ES Leaders Privacy Policy
What does this policy cover?
ES Leaders is committed to protecting the privacy of those with whom it interacts. We recognise the need to respect and protect information that is disclosed to us, called Personal Information or Personal Data.
This Privacy Policy explains how we use the personal data of our clients and candidates, both current and prospective. Therefore, this policy is addressed to individuals outside our organisation with whom we interact, including, but not limited to, Candidates, Talent, Clients, Suppliers and Contractors, Website Visitors, Sources/Referees, and Individuals who contact us with general queries (together referred to as “You”). For the purposes of this policy, ES Leaders is the Data Controller.
This policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data or changes in applicable law. We encourage you to read this policy carefully and to regularly check this page to review any changes we might make in accordance with the terms of this policy.
Who are we?
We are Executive Search Leaders Ltd, operating under the trade name ES Leaders (hereafter referred to as “Executive Search Leaders Ltd”, “ES Leaders”, “we” or “us”). We provide executive search services to clients looking to source new talent for their businesses. We also provide other services, including talent mapping; mergers, acquisitions, and team lift-outs; strategic counsel on compensation variables; and advisory services on strategy, change, growth, leadership assessment and operational improvement.
ES Leaders is a registered fee payer with the Information Commissioner’s Office (registration number ZA361241). Our Managing Partner is responsible for overseeing any questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our Managing Partner, Nick Workman, using the following details:
Nick Workman, Managing Partner
Executive Search Leaders
1 Lonsdale Gardens
Lonsdale Road
Tunbridge Wells
Kent
TN1 1NU
United Kingdom
Email: nick@esleaders.com
Tel: +44 (0)7967 635 587
What personal data do we collect?
For the purposes of this Privacy Policy, “Personal Data” consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Information, we treat the combined information as Personal Data.
We may collect, use, store and transfer different kinds of Personal Data about you, which we have grouped together as follows:
- Identity and Contact Data: includes first name, last name and title, address, email address, telephone number.
- Candidate Data: includes CV, professional experience, academic and professional qualifications, reference information, employment history, PA details, interview notes, expenses, psychometric test information, work permit information and identification information.
- Talent Data: includes employer, current role and other professional details.
- Financial Data: includes bank account details.
- Services Data: includes information about how you use our services, details of which services you have received from us, our correspondence and communications with you and information about any complaints or enquiries you make to us.
- Marketing and Communications Data: includes your preferences in receiving marketing communications from us and your communication preferences.
Why do we collect personal data?
The table below explains who we collect personal data about, what that personal data is, and the purpose we process it for.
The last column sets out the lawful basis we rely on for processing that personal data, which is a requirement of data protection rules. Essentially, companies may only process personal data if they can identify a lawful basis from a list set out in the legislation.
We will only use your Personal Information when the law allows us to do so.
Generally, we do not rely on consent as a legal basis for processing your Personal Information, although we will get your explicit consent to process any Special Categories of Data.
Please be aware that we are not responsible for the data processing activities of others, such as our Clients.
| Candidates | ||
|---|---|---|
| Personal Data | Source and Purpose | Lawful Basis for Processing |
| Identity and Contact Data Candidate Data Talent Data Financial Data Services Data Marketing Data We rarely process Special Category information such as racial, disability, trade union or health information where you have made this available to us. In the event that any Special Categories of personal data are processed, a separate Consent form is issued to and completed by the Candidate. |
Source: We mainly collect this information directly from you during the discovery, recruitment, engagement, and onboarding stages. Sometimes we collect information from third parties such as your employer, from a third-party recommendation, a person giving a reference, a PA, or a law enforcement agency. We do collect information from some publicly available sources to find information about candidates, specifically LinkedIn and company websites. Purpose: To seek to provide candidates with real career opportunities. To engage with candidates to understand their skills, achievements, aspirations and requirements. To seek to inform candidates about potential career opportunities, arrange interviews, feedback, negotiate and secure job offers for them. To build a business relationship with candidates in order to identify and understand what services the candidate might need. To provide information to clients on these skills, achievements, aspirations and requirements of such candidates, in order to fulfil our client contractual obligations. |
Data Processing is carried out on the lawful basis of Legitimate Interest. The processing is necessary for our legitimate interests of identifying potential candidates and assessing their suitability for potential roles. Other reasons include: Building of mutually beneficial business relationships. Fulfilling our contractual obligations to our clients. Taking necessary steps at a Candidate’s request before they enter into an employment contract with a Client. |
| Talent | ||
| Personal Data | Source and Purpose | Lawful Basis for Processing |
| Identity and Contact Data Talent Data We do not process any Special Categories of personal data at this stage. |
Source: We collect information from some publicly available sources to find information about candidates – specifically LinkedIn and company websites. Purpose: To survey the market for prospective candidates or persons who may be interested in specific career opportunities. To initiate and build a business relationship with prospective candidates in order to identify and understand what services the prospective candidate might need and, if appropriate, add them to a Talent Map. To identify if the skills, experience and talent, which are sought by ESL’s clients, are actually available in the geographic/intellectual spaces required by those clients. |
Data Processing is carried out on the lawful basis of Legitimate Interest. The processing is necessary for our legitimate interests in understanding the talent in the marketplace, creating employment opportunities for new talent, and fulfilling contractual obligations to our clients. |
| Clients | ||
| Personal Data | Source and Purpose | Lawful Basis for Processing |
| Identity and Contact Data Financial Data Services Data We do not process any Special Categories of personal data at this stage. |
Source: This information is given to us by you or from publicly available information (for example on, LinkedIn, on your website or Companies House). Purpose: To fulfil contracts. To conduct a business relationship whereby ESL can provide executive search services, including talent mapping; mergers, acquisitions, and team lift-outs; strategic counsel on compensation variables; and advisory services on strategy, change, growth, leadership assessment and operational improvement. |
Performance of a contract with you (if the services are provided to you directly) Data Processing is carried out on the lawful basis of Legitimate Interest. The processing is necessary for our legitimate interests in cultivating mutually beneficial business relationships. |
| Suppliers and Contractors | ||
| Personal Data | Source and Purpose | Lawful Basis for Processing |
| Identity and Contact Data Financial Data We do not process any Special Categories of personal data at this stage. |
Source: This information is given to us by you or from publicly available information (for example, on your website). Purpose: It is used for us to fulfil contracts and engage in business discussions. To carry out our contractual obligations to you, if you are our supplier or subcontractor, including to manage our payments to you. |
Data Processing is carried out on the lawful basis of Legitimate Interest. The processing is necessary for our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example, certain contact details. |
| Visitors to our Website | ||
| Personal Data | Source and Purpose | Lawful Basis for Processing |
| None. Our public website does not collect cookies. It is merely a brochure for us to communicate ourselves and our business to you. | None | Not applicable |
| Sources and Referees | ||
| Personal Data | Source and Purpose | Lawful Basis for Processing |
| Identity and Contact Data Candidate Data We do not process any Special Categories of personal data at this stage. |
Source: Reference contact details may be given to us by candidates as part of a recruitment process. Other personal data about referees is given to us by you directly. Purpose: It is used to give the client the optimum knowledge in order for them to make sensible hiring decisions |
Data Processing is carried out on the lawful basis of Legitimate Interest. Our legitimate interests as a business in ensuring our services are professionally and successfully provided to our Clients |
| All Categories | ||
| Personal Data | Source and Purpose | Lawful Basis for Processing |
| Contact and Identity Data Services Data Marketing Communications Data We do not process any Special Categories of personal data at this stage |
Source: This information is given to us by you. Purpose: It is used for business monitoring, improving our services, and record keeping, including maintaining our accounts, complying with good practice and for other administrative, operational and security reasons. |
Data Processing is carried out on the lawful basis of Legitimate Interest or to comply with a legal obligation. Necessary for our legitimate interests in running our business efficiently and successfully and in order to keep our records updated. |
| Individuals who contact us with general queries | ||
| Personal Data | Source and Purpose | Lawful Basis for Processing |
| Contact and Identity Data We do not process any Special Categories of personal data at this stage |
Source: This information is given to us by you. Purpose: It is used to respond to the query and keep a record of it. |
Data Processing is carried out on the lawful basis of Legitimate Interest. Our legitimate interests as a business in responding to and keeping a record of correspondence. |
Where we have indicated in the table above that we rely on legitimate interests for the processing of personal data, we carry out a ‘balancing’ test to ensure that our processing is necessary and that our legitimate interests do not outweigh your fundamental right to privacy, before we go ahead with such processing. We keep a record of these balancing tests. You have a right to and can find out more about the information in these balancing tests by contacting us using the details above.
How long do we keep your personal data?
We keep your information only for as long as is necessary for the relevant purpose. We use a number of criteria to determine the retention period, including obligations under law, our need to defend or bring contractual claims within the statutory limitation period and consideration of the original purpose we collected it for.
Who do we share your personal data with?
Data may be shared in the following circumstances:
- With a Client:
- We share personal data with clients who have a position to fill, in order to determine with the client whether you are a good fit for an available position. We work with a selection of the best Executive Search firms and Business Consultancies globally. To date we have completed Partner level searches in 37 countries and have successfully advised on corporate mergers in the US, Australia and more recently Japan, Mexico, China, Hong Kong and Singapore.
- If you are a Candidate: We do not disclose a Candidate’s personal data to a Client without asking for the Candidate’s permission first
- If you are Talent, as represented on a Map: We use only a minimal amount of publicly sourced information on Talent Maps forwarded to clients via secure, encrypted portals
- With a Candidate:
- We share Client personal data with Candidates who may be a good fit for a position a Client is seeking to fill, in order to determine with the Candidate whether the Client and their job/business opportunity is a good match with the skills, experience and aspirations of the Candidate.
- With IT and Administration Service Providers
- We use third-party service providers to help us administer certain activities and services on our behalf, such as IT and cloud services. We may share Personal Information about you with such third-party service providers solely to enable them to perform services on our behalf and they will operate only in accordance with our instructions. Here are examples of third-party service providers we use: Microsoft, Sharepoint, Maximiser, Knack.
- Third parties when required by law
- We will disclose your Personal Information to comply with applicable law or respond to valid legal process, including from our regulators, law enforcement or other government agencies (in which case such agencies or regulators will be acting as controllers as well); to protect the users of the website (e.g. to prevent spam or attempts to defraud them); to operate and maintain the security of the website (e.g. to prevent or stop an attack on our systems or networks); or to protect our rights or property.
- With professional advisors;
- In the event of a sale of the company or its assets;
- With suppliers but only subject to robust contractual protections;
What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the necessary personal data, we may not be able to respond to your query or consider your application or request, or to provide the relevant services to you. If you ask that we stop processing your information, we will comply with your rights, which are detailed below.
Do we make automated decisions concerning you?
We do not carry out this type of processing activity.
Do we transfer your data outside the UK and Europe?
We may sometimes transfer your personal data to countries outside the UK and European Economic Area, for example, if we are working with a client based elsewhere. You can find the list of European member states by clicking on the following link: https://europa.eu/european-union/about-eu/countries/member-countries_en. The privacy laws in countries outside the European Economic Area and the UK may be different from those in your home country.
Where we transfer your Personal Information outside the EEA to third parties, we will ensure that appropriate transfer agreements and mechanisms, such as the EU Standard Contractual Clauses, are in place to help ensure that our third-party service providers provide an adequate level of protection to your Personal Information. We will only transfer your Personal Information outside the EEA in accordance with applicable laws or where you have given us your consent to do so.
Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we always have security measures and approved European model clauses or other adequate safeguards in place to protect your personal data. Please contact us if you would like more details about our safeguards for data transfers.
How do we keep your personal data secure?
We have put in place appropriate physical and technical measures to safeguard your Personal Information. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions, and they are subject to a duty of confidentiality. When we use service providers to assist us in processing your Personal Information, we have written contracts in place with such service provider which means that they cannot do anything with your Personal Information unless we have instructed them to do it.
However, please note that although we take appropriate steps to protect your Personal Information, no website or transmission of data, computer system or wireless connection is completely secure and therefore, we cannot guarantee the security of your Personal Information.
- Purpose Limitation: We only ever use the personal data collected for this processing in line with what is communicated to the individual and set out in our Privacy Policy.
- Data minimisation: We only ever collect for processing, information we need to identify the individual as and whatever relevant information the individual discloses.
- Accuracy: We inform individuals through our Privacy Policy of their rights (including the right for their data to be updated where inaccurate or incomplete) and have processes in place to update information where we receive such accuracy requests or become aware of changes ourselves (for example a new job title or position). Our privacy policy contains details of how we can be contacted.
- Data retention: We have a firm data retention policy and ensure that we do not keep any information for longer than we need to for the purposes of processing. We are also strict in effecting requests of individuals to have their information deleted. See below for more details.
- Accountability and Record-Keeping: Our GDPR Handbook, together with the templates and policies linked from it, set out how we comply with data protection law as it relates to this processing and our records of processing details the data we process comprehensively
- Security: We have adequate organisational and technical security measures in place including access controls, encryption, anonymisation, etc., for the protection of any personal data collected. These controls are set out in our records of processing and our GDPR handbook.
- Privacy by Design and Default: As an organisation we already limit the types of personal data we need. This is reflected in our Record of Processing. We also ensure that all staff are trained on personal data protection issues and responsibilities in order to pick up and embed privacy by default and design within the mindset of the business.
What rights do you have in relation to the data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country. In the UK, this is the Information Commissioner.
We usually act on requests and provide information free of charge but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request in some circumstances.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
| Rights | What does this mean? |
|---|---|
| 1. The right to be informed | You have the right to be provided with clear, transparent, and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy. If you have any additional questions, for example regarding transfers and locations of data, or our legitimate interest basis, do please get in touch. |
| 2. The right of access | You have the right to obtain access to your information (if we are processing it) and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law. |
| 3. The right to rectification | You are entitled to have your information corrected if it’s inaccurate or incomplete. |
| 4. The right to erasure | This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, and there are exceptions. |
| 5. The right to restrict processing | You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to ensure the restriction is respected in future. |
| 6. The right to data portability | You have the right to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature but if you have any questions, you can contact us. |
| 7. The right to object to processing | You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on our legitimate interests for processing. |
| 8. The right to lodge a complaint | You have the right to lodge a complaint with your national data protection regulator about how we handle or process your personal data. |
| 9. The right to withdraw consent | If you have given consent, which we ask for in some circumstances, for us to process your personal data, you have the right to withdraw that consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes. |
Date last updated: December 2021
Definitions
‘Candidate’ means a Candidate, or potential Candidate, for a position with a Client.
‘Client’ means a Client of ES Leaders, or any other member of ES Leaders.
‘Controller’ means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
‘Data Protection Authority’ means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
‘Leadership Assessment’ means any Leadership Assessment service (including, but not limited to, any management audit, leadership consulting service, coaching, team development, team effectiveness analysis, or succession planning) provided by the Controller to the Client for the purposes of assessing the leadership potential of its own Personnel or other individuals selected by the Client.
‘Participant’ means any individual participating in a Leadership Assessment.
‘Personal Data’ means information about any individual or from which any individual is identifiable. Examples of Personal Data that we may Process are provided above.
‘Process’, ‘Processing’ or ‘Processed’ means anything that is done with any Personal Data, whether or not by automated means, such as collection; recording; organisation; structuring; storage; adaptation or alteration; retrieval; consultation; use; disclosure by transmission or dissemination, or otherwise making available; alignment or merging; restriction; erasure; or destruction.
‘Processor’ means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
‘Special Category Personal Data’ means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.
‘Source’ means any person that provides any view or opinion regarding the qualities of any Candidate or Participant, for any purpose, including but not limited to the suitability of a Candidate or Participant for a particular role.