Our Privacy Notice helps you understand what information we collect about you at Macdonald & Company, how we use that information and how you can control information about you that we hold. We also explain the procedures that we have in place to safeguard your privacy.
When we say “Macdonald & Company”, “we”, “our”, or “us” we are referring to Macdonald & Company, its parent company, its subsidiaries, and its associated companies as defined in section 1159 of the UK Companies Act 2006 (our Group).
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018.
Please read the following notice carefully so you understand how we view, use and protect your personal data.
For the purposes of data protection legislation in force from time to time the data controller is Macdonald & Company Property Limited of 2 Harewood Place, London, W1S 1BX.
Please direct all queries to: firstname.lastname@example.org
Who we are and what we do
We are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003 (our business). We also provide the following other services: management consultancy, market research, and outsourcing.
The information we collect
We collect the personal data of the following types of people to allow us to undertake our business:
• Prospective and placed candidates for permanent or temporary roles;
• Prospective and active client contacts;
• Supplier contacts to support our services;
• Employees, consultants, temporary workers;
• Respondents to market research surveys;
• Visitors to our website:
• Attendees of events hosted by us; and
• Supporters of or participants in CSR initiatives undertaken by us.
Where we collect or process personal data, we do so on behalf of our customers to carry out our business as a recruitment agency, to market our services and to help our charitable partners.
Information you give to us or we collect about you.
This is information about you that you give to us by creating a profile on our website (www.macdonaldandcompany.com), registering for job alerts or by corresponding with us by phone, e-mail or otherwise.
This information may be provided to us when you register to use our websites, entered into our database when discussing our services with us, attend our events, participate in social media conversations with our staff, enter a competition, promotion or survey and when you report a problem with our website.
It includes information you provide when you use our services to search for prospective candidates or for career opportunities with our clients. It may include your name, address, private and corporate e-mail address and/or phone number, financial information or tax payer status, compliance documentation, references verifying your right to work in the United Kingdom and/or your qualifications and experience, curriculum vitae and photograph, links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, Xing, business Facebook or corporate website.
We may also collect and process information about your interactions with us, including details about your contact with us through email, over the phone, by post, fax, SMS, social media messages or in person. This data may include the data, time, method of contact and content of the messages.
Information we collect about you when you visit our website.
Whenever you visit our website, we automatically collect some information about you. This is technical information including the Internet protocol (IP) address used to connect your computer to the Internet and your login information (if applicable).
We also collect information about what you do when you visit the website, including the clickstream to, through and from the site, the date and time of your visit, pages you looked at, services you searched for, how long you viewed aspects of the site, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to leave the page when you have finished browsing and any phone number or email address you use to contact us.
Information we obtain from other sources.
Together with the information we obtain about you when you interact with us or our website, we may also gather information from other sources such as LinkedIn, other social media, corporate websites, job boards, online CV libraries, your business card, personal recommendations, event attendance lists, speaking engagements, credit reporting agencies, and public registries (such as Companies House or the Land Registry).
In this case we will inform you, by sending you this privacy notice, within a maximum of 30 days of collecting the data of the fact we hold personal data about you, the source the personal data originates from and whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.
We work closely with carefully selected third parties and may receive information about you from them in order to provide our recruitment and other related services. These third parties include other companies within our Group, our business partners, sub-contractors in technical, professional, payment and other services, advertising networks, marketing agencies, analytics providers, search information providers, credit reference agencies, and professional advisors.
Why we process your personal information and our legal basis
The primary service we offer is the introduction of candidates to our clients for the purpose of temporary or permanent engagement. However, our services extend to supporting individuals with advice and opportunities throughout their careers, as well as helping our clients improve the management of their human capital.
The information we hold about you is used:
• to carry out our obligations from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you;
• help us identify you so we know who we are talking to;
• to provide you with information about other goods and services we offer that are similar to those that you have already purchased, been provided with or enquired about;
• to help prevent or detect fraud or potential loss;
• to train staff and monitor our services. This may mean we record our conversations or our correspondence with you to make sure we are providing you with a good service and to make sure we adhere to our legal and regulatory obligations.
• to ask you to support or participate in fundraising on behalf of our charitable partners; and
• to invite you to contribute to voluntary surveys or market research.
Our Legal Justifications
Our legal justification for the processing of personal data is our legitimate business interest, described in greater detail below. However, where we process your personal data for a specific purpose, we may rely on various legal reasons like your consent, a contract or a statutory obligation.
Our Main Recruitment Service
When providing recruitment services we will rely on:
• contract if we are negotiating or have entered into a placement agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation;
• legal obligation if we are legally required to hold information on to you to fulfil our statutory obligations;
• consent for particular uses of your data, in some circumstances, and you will be asked for your express consent, if legally required.
Consent may be required as the lawful reason for processing your information, for example, when we seek you permission to introduce you to a client (if you are a candidate).
Our Legitimate Business Interests
As a recruitment business and recruitment agency we introduce candidates to clients for permanent employment, temporary work placements or independent professional contracts. The exchange of personal data of our candidates and our client contacts is a fundamental and necessary part of this process.
Our ability to match the aspirations of prospective candidates to our clients’ requirements is an essential part of the value we offer and requires us to hold a range of personal and contextual data including historic information together with current resourcing requirements. Without a database of personal data on candidates and clients we would be unable to provide an effective recruitment service.
In order to support our candidates’ career aspirations and our clients’ resourcing needs we are constantly evaluating and improving the information we hold in our database. This process involves adding new candidates and contacts, updating biographical information, verifying the accuracy of the information we have and removing information that is inaccurate or out of date.
Personal data in our database, email systems or archive may be held by third parties through services hosted in the cloud and processed on our behalf. Should this be the case our partners will hold the relevant information security certifications in line with current best practice.
Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or through an online process. Consent for processing will be obtained for the specific activity mentioned and we will keep a record of your response on our systems. Without providing us with your active consent, when asked, we will be unable to provide services for which the consent was requested to you. In these circumstances you have the right to withdraw your consent to this particular processing at any time.
Other Uses we will make of your data:
• Use of our website;
• to notify you about changes to our service;
• to ensure that content from our website is presented in the most effective manner for you and for your computer.
We will use this information:
• to administer our website and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to allow you to participate in interactive features of our service, when you choose to do so;
• as part of our efforts to keep our site safe and secure;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
• to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
We may disclose or use aggregate or anonymised information for any purpose. For example, we may share this information with our partners or others for business or research purposes. We may, for example, tell a prospective client the average length of time those on our database remain in a particular role or partner with research organisations or academics to investigate interesting questions about our industry.
Unless otherwise stated, we will hold data processed through contractual and legitimate interests indefinitely. Data processed once we have obtained your consent will continue to receive marketing materials until we have received a request to unsubscribe.
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.
Further Detail on Cookies
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different jobs, like letting you navigate between pages efficiently remembering your preferences, and generally improve your web site experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
We can split cookies into 4 main categories:
Category 1: strictly necessary cookies
Category 2: performance cookies
Category 3: functionality cookies
Category 4: targeting cookies or advertising cookies
Category 1 - Strictly necessary cookies
These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like registering for job alerts, cannot be provided.
Please be aware our site uses this type of cookie
Category 2 - Performance cookies
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
By using our website and online services, you agree that we can place these types of cookies on your device.
Category 3 - Functionality cookies
These cookies allow the website to remember choices you make (such as your user name and password) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymous and they cannot track your browsing activity on other websites.
By using our website and online services, you agree that we can place these types of cookies on your device.
Category 4 - targeting cookies or advertising cookies
These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisations.
Disclosure of your information inside and outside of the EEA
We use some cloud-based services and the information you provide may be transferred in transit to countries outside the European Economic Area ("EEA"). However, we have taken the steps outlined below to try protect the security of your information.
We will share your personal information with any member of our group, both in the EEA and outside of the EEA, as well as selected third parties that may include:
• clients for the purpose of introducing candidates to them;
• candidates for the purpose of arranging interviews and engagements;
• clients, business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you and related compliance obligations;
• subcontractors including email marketing specialists, event organisers, payment and other financial service providers;
• I.T. service providers for the hosting of our servers, CRM, Email, Archiving or online timesheet system.
• analytics and search engine providers that assist us in the improvement and optimisation of our website;
• credit reference agencies, our insurance broker, compliance partners and other subcontractors for the purpose of assessing your suitability for a role where this is a condition of us entering into a contract with you.
We will disclose your personal information to third parties:
• In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
• If Macdonald & Company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
The lawful basis for the third party processing will include:
• Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
• satisfaction of their contractual obligations to us as our data processor;
• for the purpose of a contract in place or in contemplation;
• to fulfil their legal obligations.
Where we store and process your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (”EEA”). It may be transferred to third parties outside of the EEA so we can deliver our recruitment services. It will also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, our recruitment services and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
All information you provide to us is stored on dedicated secure servers hosted by selected third parties. Any payment transactions will be encrypted using SSL technology. We take security seriously and have taken various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Retention of your data
We understand our legal duty to retain accurate data and only for as long as we need it for our legitimate business interests and provided that you are happy for us to do so. Accordingly, we have a data retention notice and run data routines to remove data that we no longer have a legitimate business interest in maintaining.
To make sure the data we hold on you is as accurate as possible we:
• allow you to manage your data on our website and review whether the details we hold about you are accurate;
• check that we have accurate information about you before making any introduction;
• keep in touch with you so you can let us know of changes to your personal data.
We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data includes:
• the nature of the personal data;
• its perceived accuracy;
• our legal obligations;
• whether an interview or placement has been arranged; and
• our recruitment expertise and knowledge of the industry by country, sector and job role.
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so.
For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
Our current retention notice is available upon request.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for marketing, or if we intend to disclose your information to any third party for such purposes, and we will collect express consent from you if legally required.
You can exercise your right to accept or prevent such processing by checking the relevant boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The GDPR provides you the right to:
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party in certain formats, if practicable.
• Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/
Access to information
The Data Protection Act 1998 and the GDPR give you the right to access information held about you. A subject access request should be submitted by email to firstname.lastname@example.org or by post to:
The Data Controller
Macdonald & Company
2 Harewood Place,
We also encourage you to contact us to ensure your data is accurate and complete.
Changes to our privacy notice
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed by email to
or by post to:
The Data Controller
Macdonald & Company
2 Harewood Place,