N S Lemos & Co Ltd (“NSL”) respects your privacy and has developed this Policy to ensure that it complies fully with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (the "General Data Protection Regulation" or "GDPR").
IMPORTANT INFORMATION AND WHO WE ARE
Purpose of this Privacy Notice
This privacy notice aims to give you information on how NSL (“we”, “us”) collect and process your personal data, whether through this website or through our respective exchanges with you.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Controller and Processor
NSL is the data controller and responsible for your personal data. We have appointed Doxa Partners LLP (“DP”) as the data processor. DP operate the website on which this Policy and the recruitment test appears.
As data processor, DP will collect your personal data through this website, and will pass that personal data to NSL either in individualised and/or aggregate form. DP and NSL may also collect personal data from you by other means, which are detailed below.
Data Privacy Manager
NSL has appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice.
Full name of legal entity: N S Lemos & Co Ltd
Email address: email@example.com
Postal address: 35 Grosvenor Street, London W1K 4QX
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the relevant data privacy manager using the details set out above.
THE DATA COLLECTED
Personal data or personal information means any information about an individual from which that person can be identified (all the foregoing is referred to in this policy as “personal data” or “data”). It does not include data where the identity has been removed (anonymous data).
In this case, each of DP and NSL may collect the following “personal data”:
Identity and Contact Data includes name, email address, phone number, and gender.
Employment data: includes any information you provide from your CV and from website forms regarding your employment history, qualifications, past salary and right to work status.
Test data: if you take an online test, the answers you provided to this test.
Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Interview data: notes from interviews with you, including recordings of calls taken with your consent for purposes in connection with your application.
Your personal data may also be aggregated with the personal data of other people, so as to create (for example) statistical or demographic data “Aggregated Data”. Aggregate Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect personal data from and about you.
DP will collect personal data through this website by means of applications and interactions, and by means of other forms of interaction (including without limitation by email, post, telephone, voice or video services).
NSL will receive and/or collect personal data through:
DP passing to it the personal data collected by DP as referenced above.
Email, telephone (including recording through voice and video services) and postal correspondence
Meetings in person, including interviews
Third parties such as recruiters where you have given consent for your data to be shared.
HOW WILL YOUR PERSONAL DATA BE USED?
DP will only use your personal data for the following three, separate purposes:
In order to provide the same to NSL, and we in turn agree to use it solely on the basis set out below, and to keep personal your data securely.
In “aggregated form” as Aggregated Data, and in this respect you agree to DP processing your data for the purpose of aggregating it with other data.
Where DP needs to comply with a legal or regulatory obligation that it is subject to.
For DP’s “legitimate interests” limited to test calibration, knowing the identity of who has taken its test and the score achieved.
NSL will only use your personal data for the following four, separate purposes:
For the purposes related to the recruitment of staff positions at NSL, including without limitation for assessment, interview, reference, decisions relating to offers of employment, and contractual purposes.
In “aggregated form".
Where we need to comply with a legal or regulatory obligation that we are subject to.
Where it is in NSL’s “legitimate interests*” to do so.
Each of NSL and DP may collect, process, use, store and transfer your personal data in connection with the above, and may disclose your personal data to other third parties (for example, but without limitation, IT service providers, professional advisors, HMRC, Home Office) where this is required for business administration or operational purposes or in law. All such third parties are required to respect the security of your personal data and to treat it in accordance with the law, and neither DP nor NSL give permission for their use of your personal data for their own purposes.
*Legitimate interests are the interests of a business in conducting and managing its business. NSL makes sure we consider and balance any potential impact on you (both positive and negative) and your rights of any use of your personal data, and will not use your personal data for activities where a legitimate interest is overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
NSL has put in place appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we will consider the amount, nature, and sensitivity of the personal data we hold, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which the personal data was collected and whether those purposes can be achieved through other means, and the applicable legal requirements.
In general, if your application for a position at NSL is unsuccessful, we will not retain your personal data for longer than 6 months, save where required in law. Other than as aggregated data, as required for its “legitimate interests” as set out in the above section, or where required in law, we have required DP to delete all your data within 6 months of it being collected.
YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data, such as the right to:-
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data held about you and to check that it is being lawfully processed.
Request correction of personal data. This enables you to have any incomplete or inaccurate data corrected, though it may be necessary to verify the accuracy of the new data you provide.
Request erasure of your personal data. This enables you to ask for the deletion or removal of personal data where there is no good reason for it to be held, where you have successfully exercised your right to object to processing (see below), where your information has been processed unlawfully or where that right exists under applicable law. Note, however, that it may not always be possible to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where NSL is relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where your personal data is being processed for direct marketing purposes. In some cases, it may be that there are compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask for the suspension of the processing of your personal data in the following scenarios: (a) if you want to establish the data’s accuracy; (b) where use of the data is unlawful but you do not want it to be erased; (c) where you need the data to be retained even if we no longer require it as you need it to establish, exercise or defend legal claims. NSL or DP may also suspend processing if you have objected to the use of your data but it is necessary to verify whether there is an overriding legitimate interest allowing its’ use.
Request the transfer of your personal data to you or to a third party. In which case that data will be provided in a structured, commonly used, machine-readable format. Note that this right only applies to automated information in respect of which you initially provided consent for use or where information was used to perform a contract with you.
To complain to the Information Commisioner’s Office (ICO), whose website is at www.ico.org.uk.
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, a reasonable fee may be charged if your request is clearly unfounded, repetitive or excessive, and in these circumstances your request may also be refused.
What We May Need From You
You may be required to confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. You may also be asked to provide further information in relation to your request to speed up any response.
Time Limit To Respond
We try to respond to all legitimate requests within one month. Occasionally it may take longer than a month if your request is particularly complex or you have made a number of requests. In this case, you will be notified and kept updated.