


1. Who this Data Protection Statement Applies to
This Data Protection Statement applies to Other Data Subjects.
This Data Protection Statement describes how we process personal data of “Other Contacts”. For the purposes of this Data Protection Statement, an “Other Contact” includes anyone who is not a Candidate, Employee, Independent Contractor or a Client.
Other Contacts will include for example, suppliers, subcontractors, agencies, partners, referees, details of next of kin/emergency contacts, website users, visitors who registering on our websites.
2. Sources of Other Contacts Data
We source Other Contacts personal data as part of our services. We will only ever source personal data that is necessary and in a way that would be generally expected.
We receive personal data about Other Contacts from a variety of sources, as follows:
- directly from the Other Contacts or created by us as part of the relationship.
- through access to and use of our website.
- from Candidates, Employees and Independent Contractors in the case of next of kin/emergency contact details and referees.
3. Lawfulness of Processing
This section describes the lawful basis we may use to process personal data in accordance with the requirements of the GDPR.
We process all personal data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds available for processing personal data. When we process personal data, any one of the following legal grounds will generally apply:
CONTRACT
We will process personal data where necessary to perform our obligations relating to, or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.
LEGITIMATE INTEREST
At times, we will need to process your personal data to pursue our legitimate interests—for example, for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.
We will not process your personal data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.
You may object to any processing we undertake on this basis. If you do not want us to process your personal data on the basis of our legitimate interests, contact us at privacy@rgp.com and we will review our processing activities.
DEFENCE OF LEGAL CLAIMS
In limited circumstances, and in accordance with the law, we may use personal data in the defence of legal claims or enforcing legal rights, such as IP rights.
LEGAL OBLIGATION
If we have a legal obligation to process personal data, we will process personal data on this legal ground.
4. Categories of Client Personal Data
We only collect the personal data that we require in order to ensure we can have a productive business relationship with Other Contacts.
The table below sets out the general categories of personal data that we collect:
Personal Data Category | Description |
---|---|
Communications Data | may include personal data included in communications with us over email, phone, letter and electronic communications (social platforms and chats). |
Contact Data | may include a person’s name, email address, phone number, postal address, other communication details, including social media links (e.g. Zoom, LinkedIn). |
Marketing Data | may include your Contact Data and any preferences in receiving marketing from us and your communication preferences. |
Position Data | may include Client role, job title, reporting line etc. |
Web Data | may include information provided on any forms completed by a Client on our website and, to the extent that it includes personal data, information on the type of device being used, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. |
5. Our Processing Activities—Other Contacts
We want to ensure that the personal data is used for the purposes that you would expect.
The table below sets out the personal data we collect, the purpose for which we collect it and our lawful basis for doing so.
Swipe left or right on the table to view additional table content.
Purpose/Activity | ||
---|---|---|
Managing Payments and Our Relationship with the Client and Administration of the Contract | Personal Data Category | Lawful Basis for Processing |
|
|
|
Website Delivery | Personal Data Category | Lawful Basis for Processing |
|
|
|
Marketing Activities | Personal Data Category | Lawful Basis for Processing |
|
|
|
6. Retention of Other Contacts Personal Data
We endeavour to only retain personal data for only as long as it is needed for the relevant purposes.
In some circumstances, it is not possible for us to specify in advance the period for which we will retain your personal data. In such cases, we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain personal data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.
Our retention policy for Other Contacts personal data is as follows:
Use of Next of Kin/Emergency Contacts
For the duration of which the Candidate, Employee or Independent Contractor remains active with us or update their details
Use of Referee Contacts
For the duration of the application process of the Candidate, Employee or Independent Contractor
Website Delivery
Please see Cookie Notice for further information
Management of Corporate Affairs
Data is retained in line with our statutory obligations
7. Disclosure
We may need to share your personal data in order to deliver our services. We will always ensure that any disclosure of personal data is undertaken in compliance with Data Protection Law and ensure that appropriate technical and organisational measures are undertaken to protect and secure any personal data that is transferred.
Other Contacts Personal Data is shared in certain circumstances as follows:
- between the companies identified in this Data Protection Statement and in particular in our Group Information Statement for the purposes of administration, marketing and provision of our services.
- to business partners and third party service providers for the purposes of servicing our company and administration of our business, including email, chat, ticketing, Customer Relationship Management, Applicant Tracking System, payment processors, data aggregators, hosting service providers, external consultants, accountants, auditors, IT consultants and lawyers.
- if a company in the group or substantially all of its assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets.
- if we are under a duty to disclose or share personal data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have.
- to official authorities to protect our rights, property, or safety, or those of other persons (including you)
- to payment service partners for the processing of payments to and from our business.
- to protect our rights, property, or safety, or that of our customers or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection.
- to analytics and search engine providers that assist us in the improvement and optimisation of our Website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google.
- to insurance brokers and providers where required for administering claims.
- to our email distribution partner and service providers in the case of marketing and newsletters.
- for the purposes of communications between Clients and Candidates.
- to Clients in the case of certain information relevant to Candidates, Employees and Independent Contractors such as referees, next of kin/emergency contacts.
8. Transfer of Personal Data
In some circumstances, we may need to transfer personal data outside of the country where it was originally collected. We will always undertake such transfers in accordance with data protection laws.
We may transfer Personal Data outside of your home country; however, we will always ensure that this is done in compliance with the relevant laws of your country.
We will normally use and share personal data outside of your country for the following reasons:
- to carry out corporate oversight of our global business organisation.
- to provide shared services in certain functions such as HR, Finance, Marketing, Legal, Privacy and IT.
- to deploy certain tools and resources across the global organisation.
- to facilitate interactions between our employees across our global locations.
- to work with our group companies to identify Candidates/Clients.
RGP complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RGP has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. RGP has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
RGP’s accountability for personal data that it receives in the United States under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, RGP remains responsible and liable under the DPF Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the DPF Principles, unless RGP proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, RGP commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
We inform all data subjects that our organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
RGP has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
9. Security Measures
We monitor for and do everything that we can to protect personal data and prevent security breaches.
We will take all steps reasonably necessary to ensure that all personal data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the personal data we process.
We monitor for and do everything we can to prevent security breaches of the personal data that we process. Once we have received your personal data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your personal data can access it.
We also use secure connections to protect personal data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.
If you think that there has been any loss or unauthorised access to personal data of any individual, please let us know immediately.
10. Use of Third Party Website
It is important to be careful when visiting third party websites and when providing personal data to third parties. We have no control over third party websites that you may access.
Websites that you access via a link on our website or otherwise, are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect personal data from you, which will be used by them in accordance with their own statements, which may differ from ours. Please check the statements on those websites before you submit any personal data to them.
11. Cookies
Cookies are small files containing a string of characters to identify your browser. When an individual visits RGP’s website, we do not deploy the use of Cookies or Web Beacons, or any other indirect electronic means to collect your Personal Information. However, should you or any individual decide to register on the website and download RGP information or publications, at that time we will use Cookies to provide a better user experience for those users who may return to our website. You may, however, reset your browser to refuse Cookies or to warn you when they are being sent. Please note that by turning the setting off on your Cookies, you will not have access to all the features available on RGP’s website.
12. Amendments to this Data Protection Statement
We will update the date on this Data Protection Statement when we make changes to it.
We will post any changes to this Data Protection Statement on the Website and when doing so will change the effective date at the top of this Data Protection Statement.
In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.
13. Queries
Please contact us if you have any questions or concerns about how your personal data is being used by us.
RGP Data Protection Team is available as your central point of contact for all queries at:
Data Protection Office Email: privacy@rgp.com
14. Your Data Protection Rights
Please see our Data Protection Rights Statement for further information about your rights.
15. Supervisory Authority Contact Details
If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached.
Please see our Data Protection Rights Statement “Queries and Supervisory Authority Contact Details” for further information about relevant Data Protection Authority contact details.