II. IMPORTANT INFORMATION ABOUT OUR GLOBAL WEBSITES
III. WHO ARE WE?
We provide recruitment processing outsourcing services, consulting, reporting, talent mapping, employment branding, analysis, fixed term contract services, executive search, perm search, and other recruitment related services.
Our company and our subsidiaries are:
Wilson Human Capital Group, Inc.
Wilson Worldwide, LLC dba WilsonCTS
Wilson Contingent Talent Solutions, Inc. WilsonHCG Canada Inc.
WilsonHCG Poland Sp.zo.o
WilsonHCG Ireland Limited
WilsonHCG Talent S.R.L.
WilsonHCG Hong Kong Limited
IV. PERSONAL DATA YOU PROVIDE TO US OR WE COLLECT
A. METHODS OF COLLECTING PERSONAL DATA
1. Directly: when you contact us, choose to provide data to us (for example you complete and submit a website form), use our services or provide products and services to us, engage with us on social media or, as a candidate, submit your CV/resume, attend an industry event, interview or take part in any psychological or medical assessment. Consent or other legal basis will always be obtained in order to process the data from any of these sources.
2. Indirectly: we may collect Personal Data from publicly available data relating to your job title, education and employment such as registration with professional bodies, qualifications and commercially available sources, for example from social media sites such as LinkedIn, public job boards, trade organizations, trade events, advertisements, B2B contact database, or other public sources.
B. TYPES OF PERSONAL DATA COLLECTED
1. Contact Details: your name, employer name, address, telephone number and email address.
2. Occupational Data: your job title, place of employment, experience, and/or skill set.
3. Candidate Recruitment Data for Job Opportunities: your role, skill set, education, experience, work history and any other data required in the recruitment process.
4. Submitted Job Application Data: your CV, resume, transcripts, and any supporting documentation attached to your resume such as copies of certificates and diplomas.
5. Interview Related Data: obtained while conducting a phone interview, video interview, in-person interview, or interview through one of our third-party interview and recruitment service providers.
6. Reference Check Data: such as a verification of your educational and professional background, and other relevant data subject to WilsonHCG policies and applicable laws.
7. Billing & Payment Data: when we obtain your payment data we may collect bank account numbers, tax data, deposits and/or other pre-approved financial transactions.
8. Special Category Data: where appropriate and lawful, some of the Personal Data requested may be special category data, for example, which is Personal Data about an individual’s race; ethnic origin; politics; religion; trade union membership; health; sex life; sexual orientation; genetics and biometrics (where it is used for ID purposes). Should special category data be requested, expressed written consent shall be required and obtained prior to processing.
V. WHAT HAPPENS IF YOU DO NOT WANT TO GIVE US YOUR DATA?
If you do not supply us with Personal Data, then in some circumstances we may be unable to offer our complete services to you. For example, if you are a candidate and do not want to give us any of your contact details then we will be unable to contact you to discuss your requirements.
VI. HOW WE USE PERSONAL DATA
Our collection and/or use of Personal Data may include:
A. Sharing within our internal teams and with our clients for recruitment purposes;
B.Communicating with you, including to let you know about important changes and or notifying you of content published by WilsonHCG which is likely to be relevant and useful to you;
C. Assessing your ability and suitability for the employment position/s you are interested in if you are a candidate;
D. Providing our services to you as and when you ask us to fulfil our contractual obligations to you (for example, supplying candidate data to prospective employers);
E. Fulfilling our contractual obligations to suppliers;
F. Asking third parties to provide services to us including professional advisors, IT (including cloud providers), marketing, recruiting and interviewing software or services, and outsourced services to help run our business properly and efficiently;
G. Marketing to you on industry specific content, provided that you consent to this;
H. Complying with regulations and legislation;
I. Resolving complaints and issues and establish and defend our legal rights or manage insurance claims in which you are involved;
J. Managing our business properly and efficiently; and
K. Proving you with information you request or indicate you may be indicated in receiving.
VII. THE LEGAL BASIS OF PROCESSING YOUR PERSONAL DATA
We will only process (collect, use or store) your Personal Data when we have a lawful basis for doing so and there are several lawful bases which we rely on which include:
A .Consent: most data is provided with your express consent which you give us when you provide the data to us. You can withdraw your consent at any time by emailing firstname.lastname@example.org. If consent is the only basis for lawfully processing your data then once you have withdrawn your consent, we will no longer process it.
B. Contractual obligations: some processing is necessary to fulfil a contract that we have with you. For example, when we provide our recruitment services to candidates, we agree to send a CV/resume to prospective employers.
C. Legitimate Interest : sometimes we will process your data when:
1. It is in our legitimate interests to do this, and
2. These interests are not overridden by your data protection rights.
D. Our legitimate interests include:
1. Supplying services to our clients and candidates,
2. Making sure that services are secure and operate effectively,
3. Fulfilling our obligations, including to employees, clients, candidates and shareholders,
4. Protecting our employees, clients and candidates,
5. Protecting and promoting our business, and
6. Improving our services and our business.
E. Legal obligation: sometimes we will process your data when we must comply with our legal and regulatory responsibilities such as preventing, investigating and detecting crime, including helping law enforcement agencies.
VIII. YOUR PERSONAL DATA RIGHTS
A. YOU HAVE THE FOLLOWING RIGHT(S):
1. Access to your Personal Data,
2. Rectify your Personal Data,
3. Erasure of your Personal Data,
4. Restriction of processing of your Personal Data,
5. Data Portability, and
6. Object to processing your Personal Data.
We will handle your request usually within one month of receiving it. If there is going to be a delay (which could be up to 3 months) in dealing with your request or there is a reason why we can’t comply with your request, we will let you know and explain why within one month of receiving your request.
You also have the right to lodge any data protection complaints with the Data Commissioner's Office (ICO) who is the UK’s supervisory authority – see the Complaints and Dispute Resolution section below.
B. YOUR RIGHTS IN DETAIL
1. ACCESS TO YOUR PERSONAL DATA
You have the right to see the Personal Data we hold about you – this is referred to as a Data Subject Access Request.
You can request a copy of any Personal Data that we hold by emailing us at email@example.com or we can try to handle your request via telephone, but we will need to confirm your identity.
If you ask to see your Personal Data, we will:
a) Confirm whether we hold your Personal data and how long the data will be kept for (or how we will decide how long to keep it);
b) If you did not give us your Personal Data, we will tell you where we got it from (the source);
c) Describe the data we hold and tell you why we are holding it;
d) Tell you who it could be shared with; and
e) Provide you with a copy of that data.
Unless the request is considered to be excessive because you have made repetitive requests, there is no charge for this data. If we intend to charge, we will let you know what the cost will be before we comply with your request.
2. YOUR RIGHT TO RECTIFICATION
If we do hold Personal Data about you, you can ask us to correct or amend any inaccurate or incomplete data by emailing us at firstname.lastname@example.org OR you can write to us by mail (See Contact Us for address).
Once you have told us about the changes, within one month of your request, we will either make the changes or explain why we are unable to. If there is going to be a delay, we will let you know and explain why.
If your Personal Data has been disclosed to any third parties, we will notify:
a) You who those third parties are, where appropriate, and
b) The third parties about the rectification, where possible.
3. YOUR RIGHT TO ERASURE/TO BE FORGOTTEN
In certain circumstances, you have a right to erasure (to remove your Personal Data from our database and the database of third parties) by emailing us at email@example.com OR you can write to us by mail (See Contact Us for address).
Notwithstanding any overriding exceptions, the right to erasure applies where:
a) Your Personal Data is no longer necessary for the purposes it was originally collected or processed;
b) The lawful basis of processing your data is consent and you withdraw your consent;
c) You object to the processing and there are no reasons (overriding legitimate grounds) for continuing processing;
d) Your Personal Data has been unlawfully processed;
e) Your Personal Data has to be erased to comply with a legal obligation.
If your Personal Data has been disclosed to any third parties, we will notify:
a) You who those third parties are, where appropriate, and
b) The third parties about the exercise of your right, where possible.
4. YOUR RIGHT TO RESTRICT PROCESSING
In certain circumstances, you can ask us to restrict (suppress) or “block” processing of your Personal Data by emailing us at firstname.lastname@example.org OR you can write to us by mail (See Contact Us for address).
You can ask us to restrict processing in the following circumstances:
a) Where you do not think that your Personal Data is accurate, and you want processing restricted whilst we check its accuracy;
b) You believe that processing is unlawful, but you do not want to exercise your right to erasure and want us to restrict processing instead;
c) We no longer need to process your Personal Data, but you need it in connection with a legal claim;
d) We are processing Personal Data on the basis of a legitimate interest and you want processing restricted whilst we check that we can do so (i.e. whether our legitimate grounds override yours).
It means that we can:
a) Still store the data and retain sufficient (just enough) data about you as an individual to ensure that the restriction is respected in future.
b) Not further process it.
If we decide to lift a restriction on processing, then we will let you know. If your Personal Data has been disclosed to any third parties, we will notify:
a) The third parties about the restriction, unless it involves disproportionate effort or is impossible and,
b) You who those third parties are, if you ask us to.
5. YOUR RIGHT TO DATA PORTABILITY
This right is so you can obtain and move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way, but the right only applies:
a) To Personal Data which you provided to us;
b) Where the processing is based on your consent or for the performance of a contract; or
c) When processing is carried out by automated means.
If this applies to you, we will provide your Personal Data:
a) Free of charge;
b) In a structured, commonly used and machine-readable form; or
c) By transmitting data directly to another organization, if this is technically feasible and if you ask us to.
Once you have contacted us about this right then within one month of you asking us to do so we will either provide you with the data or explain why we can’t. If there is going to be a delay, we will let you know and explain why and let you know who you can complain to, should you wish to.
6. YOUR RIGHT TO OBJECT TO US PROCESSING YOUR PERSONAL DATA
You have a right to object to certain types of processing of your Personal Data where it is:
a) Based on legitimate interests,
b) For direct marketing,
c) For scientific/historical research and statistics.
Unless certain exemptions apply (such as there are compelling legitimate grounds, or the processing relates to a legal claim and we tell you about this) we will stop processing your Personal Data.
IX. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
When you provide Personal Data to an individual at WilsonHCG (for example a recruiter) you are providing that data to our whole organization. In addition, we share your Personal Data with various third parties depending upon your relationship to our company.
You can obtain more data on any providers or suppliers we share your Personal Data with by requesting a copy of any agents at email@example.com.
Where necessary, your Personal Data may be shared with various third parties including:
A. Our third-party agents who provide services to us i.e. independent contractors;
B. Service providers who perform functions on our behalf i.e. payroll, benefits, insurance, and other administrative services;
C. Vendors, consultants, and other third party service providers to assist us in providing services on our behalf, including to support us in areas such as recruiting and reviewing responses to job advertisements, managing résumé/C.V. data, interviewing, IT platform management or support services, infrastructure and application services, marketing, data analytics, skills and assessments training;
D. Third-party data storage providers who process data on our behalf i.e. email and storage provider, applicant tracking system;
E. Potential and active clients we provide recruitment services for, and to match the professional profile we have stored of our candidates in our database to any positions we have been asked to fulfill by any of our clients, and including any related administrative use such as invoicing;
F. Public authorities who make a lawful request, including to meet national security or law enforcement requirements;
If you wish to obtain further information, please contact our Data Privacy Officer;
G. We have written agreements with those third parties to ensure that they:
1. provide the same level of protection that the law requires, including where applicable as the Privacy Shield requires - see our Security section; and
2. transfer the minimum data necessary and anonymize data wherever reasonably possible;
3. limit their use of the data to the specified services they provide on our behalf;
4. process data on our behalf in accordance with our joint legal obligations;
H. When WilsonHCG transfers Personal Data to a third party that is acting as an agent, it ensures that the third party provides at least the same level of privacy protection as is required by the relevant principles of the Privacy Shield. In cases of onward transfers to third parties of data of EU and/or Swiss individuals received pursuant to the Privacy Shield, WilsonHCG is potentially liable, unless WilsonHCG proves that it is not responsible for the event giving rise to the damage. WilsonHCG may be required to disclose an individual(s) Personal Data in response to a lawful request by public authorities, including to meet a national security or law enforcement request.
X. TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN UNION (“EU”)
We do transfer some data outside the EU since your data is ultimately controlled by Wilson Human Capital Group, Inc., a company registered and based in the USA, but we have procedural and technical safeguards to protect the privacy of your data and to comply with the law. For more information, see below.
XI. SECURITY OF YOUR PERSONAL DATA
We have implemented technology, security policies and measures to protect the Personal Data that we have under our control from unauthorized access, improper use, alteration, unlawful or accidental destruction and accidental loss. To find out more, see below.
A. Storing Personal Data in our internal systems (such as client relationship management (CRM) and talent acquisition software (TAS) applications) on secure servers that are not accessible by third parties;
B. Adhering to the Privacy Shield Principles where Personal Data is transferred from the European Union to the United States – see our Transferring Personal Data Outside the EU section;
C. Providing internal policies, procedures and training about data protection to our employees;
D. Restricting access and requiring that all our employees and others who have access to or are associated with the processing of your personal data to sign company confidentiality agreements. Failure to meet these obligations is dealt with under our disciplinary procedure and may result in termination of employment;
E. Encrypting many of our services using Secure Sockets Layer (SSL);
F. Regular reviews of the way we process data in line with our data protection policies.
XII. EXTERNAL WEBSITE LINKS AND SOCIAL MEDIA
We recommend that you check the policy of each website you visit to better understand your rights and obligations, especially when you are submitting any type of content on those third-party websites. Please contact the owner or operator of such website if you have any questions/concerns.
XIII. COLLECTION OF NON-PERSONAL DATA
We also collect data which does not identify you (Non-Personal Data). This includes the type of internet browser you use or the website from which you linked to our website.
We may also aggregate data which you have submitted to us (for example, your age and the town where you live) which is anonymous - you cannot be identified from this data. We share this aggregate, de-identified data with third parties (for example to provide salary averages) to help us provide an effective service on our website.
XIV. THIS WEBSITE USES GOOGLE ADWORDS
Our website uses the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. Find more information below.
Using Google AdWords means that we can advertise to previous visitors who have begun but not completed an action on our site, for example using the contact form to make an enquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network.
A. WHAT IS A COOKIE?
Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any data stored on your computer or your files.
When a server uses a web browser to read cookies, they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.
Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which remain as your default settings when you revisit the website. Cookies also allow you to rate pages and fill in the comment forms.
Some of the cookies we use are session cookies and only lasts until you close your browser, others are persistent cookies which are stored on your computer for longer.
C. HOW ARE THIRD PARTY COOKIES USED?
D. HOW DO I REJECT AND DELETE COOKIES?
Please note that most browsers automatically accept cookies so if you do not wish cookies to be used you may need to actively delete or block the cookies.
E. THIRD PARTY ADVERTISING COOKIES OPT-OUT
XVI. DATA RETENTION
Unless you specifically ask us not to, we will only keep your Personal Data for as long as it is:
A. Necessary for the purposes for which the Personal Data are processed;
B. To enable us to comply with our legal obligations, for example for tax purposes
Please refer to our data retention policy and timelines, which are dependent on the nature of our relationship with you. you can request the policy for your region at firstname.lastname@example.org.
How long Personal Data is kept
We will retain Personal Data for the length of time you have consented to, i.e. 2 years from the date of the last contact with us.
We will retain Personal Data for 7 years from the date that you ceased to be a client or based upon the legal requirements of your region as specified in the retention policy, whichever is longer.
Potential Candidates who are not placed in employment using our services
We will retain Personal Data for 2 years from the date of the last consent or based upon consented duration if otherwise.
Candidates placed in employment using our services
We will retain Personal Data for 7 years from the date that you ceased to be an employee, or the legal requirements of your region as specified in the retention policy, whichever is longer.
We will retain Personal Data for 6 months from the date of the last contact or as provided in the consent form if otherwise.
We will retain Personal Data for 7 years from the date that you ceased to be a supplier or based upon the legal requirements of your region as specified in the retention policy, whichever is longer.
XVII. CHILDREN’S POLICY
We do not collect data from children under 13. If we learn we have collected Personal Data of a child under 13, or equivalent minimum age of jurisdiction outside the above circumstances, we will take the proper steps to remove this data.
If you believe, at any time, that we have collected data from a child under 13, or you are a parent or guardian needs to access, correct, or delete their child’s Personal Data, please reach out to email@example.com.
XVIII. CHANGES TO THIS POLICY
Your data is ultimately controlled by Wilson Human Capital Group, Inc., a company registered in Delaware, USA with registered number 5370276 whose registered office is at: 2711 Centerville Road, Suite 400, Wilmington, Delaware 19808.
XX. DATA PROTECTION OFFICER
The person responsible for our data protection is Mr Gary Cook.
By Mail: Attn: Mr Gary Cook
Wilson Human Capital Group, Inc.
400 N. Ashley Drive Suite 3000
Tampa, Florida 33602
By EMail: firstname.lastname@example.org
XXI. COMPLAINTS AND DISPUTE RESOLUTION
In compliance with the Privacy Shield Principles, WilsonHCG commits to resolve complaints about our collection or use of your Personal Data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at our Data Privacy Officer listed above.
WilsonHCG has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS for more information or to file a complaint by visiting the website:
By Mail: JAMS
620 Eighth Ave. 34th Floor
New York, NY 10018
The services of JAMS are provided at no cost to you.
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms:
Contacting the Information Commissioner's Office
You also have the right to lodge any data protection complaints with the Information Commissioner's Office (ICO) who is the UK’s supervisory authority. Visit www.ico.org.uk for more information including how to access their helpline.
If you are a resident in another EEA country, you can contact the supervisory body appointed in that country. A list of the relevant supervisory bodies, can be found here:
National Data Protection Authorities
(as of January 2020)
Commission de la protection de la vie privée Commissie voor de bescherming van de persoonlijke levenssfeer
Commission for Personal Data Protection
Croatian Personal Data Protection Agency
Commissioner for Personal Data Protection
The Office for Personal Data Protection
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Office of the Data Protection Ombudsman
Commission Nationale de l'Informatique et des Libertés - CNIL Website: http://www.cnil.fr/
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
For complaints authorities see also:
Hellenic Data Protection Authority
National Authority for Data Protection and Freedom of Information
Data Protection Commissioner
Garante per la protezione dei dati personali
Data State Inspectorate
State Data Protection
Commission Nationale pour la Protection des Données
Office of the Data Protection Commissioner
The Bureau of the Inspector General for the Protection of Personal Data
Comissão Nacional de Protecção de Dados
CNPD Website: http://www.cnpd.pt/
The National Supervisory Authority for Personal Data Processing
Office for Personal Data Protection of the Slovak Republic
Agencia de Protección de Datos
The Information Commissioner’s Office
EUROPEAN FREE TRADE AREA (EFTA)
Icelandic Data Protection Agency
Data Protection Office
Data Protection and Information Commissioner of Switzerland