PRIVACY NOTICE (EFFECTIVE DATE: 10th July, 2019)
If you want to contact FRG or any of its group companies, please click here.
This Privacy Notice sets out the basis on which we collect, store, use and disclose personal data we receive in writing, through our Websites, or through the recruitment services that we provide. It therefore applies to personal data that you provide to FRG telephonically, electronically (including email) and in person.
This information may be updated from time to time, and should be read in the context of any additional specific information such as that provided in privacy policies applicable to specific businesses or local areas as displayed on the relevant Website or distributed to you from time to time.
This Privacy Notice also informs you how we obtain and use information gained by us through your use of the Websites, including by using “cookies” and third party vendors.
Please read the following carefully to understand our views and practices regarding your personal data, how we will treat it and your rights. You can contact FRG’s Chief Privacy Officer (“CPO”) by emailing email@example.com.
This Privacy Notice applies to FRG globally. The first part of the policy is general and applies globally. The second of the Privacy Notice is comprised of country-specific addendums. Please be sure to check the addendums below to see if there is one that applies to your country. In the event of a conflict between the general part of this Privacy Notice and an addendum, the addendum prevails.
2. Who are we?
FRG is a global niche technology recruitment company that operates under the brands listed above. FRG offers recruitment services for permanent hiring and contract or temporary services.
III. Who does this Privacy Notice protect?
This Privacy Notice protects individuals throughout the world who access our Websites or receive recruitment services from us. In addition to candidates who are looking for a new or different job or career, this also includes individuals who are employed by an actual, former or prospective FRG client. An FRG client is one of (a) a business that FRG has contracted with to provide recruitment services or is in the process of doing so, (b) a business that FRG may solicit with the intention of providing recruitment services or (c) a business to whom FRG may provide relevant IT market information.
1) What information will we collect?
Some of the data that we collect and receive from you is personal data which means that it is information that could personally identify you (“Personal Data” or “PII”). The Personal Data that we may collect from all users of our Websites and users of our recruitment services may include any of the following:
For Contract Candidates Only (individuals who are employed by, consult with and/or own an entity recruited by FRG to provide contract or temporary technical professional services to an FRG client (or an FRG client’s client))
In addition to the Personal Data listed above, FRG may collect the following from you:
While this information may relate to your company or your employer rather than being your Personal Data, we have listed this information for transparency.
If your provision of Personal Data to FRG is necessary to enter into a contract with your company or your employer, your failure to provide us with accurate Personal Data may result in FRG not being able to offer or render recruitment services to you, your company or your employer.
2) Why do we process your Personal Data?
Generally, we use your Personal Data for our business and activities, and in our efforts to expand and improve our business. Examples include:
All users of the Websites and/or our services
Actual or Prospective Candidates
Individuals who work for FRG clients (i.e. a “client contact”)
3) Who do we send your Personal Data to?
All users of the Websites and/or our services
Actual or Prospective Candidates
Individuals who work for FRG clients (i.e. a client contact)
VII. What will FRG do if my Personal Data is breached?
FRG has put in place reasonable technical, administrative and physical safeguards intended to prevent a breach of your Personal Data. That being said, FRG cannot guarantee that your Personal Data will not be breached.
A breach can take many forms, including, without limitation, the loss of your Personal Data or the unauthorized access to, disclosure, modification, copying and transfer of your Personal Data.
Once FRG becomes aware of the breach, FRG will take reasonable steps to isolate the breach, stop the breach, determine the root cause, determine the Personal Data breached, fix the root cause and determine if notice to you and/or the appropriate government agency(ies) is required. FRG will comply with all applicable law in reacting to, and dealing with, a breach of Personal Data.
If you believe, for any reason, that your Personal Data has been breached while in FRG’s care, custody or control, please email FRG immediately at firstname.lastname@example.org.
VIII. Will my Personal Data be transferred to another country?
Yes, FRG may transfer your Personal Data to the categories of third parties described in this Privacy Notice, some of whom are located outside of the country in which you provided your Personal Data to FRG or the country of collection.
If so, FRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. The countries where FRG may transfer your Personal Data will have varying levels of data security practices and laws, some of which may be less stringent or protective than your country. FRG will use all reasonable efforts to require that any of its suppliers and vendors who receive your Personal Data are contractually bound to (a) keep your Personal Data confidential and (b) take, at a minimum, reasonable efforts to maintain the privacy and security of your Personal Data.
Under certain circumstances, FRG may share your Personal Data with one or more of its group companies who may be located in a country other than yours or other than the country in which FRG collected your Personal Data. In such cases, FRG will comply with applicable laws and its Intercompany Data Processing Agreements (“DPAs”). The DPAs are incorporated by reference into this Privacy Notice.
1) How long will FRG store my Personal Data for?
We are required by applicable law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations. This period of time will vary based on the law in your country and in the country where FRG stores your Personal Data.
In addition, FRG will keep your Personal Data for the identified purposes until it reasonably believes that it no longer needs it, that there is no reasonable chance that you, your employer or your company will do business with FRG, and there is no reason to believe that we will need the Personal Data for any special circumstances such as the issuance or defence of legal proceedings, audit, investigation or collections.
a) Sending FRG Personal Data over the internet
Your Personal Data is held on servers hosted by us, our internet services providers or third party vendors with whom FRG has a contract. The transmission of information via the internet is not completely secure. Although we will take the efforts set forth in the Privacy Notice to protect your Personal Data, we cannot guarantee the security of any data transmitted through or to our Websites. Any transmission of data by you to us over the internet is at your own risk.
b) How we collect and aggregate information about visitors to our Websites
We also collect information about the way job seekers and visitors use the Websites in order to improve our services, to understand our users better, and to determine aggregate trends, most popular pages, etc. By using the Websites, you agree that we may share de-identified aggregate data with selected third parties to assist with these purposes. We may also undertake marketing profiling to help us identify candidates, clients, or jobs which may be of interest to you. We may process Personal Data that you submit to us through the Websites under one or more of the permissible bases for processing Personal Data set forth in the Privacy Notice.
XII. Technology and Tools
Like many companies, we use technology and tools that tell us when a computer or device has visited or accessed our content. Those tools include services from search engines and other companies that help us to tailor our products and services to better suit our customers and potential customers. Search engines provide facilities to allow you to indicate your preferences in relation to the use of those tools in connection with computers and other devices controlled or used by you.
We also set out further information below about Cookies and Web Beacons.
1) What are cookies?
A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options to you based upon the stored information about your last visit. You can normally alter the settings of your browser to prevent acceptance of cookies.
Cookies are used are many, many websites, including FRG’s Websites.
We use “cookies” and plug ins to: (1) make the Websites function properly and as a user would normally expect of a commercial website, (2) monitor Website user traffic patterns and Website usage.; and (3) help us to advertise to you jobs we think you, your company or your employer will be interested in. Our use of these tools helps us to understand how our users use our Websites so that we can develop and improve the design, layout and functionality of the Websites and to provide more efficient and relevant services to you.
The cookies we use are explained below:
The FRG Websites use personalisation cookies to help us to advertise jobs that we think may be of interest to you. These cookies are persistent and mean that when you log in, or return to, the particular FRG Website, you may see advertising for jobs that are similar to jobs that you have previously browsed.
For information on how to reject these personalisation cookies, see Section E below
1) Cookies and Plug-ins set by FRG or Third Parties used by FRG
Please note that we use some plug-ins on the Websites that do not collect or give us your PII. For security reasons, we have omitted those plug-ins from the chart below.
|New Relic||To send statistics which can help us improve Website performance.||Deleted when the browser closes.||https://docs.newrelic.com/docs/browser/new-relic-browser/page-load-timing-resources/new-relic-cookies-used-browser|
|Disqus||A WordPress plugin which allows users to leave a comment on blog posts||6 months and 30 days.||https://help.disqus.com/user-profile/use-of-cookies|
|HotJar||To record user sessions, generate heatmaps and to provide analytics on form submissions.||1 Month.||https://www.hotjar.com/legal/policies/cookie-information|
|Google Tag Manager||It provides us the flexibility of creating Google Analytics events through Google’s dashboard and load external scripts.||Deleted when the browser session closes.||https://policies.google.com/privacy?hl=en|
|Google Analytics||Provide analytics of users browsing the Website such as location, city and browser related data.||2 years.||https://policies.google.com/privacy?hl=en|
|To monitor our LinkedIn advertisements’ performance.||Deleted when the browser session is closed.||https://www.linkedin.com/legal/cookie-policy|
|DoubleClick||Ad Plugin managed by Google.||5 years.||https://support.google.com/dfp_premium/answer/2839090?hl=en|
|PolyLang||To provide multi-lingual feature on our Websites.||1 Year.||https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/|
|WpPML||To provide multi-lingual features on our Websites.||3 years.||https://wpml.org/documentation/support/browser-cookies-stored-wpml/|
|To load Instagram pictures on the Websites which users can click on to go to FRG’s Instagram page.||Session cookies remain until Browser session is closed. Permanent session 1 year.||https://www.instagram.com/legal/cookies/|
|To load Twitter tweets on the Websites which users can click on to go to FRG’s Twitter page.||30 Days.||https://help.twitter.com/en/rules-and-policies/twitter-cookies|
|Bootstrap CDN||We use Bootstrap to load libraries which helps improve the users’ (front end) experience.||1 year.||https://www.bootstrapcdn.com/privacy-policy/|
|KickFire||To identify the company, internet service provider, internet protocol address of a user.||Minimum of 30 days||http://id.kickfire.com/privacy-policy|
|Lead Forensics||Informs FRG of the employer/company of user based upon the IP address. Allows FRG to identify the company name, address and other details.||Session cookies remain until browser session is closed. Persistent cookies remain more than 1 year.||https://www.leadforensics.com/privacy-and-cookies/|
|Lead Chat||Lead Chat allows us to chat with users through the Websites.||Some of the cookies set are 3 years and some are infinite.||http://www.leadchat.com/privacy/|
|Olark||Olark allows us to chat with our German speaking users through the German language websites.||Some of the cookies set are 3 years and some are infinite.||http://www.olark.com/privacy-policy/|
|To provide sharing statistics, monitoring Facebook Ads and allowing Facebook comments.||Longest cookie duration is 1 year and 5 months||https://www.facebook.com/policies/cookies/|
|Pippio||To provide user tracking and data services for online advertising||Minimum of 30 days||https://liveramp.com/privacy/|
|Cookie Consent||Store the user’s cookie consent on the browser.||1 year||Cookie developed by FRG so see this notice for uses.|
|Optimizely||Set by HotJar for tracking user activity.||Minimum of 30 days||https://www.hotjar.com/legal/policies/cookie-information|
|Shortlist||To save shortlisted jobs on the browser.||Remains until browser session is closed.||Cookie developed by FRG so see this notice for uses.|
|Indeed Tag||Used by Indeed to provide us with conversion information with respect to our advertising/marketing campaigns||Some cookies expire immediately and some expire after 10 years.||https://www.indeed.co.uk/legal#cookies|
|Thrive Leads||Used by us to provide helpful career and hiring advice||Maximum of 100 days.||https://thrivethemes.com/privacy-policy/|
|Thrive Quiz Builder||Same as above including the use of quizzes to obtain information from users.||Maximum of 30 days.||https://thrivethemes.com/privacy-policy/|
|Email Subscriptions and Newsletters||Used by us to send news articles and features to user. You will only receive these articles and features if you opt in to the service.||Plug in. Does not collect your PII unless you enter your PII.||https://www.icegram.com/terms/|
|Social Warfare||This is a social media plugin and allows users to share content that they elect to share.||Session cookies expire after browser closure, persistent cookies stay until the user deletes them.||https://warfareplugins.com/privacy-policy/|
|LifterLMS||A plugin that we use to deliver free online courses and learning material for users||LifterLMS does not create any custom cookies and uses the WordPress core for cookie data related to logins. The core sets cookies for fourteen days.||https://lifterlms.com/privacy-policy/|
2) How to reject cookies
If you don’t wish to receive cookies that are not strictly necessary to perform basic features of our Websites, you may choose to opt out of them by selecting the appropriate box on the top right hand side of this page.
Note that most web browsers will accept cookies, but if you would rather that we did not collect data in this way you can choose to accept or reject some or all cookies in your browser’s privacy settings. Rejecting all cookies means that certain features of the Website(s) cannot then be provided to you and accordingly you may not be able to take full advantage of all our Websites’ features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.
For more information generally on cookies, including how to disable them, please refer to aboutcookies.org (http://www.allaboutcookies.org/). You will also find details on how to delete cookies from your computer.
3) Web Beacons
FRG may use or include web beacons in emails or other electronic communications that FRG sends to you. We use web beacons to help us analyze the effectiveness of our communications to you. For example, we may use web beacons to understand when and if you opened our email, how many times you opened the email, if you have forwarded the email to another email address, or if you clicked on a link in an email that we sent to you. The web beacons do not collect or give us your PII but they do provide information to us about your actions after receiving a communication from us. If you would like to stop receiving emails with web beacons from us, you may unsubscribe by clicking the “Unsubscribe” link in the email. However, you may receive auto generated emails from FRG after you create an account on the Websites or take some other affirmative action on the Websites which contain web beacons but do not contain an “Unsubscribe” link. In those cases, just simply email email@example.com if you would like to stop receiving emails from FRG with web beacons.
Also, FRG works with third parties to help manage online advertising who embed web beacons in online job postings and job advertisements that FRG requests these third parties to post online. One such third party that we use is Broadbean. These web beacons allow Broadbean to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by a third party that Broadbean uses such as Google Analytics. These files enable Google Analytics to recognize a unique cookie on your web browser, which in turn enables Broadbean to learn which advertisements bring users to our Websites or websites on which Broadbean placed our advertisements. The cookie on your web browser was placed by Broadbean, or by another advertiser who works with Google Analytics. With both cookies and web beacon technology, the information that Google Analytics (either directly, see cookie/plug-in chart above) or Broadbean collects and shares with us is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address. For more information about Google Analytics, including information about how to opt out of these technologies, go to www.google-analytics.com. For more information about web beacons and cookies placed by Broadbean, please click https://www.broadbean.com/uk/privacy-policy/.
XIII. Links to other websites
Please note that clicking on links and banner advertisements and RSS (Rich Site Summary) feeds may result in your transfer to another website, where data privacy practices may be different than described in this Privacy Notice. It is your responsibility to check other website privacy notices and policies to ensure that you are happy for your personal information, including Personal Data, to be used in accordance with those third parties’ privacy notices and policies. We accept no responsibility for, and have no control over, third party websites, links, adverts or RSS feeds or information that is submitted to or collected by third parties.
XIV. Changes to our Privacy Notice
Any changes to this Privacy Notice or any of its addendums will be posted on this Website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We encourage you to check this Website frequently for updates. Your continued use of this Website or any FRG services shall constitute your acceptance of the revised Privacy Notice.
FRG will interpret and enforce this Privacy Notice in accordance with all applicable law.
This Privacy Notice was updated on March 25, 2018 and October 4, 2018.
This Privacy Notice was last updated on April 15, 2019.
EUROPEAN ECONOMIC AREA/UNITED KINGDOM ADDENDUM
1) Who is FRG’s Supervisory Authority for Data Protection Purposes?
FRG has designated the UK Information Commissioner’s Office (“ICO”) as the supervisory authority for purposes of Data Protection Act 1998 (“DPA”) and General Data Protection Regulation (“GDPR”).
2) How do we lawfully process your data?
In order to process your Personal Data lawfully FRG must have a legal basis to do so. FRG relies on three main legal basis for processing your Personal Data:
1) where we obtain your affirmative consent to use your Personal Data in this way;
2) where we have a legitimate interest in processing your Personal Data, which we have balanced against your rights and freedoms and concluded that our processing is justifiable; or
3) where our handling of your Personal Data is necessary for us to perform the obligations under your company’s or employer’s contract with FRG (inapplicable to candidates for permanent hire).
We may rely on one or more legal bases to process your Personal Data
3) All users of the Websites and/or our services
Legitimate Interests: FRG uses Personal Data that we collect for the following general purposes in the performance of our legitimate interests as a business: to provide the services to our candidates and clients; to enhance their experience, to improve our services and to contact candidates and clients.
4) Actual or Prospective Candidates
Consent: If you, whether on your own behalf (permanent hire candidate) or on behalf of your company or your employer (contract hire candidate), would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to FRG processing your Personal Data for this purpose. FRG may also ask you via email or telephone for your affirmative consent to receive marketing and other communications from us.
Legitimate interest: FRG has a legitimate interest in processing your Personal Data in order to fill a job, to provide you (permanent hire candidate) or your company or your employer (contract hire candidate) with other products and services to help you in your career and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. FRG also has legitimate interest to process your Personal Data if you apply for, or seek further information about, a job posted on one of the Websites or a job advertised by FRG on a job board, social media site or other forums.
Necessary for the performance of a contract: FRG can process your Personal Data in the performance of its contract with your company or employer.
5) Individuals who work for FRG clients (i.e. a client contact)
Consent: If you would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to FRG processing your Personal Data for this purpose. FRG may also ask you via email or telephone for your affirmative consent to receive marketing and other communications from us..
Legitimate Interest: FRG has a legitimate interest in processing your Personal Data in order to fill a vacancy at your company or employer, and provide you with other products and services relevant to your company or employer and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. FRG also has legitimate interest to process your Personal Data if you seek or obtain further information about FRG or an FRG candidate.
Necessary for the performance of a contract: FRG can process your Personal Data in the performance of its contract with your company or employer.
With respect to actual or prospective client contacts and candidates, if FRG obtains your Personal Data from someone other than you, FRG shall inform you of the identity and contact details of the person or entity from whom FRG obtained your Personal Data, whether FRG obtained your Personal Data from publicly available sources, the categories of Personal Data that FRG obtained and, if FRG is processing your Personal Data based on its legitimate interest (see Section III below), the nature of FRG’s legitimate interest. FRG shall provide you with the information listed in this paragraph by the earlier of (1) one month after FRG obtains your Personal Data or (2) if FRG uses your Personal Data to communicate with you, the first time that FRG communicates with you.
FRG shall not provide you with the information described in the paragraph immediately above if you already possess this information, providing you with such information is against applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, FRG shall take appropriate measures to protect your rights, freedoms and legitimate interests.
III. Your Special Rights under Data Protection Laws
1) Do I have a right to be erased (forgotten)?
Yes. You have the right to request that FRG deletes or removes your Personal Data where there is no compelling reason for us to continue to process it. You can exercise this right, free of charge, by sending an email to FRG at firstname.lastname@example.org.
Please note that your right to erasure is not absolute. FRG will remove your Personal Data when:
(1) the Personal Data is no longer necessary in relation to the purpose for which FRG originally collected and/or processed it;
(2) if FRG is processing your Personal Data on the basis of your consent and you withdraw consent;
(3) you object to the processing of your Personal Data and there is no overriding legitimate interest for us to continue to process it;
(4) the Personal Data was unlawfully processed; and
(5) the Personal Data must be erased to comply with a legal obligation.
FRG can refuse to comply with an erasure request in the following limited circumstances:
(a) to exercise FRG’s right of freedom of expression and information;
(b) to comply with a legal obligation or for the performance of a public interest task;
(c) for archiving purposes in the public interest, scientific research, historical research or statistical purposes; or
(d) for the establishment, exercise or defence of legal claims.
If we remove your Personal Data per your request for erasure, then we will confirm this with you.
If we have disclosed any of your Personal Data to a third party and you submit an erasure request to us, then we will inform (1) you about the recipients and (2) any such third parties of your erasure request unless doing so is impossible or involves disproportionate efforts.
We will respond to your erasure request without undue delay. Please note that, for your and FRG’s protection, we cannot respond to an erasure request until we have verified the identity of the person making the request. This verification process may extend the response timeframes set forth in this paragraph.
2) Do I have a right of access to a copy of my Personal Data?
Yes. You have the right to:
You can exercise this right by sending an email to FRG at email@example.com.
This right is in place to ensure that you are aware of and can verify the lawfulness of the processing. In most cases, we will provide you with a copy of your Personal Data free of charge. However, we may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive. With respect to unfounded, excessive or repetitive requests, in rare cases, FRG may refuse to respond to your request but will explain the reason(s) for its refusal to you without undue delay and within one month of its receipt of your request. If FRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.
If you submit your access request to FRG electronically, FRG will provide you with its response, and a copy of your Personal Data (if applicable) via email or other commonly used electronic form.
If FRG did not collect your Personal Data from you, FRG will inform you about the source from which it obtained your Personal Data. Your right of access does not adversely affect your right of erasure (forgotten) and right of rectification, both of which are described in this Privacy Notice.
Generally, FRG will provide you with a copy of your Personal Data without undue delay and within one month of its receipt of your request, provided that FRG may extend this time period for up to two additional months if your request is complex or numerous. If FRG exercises this extension of time, FRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. If your request is large or complex, FRG may ask you to specify the particular information or category of information you seek.
Please note that, for your and FRG’s protection, FRG cannot respond to an access request until it verifies the identity of the person making the request for your Personal Data. This verification process may extend the response timeframes set forth in the paragraph above.
3) Do I have a right to object to the processing of my Personal Data, including the processing of my Personal Data by FRG for direct marketing?
Yes, you have a right to object to the processing of your Personal Data where:
You can exercise this right, free of charge, by sending an email to FRG at firstname.lastname@example.org.
If FRG receives an objection request from you for reasons unrelated to direct marketing, FRG will stop processing your Personal Data unless we can show compelling legitimate ground(s) for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of any legal claims.
If FRG receives an objection request from you for reasons related to direct marketing, we will stop processing your Personal Data.
If you receive a direct marketing communication from FRG and you do not wish to receive future direct marketing communications from FRG, you may request to unsubscribe from future marketing communications by sending FRG an email at email@example.com In addition, if the direct marketing communication you received was via email, you can click the “Unsubscribe” link at the bottom of the email, fill out the required form and FRG will process your unsubscribe request. Please allow up to ten (10) business days for your unsubscribe request to take effect.
4) Do I have a right to restrict processing of my Personal Data?
Yes, you have a right to restrict, the processing of your Personal Data. You can exercise this right, free of charge, by sending an email to FRG at firstname.lastname@example.org. When you exercise this right, FRG may continue to store your Personal Data but cannot further process it. FRG will cease processing your Personal Data in the following circumstances:
(1) when you file a rectification request with FRG (see the “Do I have a right to have any inaccurate or incomplete Personal Data rectified?” section below) in accordance with this Privacy Notice and applicable law. The restriction shall remain in place until such time as FRG has verified the accuracy of the Personal Data that is the subject of your rectification request;
(2) where FRG is processing your Personal Data based on its legitimate interest and you file a notice with FRG objecting to the processing of your Personal Data (see the “Do I have a right to object to the processing of my Personal Data?” section above) in accordance with this Privacy Notice and applicable law, FRG will cease processing your Personal Data until such time as FRG has made a determination as to whether its legitimate grounds for continued processing override your reasons for objecting to the processing;
(3) when the processing is unlawful and you do not seek or want erasure and you file a restriction request with FRG in accordance with this Privacy Notice and applicable law instead; and
(4) if FRG no longer needs the Personal Data and you require the data to establish, exercise or defend a legal claim.
While the processing of your Personal Data is restricted, FRG may continue to process such data by storing it, processing it with your consent or processing it for the establishment, exercise or defence of legal claims.
FRG will inform you if it decides to lift a restriction on processing.
If FRG has disclosed any of your Personal Data to a third party and you submit a request to restrict processing, FRG will inform (1) you about the recipients if you so request and (2) any such third parties of your restriction request unless doing so is impossible or involves disproportionate efforts.
FRG will act on your restriction request in accordance with this Privacy Notice without undue delay. Please note that, for your and FRG’s protection, FRG cannot act on a restriction request until it verifies the identity of the person making the request. This verification process may extend the timeframe in which FRG acts on your restriction request.
5) Do I have a right to Personal Data portability?
Yes. You can exercise this right, free of charge, by sending an email to FRG at email@example.com. This right exists to allow you to obtain and use your Personal Data for your own purposes across different services. Under this right, you can move, copy or transfer your Personal Data from FRG to another data controller.
This right applies where FRG is processing your Personal Data with your consent or for the performance of a contract. It also applies if we process your Personal Data by automated means. If your portability request concerns someone other than you, FRG will have to consider whether providing or porting the Personal Data would prejudice the other person’s or people’s rights.
Generally, FRG will respond to your portability request without undue delay and within one month of its receipt of your request, provided that FRG may extend this time period for up to two additional months if your request is complex or numerous. If FRG exercises this extension of time, FRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. Where technically feasible, you may request that FRG transmit your Personal Data to another data controller.
6) Do I have a right to object to decision been taken by automated means?
If FRG uses automated (i.e. non-human) methods to process your Personal Data to make decisions that could potentially have a damaging legal or similarly significant effect on you (each, an “Automated Decision”), you have the right not to be subject to the Automated Decision. This right is inapplicable to any Automated Decision made by FRG that is necessary for entering into or the performance of a contract between you and FRG, is authorized by law or is based on your explicit consent.
If FRG makes any Automated Decisions to which this right applies, FRG will ensure that you are able to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.
If FRG engages in “profiling” by automated means, FRG will ensure that appropriate safeguards are in place including (1) ensuring that the processing is fair and transparent by providing you with meaningful information about the logic involved and the significance and consequences of the outcome of the decision, (2) using appropriate mathematical or statistical procedures for the profiling, (3) implementing appropriate technical and organizational measures to enable inaccuracies to be corrected and minimize the risk of errors and (4) securing the Personal Data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.
7) Do I have a right to have any inaccurate or incomplete Personal Data rectified?
Yes. You can exercise this right, free of charge, by sending an email to FRG at firstname.lastname@example.org.
Generally, FRG will respond to your rectification request within one month of its receipt of your request, provided that FRG may extend this time period for up to two additional months if your request is complex. In rare cases, FRG may refuse to respond to your request but will explain the reason(s) for its refusal to you within one month of its receipt of your request. If FRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.
If FRG has disclosed any of your Personal Data to a third party and you submit a rectification request to FRG that FRG is going to honor, FRG will inform (1) you about the recipients and (2) any such third parties of your rectification request as well as any corrected Personal Data, unless doing so is impossible or involves disproportionate efforts.
We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date.
8) What are my rights if the Security of my Personal Data is breached?
A breach of Personal Data (a “Breach”) means a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data for which we are responsible under applicable law.
If the Breach is likely to have a significant detrimental effect on your rights and freedoms (such as resulting in discrimination, damage to reputation or financial loss), FRG will notify the ICO without undue delay, and if feasible, within 72 hours of FRG’s becoming aware of the Breach. FRG will assess the determination of “significant detrimental effect” on a case by case basis.
If the Breach is likely to result in a “high risk” to your rights and freedoms, FRG will notify you without undue delay. To be clear, the threshold requiring FRG to notify you of a Breach is higher than the threshold requiring FRG to notify the ICO of a Breach so it is possible that FRG will notify the ICO of a Breach but not you. FRG will assess the determination of “high risk” on a case by case basis.
Any Breach notice issued by FRG will contain, where possible, (1) the categories and approximate number of individuals and Personal Data records effected by the Breach, (2) the name and contact details of the ISM (or other FRG contact representative if FRG does not have a ISM at the time that FRG issues the Breach notice), (3) a description of the likely consequences of the Breach, (4) a description of the measures that FRG has taken, and may take, to stop the Breach and, where appropriate, to mitigate the adverse effects of the Breach and (5) recommendations on actions you can take to protect yourself in light of the Breach.
9) Will my Personal Data be transferred outside the EEA/UK?
FRG may transfer your Personal Data to third parties described in this Privacy Notice who are located outside of the EEA/UK. If so, FRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. Some of the countries outside the EEA/UK where your Personal Data may be transferred will be on the EU Commission’s list of countries that it has deemed to have adequate security controls in place. If FRG transfers your Personal Data to a country not on this list, we will require the recipient to agree to the EU Commission’s model clauses for data protection or other adequate safeguards.
Under certain circumstances, FRG may share your personal data with one or more of its group companies who may be located in another country, including outside of the EEA/UK In such cases, FRG will comply with its DPAs. The DPAs are incorporated by reference into this Addendum
10) How long will FRG store my Personal Data for?
We are required by law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations.
With respect to GDPR (and similar laws), we will store and process your Personal Data that we obtain via (i) your consent until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) you inform us that you have withdrawn your consent, (ii) our legitimate interest until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) FRG concludes that your rights and freedoms outweigh our right to process your Personal Data and (iii) our necessity for the performance of a contract, until the termination or expiration of the contract including the termination or expiration of FRG’s and your employer’s or company’s duties or obligations that survive any such termination or expiration.
Furthermore, we will store your Personal Data in special circumstances related to the issuance or defence of legal proceedings, outstanding invoices or in connection with any investigation by or of a government authority.
11) What Protections do I have if FRG transfers my Personal Data to the U.S.?
In short, you have the protections of the Privacy Shield Framework. Frank Recruitment Group Inc., a Delaware corporation, is FRG’s primary affiliate and operating company in the United State (“FRG US Parent”). FRG US Parent has a subsidiary, Frank Recruitment Group Services Inc., also a Delaware corporation (“FRGS US Sub,” collectively with FRG US Parent, “FRG US”). FRG US comply with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce with respect to Personal Data that is transferred from the EEA and Switzerland to the United States. FRG US has certified their participation in the Privacy Shield Frameworks to the Department of Commerce. FRG US Sub is another covered entity that is adhering to the Privacy Shield Principles.
If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view FRG US’s certification, please visit https://www.privacyshield.gov/ and https://www.privacyshield.gov/list. This Privacy Notice only applies to Personal Data within the scope of the FRG US’s Privacy Shield certifications.
FRG US’s Privacy Shield certifications cover Personal Data regarding:
(1) current, former, and prospective employees in connection with the employment relationship which is covered by a separate, employee only, Privacy Notice that has been made available to FRG US employees;
(2) Personal Data regarding client contacts and candidates (temp and perm), such as the sale and delivery of recruitment services and the administration of the client and candidate relationship; and
(3) Personal Data regarding third parties (such as service providers and independent contractors) and their personnel and employees, in connection with recruitment services and the provision and performance of technical professional services to client and, where applicable, their end customers and the management and administration of the business relationships with such third parties.
Our certifications do not cover any disclosure of an individual’s Personal Data to a third party who processes the Personal Data for its own purposes when the disclosure is made at the request of the individual.
FRG US disclose Personal Data to third party service providers in connection with the operation of their respective businesses, including their provision of services to clients and candidates. FRG US ascertain that these third party service providers provide at least the same level of privacy protection as is required by the Privacy Shield Principles. FRG US may be liable if both (a) third parties fail to meet these obligations and (b) FRG US is responsible for the event giving rise to the damage.
FRG US are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. FRG US may be required to disclose Personal Data to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.
Any questions or complaints concerning FRG US’s Privacy Shield compliance, or requests to access, correct, amend, delete, or limit the use or disclosure of Personal Data (opt out) may be directed to email@example.com. If FRG US has not been able to satisfactorily resolve the issue, then you may raise it with (1) your data protection authority (see paragraph immediately below) or (2) the International Centre for Dispute Resolution/American Arbitration Association (“ICDR/AAA“) for non-HR related recourse, which can be contacted at http://go.adr.org/privacyshield.html. Under certain conditions, individuals may have the possibility to engage in binding arbitration through the Privacy Shield Panel. To find out more about individual binding arbitration, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
EU/EEA residents. Should your complaint relate to FRG US’s failure to comply with its Privacy Shield commitments and remains unresolved and you reside in the EU/EEA, then you should contact the EU Data Protection Authorities (the “DPAs”) who act as an independent recourse mechanism to settle all such disputes. Such complaints can be directed either to the EU DPAs panel secretariat or individual EU DPAs.
The contact information relevant to the submission of the standard complaint form is as follows: Commission Européenne, Directorate General Justice, Directorate C (Fundamental Rights and Union Citizenship) of the European Commission, Data Protection Panel, B-1049 Brussels, Belgium, Telephone: (32-2) 299 11 11, Fax: (32-2) 298.80.94, email: firstname.lastname@example.org.
You can find the standard compliant form at https://edps.europa.eu/data-protection/our-role-supervisor/complaints/edps-complaint-form_en.
The contact information for individual EU DPAs can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm
Swiss residents. Should your complaint relate to FRG US’s failing to comply with our Privacy Shield commitments and remains unresolved and you reside in Switzerland, then you should contact the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland with whom FRG US has agreed to cooperate regarding such disputes.
The contact information for the Swiss FDPIC can be found at: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html
Under the EU-U.S. Privacy Shield, the following independent dispute resolution bodies designated to address complaints will provide appropriate recourse free of charge to the individual: (1) the panel established by DPAs, (2) an alternative dispute resolution provider based in the EU, or (3) an alternative dispute resolution provider based in the United States.
Also, under the Swiss-U.S. Privacy Shield, the following independent dispute resolution bodies designated to address complaints will provide appropriate recourse free of charge to the individual: (1) the Commissioner of the FDPIC, (2) an alternative dispute resolution provider based in Switzerland, or (3) an alternative dispute resolution provider based in the United States.
FRG’s Data Protection Officer is Robert Knight. You can email the Data Protection Officer at email@example.com.
UNITED STATES OF AMERICA ADDENDUM
If you would like a copy of FRG’s US comprehensive information security program, please email FRG’s CPO at firstname.lastname@example.org.
If FRG receives a “Do Not Track” signal or request from a web browser, FRG will not honor such request or signal. FRG has taken this position in part to provide you with a personalized and efficient experience on the Websites.
As discussed in this Privacy Notice, there are third parties who conduct tracking on the Websites.
Information about web beacons used by FRG and third parties with whom it contracts can be found in Section XII.F of the Privacy Notice above.
For information on Frank Recruitment Group Inc.’s compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, see the section entitled “What Protections do I have if FRG transfers my Personal Data to the U.S.?” of the European Economic Area/United Kingdom Addendum above.
For users accessing the Websites or using our services in Australia, we comply with Australian privacy requirements including the Privacy Act 1988 (Cth) and Australian Privacy Principles, the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and any applicable state/territory privacy laws or industry codes.
We will deal with your Personal Data (which has the same meaning as “Personal Information” under the Privacy Act 1988 (Cth)) in accordance with those laws, namely any information from which your identity is apparent or can be reasonably ascertained.
Residents of Australia accessing and using the Websites or services are notified that:
You may wish to contact us to request access to your Personal Information, to seek to correct it or to make a complaint about privacy. Our contact details are set out below:
Frank Recruitment Group Pty Ltd
Suite 5, Level 3
350 Collins Street
Melbourne VICTORIA 3000
We will respond to your request for access to Personal Information we hold about you as soon as we reasonably can, including if we are unable to provide you with access (such as when we no longer hold the information).
We do not impose any charge for a request for access, but we may charge you a reasonable fee for our costs associated with providing you with access and retrieval costs.
For complaints about privacy, we will establish in consultation with you a reasonable process, including timeframes, for seeking to resolve your complaint.
 The “Purposes” listed in this chart are brief summaries and not intended to explain all or every reason why FRG uses the particular cookie or plug in. If you have any questions about the cookie table, please click the link to the cookie creator’s website and/or email FRG at email@example.com.