It applies to any EU citizen’s personal data
● when we are collecting, using, holding, and processing personal data of individuals who are in the European Union regardless of location
“We” are Wilson Human Capital Group, Inc. d/b/a WilsonHCG, and its participating subsidiaries (which we will refer to as “WilsonHCG” or “us”). You can find a list of our participating subsidiaries and read more about us below
We provide recruitment processing outsourcing services, consulting, reporting, talent mapping, employment branding, analysis, fixed term contract services, executive search, perm search, and other recruitment related services. Our company and our subsidiaries are: United States Wilson Human Capital Group, Inc. Wilson Worldwide, LLC dba WilsonCTS
Canada Wilson Contingent Talent Solutions, Inc. WilsonHCG Canada Inc.
EMEA WilsonHCG-EMEA Limited WilsonHCG Poland Sp.zo.o WilsonHCG Ireland Limited WilsonHCG Hong Kong Limited
Your information is ultimately controlled by Wilson Human Capital Group, Inc., a company registered in Delaware, USA with registered number 5370276 whose registered office is at: 2711 Centerville Road, Suite 400, Wilmington, Delaware 19808. Our corporate office is located at: 400 North Ashley Dr., Suite 3000, Tampa, Florida 33602.
The person responsible for our data protection is Mr Gary Cook. By Mail: Attn: Mr Gary Cook Wilson Human Capital Group, Inc. 400 N. Ashley Drive Suite 3000 Tampa, Florida 33602
By Email: email@example.com
Our services and websites are not for children (anyone under 13 years old) and so we won’t deliberately collect, use and hold (process) any child’s personal information. If you are under 13 years old, please do not send us your personal information (anything which could tell us who you are, such as your name, address or email address). If you would like to use the website or ask us a question, please ask your parent or legal guardian to do this for you.
(A) What personal data do we collect and use (process)? Personal data is any information that identifies, or could reasonably be used to identify you and some of that personal data may be special category data (more sensitive data). We collect your personal data both directly and indirectly. To find out more about the types of personal data we collect and use and how we collect it see below.
We collect personal data both
● Directly – when you contact us, choose to provide information to us (for example you complete and submit a website form), use our services or provide products and services to us, engage with us on social media or, as a candidate, submit your CV/resume, attend an industry event, interview or take part in any psychological or medical assessment
● Indirectly – we may collect information from publicly available information relating to your job title, education and employment such as registration with professional bodies, qualifications and commercially available sources, for example from social media sites such as LinkedIn, public job boards, trade organizations, trade events, advertisements, B2B contact database, or other public sources
Consent or other legal basis will always be obtained in order to process the information from any of these sources.
The personal data we collect and use includes:
● Contact details (particularly name, company/employer name, address, telephone number and email address)
● Demographic data
● Occupational data
● Candidate recruitment data for job opportunities including role, skill set, education, experience, work history and any other data required in the recruitment process
● Identification information (including job title, place of employment, experience and or skill set)
● Personal information obtained through submission of a job application on our site, CV, resume or transcripts, and any supporting documentation attached to your resume such as copies of certificates and diplomas
● Information obtained while conducting a phone interview, video interview, in-person interview, or interview through one of our third party interview and recruitment service providers
● Reference check information, such as a verification of your educational and professional background, and other relevant information subject to WilsonHCG policies and applicable laws
● Billing information for payment for suppliers (particularly bank account numbers and information and tax information for payments, deposits or other pre-approved financial transactions)
Where appropriate and lawful, some of the personal data requested may be special category data, for example, which is personal data about an individual’s race; ethnic origin; politics; religion; trade union membership; health; sex life; sexual orientation; genetics and biometrics (where it is used for ID purposes). Should special category data be requested, expressed written consent shall be required and obtained prior to processing.
(B) What happens if you don’t want to give us your personal data? If you do not supply us with personal data, then in some circumstances we may be unable to offer our complete services to you. For example, if you are a candidate and do not want to give us any of your contact details then we will be unable to contact you to discuss your requirements.
We collect and use personal information in a variety of ways. To find out more see below.
Our use of personal data may include
● Share within our internal teams and with our clients for recruitment purposes
● Communicate with you, including to let you know about important changes and or notifying you of content published by WilsonHCG which is likely to be relevant and useful to you
● Assess your ability and suitability for the employment position/s you are interested in if you are a candidate
● Provide our services to you as and when you ask us and to fulfil our contractual obligations to you (for example, supplying candidate data to prospective employers)
● Fulfil our contractual obligations to suppliers ● Ask third parties to provide services to us including professional advisors, IT (including cloud providers), marketing, recruiting and interviewing software or services, and outsourced services to help run our business properly and efficiently
● Market to you on industry specific content, provided that you consent to this
● Comply with regulations and legislation
● Resolve complaints and issues and establish and defend our legal rights or manage insurance claims in which you are involved
● Manage our business properly and efficiently
We will only process (collect, use or store) your personal data when we have a lawful basis for doing so and there are several lawful basis which we rely on. To find out more see below.
Consent - Most data is provided with your express consent which you give us when you provide the data to us. You can withdraw your consent at any time by emailing firstname.lastname@example.org. If consent is the only basis for lawfully processing your data then once you have withdrawn your consent, we will no longer process it.
Contractual obligations - Some processing is necessary to fulfil a contract that we have with you. For example when we provide our recruitment services to candidates we agree to send a CV/resume to prospective employers.
Legitimate Interest - Sometimes we will process your data when
● It is in our legitimate interests to do this
● These interests are not overridden by your data protection rights
Our legitimate interests include:
● Supplying services to our clients and candidates
● Making sure that are services are secure and operate effectively
● Fulfilling our obligations, including to employees, clients, candidates and shareholders
● Protecting our employees, clients and candidates
● Protecting and promoting our business
● Improving our services and our business
Legal obligation - Sometimes we will process your data when we must comply with our legal and regulatory responsibilities such as preventing, investigating and detecting crime, including helping law enforcement agencies.
HOW LONG DO WE KEEP PERSONAL DATA FOR? Unless you specifically ask us not to, we will only keep your personal data for as long as it is
● Necessary for the purposes for which the personal data are processed
● To enable us to comply with our legal obligations, for example for tax purposes
Please refer to our data retention policy and timelines, which are dependent on the nature of our relationship with you. you can request the policy for your region at email@example.com.
Data Subject How long personal information/data is kept
Potential Clients We will retain personal information for the length of time you have consented to, i.e. 2 years from the date of the last time contact with us. Clients We will retain personal information for 7 years from the date that you ceased to be a client or based upon the legal requirements of your region as specified in the retention policy, whichever is longer. Potential Candidates who are not placed in employment using our services
We will retain personal information for 2 years from the date of the last consent or based upon consented duration if otherwise.
Candidates placed in employment using our services
We will retain personal information for 7 years from the date that you ceased to be an employee or the legal requirements of your region as specified in the retention policy, whichever is longer.
Potential Suppliers We will retain personal information for 6 months from the date of the
last contact or as provided in the consent form if otherwise. Suppliers We will retain personal information for 7 years from the date that you ceased to be a supplier or based upon the legal requirements of your region as specified in the retention policy, whichever is longer.
You have the following rights:
● Access to your personal data
● Rectify your personal data
● Erasure of your personal data
● Restriction of processing of your personal data
● Data Portability
● Object to processing your personal data
To find out more about any particular right, please click on that that right in the list above.
We will deal with your request as soon as we are able and usually within one month of receiving it. If there is going to be a delay (which could be up to 3 months) in dealing with your request or there is a reason why we can’t comply with your request we will let you know and explain why within one month of receiving your request.
You also have the right to lodge any data protection complaints with the Information Commissioner's Office (ICO) who is the UK’s supervisory authority – see the Complaints and Dispute Resolution section below.
(A) Your Right to Access Your Personal Data You have the right to see the personal information we hold about you – this is sometimes referred to as a Data Subject Access Request.
You can request a copy of any other personal information that we hold by emailing us at firstname.lastname@example.org. In some circumstances, we will try to help you with this over the telephone but we will need to confirm your identity.
If you ask to see your personal data we will:
● Confirm whether we hold your personal data and how long the data will be kept for (or how we will decide how long to keep it)
● If you did not give us your personal data, we will tell you where we got it from (the source)
● Describe the information we hold and tell you why we are holding it
● Tell you who it could be shared with
● Provide you with a copy of that information
Unless the request is considered to be excessive because you have made repetitive requests, there is no charge for this information. If we intend to charge we will let you know what the cost will be before we comply with your request.
(B) Your Right to Rectification If we do hold personal information about you, you can ask us to correct or amend any inaccurate or incomplete information by emailing us at email@example.com. Alternatively, you can write to us by mail see Contact Us About Personal Data and Data Protection.
Once you have told us about the changes then within one month of you asking us to do so we will either make the changes or explain why we are unable to. If there is going to be a delay we will let you know and explain why.
Where your personal data has been disclosed to any third parties, we will tell
● You who those third parties are, where appropriate
● The third parties about the rectification, where possible
(C) Your Right To Erasure – to be Forgotten In certain circumstances, you have a right to erasure (to remove your personal data from our database and the database of third parties) by emailing us at firstname.lastname@example.org. Alternatively, you can write to us by mail see Contact Us About Personal Data and Data Protection. Find out more about the process below.
Notwithstanding any overriding exceptions, the right to erasure applies where:
● Your personal data is no longer necessary for the purposes it was originally collected or processed
● The lawful basis of processing your data is consent and you withdraw your consent
● You object to the processing and there are no reasons (overriding legitimate grounds) for continuing processing
● Your personal data has been unlawfully processed
● Your personal data has to be erased to comply with a legal obligation
Where your personal data has been disclosed to any third parties, we will tell
● You who those third parties are, where appropriate and
● The third parties about the exercise of your right, where possible
(D) Your Right to Restrict Processing In certain circumstances, you can ask us to restrict (suppress) or “block” processing of your personal data by emailing us at email@example.com. Alternatively, you can write to us by mail see Contact Us About Personal Data and Data Protection. Find out more about the process below.
You can ask us to restrict processing in the following circumstances:
● Where you do not think that your personal data is accurate and you want processing restricted whilst we check its accuracy
● You believe that processing is unlawful but you do not want to exercise your right to erasure and want us to restrict processing instead
● We no longer need to process your personal data but you need it in connection with a legal claim
● We are processing personal data on the basis of a legitimate interest and you want processing restricted whilst we check that we can do so (i.e. whether our legitimate grounds override yours)
It means that we can:
● Still store the data and retain sufficient (just enough) information about you as an individual to ensure that the restriction is respected in future
● Not further process it.
If we decide to lift a restriction on processing, then we will let you know.
Where your personal data has been disclosed to any third parties, we will tell
● The third parties about the restriction, unless it involves disproportionate effort or is impossible and
● You who those third parties are, if you ask us to
(E) Your Right to Data Portability In certain circumstances, if we process your personal data by automated means you can ask us for that data, so that you can reuse your personal data for your own purposes across different services, by emailing us at firstname.lastname@example.org. Alternatively, you can write to us by mail see Contact Us About Personal Data and Data Protection. Find out more about the process below.
This right is so you can obtain and move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, but the right only applies:
● To personal data which you provided to us
● Where the processing is based on your consent or for the performance of a contract
● When processing is carried out by automated means
If this right applies to you we will provide your personal data
● Free of charge
● In a structured, commonly used and machine-readable form
● By transmitting data directly to another organisation, if this is technically feasible and if you ask us to
Once you have contacted us about this right then within one month of you asking us to do so we will either provide you with the data or explain why we can’t. If there is going to be a delay we will let you know and explain why and let you know who you can complain to, should you wish to.
(F) Your Right to Object to us Processing Your Personal Data You have a right to object to certain types of processing of your personal data where it is:
● Based on legitimate interests
● For direct marketing
● For scientific/historical research and statistics.
You can object by emailing us at email@example.com. Alternatively, you can write to us by mail see Contact Us About Personal Data and Data Protection.
Unless certain exemptions apply (such as there are compelling legitimate grounds or the processing relates to a legal claim and we tell you about this) we will stop processing your personal data.
When you provide personal data to an individual at WilsonHCG (for example a recruiter) you are providing that information to our whole organisation. In addition, we share your personal data with various third parties depending upon your relationship to our company.
Where necessary, your personal data may be shared with various third parties including:
● Our third-party agents who provide services to us i.e. independent contractors – you can obtain any third party agents we shared your personal data with by request a copy of any agents we share your data with at firstname.lastname@example.org
● Service providers who perform functions on our behalf i.e. payroll, benefits, insurance, and other administrative services - you can obtain the suppliers we share your data with by request at email@example.com
● Vendors, consultants, and other third party service providers to assist us in providing services on our behalf, including to support us in areas such as recruiting and reviewing responses to job advertisements, managing résumé/C.V. data, interviewing, IT platform management or support services, infrastructure and application services, marketing, data analytics, skills and assessments training - you can obtain the vendors we share your data with by request at firstname.lastname@example.org
● Third-party data storage providers who process data on our behalf i.e. email and storage provider, applicant tracking system - you can obtain the third party data storage providers we share your data with by request at email@example.com
● Potential and active clients we provide recruitment services for, and to match the professional profile we have stored of our candidates in our database to any positions we have been asked to fulfill by any of our clients, and including any related administrative use such as invoicing - you can obtain the clients we share your data with by request at firstname.lastname@example.org
● Public authorities who make a lawful request, including to meet national security or law enforcement requirements
If you wish to obtain further information please contact Mr Gary Cook.
By Mail: Attn: Mr Gary Cook Wilson Human Capital Group, Inc. 400 N. Ashley Drive Suite 3000 Tampa, Florida 33602
By Email: email@example.com
We have written agreements with those third parties to ensure that they
● provide the same level of protection that the law requires, including where applicable as the Privacy Shield requires - see our Security section and
● transfer the minimum data necessary and anonymise data wherever reasonably possible
● limit their use of the data to the specified services they provide on our behalf
● process data on our behalf in accordance with our joint legal obligations
We do transfer some data outside the EU since your information is ultimately controlled by Wilson Human Capital Group, Inc., a company registered and based in the USA, but we have procedural and technical safeguards to protect the privacy of your data and to comply with the law. For more information, see below.
We have implemented technology, security policies and measures to protect the personal information that we have under our control from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss. To find out more, see below.
● Storing personal data in our internal systems (such as client relationship management (CRM) and talent acquisition software (TAS) applications) on secure servers that are not accessible by third parties
● Adhering to the Privacy Shield Principles where personal data is transferred from the European Union to the United States – see our Transferring Personal Data Outside the EU section
● Providing internal policies, procedures and training about data protection to our employees
● Restricting access and requiring that all our employees and others who have access to or are associated with processing of your personal information to sign company confidentiality agreements. Failure to meet these obligations is dealt with under our disciplinary procedure and may result in termination of employment
● Encrypting many of our services using Secure Sockets Layer (SSL)
● Regular reviews of the way we process data in line with our data protection policies
We also collect information which does not identify you (non-personal information). This includes the type of internet browser you use or the website from which you linked to our website.
We may also aggregate information which you have submitted to us (for example, your age and the town where you live) which is anonymous - you cannot be identified from this information. We share this aggregate information with third parties (for example to provide salary averages) to help us provide an effective service on our website.
Our website uses the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. Find more information below.
In compliance with the Privacy Shield Principles, WilsonHCG commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at:
If you have a complaint please contact Mr Gary Cook:
By Mail: Mr Gary Cook Wilson Human Capital Group, Inc. 400 N. Ashley Drive Suite 3000 Tampa, Florida 33602
By Email: firstname.lastname@example.org
WilsonHCG has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS for more information or to file a complaint at:
By visiting the website: https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim
By Mail: JAMS 620 Eighth Ave. 34th Floor New York, NY 10018
The services of JAMS are provided at no cost to you.
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Contacting the Information Commissioner's Office You also have the right to lodge any data protection complaints with the Information Commissioner's Office (ICO) who is the UK’s supervisory authority. Visit www.ico.org.uk for more information including how to access their helpline. If you are a resident in another EEA country, you can contact the supervisory body appointed in that country. A list of the relevant supervisory bodies, can be found here:
National Data Protection Authorities (as at the 7 March 2018)
Commission de la protection de la vie privée Commissie voor de bescherming van de persoonlijke levenssfeer
Commission for Personal Data Protection
Croatian Personal Data Protection Agency
Commissioner for Personal Data Protection
The Office for Personal Data Protection
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Office of the Data Protection Ombudsman
Commission Nationale de l'Informatique et des Libertés - CNIL
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
For complaints authorities see also
Hellenic Data Protection Authority
National Authority for Data Protection and Freedom of Information
Data Protection Commissioner
Garante per la protezione dei dati personali
Data State Inspectorate
State Data Protection
Commission Nationale pour la Protection des Données
Office of the Data Protection Commissioner
The Bureau of the Inspector General for the Protection of Personal Data
Comissão Nacional de Protecção de Dados - CNPD
The National Supervisory Authority for Personal Data Processing
Office for Personal Data Protection of the Slovak Republic
Spain Agencia de Protección de Datos Website: https://www.agpd.es/
Sweden Datainspektionen Website: http://www.datainspektionen.se/
United Kingdom The Information Commissioner’s Office Website: https://ico.org.uk
EUROPEAN FREE TRADE AREA (EFTA)
Icelandic Data Protection Agency
Data Protection Office
Data Protection and Information Commissioner of Switzerland