This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe. This notice informs you of our commitment to the UK Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation 2018 (GDPR).
We know that there’s a lot of information but we want you to be fully informed about your rights.
We hope this will answer any questions you have but if not, please do get in touch with us.
By engaging us to act on your behalf, you agree to the terms of this Privacy Notice.
Who are we? Data is collected, processed and stored by K Hayter Associates Limited, and we are what is known as the “data controller” of the personal information you provide to us.
[K Hayter Associates is a Limited is a limited company. Company number 11303130.
K Hayter Associates Limited is registered with the Information Commissioner’s office under registration reference 11303130. Our certificate is available on request.
All queries regarding data protection matters should be directed by email at
talktous@khayterassociates.com Data Protection Principles Personal Data must be processed in accordance with six “Data Protection Principles” under the DPA and GDPR. It must:
- be processed fairly, lawfully and transparently
- be collected and processed only for specified, explicit and legitimate purposes
- be adequate, relevant and limited to what is necessary for the purposes for which it is processed
- be accurate and kept up to date to the best of our knowledge. Any inaccurate data will be rectified or deleted without delay
- not be kept for longer than is necessary for the purposes for which it is processed; and
- be processed securely.
We are accountable for any non-compliance with these principles. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the principles of the DPA and GDPR.
What we Need The exact information we request from you will depend on what you have asked us to do or what we are contracted to do for you. This notice is intended for clients and prospective clients only.
Under the DPA there are two types of personal data (personal information) that you may provide to us:
- Personal data: is the general information that you supply about yourself – such as your name, address, gender, date of birth and contact details;
- Sensitive personal data: is, by its nature, more sensitive and may include your racial or ethnic origin, health or criminal convictions.
In the majority of cases, personal data will be restricted to basic information and information needed to carry out the assignment you have engaged us to carry out.
However, occasionally, some of the work we do may require us to ask for more sensitive information.
Sources of Information Information about you may be obtained from a number of sources, including:
- Usually, you provide the information yourself, either directly or through a job advertisement;
- Information may be passed to us by third parties in order that we can undertake work on your behalf. Typically, these organisations can be: Job boards
Why We Need it? The primary reason for asking you to provide us with your personal data is to allow us to carry out your requests – which will ordinarily be to represent you in the business of search and selection and recruitment.
The following are some examples, although not exhaustive, of what we may use your information for:
- to communicate with you
- to respond to your instructions and enquiries
- to secure an employment contract including providing you with advice, negotiating on your behalf, acting as intermediary, any other services we provide to you;
If you use our website, your IP address is automatically registered to enable us to measure visitor frequency and for security purposes. We also may use this information to help us better understand usage of our website.
Who has Access to it? We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Generally, we will only use your information within K Hayter Associates Limited. However, we may disclose information to third parties, for example:
- Any person to whom we transfer or propose to transfer any of our rights and/or obligations under the terms of our engagement with you;
- any disclosure required by law or regulation, such as the prevention of financial crime and terrorism.
We may also pass on your information to third parties if our business interests reasonably and legitimately require, for example:
- any new business owners if K Hayter Associates is taken over or merges with another business;
- third parties engaged by us as data processors eg. IT consultants.
In these cases we disclose only the personal information that is necessary for the purpose, and we have contracts in place which ensure that they comply, strictly and confidentially, with our instructions and data protection laws and they do not use your personal information for their own purposes.
There may be some uses of personal data that may require your specific consent eg. if we wish to publicise your appointment when completed. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
How do We Protect your Personal Data? We are fully committed to ensuring your information and privacy are protected in accordance with your rights under DPA and GDPR.
We are committed to protecting the data we hold about you and ensuring it is secure, private and confidential. We have put in place robust technical, physical and managerial controls to protect the confidentiality, integrity and availability of information we hold about you.
We use computer safeguards such as firewalls and we enforce, where possible, physical access controls to our offices and files to keep data safe.
We will not transfer any of your information outside the European Economic Area without ensuring the information is given an adequate level of protection under the DPA and GDPR.
We cannot guarantee the privacy of personal information you transmit over the web or that may be collectable in transit by others, including contractors who provide services to us.
How Long will we Keep Your Data for? Your personal information will be retained only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:
- As long as necessary to carry out your work;
- For a minimum of 6 years from the commencement of your new role; in the event that you, or we, need to re-open your case for the purpose of defending complaints against us;
- As long as necessary to fulfil our business record retention requirements.
We treat this information as private and confidential and will protect it in accordance with this privacy notice for as long as we retain it.
What are your Rights? You have the right to:
- Request a copy of the personal information we hold about you. We require you to provide your identity with two pieces of approved identification. Please address requests to talktous@khayterassociates.com, and we will respond within one month of your request and confirmed ID. This request is free of charge unless the request is manifestly unfounded or excessive;
- Have any inaccuracies in your data corrected. If you would like to update the details we hold about you, please contact talktous@khayterassociates.com
- Request that we delete your personal data so that it is erased from our records where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw any consent on which our processing is based, or if you feel we are unlawfully processing your data. Please note that we may be entitled to retain your data despite your request in accordance with the paragraph above headed “How long will we keep your data for”;
- Have the data we hold about you transferred to another organisation;
- Object to certain types of processing such as direct marketing;
- Object to automated processing including profiling.
Complaints about the use of Personal Data If you wish to make a complaint about how we have handled your personal data, you can contact
talktous@khayterassociates.com, who will investigate further.
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Marketing Data If you choose not to consent to marketing when a request is made, this will have no effect on accessing our services.
Our website uses cookies which allow a server to uniquely identify each browser on each page. This information will never be used for marketing purposes. For further information on cookies, please consult our website privacy notice available from our website.
How We Collect Personal Data We collect and hold information about you in order to provide our services to you. The following are examples, although not exhaustive, of how we collect your personal information:
- From you directly, for example, when you communicate with us by post, email, telephone or other electronic means
- From your responding to a job advertisement
- Through social media
Changes to this Privacy Notice We may update this Privacy Notice from time to time, and we will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address you have provided to us or by placing a prominent notice on our website.
How to Contact Us If you want to request information about our privacy policy, you can email us at
talktous@khayterassociates.com or write to us at K Hayter Associates Ltd, Innovation Centre, 1 Devon Way, Longbridge Technology Park, Birmingham B31 2TS
This Privacy Notice was last updated May 2018.
