PROTECTING YOUR PRIVACY
Who we are:
Holdsway Limited (“Holdsway”)
Floor 2 Export House
Wolsey Walk
Woking
Surrey GU21 6QX
UNITED KINGDOM
Tel: 020 3053 4438
Email: gdpr@holdsway.co.uk
Website: www.holdsway.co.uk
Data Protection Officer: Nick Diprose
Company Registration Number 8640951
ICO Registration Reference: ZA293746
What we do:
We introduce interim executives to organisations to help them manage change, transition, uncertainty, crisis, sudden management gaps and turnaround situations.
What does this policy cover?
We take the processing of data seriously. Accurate and correctly managed data enables us to provide professional services we are known and in demand for. Our guiding principle for protecting individuals’ privacy is compliance with the General Data Protection Regulation and its definitions of lawful basis for processing of data. This privacy policy explains our approach to protecting privacy whilst processing data.
Compliance with the principles of GDPR and legitimate interest.
Holdsway’s legitimate interest assessment is documented at the foot of this document.
a) Data must be processed lawfully, fairly and in a transparent manner in relation to individuals.
Holdsway has a legitimate interest to process personal data relating to decision makers, budget holders and executives in organisations in the UK and overseas with the aim of identifying those who we believe would benefit from the services of interim executives. The data is gathered from publicly available sources and directly from the organisations concerned.
Holdsway also has a legitimate interest to process personal data of interim executives who voluntarily send in their CVs and personal information. These interims request that we introduce them to organisations which might need their services or to those organisations which have actually requested the services of an interim executive.
This includes all information needed to assess your eligibility through the different stages of hiring. This information includes CV’s, identification documents, educational records, work history, employment and references, limited company details and professional indemnity insurance certificates.
We may also collect sensitive personal data about you, in the form of passports, driving licences or other photo ID documents. We only collect sensitive personal data from you, and further process this data, where you have given your explicit consent. We usually only ask to have sight of a photo ID when we meet you rather than store it electronically to minimise risk to data.
b) Data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data is collected solely for the purpose of compiling a database of interim executives who have expressed an interest in being introduced to client organisations to help them manage change, transition, uncertainty, crisis, sudden management gaps and turnaround situations.
Data is also collected on individuals working in client or target client organisations so that Holdsway can accurately contact and introduce relevant interim executives to them.
(c) Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The data collected is limited to names of senior managers, directors and executives, their job titles, company addresses, company landline telephone numbers and corporate email addresses. Relevant interview notes are recorded about interim executives to facilitate accurate introductions to client or target client organisations.
(d) Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Holdsway checks and updates all information they hold by telephone or by email at least twice a year to ensure that it is kept accurate and up-to-date.
(e) Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
If a person leaves their role, their name and contact details are deleted from the database, unless we have a legitimate interest in recording data on their next career move. However, the information may still be used for suppression purposes i.e. to ensure that it cannot be added to the database again.
(f) Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Data is only provided to client organisations which we believe need help, or which have requested help managing change, transition, uncertainty, crisis, sudden management gaps and turnaround situations. We only introduce interim executives (in this instance, “the data subject”) to organisations which are offering legitimate business assignments that are relevant to the professional role of the data subject. Holdsway operates a rigorous data security environment.
(g) Individuals have the right to see, correct, restrict access to or remove their personal information.
For subject access requests, use the contact details shown above. All requests for data to be removed or amended will be dealt with within 30 working days.
(h) How long do we keep your personal data for?
We keep your information in accordance with ICO guidance as follows:
Interim executive data: 6 years
Client contact data: 6 years
We only retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations.
When determining the relevant retention periods, we will consider factors including:
Otherwise, we securely erase your information where we no longer require your information for the purposes collected.
(i) Not happy about how your data is being processed?
Individuals have a right to contact the Information Commissioner (“ICO”) if they believe that there is a problem with the way their data is being used.
Follow this link to contact the ICO.
This Website
We recognise the need to protect the personal information that might be gathered from our clients, potential clients, interim executives and visitors to our website. We will only use the information that we collect about you lawfully, in accordance with GDPR. You can access and browse this website without disclosing personal information.
We collect information for two main reasons: first, to help client organisations manage change by introducing them to accurately matched interim executives; and second, to provide relevant people with accurate information about our services. All information is gathered and used solely as part of the service we offer you and is processed and stored in accordance with the requirements of GDPR.
We collect personally identifiable information about you if you register as an interim executive to help us identify relevant assignments; if you become a client and use our interim executive introduction services; if you contact us with comments or specific requests or if you provide a business card or other details to any of our colleagues.
The elements of your data that we collect may include forename and surname, title, company name, company address, phone number, email address and any other information specific to the nature of our interaction.
We also collect anonymous information which is not unique to you such as: IP address, browser type, access times, referring URL.
You may request a copy of the personal information we have about you and you may correct it if you wish, using the contact details shown above. If at any time you wish to withdraw your consent to our use of your data please contact The Data Protection Officer as above.
We use your data for the following purposes: to process interim assignment orders and enquiries, to provide you with information about our services, to inform you about interim opportunities.
We use cookies to help make it easier for you to access our website. Cookies are pieces of information that a website transfers to your computer's hard disk so that the website can remember who you are. Most websites use cookies. Cookies cannot be used by themselves to identify you. Cookies are also used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. By using our website, you agree that we can place these types of cookies on your computer. You may prevent us from storing a cookie on your computer by setting your browser so that it will not accept cookies. However, this will prevent you from placing orders on the site.
Our Cookie Policy can be read in full here.
The data we gather about you from our website will never be sold on to a third party. In certain circumstances, we may need to disclose your data to appropriate third parties if you breach the terms and conditions of use of this website or our services to you. We may also access or disclose your data if required to do so by law or an authorised governmental body.
Our Legal Policy can be read in full here.
The security of your data is important to us. We have implemented technology and security policies, rules and measures designed to protect the personal data under our control, both on- and off-line, from unauthorised access, improper use, alteration, unlawful or accidental destruction, and accidental loss. Off-line, all of our "personal user data" is restricted in our offices. Only employees of Holdsway are granted access to such information. Please remember, however, that no data transmission over the internet can be absolutely guaranteed to be totally secure. While we strive to protect your data as best we can, we cannot ensure or warrant the security of any information which you send to us, or which we store.
This website contains links to other sites. When you choose to visit those sites, we cannot assume responsibility for any other site's content or information handling practices. We encourage you to review each site's privacy policy prior to entering into transactions with the third party-linked site.
What is Legitimate Interests?
Legitimate Interests is one of the six lawful bases for processing personal data under the GDPR (General Data Protection Regulation). You must have a lawful basis in order to process personal data in line with the ‘lawfulness, fairness and transparency’ principle.
Legitimate interests might be your own interests, or the interests of the third party receiving the data, or a combination of the two.
Latest guidance from the Information Commissioner says that legitimate interests may be the most appropriate basis when:
"the processing is not required by law but is of a clear benefit to you or others; there’s a limited privacy impact on the individual; the individual should reasonably expect you to use their data in that way; and you cannot, or do not want to, give the individual full upfront control (i.e. consent) or bother them with disruptive consent requests when they are unlikely to object to the processing."
You can read the Information Commissioner's guidance on legitimate interests in full on the ICO website.
Legitimate Interests Assessment
To comply with GDPR, Holdsway has carried out a Legitimate Interests Assessment which is documented below.
Purpose of Processing
Holdsway has a legitimate interest to process personal data relating to decision makers and budget holders in organisations in the UK. The data is gathered from publicly available sources and directly from the companies concerned.
Holdsway also has a legitimate interest to process personal data of interim executives who voluntarily send in their CVs and personal information. They do this requesting we introduce them to organisations which might need their services.
Lawful Business Objective
The processing is necessary in order to supply Holdsway’s clients with interim executives to help them manage change, transition, uncertainty, management gaps, crisis or turnaround situations. Processing of this data is also necessary for business-to-business marketing purposes - a lawful business objective specifically identified by the Privacy and Electronic Communications Regulations 2003 (PECR). Recital 47 of the GDPR identifies direct marketing as a legitimate use of personal information.
Reasonable Expectation
The data subjects are senior business people with decision making and budgetary responsibilities and can reasonably expect to be contacted with marketing material relating to their professional roles. They are also senior-level interim executives who have contacted us directly and asked us to introduce them to client organisations.
Adequate, Relevant & Limited
The data collected is limited to names of senior managers, directors and executives, their job titles, company addresses, company landline telephone numbers and corporate email addresses. If a person leaves their role, their name and contact details are deleted from the database.
If an interim executive no longer wishes us to introduce them to client organisations or find them interim assignments their details are deleted from our database. Interim executives can also manage their own data through the GDPR compliant contact management platform Not Actively Looking. This platform complies with GDPR by giving executives control over the data we can process about them.
Opt Out
If a data subject requests that their data is removed from the database, it is suppressed so that it cannot be accessed or added again at a later date. Interim executives can also manage their own data through the contact management platform Not Actively Looking.
Valuable Service
In supplying accurate, regularly updated and targeted data on interim executives, Holdsway provides a valuable and sought-after service to client organisations which need help managing change, transition, uncertainty, management gaps, crisis or turnaround situations. In the absence of Holdsway and similar high quality service providers, client organisations would have to rely on limited, inaccurate and out-of-date data when they need help, which would have a detrimental effect on the success of their businesses and the wider economy.
Holdsway has updated its privacy policy to show that we are relying on legitimate interests to process data.