to all personal data

Why we process your personal data:

1. Entering into and performing a contract with you:

In order to provide our Consulting Services we may enter into a contract with you and/or a third party. In order to enter into a contract we will need certain information, for example your name and address. A contract will also contain obligations on both your part and our part, and we shall process your data as is necessary for the purpose of those obligations. For example, in order to process payroll, a national insurance number and bank details will be required.

2. Compliance with legal obligations (regulatory and statutory obligations):

We must comply with a number of statutory provisions when providing our Consulting Services, which necessitate the processing of personal data.

We are also equired to comply with statutory and regulatory obligations relating to business generally, for example complying with tax, bribery, fraud/crime prevention and data protection legislation, and co-operating with regulatory authorities such as HMRC or the Information Commissioner’s Office. Where we engage a person to work for us, there are other statutory obligations that must be complied with including verifying legal right to work, payroll, social security, HMRC reporting requirements, and any other applicable law or regulation.

3. Our legitimate interests (carrying on the commercial activity of Consulting Services):

In providing our Consulting Services, we will carry out some processing of personal data which is necessary for the purpose of our legitimate interests, which include:

  • Retaining records of our dealings and transactions and, where applicable, use such records for the purposes of:

    • establishing compliance with our contractual obligations

    • addressing any query or dispute that may arise, including establishing, exercising or defending any legal claims and protecting our reputation

    • maintaining a back up of our system, solely for the purpose of being able to restore the system to a particular point in the event of a system failure or security breach

    • evaluating quality and compliance, including compliance with this Privacy Notice

    • determining staff training and system requirements

  • Using your personal data to:

    • assess suitability and contact you regarding potential opportunities and/or our services

    • collate market information or trends, including providing analysis to potential or actual Clients

    • source potential opportunities or roles as part of our Consulting Services

    • personalise your experience and our offering, whether via our website or otherwise

    • provide our Consulting Services and/or to meet our obligations towards either the party you represent or to other Clients or suppliers

    • For our commercial viability and to pursue these legitimate interests, we may continue to process your personal data for as long as we consider reasonably appropriate for these purposes.

4. Consent to our processing of your data:

We may process your personal data on the basis that you have consented to us doing so for a specific purpose, for example, if you have provided your contact details or personal information in order that we may use these to provide you with details of our services, you may have consented to our processing of the data for that purpose. In other cases you may have provided your written or verbal consent to the use of your data for a specific reason.
You may withdraw your consent to our processing of your personal information for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations. Withdrawal of consent will not have any effect on the lawfulness of any processing based on consent before its withdrawal.

What if we obtain your personal data from a third party?

Part of our business activity involves researching information relating to individuals for the purposes of carrying out our Consulting Services. This may include obtaining personal data from online sources, for example, we may obtain information from social media sites such as LinkedIn and job boards, some information being publicly available but others being from sites or providers to which we subscribe. From time to time we may also receive personal information about you from other organisations, actual or potential Clients, colleagues and former employers, or from persons for whom you have provided services or been otherwise engaged.

Where information from third party sources is of no use to us, or where you have notified us that you do not want us to provide you with services, we shall discard it, however we may maintain a limited record in order to avoid the duplication of process. Where we consider that information may be of use to us in pursuance of the provision of our Consulting Services, any processing will be in accordance with this Privacy Notice. You do have the right to object to processing, please see Section 4 ‘Your rights’.

Sensitive Personal Data (SPD)
Sensitive personal data is information which is intensely personal to you and is usually irrelevant to our consideration of your suitability for a role. Examples of SPD include information which reveals your political, religious or philosophical beliefs, sexual orientation, race or ethnic origin, or information relating to your health.

Regardless of the basis for your dealings with us, we request that you do not provide us with any sensitive personal data unless absolutely necessary. However, to the extent that you do provide us with any sensitive personal data, such as data which you choose to share with us in conversation, we shall only use that data for the purposes of our relationship with you or for the provision of our Consulting Services. This will be for one or more of the following reasons:

  • You have explicitly consented to the processing

  • For the purpose of our assessment of your suitability for providing Consulting Services

  • Where processing is necessary for the purpose of obligations or rights under employment, social security or social protection law

  • To maintain records of our dealings to address any later dispute, including but not limited to the establishment, exercise or defense of any legal claims

Who we share personal data with:

We shall not share your personal information unless we are entitled to do so. The categories of persons with whom we may share your personal information include:

  • Individuals, hirers and other third parties necessary for the provision of our Consulting Services

  • Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us

  • Parties who process data on our behalf, which may include

    • IT support

    • Storage service providers, including cloud

    • Background screening providers

    • Legal and professional advisers

    • Insurers

Automated decisions

We may use software to review the personal data of individuals recorded on our database, or who have applied for specific project requirement. The software may determine suitability for a specific role or project via targeted questions relating to the role, and/or may identify and select individual personal information according to the stored characteristics. For example, the software may enable us to quickly identify individuals from our database who have specific skills, and exclude individuals whose characteristics do not match particular requirements.

Where we use software to assist us with our assessment of your suitability for a project and you consider that any such assessment has been made wrongly or incorrectly, you may ask for an explanation.

Transfer of data to other jurisdictions

In the course of the provision of our Consulting Services we may transfer data to countries or international organisations outside of the EEA. This may, for example, be to Clients or Consultants, to other Group Companies, or third parties who provide support services to us. Where information is to be so transferred, it may be to a country in respect of which there is an adequacy decision from the EU Commission. However, if this is not the case, it is our policy to take steps to identify risks and in so far as is reasonably practicable; ensure that appropriate safeguards are in place. Details relating to specific countries or organisations are available on request from Lauren Seal, Partner & Director - Group Operations: dataprotection@eames-group.com.

If you do not wish to provide us with necessary data

There may be circumstances where we require you to provide data which is necessary in order for us to meet statutory or contractual obligations, or perform our Consulting Services. If you do not wish to provide us with information we request then please notify us. However, please be aware that as a result we may be unable to provide you or the party who you represent with a Consulting Service and in some cases may result in a breach of the contract we have with you.

Group companies & transfer

Although this Privacy Notice applies to us your data may be accessible to, and shared with other organisations within our group including Eames Consulting Group Limited, Eames Consulting Group Holdings Limited, Eames Consulting Group Suisse AG, Eames Group Inc, Eames Consulting Group (Hong Kong) Limited, Eames Consulting Group (Singapore) Pte Limited and Eames Partnership Limited for any of the purposes set out within this Privacy Notice, or where we have shared administration systems and staff.

In the event of a sale, merger, liquidation, receivership or the transfer of all or part of our assets to a third party, we may need to transfer your information to a third party. Any transfer will be subject to the agreement of the third party to this Privacy Notice and any processing being only in accordance with this Privacy Notice.

Data Security and Confidentiality

It is our policy to ensure, in so far as is reasonably practicable, that our systems and records are secure and not accessible to unauthorised third parties in line with contemporary practice.

Cookies

A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website, which enables the website to tailor its offerings to your preferences when you visit it.

We use cookies to store some jobs for users before the register on the website, to track and record the unique actions of each user on the website, to keep the user logged in if they leave the website and return and to track the users session on the website for Analytics. Full details of how we use cookies are available on our website.

Retaining your data

In most circumstances, your data will not be retained for more than 6 years from the last point at which we provided any services or otherwise engaged with you and it is our policy to only store your personal data for as long as is reasonably necessary for us to comply with our legal obligations and for our legitimate business interests. However, we may retain data for longer than a 6 year period where we have a legal or contractual obligation to do so, or we form the view that there is otherwise a continued basis to do so, for example, where your personal information identifies specialist skill sets which may remain in demand, or we are subject to a legal obligation which applies for a longer period. Where we have secured a a project engagement or Consulting Services, your data will be retained for a maximum period of 10 years from the last point at which we provided any services or otherwise engaged with you.

If however, you believe that we should delete your personal data at an earlier date, please inform us in writing of your reasons. Please see Section 4, ‘Your Rights’ below.

Changes to this Privacy Notice

This Privacy Notice is regularly reviewed and may be updated from time to time to reflect changes in our business, or legal or commercial practice. Where an update is relevant to our processing of your data, we shall notify you of the same.

Section 4: Your rights

We take the protection of your personal data very seriously and it is important that you know your rights within that context, which include rights to:

  • Request a copy of the personal data that we hold

  • Object to our processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data

  • Request that we restrict processing of your data in certain circumstances

  • Request that data is erased where the continued use of that data cannot be justified

  • Object to any decision, which significantly affects you, being taken solely by a computer or via another automated process

  • Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations

  • Request that inaccurate or incomplete data is rectified

  • Request that data provided directly by you and processed by automated means is transferred to you or another controller; this right only being applicable where our processing of your data is based either on your consent or in performance of a contract

  • Make a complaint to the Information Commissioner’s Office

  • Request that direct marketing by us to you is stopped

Please note that should you exercise your right to request that we erase data or cease any processing activity, we may retain a record of this request and the action taken in order to both evidence our compliance, and to take steps to minimise the prospect of any data being processed in the future should it be received again from a third party source.

If you have any questions concerning your rights or should you wish to exercise any of these rights, please contact Lauren Seal, Partner & Director - Group Operations on: dataprotection@eames-group.com.

Complaints

If you are dissatisfied about any aspect of the way in which your data is processed, you may, in the first instance refer the matter to Lauren Seal, Partner & Director - Group Operations. This does not affect your right to make a complaint to the Information Commissioner’s Office.