This Privacy Notice sets out the basis on which we use personal data in the course of our business activities.
We are Arpeo Solutions a division of WhiteCrow Research Ltd, a limited company registered and headquartered in India under company number U73100MH2010PTC211609. Our registered global office is at A-101/106, 1st Floor, Supreme Business Park, Hiranandani Gardens, Powai, Mumbai – 400 076.
We provide a broad range of services, primarily in the following fields:
- Database Management
- Payroll & Compliance
- On Demand Sourcing
- Graduate Programmes / Advert Response Handling
- Business Process Outsourcing
- Competitor Intelligence
As a business which specialises in researching and reporting information, data is at the core of everything we do. Our systems and processes are designed to ensure that we can provide the best possible service to our clients while operating within the law at all times and protecting individuals’ data privacy rights.
We reserve the right to update this Privacy Notice from time to time. Where appropriate, we shall contact you to notify you of any material changes to the Privacy Notice. You should also refer to our website periodically so that you may access and view our updated Privacy Notice. This will ensure that you understand (i) how we are using your personal data and (ii) your legal rights around our usage of such personal data.
Who Should Read This Privacy Notice?
This Privacy Notice applies to any living, identifiable individuals about whom we may process personal data in the course of our business activities.
You should read this Privacy Notice if you are a:
- Client Contact
- Supplier Representative
If you are an employee, you should refer to our internal Privacy Notice instead.
How We Obtain Personal Data
We obtain personal data from a number of different sources, depending on whether you are a Candidate, a Client Contact or a Supplier
If you are a Candidate, we may obtain personal data relating to you:
- Directly if you have (i) applied for a Client vacancy through us (ii) asked us to provide any work-finding services to you (iii) engaged with us through any networking activities or events or (iv) had any discussions with us about finding alternative employment or joining one of our talent pool;
- Indirectly from (i) online professional networking sites such as LinkedIn, Xing or Zoominfo (ii) social networking sites such as Facebook or Twitter (iii) job boards such as Naukri or Monster (iv) referees who provide information about your employment experience and their opinion as to your skills and aptitude (v) your employer’s website and front-desk enquiries and (vi) third- party background checking services.
If you are a Client Contact or Supplier Representative, we may obtain personal data relating to you:
- Directly in the course of (i) us providing services to you or (ii) you providing services to us; or
- Indirectly from (i) online professional networking sites such as LinkedIn, Xing or Zoominfo (ii) your employer’s website (iii) business information directories and (iv) other individuals within your organisation.
Types of Information We Hold
If you are a Candidate, we may collect, store and process the following categories of personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers, and email addresses ;
- Your gender, nationality and place of residence;
- Your social media account details, such as LinkedIn, Facebook and Twitter;
- Your qualifications, training and certifications;
- Professional skills and experience;
- Your language skills;
- Information about your current or most recent role, including your job title, department, reporting line, responsibilities, salary, benefits and notice period;
- Your motivation and reasons for seeking new employment;
- Your career aspirations;
- Your communication preferences;
- Any background information which you provide to us during the course of your dealings with us ;
- Details of any Clients to whom you have been introduced by us;
- Details of any interviews which you have attended and our Clients’ feedback on those interviews; and
- Details of any position which you take up with a Client, including your role, salary, start date, department and location.
We may also ask for your consent to collect, store and use the following "special categories" of more sensitive personal information:
- Information about your race or ethnicity;
- Information about your health, including any medical condition, health and sickness records;
- Information about criminal convictions and offences.
If you are a Client Contact, we will collect, store, and use the following categories of personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers, and email addresses ;
- Your job title; and
- Any background information relating to your personal circumstances, your work history and the role which you perform within the Client which you may provide to us in the course of your dealings with us.
We do not collect, store or use any “special categories” of sensitive personal information if you are a Client Contact.
If you are a Supplier Representative, we will collect, store, and use the following categories of personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
- Your job title;
- Your UID/PAN/Passport number where we require this for the proper execution of a non -disclosure agreement; and
- Any background information relating to the role which you perform within the Supplier which you may provide to us in the course of your dealings with us.
We do not collect, store or use any “special categories” of sensitive personal information if you are a Supplier Representative.
How We Use Personal Data
If you are a Candidate, we may use your personal data to:
- Assess your potential suitability for employment with a Client;
- Contact you in relation to any potential employment opportunities with a Client;
- Introduce you to our Clients and potentially arrange for you to fill a Client vacancy;
- Stay in regular contact with you to understand your current position, career aspirations and motivation for finding new employment;
- Contact you to request a referral;
- Produce anonymised statistical data, market intelligence and talent-mapping reports;
- Comply with our legal obligations;
- Prevent fraud or any other crime; and
- Conduct equal opportunities monitoring.
If you are a Client Contact, we may use your personal data to:
- Contact you to obtain information about the Client's requirements;
- Liaise with you so that we may effectively perform the services which we have agreed to carry out;
- Obtain feedback on any Candidates which we have introduced to you;
- Obtain a reference for a Candidate;
- Contact you for invoicing and credit control purposes;
- Comply with our legal obligations; and
- Prevent fraud or any other crime.
If you are a Supplier Representative, we may use your personal data to:
- Liaise with you in respect of the service which is being provided by the Client;
- Contact you in relation to billing matters;
- Comply with our legal obligations; and
- Prevent fraud or any other crime.
Our Lawful Basis for Processing Data
We have determined that we have a legitimate interest to process your personal data where you are:
- A Candidate, on the basis that it is necessary for us to maintain a database of individuals who are (i) actively seeking new employment with a Client or (ii) potentially suitable for employment with a Client. By processing your personal data and contacting you from time to time, we are able to gain an understanding of your current role (where applicable), your skills a nd experience, and your career aspirations. Our processing of your personal data is therefore of benefit to:
- You, as it assists us to identify new employment opportunities about which you might not otherwise been aware and to give general advice and guidance in support of your career development;
- Our Clients, who rely on us to have access to (i) suitable, pre-qualified candidates who can fill their requirements and (ii) statistical information and market intelligence about the current talent landscape; and
- Us, as we are a commercial enterprise which relies upon being able to introduce Candidates and supply market intelligence to our Clients
- A Client Contact, on the basis that we need to be able to contact and interact with the individuals who are employed or engaged by our Clients. This will allow us to effectively provide services to them, better understand their requirements and ultimately generate revenue for our business
- A Supplier Representative, on the basis that we need to be able to contact and interact with the individuals who are employed or engaged by our Suppliers. This will allow us to ensure that our Suppliers provide us with the best possible service which, in turn, is of direct benefit to both our Candidates and our Clients.
Where We Process Personal Data
Your personal data is held on our secure servers in the United Kingdom and is processed by us, primarily from our headquarters in India but also within our offices in Singapore, Malaysia, the United States of America and the United Kingdom.
We have put in place appropriate safeguards to ensure that your data is only transferred to jurisdictions with enforceable data subject rights and effective legal remedies in respect of data privacy breaches. In addition, we will only transfer personal data to jurisdictions outside of the EAA where:
- There are binding corporate rules in place regarding the transfer of such data within the Group, in accordance with Article 47 of the GDPR;
- The European Commission has made an adequacy decision in respect of such jurisdiction;
- The transfer of data is subject to the model contractual clauses adopted by the European Commission; or
- You have consented to the transfer of such data.
Parties with Whom We May Share Data
If you are a Candidate, we may share your personal data with:
- Any Client where you have expressed an interest in being introduced to such Client;
- Any third-party which is engaged by the Client to assist them in the recruitment process including a managed service company, Recruitment Process Outsourcing provider or IT services provider;
- Third-Party Services Providers;
- Other companies within our Group; and
- Governmental departments and agencies where we are permitted or required by law to do so.
We may also share your personal data with Clients on an anonymised basis where we have agreed to provide statistical information, market intelligence or talent mapping services to such Clients.
If you are a Client Contact, we may share very limited data relating to you with a Candidate where such sharing is strictly required for the recruitment process. We may also share your personal data with Third-Party Services Providers and other companies within our Group.
If you are a Supplier Representative, we may share your personal data with other Third-Party Services Providers and companies within our Group.
Automated Decision Making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
All decisions which are made in the course of our business processes involve human intervention. We do not therefore expect to make any decisions about you using automated means, whether you are a Candidate, Client Contact or Supplier Representative.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, a gents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from firstname.lastname@example.org.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Our standard data retention period is two years from the last date on which we are in actual contact with you i.e. where we actually speak with you or exchange correspondence. After this time, we will usually delete your personal data from our records.
Where we are required to keep any information (i) for auditing or compliance purposes (ii) to comply with our contractual obligations to third parties or (iii) in respect of any potential or actual legal proceedings, we shall keep your data for as long as is strictly necessary for these purposes, which is typically for six years from the date on which the relevant business activities were carried out.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Rights of access, correction, erasure, and restriction
Your duty to inform us of changes. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information. Under certain circumstances, you have the right under the GDPR to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Manager in writing. We will consider your request and confirm the actions which we have taken in response to such request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Manager. Once we have received notification that you have withdrawn your con sent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Candidate means a person who is registered with WhiteCrow as seeking or potentially seeking new employment. This includes individuals who are not actively seeking a new role but who would like to remain in contact with WhiteCrow about potential opportunities which may be of interest from time to time.
Client means a business which has engaged WhiteCrow to provide services or which WhiteCrow has identified as a business for which WhiteCrow wishes to perform services.
Client Contact means a person who is employed or engaged by a Client and with whom WhiteCrow may li aise in respect of any services which WhiteCrow is providing or wishes to provide to the Client.
GDPR means the General Data Protection Regulation (EU) 2016/679.
Group means Whitecrow’s group of companies which includes White Crow Search Pte. Ltd., White Crow Research Sdn. Bhd., White Crow Research Inc., Colvill Banks Limited, Specialist Job Boards Limited, Colvill Research Private Limited and WhiteCrow Research (Arpeo division).
Supplier means a business which provides services to WhiteCrow and which may process personal data relating to any Candidate, Client
Contact or Supplier Representative in the course of performing such services.
Supplier Representative means a person who is employed or engaged by a Supplier and with whom WhiteCrow may liaise from time to time in respect of the services which are provided by that Supplier.
Third-Party Services Provider means any relevant third-party business which provides services to us, such as our professional advisers, insurers, IT services providers, software providers, independent consultants and subcontractors.
If you have any questions about this Privacy Notice, you can write to our Data Protection Manager at Arpeo Solutions a division of WhiteCrow Research Pvt. Ltd, A-101/106, 1st Floor, Supreme Business Park, Hiranandani Gardens, Powai, Mumbai – 400 076. Alternatively, you may contact the Data Protection Manager by telephone on 0091 22 65271972 or by email at email@example.com.
For the purposes of Article 27(1) of the GDPR, our representative within the European Union is our branch office in the United Kingdom. You may write to us at WhiteCrow Research, The Hollythorns, New Road, Southampton, Hampshire, SO32 2NW. Alternatively, you ma y telephone us on 0044 1489 666 970 or email us at firstname.lastname@example.org.