This privacy notice explains how Options Consultancy Services Limited and, where applicable, any of its group companies (‘Options’) collects and processes data about applicants for consultancy roles and the data of those who are successful at application stage.
Options is a ‘data controller’. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
This notice does not form part of any contract to provide services. We may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practicable including by posting it on our website at www.options.co.uk.
Please read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.
Options will comply with data protection law. This says that the personal information we hold about you must be:
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation. Information about criminal convictions also warrants this higher level of protection. Options will collect, store and use the following categories of personal information about you:
We collect personal information about consultants through the application and engagement process, either directly from candidates, our own staff, social media sites or sometimes from third parties or background check providers. We may sometimes collect additional information from third parties including former third parties who have engaged you, credit reference agencies or other background check agencies such as the DBS and through the vetting database which we use, currently Dow Jones. We will collect additional personal information in the course of your activities as a consultant throughout the period of you are engaged by us.
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
We need all the categories of information in the list above primarily to allow us to assess your suitability for the engagement and, if appointed, perform our contract with you and to enable us to comply with legal obligations. In some cases, we may use your personal information to pursue legitimate interests provided your interests and fundamental rights do not override those interests. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
We may also use your personal information in the following situations, which are likely to be rare:
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Situations in which we will use your sensitive personal information “Special categories” of particularly sensitive personal information, such as information about your health, racial or ethnic origin, sexual orientation or trade union membership, require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place appropriate policy documents which we are required by law to maintain when processing such data. In general, we will not process particularly sensitive personal information about you unless it is necessary for performing or exercising obligations or rights in connection with employment. On rare occasions, there may be other reasons for processing, such as it is in the public interest to do so. The principal situations in which we will process your particularly sensitive personal information are listed below.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided that we do so in line with our data protection policy. This should be supplied to all applicants but if you have not receive it please email options-compliance@options.co.uk to request a copy.
We envisage that we will hold information about criminal convictions. We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the engagement process or we may be notified of such information directly by you in the course of you working for us.
Options does not use this type of decision making.
Your information will be shared internally, including with members of the HR and recruitment team, legal and compliance and managers in the business area in which you are engaged. We may also have to share your data with third parties, including our funders, third-party service providers and other entities in the group. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
We will share your personal information with third parties in the following circumstances:
“Third parties” includes third-party service providers (including contractors and designated agents) and other entities within our group. The following activities are carried out by third-party service providers:
Options will share your personal information with other entities in our group as part of our regular reporting activities on company performance, as part of our programme support, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and/or hosting of data.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction. We may also need to share your personal information with a regulator or to otherwise comply with the law.
Your data may be transferred to countries outside the European Economic Area (EEA) to comply with specific donor requirements. Data is transferred outside the EEA based on consent, legal requirement and legitimate interest to do so. Data transfers will be conducted in accordance with the conditions outlined in the data protection policy.
Options takes the security of your data seriously. Options has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Options has achieved Cyber Essentials certification to ensure that its systems comply with Government standards of Data Security.
Where Options engages third parties to process personal data on its behalf, they do so on the basis of contracts containing written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For unsuccessful applicants for specific consultancy roles we may retain your data and may contact you about future opportunities: for that reason we shall retain data for up to 2 years after the consultant has been notified that they have not been successful on that specific role.
For all other consultants: the guiding principle is that Personal Data should not be kept indefinitely and only stored for a limited and appropriate length of time. For specific queries please email options-compliance@options.co.uk.
As a data subject, you have a number of rights as follows:
Under certain circumstances, by law you have the right to:
If you would like to exercise any of these rights, please contact options-compliance@options.co.uk or visit the data protection section on our website.
If you believe that Options has not complied with your data protection rights, you can complain to the Information Commissioner. Details available from www.ico.gov.uk.
Where our processing is based on your consent please note that you have the right to object to the processing. Please contact options-compliance@options.co.uk if you wish to do this.
If you have any questions about this privacy notice, please contact options-compliance@options.co.uk.