Privacy Statement

The Armstrong Craven Group of companies (comprising of Armstrong Craven Limited, Armstrong Craven Pte. Ltd. and Armstrong Craven Inc.) is a global insight, talent mapping and pipelining partner for scarce and senior positions.  We work with some of the world’s most influential and respected businesses, who are often undergoing transformational change, and need to identify and recruit high demand or specialised talent. In doing so, we are committed to protecting the privacy of data we collect and hold.  In this privacy statement, we outline our policies regarding the collection, use and transfer of your personal data, the security measures we employ to protect such data and the rights and choices you have with regard to access or use of such data.

Armstrong Craven is registered as a Data Controller with the ICO under company registration number 08559490 and ICO registration ZA008909. 

DATA COLLECTION

In order to provide our services, we collect a variety of personal data.  This will include information that is typically held in a curriculum vitae (CV) and will include name and contact details in addition to information such as employment history, qualifications, skills, languages and interests. It may also include, but is not limited to; age, nationality and gender, compensation details, reporting lines, team sizes, a record of our contact history with you and comments, views or references from third parties. We recommend that you do not provide information which may be deemed sensitive on your CV as we will retain any documents that you have provided in line with our retention schedule.

In addition to information provided by you in a CV format and in telephone / email conversations, we may gather information from third party sources such as LinkedIn, Google and other search engines, Company websites, press and periodicals and other publicly available sources. Selectively, if relevant to a specific assignment and subject to your explicit consent, we may process your sensitive personal data.

Armstrong Craven automatically receives and records website information on our server logs from your browser. Data collected may include dates and times of visits, pages viewed and the time spent on the site. This data is collected on an aggregate basis without any association to your personal information so that you remain anonymous.

DATA USE

Unless designated otherwise, the data we hold is processed on the lawful basis of legitimate interest.   

By submitting your personal information or CV to Armstrong Craven, you indicate your willingness to be considered, when appropriate, for any of Armstrong Craven's confidential assignments.

We use certain personal data to identify individuals that might be suitable and worth approaching for a particular role. This is necessary for our legitimate interests as a talent research company.

Summary information may be shared with a client in the context of a particular assignment (this may include name, job title, company and business contact details) or to illustrate a particular profile, within the parameters of an assignment.  No representation is made about your interest or availability for any role.  Before presenting any further details or indicating any potential interest you may have, we will contact you and obtain your consent to such processing.

Your personal information may also be used in an anonymised form, and in the aggregate in order to put together industry, marketing and employment trend analysis, reports and statistics. Used in this matter, it will not be possible to identify the data subject.

We also use aggregated information collected from the website to administer and improve our website and for security purposes.

We may share your personal information with third parties where we have retained them to provide services that you or our clients have requested, such as referencing, qualification and criminal reference checking services (as required and subject to consent), verification of the details you have provided from third party sources, psychometric evaluations or skills tests.  We may also share your personal information with third parties who perform functions on our behalf and who also provide services to us, such as professional advisors, IT consultants carrying out testing and development work on our business technology systems and function co-ordinators. These third parties are also required to comply with the obligations of the GDPR and will have similar and equally stringent undertakings of privacy and confidentiality.  We share your personal information within the Armstrong Craven Group companies for internal reasons, primarily for business and operational purposes.   

Where we have a legal obligation, we will share your personal information with third parties to comply with that legal obligation; when it has been demonstrated that an applicable law requires it; at the request of governmental authorities conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to the our website, our business or the public.

Armstrong Craven does not carry out any automated decision making.

APPLICANTS

If you have applied for a role to work at Armstrong Craven, information you provide and information that we gather through the interview and assessment process will be used to assess your suitability for opportunities with our Company. 

You may be asked to provide equal opportunities information. This is not mandatory information – and it will not affect your application if you do not provide this. This information will be anonymised and will only be used to produce and monitor equal opportunities statistics.

If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of up to two years so we can contact you should any suitable opportunities arise. 

DATA TRANSFER

We hold your data within the EU, but we may need to transfer your personal information outside of the country in which we collected or obtained it, including outside the European Economic Area or to an international organisation. Where we transfer your personal information outside the European Economic Area, the country to which it is transferred will either be subject to an adequacy decision by the European Commission, or if not (or if we transfer your personal information to an international organisation), we will ensure that the transfer takes place on the basis of one or more of the following:

  • Standard data protection clauses adopted by the European Commission or adopted by the Information Commissioner’s Office and approved by the European Commission in accordance with relevant law;
  • Where you have given explicit consent to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
  • Where the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;

SECURITY MEASURES AND RETENTION

We use reasonable efforts to ensure that data is accurate, complete, current and reliable for its intended use. We use appropriate technical and organisational measures and safeguards to help protect your personal data from unauthorised access, misuse, alteration or loss, which will include but is not limited to: Physical measures such as locking away of confidential material and IT equipment, secure offices, key card access etc., and I.T. measures such as password access to hardware and systems, our IT hosting services provider operate a robust Information Security Management System that has been repeatedly certified to ISO27001:2013 by the British Standards Institute. Our internal policies and procedures are designed to help ensure we safeguard the privacy and accuracy of all data we collect or process. To the extent that we disclose personal data to clients or third parties, we request that they properly protect the security and confidentiality of such information and otherwise process such data in accordance with applicable law.

All Armstrong Craven employees undergo training on data privacy and security and are required to comply with our internal standards in these areas.

We will generally keep your personal data for no longer than ten years, after which it will be destroyed if it is no longer required for the purpose(s) for which it was obtained.  Where we have undertaken referencing on behalf of a client, which may contain sensitive personal data, this will be deleted 12 months after the data has been presented to our client.

YOUR RIGHTS

This policy provides you with information about how we use your data. You have the right to obtain access to your personal data (including for the purpose of portability and transfer to another entity); to have it updated or corrected if it is inaccurate or incomplete; to request that we restrict its processing; to withdraw consent that has previously been provided or remove your data entirely from our system. When asked to remove a record from our database, Armstrong Craven will retain minimal information to ensure we do not contact you or collect such information again or to keep a record of any information disclosed to our clients. Whilst every effort will be made to not contact you under these circumstances, where your information is available from a third party we cannot guarantee this.

If you don’t wish us to hold any data on you or would prefer that we do not contact you for any reason, please click on the link in the email you received from Armstrong Craven informing you that we are processing your data or alternatively contact us at Mydata@armstrongcraven.com

We have appointed Data Protection Leads to oversee compliance with this policy.  If you have any questions, comments or requests please contact us at Mydata@armstrongcraven.com

You also have the right to lodge a complaint with a supervisory authority, which, for the purposes of the UK, is the Information Commissioner’s Office (ICO), the contact details of which are available on their website at https://ico.org.uk

STATEMENT UPDATES

We may occasionally update this statement and any updates we make to our privacy statement in the future will be posted on this page.  This policy was last updated on 15th May 2018.