Chase Portland is committed to promoting diversity and equal opportunity through its work. No-one should be unfairly disadvantaged on the grounds of age, race, nationality, ethnic origins, sex, marital status, sexual orientation, disability or any other unlawful criteria or circumstance. It is Chase Portland’s policy that anyone within the firm concerned with making decisions should avoid unlawful discrimination in any form whatsoever.
It has always been our strict policy at Chase Portland to obtain our candidates’ consent before their CV and personal details are sent to any firm. Other consultants may urge you to leave it to their judgement but we believe that the candidate should be in control of who is looking at your personal information.
When you register with us, we receive and store your information. Your details are used to communicate with you in accordance with our policy and with the aim of assisting you with your search or potential opportunities. We shall not use or disclose your personal information given to us for any other purpose. Disclosure to third parties occurs only with your approval.
Chase Portland Ltd (“Chase Portland”, “we” or “us”) is committed to protecting and
respecting your privacy.
This Policy sets out the basis on which any personal data we collect from you, or that you
provide to us, will be processed by us.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new
regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The
Regulation aims to harmonise data protection legislation across EU member states,
enhancing privacy rights for individuals and providing a strict framework within which
commercial organisations can legally operate.
Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR
will be applicable in the UK from 25th May 2018. The Government intends for the GDPR to
continue in UK law post Brexit and has also introduced a Data Protection Bill to replace the
current Data Protection Act in due course.
Please read the following carefully to understand our views and practices regarding your
personal data and how we will treat it.
For the purposes of data protection legislation in force from time to time the data
controller is Chase Portland of 2 Old Street Yard, London, EC1Y 8AF, United Kingdom.
Who we are and what we do.
process of helping you find a job, continuing our relationship with you once we have found
you a role, providing you with a service, receiving a service from you, or you are visiting our website.
We are a recruitment agency and recruitment business as defined in the Employment
Agencies and Employment Businesses Regulations 2003 (our business).
We collect the personal data of the following types of people to allow
us to undertake our business:
• Prospective and placed candidates for permanent or temporary roles;
• Prospective and live client contacts;
• Supplier contacts to support our services;
• Employees, consultants;
We collect information about you to carry out our core business and ancillary activities.
Information you give to us or we collect about you.
This is information about you that you give us by corresponding with us by phone, email, social media or otherwise. It includes information you provide when you register to use our site, to enter our database and/or subscribe to our services
The information you give us, or we collect about you, may include:
• Your name and job title;
• contact information, including phone number and email addresses;
• Your professional profiles available in the public domain, such as LinkedIn or professional biography;
• Your competences, skills, experience and education, such your CV or resume, detail of previous employment, educational details and qualifications, third party references;
• Your right to work in the United Kingdom or other jurisdiction relevant to the role you are applying for;
• your preferences, for example preferred location of employment, areas of interest, as well as your contact preferences, your diary/schedule (for the purposes of arranging interviews);
• other information relevant to marketing information and roles
• Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health, diversity information or details of any criminal convictions.
We do not use ‘cookies’ on our website.
Information we obtain from other sources.
This is information we obtain about you from other sources or third parties such as LinkedIn, corporate websites, job board websites, online CV libraries, your business card, personal recommendations and other limited sources (e.g. online and offline media).
Purposes of the processing and the legal basis for the processing
We have listed below various ways in which we may use and process information held about
you, where appropriate and in accordance with any local laws and requirements. Please note that this list is not exhaustive:
To carry out our obligations arising from any contracts we intend to enter into or have
entered into between you and us and to provide you with the information, products and
services that you request from us or we think will be of interest to you because it is relevant
to your career or to your organisation.
To provide you with information about other services we offer, that are similar to those that
you have already purchased, been provided with or enquired about.
The core service we offer to our candidates and clients is the introduction of candidates to
our clients for the purpose of helping secure employment or finding other work roles that
might be suitable for you through temporary or permanent engagement. However, our
service expands to supporting individuals throughout their career and to supporting
businesses’ resourcing needs and strategies. The more information we have the more
bespoke we can make our service.
Our legal basis for the processing of personal data is our legitimate business interests,
described in more detail below, although we will also rely on contract, legal obligation and
consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into a placement agreement
with you or your organisation or any other contract to provide services to you or receive
services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information on you to fulfil
our legal obligations.
We will, in some circumstances, rely on consent for particular uses of your data and you will
be asked for your express consent, if legally required.
An example of when consent may be the lawful basis for processing include permission to
introduce you to a client (if you are a candidate).
Our Legitimate Business Interests
Our legitimate interest in collecting and retaining your personal data is described below:
As a recruitment business and recruitment agency we introduce candidates to clients for
permanent employment, temporary worker placements or independent professional
contracts. The exchange of personal data of our candidates and our client contacts is a
fundamental, essential part of this process.
In order to support our candidates’ career aspirations and our clients’ resourcing needs we
require a database of candidate and client personal data containing historical information as
well as current resourcing requirements.
To maintain, expand and develop our business we need to record the personal data of
prospective candidates and client contacts.
Should we want or need to rely on consent to lawfully process your data we will request
your consent orally, by email or by an online process for the specific activity we require
consent for and record your response on our system. Where consent is the lawful basis for
our processing you have the right to withdraw your consent to this particular processing at
Automated Decision Making
We do not undertake automated decision making or profiling. We do use our computer
systems to search and identify personal data in accordance with parameters set by a person.
A person will always be involved in the decision-making process. If automated decision
making or profiling is to be used in the future to better help us provide our services to you
then this information will be made available here so please check back frequently to see any
How we safeguard your personal data
Unfortunately, the transmission of information via the internet is not completely secure.
Although we will do our best to protect your personal data, we cannot guarantee the
security of your data transmitted to us. Any transmission is at your
own risk. Once we have received your information, we are committed to taking all
reasonable and appropriate steps to protect the personal information that we hold from
misuse, loss, or unauthorised access.
We will use a range of appropriate technical and organisational measures, strict procedures
and security features to try to prevent unauthorised access or a data breach.
If you suspect any misuse or loss of or unauthorised access to your personal information,
please let us know immediately at firstname.lastname@example.org . Furthermore, any data security
breach should be reported to us so that action can be taken to protect affected individuals
and to ensure that lessons are learned to minimise the risk of recurrence.
Disclosure of your information inside and outside of the EEA
We may pass your personal data to clients outside the EEA if you have given your express consent for us to do so. No personal information is otherwise stored outside of the EEA.
Retention of your data
We understand our legal duty to retain accurate data and only retain personal data for as
long as we need it for our legitimate business interests and that you are happy for us to do
so. We will delete your personal data from our systems if we have not had any meaningful
contact with you (or, where appropriate, the company you are working for or with) for six
years (or for such longer period as we believe in good faith that the law or relevant
regulators require us to preserve your data). After this period, it is likely your data will no
longer be relevant for the purposes for which it was collected.
The criteria we use to determine whether we should retain your personal data includes:
• the nature of the personal data;
• its perceived accuracy;
• our legal obligations;
• last date of communication or activity;
• whether an interview or placement has been arranged; and
• our recruitment expertise and knowledge of the industry by country, sector and job role.
We may archive part or all of your personal data or retain it on our financial systems only,
deleting all or part of it from our main Customer Relationship Manager (CRM) system. We
may pseudonymise parts of your data, particularly following a request for suppression or
deletion of your data, to ensure that we do not re-enter your personal data on to our
database, unless requested to do so.
For your information, Pseudonymised Data is created by taking identifying fields within a
database and replacing them with artificial identifiers, or pseudonyms.
The GDPR provides you with the following rights:
Right to be informed, the right to be provided with a minimum set of information
concerning the purposes for which the personal data we hold about you will be
processed. As explained in this policy.
Right to access the personal information that we hold about you. This enables you to
have access/visibility to your data.
Right to rectification of the personal information that we hold about you. This enables
you to have any incomplete or inaccurate information we hold about you corrected.
Right to erasure (the “right to be forgotten”) of your personal information. This
enables you to ask us to delete or remove personal information where there is no good
reason for us continuing to process it. You also have the right to ask us to delete or
remove your personal information where you have exercised your right to object to
processing (see below).
Right to object to processing of your personal information where we are relying on a
legitimate interest (or those of a third party) and there is something about your particular
situation which makes you want to object to processing on this ground. You also have the
right to object where we are processing your personal information for direct marketing
Right to restrict processing of your personal information. This enables you to ask us
to suspend the processing of personal information about you, for example if you want us
to establish its accuracy or the reason for processing it.
Right to data portability of your personal information to another party in certain
formats, if practicable.
Make a complaint to a supervisory body which in the United Kingdom is the
Information Commissioner’s Office. The ICO can be contacted through this link:
Access to information
The Data Protection Act 1998 and the GDPR give you the right to access information held
about you. We also encourage you to contact us to ensure your data is accurate and
Your right of access can be exercised in accordance with the Act (and the GDPR once it is in force). A subject access request should be submitted to email@example.com
where appropriate, notified to you by email. Please check back frequently to see any
be addressed to firstname.lastname@example.org