PRIVACY STATEMENT

Spencer Lennox Limited is committed to protecting and respecting your privacy. This Privacy Statement sets out how we collect, use, process and disclose personal information (‘personal data’) provided to us by clients (including current, former and prospective clients) and/or those with whom we deal on behalf of clients in the course of our business including personal data provided to us on our website, our associated sites, our apps, our social media pages and our mobile website (our ‘Website’). This statement should be read in conjunction with our Cookie Policy.

Our policies and procedures have been developed in line with the requirements of the General Data Protection Regulation and applicable national law.

WHO WE ARE
We are Spencer Lennox Limited. You can contact us by email at privacy@spencerlennox.ie.

INFORMATION THAT WE COLLECT AND PROCESS
We receive, collect and process personal data about you when you engage with us either as a candidate, client, former client or as a potential client. We may also collect personal data when you visit our Website (for further information please see our Cookie Policy ), interact with us and our services and when you engage us to act on your behalf.

We may receive or obtain personal data about you from, on or through third parties and publicly available sources, such as job boards, recruitment websites, professional networking websites, background check providers and social media services. Where we receive or obtain such information from, on or through these third parties and sources, we will only use it in accordance with this Privacy Statement. In some cases, the third party or source will be acting as a controller of your personal data and therefore we advise you to read their privacy notice and/or data protection policy.

When you visit our Website our servers automatically record information that your browser transmits. This may include information such as your device's IP address, browser type, operating system type or the webpage you were visiting before you came to our Website, pages of our Website that you visit, time spent on pages, information you search for, access times and dates and other statistics.

The personal data we process may include any or all of the following:
• your name;
• your username and password for our Website;
• your home address, work address, email address and/or phone number;
• your employment history;
• your bank details;
• your tax identification number;
• your passport or other forms of identity verification;
• your utility bills or other forms of address verification;
• information that you provide in correspondence;
• information related to the browser or device you use to access our Website;
• the date and time of your visit to our Website;
• your IP address and details of the browser that you use;
• information relating to your employment history, academic achievements and references; and
• any other information you provide which is relevant to the service being provided.

We will not seek to gather any personal data which is not relevant for the provision of a service or an ancillary activity that we provide.

HOW WE USE PERSONAL DATA
We may use personal data for our legitimate business interests including:

• for the purpose for which it was provided by you;
• to establish and fulfil a contract with you - if you enter into an agreement to provide or receive services this may include verifying your identity, communicating with you and providing services;
• to comply with applicable laws and regulations;
• to comply with our legitimate business interests and legal rights, including but not limited to, use in connection with compliance, regulatory and investigative purposes and legal claims;
• to personalise our communications, the Website and our services for you;
• to notify you about changes to our service;
• to provide you with information, products and services that you request from us;
• to monitor use of our Website;
• to check, improve and protect our Website and services;
• to monitor any client account (in accordance with applicable law and our legitimate interests) to prevent, investigate and/or report fraud, terrorism, security issues or crime;
• to respond to any comments or complaints we may receive from you and to investigate any complaints received from you or from others, about the Website or our services;
• where you contact us by telephone, calls may be recorded for quality, training and security purposes; and
• to invite you to take part in market research or surveys.

When providing personal data, including but not limited to by way of a Curriculum Vitae or other form of application, you are furnishing your consent for Spencer Lennox Limited to process your personal data and utilise same for recruitment purposes. We require that you do not disclose sensitive personal information in any documentation that you directly provide. The information provided by you will be used by to provide services to you as a client or candidate. This includes the sharing of your personal information to apply for and advertise roles.

When we process your personal data based on our legitimate interests, we consider and balance any potential impact on you and your data protection rights. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).

We may send you direct marketing in relation to certain services. Electronic direct marketing will only be sent where you have given your consent to receive it, or (where allowed) you have been given an opportunity to opt-out of such communications and not opted out. You will be able to opt-out of electronic direct marketing by following the instructions in the relevant received communication.

DISCLOSURE OF YOUR PERSONAL DATA
We may disclose your personal data to third parties in order to provide our services to you, or in order for the third party to provide a service to us or to a third party retained on your behalf to provide a service to you. These circumstances may include, but are not limited to, circumstances where we use third party service providers to assist us in providing services to you, to comply with any legal or regulatory requirement, to carry out our obligations under our Terms and Conditions or any relevant agreement with you, to protect and defend the rights of property of Spencer Lennox Limited, our clients or others.


RETENTION
We will retain personal data only for as long as necessary for the purposes for which it was collected and will only retain the personal data that is necessary in relation to the purpose for which it was acquired. We are required to retain certain information under law or regulatory guidance to which we are subject, to resolve disputes, prevent fraud and abuse and/or to enforce where applicable our terms and conditions.

To determine the appropriate retention period for personal data, we consider the volume, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process personal data, whether we can achieve those purposes through other means and the applicable legal requirements for retention.

SECURITY AND WHERE WE STORE YOUR PERSONAL DATA
We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. Your personal data is highly confidential and will be stored securely with access to it restricted to those who need to use it for legitimate purposes.

We cannot guarantee the security of your personal data transmitted to our Website, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet. Any transmission of personal data is at your own risk. You acknowledge that:

• there are security and privacy limitations of the internet which are beyond our control;
• the security, integrity and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and
• any such information and data may be viewed or tampered with by a third-party, despite best efforts.

Depending on your location and in order to provide services to you, as permitted by law and/or through the use of cookies, your personal data may be transferred outside the European Economic Area. In such cases we will make all reasonable efforts to ensure that such transfers are done in accordance with applicable data protection laws including through the implementation of appropriate safeguards.

PERSONAL DATA PROVIDED ABOUT THIRD PARTIES
Where you provide personal data about another individual you must ensure that you have obtained any necessary permissions from that individual, that you are entitled to disclose the personal data relating to that other individual to Spencer Lennox Limited, that the individual is aware of the contents of this Privacy Statement and that Spencer Lennox Limited may process that personal data in accordance with this Privacy Statement without having to take any further steps.

BILLING AND PAYMENTS
We may use third-party payment processors to assist us in processing your payment information and transactions securely. Such third-party processors use of your personal data is governed by their privacy policies which may or may not contain privacy protections as protective as this Privacy Statement. You should review such third-party processors privacy policies.

YOUR RIGHTS
You have the following rights, in certain circumstances and subject to certain exemptions, in relation to your personal data:

• right of access - you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
• right to rectification - you have the right to have your data corrected, rectified or updated where you believe it may be inaccurate or incomplete.
• right to erasure - you have the right to request us to delete, without undue delay, personal data that we hold about you unless it is necessary for complying with a legal obligation.
• right to restriction of processing or to object to processing - you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
• right to data portability - you have the right to request us to provide you, or a third party where technically feasible, with a copy of your personal data in a structured, commonly used machine-readable format.
• right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party).

In order to exercise any of the rights set out above, please contact us at the details below. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for public interest objectives. You may at any time request a copy of any of your personal data that we hold.

If at any time after giving us personal data you decide that you no longer wish us to hold or use this information, or in the case that the information becomes out of date, you should notify us, and we will remove or rectify the information within a reasonable time and in accordance with legal and regulatory requirements.

If we are processing personal data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal.

You may lodge a complaint if you consider that the processing of your personal data infringes the General Data Protection Regulation. The supervisory authority in Ireland is the Data Protection Commission, you can contact the Data Protection Commissioner's Office at www.dataprotection.ie.

AUTOMATED DECISION-MAKING AND PROFILING
We do not use any personal data for the purpose of automated decision-making or profiling.

LINKS TO OTHER SITES
Our Website may contain links to and from other websites. If you follow a link to any of those websites, you should note that those websites may have their own privacy policies. Spencer Lennox Limited has no control over those other websites and accepts no responsibility or liability for the privacy practices of other websites. Please check those policies before you submit any personal data to them.

DATA BREACH
In the event we become aware that the security of the Website has been compromised or personal data has been disclosed to unrelated third parties as a result of external actions, including but not limited to security attacks or fraud, we reserve the right to take appropriate measures, including but not limited to investigation and reporting, as well as notification to and cooperation with the appropriate authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is required by law. Such notification will be by posting notice on the Website and by email.

LEGAL DISCLOSURE
We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a court order, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect public safety, investigate fraud or respond to a government request. In the event of a sale of all or a portion of our assets, your account and personal data may be among the assets transferred

DISCLAIMER
Spencer Lennox Limited, its directors, employees, agents, affiliates or other representatives and associated companies, shall not be liable in respect of any claims, demands, causes of action, damages, losses, expenses, including without limitation, reasonable legal fees and costs of proceedings arising out of or in connection with the use and/or dissemination of personal data relating to you in accordance with this Privacy Statement, the Cookie Policy and your consents.
CHANGES TO THIS PRIVACY STATEMENT
We reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes on the Website and we will update the updated date at the bottom of this Privacy Statement. When you use our Website after any such change you will be deemed to have consented to the current version of the Privacy Statement and accordingly you should review the Privacy Statement from time to time.

CONTACT
Questions, comments, requests and complaints regarding this policy and the personal data we hold should be addressed to privacy@spencerlennox.ie

Updated: September 2020