1. INTERPRETATION

1.1 For the purpose of this document:

(a) “Company” shall mean Intent HQ Limited, incorporated and registered in England and Wales with company number 7220983) (also referred to as “we”, “us”, “our” and “ours”);

(b) “Candidates” shall mean anyone who applies for employment or other engagement with the Company;

(c) “Personal data” means any information which relates to an individual and from which that person can be identified (“data subject”) on its own or when taken together with
other information which is likely to come into the Company’s possession. It includes any expression of opinion about the person and an indication of the intentions of the Company or others in respect of that person. It does not include data where, for example, the identity has been removed (anonymised data), or data from which an individual cannot be identified, or data which includes a reference to an individual but is not actually ‘about’ that individual; and

(d) “Processing” means doing anything with the data, such as collecting, organising, accessing, holding, storing, disclosing, adapting, destroying, erasing or using the data in
any way. This includes processing personal data which forms part of a filing system and any automated processing.

2. ABOUT THIS DOCUMENT

2.1 The Company takes the privacy and security of the personal information of Candidates seriously. This Privacy Notice describes how we collect, hold and use personal information or “personal data” about you and explains your rights as a “data subject”.

2.2 The Company intends to comply with its legal obligations under the General Data Protection Regulation (“GDPR”) and the United Kingdom (“UK”) Data Protection Act 2018 together with any other replacement law applicable to the protection of personal data in effect from time to time (“Data Protection Legislation”).

2.3 The Company will be what is known as the “data controller” of the personal data that you, as a Candidate, provide to us. This means that we are responsible for deciding how we hold and use that personal data. We are required under Data Protection Legislation to notify you of the information contained in this Privacy Notice. If you accept employment with or are otherwise engaged by the Company we will, of course, collect more information about you and make other uses of your information – this will be explained to you as part of the on-boarding process.

2.4 Information may be shared with third parties as set out in paragraph 9.

3. DATA PROTECTION PRINCIPLES

3.1 We will comply with the data protection principles in the GDPR, which say that personal data must be:

(a) Used lawfully, fairly and in a transparent way;

(b) Collected and processed only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those stated purposes;

(c) Adequate and relevant to the purposes we have told you about and limited only to those purposes for which it is processed;

(d) Accurate and kept up to date;

(e) Kept only as long as necessary for the purposes we have told you about; and

(f) Kept securely.

4. HOW IS YOUR PERSONAL DATA COLLECTED?

We collect information about Candidates in the course of the recruitment process. Some of this information is collected directly from you (for example, in the forms that you are asked to complete, or in interviews or through the completion of tests). Other information may be provided to us by third parties (for example, recruitment agencies, referees and educational institutions) including third-party service providers or publically available sources for anti-money laundering, background checking and similar purposes, and to protect our business and comply with our legal, regulatory and security obligations.

5. WHAT TYPES OF PERSONAL DATA DO WE HOLD ABOUT YOU?

5.1 We may collect, store and use the following categories of personal data about Candidates (subject to limitations under applicable law):

(a) Basic information about yourself, such as name, title, contact details (including address, telephone and personal email address), date of birth and gender, and information
provided to verify your identity;

(b) Information regarding your employment and educational history, any role or roles for which you are applying or being considered for and your relevant personal interests, attributes and career aspirations and plans;

(c) Other information about yourself that you provide in a CV or similar document and covering letter;

(d) Responses from online assessments you complete during the application process; and

(e) In the event that you attend an interview, CCTV/security camera footage and other
information obtained through electronic means such as access card records/logs;

5.2 We may also collect, store and use the following ‘special categories’ of personal data about Candidates (subject to limitations under applicable law):

(a) Information about racial or ethnic origin, age, gender, religious or other philosophical
beliefs, sexual orientation and disability, which we collect for equality of opportunity
monitoring purposes, only where it is legally permissible to do so;

(b) Information about health, including any medical condition and your disability status to
consider whether we need to provide appropriate adjustments during the recruitment
process;

6. WHY DO WE NEED YOUR PERSONAL DATA?

Generally, you should assume that, if we ask you for information, we need it for our recruitment purposes. In some cases we may not be able to consider your application if you cannot provide the information that we request. There may be occasions where we need information to comply with a legal obligation, or conversely where provision of information is entirely optional and would not affect your application – we will let you know if this is the case.

7. HOW DO WE USE YOUR INFORMATION?

7.1 We use Candidate information in accordance with applicable law to manage the recruitment process (including to communicate with you about the recruitment process) and assess you for employment or other engagement, to monitor and improve our recruitment processes and for related purposes, including, where applicable, equality of opportunity monitoring, compliance with law and regulation and purposes relating to legal claims made by or against us.

What happens if my application is unsuccessful?

7.2 If you are unsuccessful in your application we may also retain your Candidate information and use it to assess your suitability for future positions and roles within the organisation for a period of one year, with your consent where required by applicable law (see paragraph 11 for further details).

Will you ask me for my consent?

7.3 We are entitled to use, disclose and otherwise process Candidates (and former Candidates’) information as described in this Privacy Notice because we need to do so for the purposes set out in paragraph 7. We do not rely on Candidates’ consent to collect, use or otherwise process their personal information other than in exceptional circumstances where our process is genuinely optional – in those circumstances we will ask for your consent on a case-by-case basis.

What if I fail to provide personal information?

7.4 If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application successfully.

Will you change the reason you collect, use or retain personal data?

7.5 We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

7.6 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

8. AUTOMATED DECISION MAKING

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

9. DATA SHARING

9.1 Subject to applicable law, the Company may disclose Candidate information, where reasonably necessary for the various purposes set out in paragraph 7.1 to:

(a) Recruitment agencies working with us in relation to your potential recruitment;

(b) Other service provides processing Candidate information on our behalf in the course of supporting our business and operations;

(c) To a person who takes over our business and assets, or relevant parts of them;

(d) Third parties to whom the Company is required to disclose information by law or
regulatory requirement (including litigation counterparties); and

(e) Competent regulatory and prosecuting authorities.

9.2 If you give us names of potential referees, we may disclose the fact that you are applying to work with us to them when we ask them for references.

How secure is my data with third-party service providers?

9.3 All our third-party service providers are required to take appropriate security measures to protect your personal data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Transferring data outside the European Economic Area

9.4 The disclosures of Candidate personal data described in paragraphs 9.1 and 9.2 may involve international transfers, including transfers to countries outside the European Economic Area that do not have data protection laws as strict as those in the UK (such as the United States of America (“US”)). In these cases, where we transfer Candidate personal data to third-party service providers acting on our behalf, we do so in compliance with applicable law and will ensure a similar degree of protection is afforded to the data by ensuring that at least one of the following safeguards is implemented:

(a) We will only transfer your personal data to countries that have been deemed to provide
an adequate level of protection for personal data by the European Commission.

(b) Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

(c) Where the third parties are based in the US, we may either use the above contracts
approved by the European Commission or we may transfer data to them if they are part
of the EU–U.S. Privacy Shield which requires them to provide similar protection to
personal data shared between the Europe and the US.

9.5 Please contact the Data Protection Officer if you want further information in the specific mechanism to be used by us if we are to transfer your personal data outside of the EEA.

10. DATA SECURITY

10.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They should only process your personal data on our instructions and they are subject to a duty of confidentiality.

10.2 Should a breach of personal data occur (whether in respect of your or someone else) then we must take notes and keep evidence of that breach. If the breach is likely to result in a risk to the rights and freedoms of individuals then we must also notify the Information Commissioner’s Office within 72 hours.

11. DATA RETENTION

How long will you retain my personal data for?

11.1 We will generally retain information about you throughout the recruitment process. Subject to applicable law, some information will be retained after the process ends, either because you are employed or otherwise engaged by us or, if your application is withdrawn or unsuccessful, because:

(a) we retain information in case you apply to work for us again (or a suitable position within the Company becomes available); or

(b) a recruitment-related dispute arises between us.

11.2 Subject to applicable law, we will delete or anonymise or restrict/discontinue the processing or personal data when it is no longer needed after the recruitment process ends, in accordance with policies and in accordance with applicable law.

11.3 If we wish to retain your personal data on file for a period of one year, on the basis that a further opportunity may arise within that time and we may wish to consider you for that, we will write to you, seeking your explicit consent to retain your personal information for a fixed period on that basis.

11.4 As a general principle, we do not retain Candidate information (except in anonymised / statistical form) for longer than we need it, given the purposes for which it is held.

12. RIGHTS OF ACCESS, CORRECTION, ERASURE AND RESTRICTION

Your rights in connection with personal data

12.1 Under certain circumstances, by law you have the right to:

(a) Request access to your personal data (commonly known as a “data subject access
request”). This enables you to receive details of the personal data we hold about you
and to check that we are lawfully processing it.

(b) Request correction of the personal data that we hold about you. This enables you to
have any incomplete or inaccurate information we hold about you corrected.

(c) Request the erasure of your personal data. This enables you to ask us to delete or
remove personal information where there is no good reason for us continuing to process
it.

(d) You also have the right to ask us to stop processing personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your
particular situation which makes you want to object to processing on this ground.

(e) Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you, for example if you want
us to establish its accuracy or the reason for processing it.

(f) Request the transfer of your personal data to another party.

12.2 If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact the Data Protection Officer in writing.

13. RIGHT TO WITHDRAW CONSENT

In the limited circumstances where you may have provided your consent to the Processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

14. BREACHES OF DATA PROTECTION PRINCIPLES

14.1 If you consider that this Privacy Notice, including the data protection principles, has not been followed in respect of personal data about yourself or others you should raise the matter with the Data Protection Officer (details set out in paragraph 15 below).

14.2 You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.

15. CONTACT US

If you have a question or a complaint about this Privacy Notice or the way your personal data is processed, please contact the Data Protection Officer by one of the following means:

(a) By email: [email protected];

(b) By post: 3rd Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX; or

(c) By phone: 0207 6363 4400.

Last Updated 11th April 2022