Falcon Brook takes privacy seriously and we are committed to protecting the data provided to us in compliance with all applicable laws and regulations relating to the processing of personal data and privacy, including the Data Protection Act 2018 and the General Data Protection Regulation.
This notice explains when and why we collect personal data, how this data is used, the conditions under which it may be disclosed to others, and how it is kept secure. It applies to personal information provided by our clients and suppliers about their employees and other individuals affiliated with them, and also to candidates or prospective candidates for roles with our clients or prospective clients.
This notice may change from time to time so please re-visit this page occasionally to ensure that you are happy with any changes.
Who we are
Falcon Brook partners with firms to attract, retain and develop the right people, buildrobust succession plans and strengthen employer brands.
Our talent consultancy services include:
- Recruitment and succession planning
- Diversity pipelining and direct introductions
- Data and analytics
- Competitor analysis and intelligence
- Talent management consultancy
- Bespoke reports for clients on themes that impact the industry and their business
Falcon Brook is the controller of personal data when individuals and clients engage with us to access our services; this means that we decide why and how individuals’ personal data is processed. Falcon Brook is registered with the Information Commissioner under registration number ZA509950. We will also on occasion act as the processor of personal data when our clients have shared individuals’ information with us in the course of providing our services to them.
What type of information we hold
We currently collect and process the following information:
|Category||Personal data included in this category|
|Biographical||Work experience, activities and skills, including sector, industry and geographical experience|
|Behavioural||Behaviours, working style and working preferences|
|Compensation||Current salary and compensation information, including individuals’ future expectations|
|Contact||Information which can be used to address, send or otherwise communicate a message to an individual (i.e. email address, telephone numbers, postal address, employer name and job title)|
|Correspondence||Information contained in our correspondence or other communications with or about an individual, about our products, services or business|
|CV||CVs/resumes shared with us by individuals in relation to a particular role|
|Education||Information about an individual’s university and postgraduate education and qualifications, language skills and professional qualifications|
|Employment||Previous, current or future employment details|
How we collect personal data
We may receive information about individuals directly, or from third parties when we are carrying out our services.
Information that individuals give to us
Individuals give us information about themselves when they make an enquiry to Falcon Brook, or engage us to provide talent consultancy services, or by communicating with us by phone, post, email, social media or otherwise.
The information given to us mainly includes contact details, employment information, biographical and behavioural information, compensation data, education and a CV.
Information we receive from other sources
In the course of our work we also collect personal data from third parties, for example in connection with:
- Our research: from sources in the public domain including corporate websites, newswires, public databases and social media platforms e.g. LinkedIn
- Our clients: when a client provides information about a candidate or potential candidate
- Our network: when a source recommends that we consider an individual for a position we are seeking to fill on behalf of a client
- Other people: employers or colleagues who may provide a reference on an individual to us, subject to that individual’s consent where required by law.
The information that we receive about individuals from others mainly includes employment information, biographical, and education information.
How and why we use personal data
We may use the information we collect in the following ways:
Where it is necessary for us to perform a contract with an individual
We may use and process personal data where we have provided (or continue to provide) any talent consultancy or recruitment services, or where an individual is in discussion with us about a particular project for which that individual is considering using our services.
We will use information in connection with the contract for the provision of services when it is needed to carry out that contract or to enter into it.
Where we have a legitimate interest
We may use and process personal data where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
- to enter into and perform the contract we have with our clients
- to identify relevant individuals to present to our clients to fulfil our services to them
- to identify professional opportunities that we think may be of interest to individuals who we may contact regarding such opportunities
- to evaluate individuals’ suitability for specific roles our clients are seeking to recruit for
- to contact individuals for introductions to clients or candidates and our broader network in connection with a project that we are undertaking and for purposes of market intelligence, with no hidden incentive
- for benchmarking, trend analysis and industry insight purposes
- for record-keeping related to a service we provide
- to assess and improve our service to clients
- to undertake analysis to inform our business and service strategy
- to manage and deliver internal projects for business improvement
- for network and information security purposes to enable us to take steps to protect personal data against loss or damage, theft or unauthorised access
- to comply with a request from individuals in connection with the exercise of their rights (for example, where we have been asked not to contact individuals for marketing purposes, we retain a record of this on our suppression lists in order to be able to comply with such requests)
- to assist in the management of queries, complaints or claims
- for the prevention of fraud and other criminal activities.
Where individuals have provided consent
Where individuals have given us their consent, we will submit CVs to our client in relation to the relevant role that individuals have expressed an interest in. Our clients may on occasion also ask us to seek an individual’s consent to them holding the individual’s data in order that they can interact directly.
We may also contact colleagues or former employers in order to obtain references regarding individuals’ suitability for a potential role, where individuals have consented to such contact.
Individuals on who we hold personal data have the right to withdraw consent at any time. Please see below for further details.
Special categories of personal data
Falcon Brook does not request or consider information concerning religion, sex life or political opinions or any other individual characteristics which may be “protected” by law in connection with its services, but we may ask individuals to voluntarily supply this data for diversity and inclusion monitoring purposes.
We may perform candidate background checks, and may process other sensitive personal data, such as citizenship or nationality information, or health information, when relevant for a position and permitted by law.
If you have a disability and would like us to organise reasonable adjustments for your engagement with our client, you may provide that information to us.
If we intend to collect sensitive personal data on individual/s from third parties, we will provide relevant notice and will only collect this information with the individual’s consent.
Others who may receive or have access to personal data
Falcon Brook will transfer personal data concerning potentially suitable candidates to clients who have engaged our services.
Falcon Brook’s clients comprise of global commodities and financial services organisations. Accordingly, personal data may be transferred outside of the EEA. Those countries may not have the same standards of data protection and privacy laws as the UK, which means additional safeguards must be put in place. Whenever we transfer personal data outside of the EEA, we impose contractual obligations on the recipients of that data to protect personal data to the standard required in the UK. We may also require the recipient to subscribe to appropriate safeguards as specified under Article 46 GDPR intended to enable secure data sharing, including:
- binding corporate rules in accordance with Article 47 GDPR
- standard data protection clauses adopted by the European Commission from time to time, or
- standard data protection clauses adopted by a Data Protection Authority and approved by the European Commission.
Our suppliers and service providers
We may also transfer personal data to external providers performing certain services for Falcon Brook, for example our database provider. Such service providers have access to personal data solely for the purposes of performing the services specified in the applicable service contract, and we have an agreement in place that requires them to keep this data secure and not to use it other than in accordance with our specific instructions.
Other ways in which we may share personal data
Falcon Brook may be required to disclose certain personal data to other third parties:
- as required by law;
- to protect Falcon Brook’s legal rights to the extent authorised or permitted by law; or
- in an emergency where the health or safety of a candidate or other individual may be endangered.
In addition, in the event of a re-organisation, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of Falcon Brook’s business, we may transfer personal data to successor entities or parties.
Where we store personal data
Personal data is stored on Falcon Brook’s secure database, Invenias, which is hosted by Bullhorn, located in the US (Boston) and UK (Reading). Bullhorn complies with the EU-US and US-Swiss Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.
How long will we keep personal data
The length of time for which we retain personal data is determined by a number of factors including the type of data, the purpose for which we use that data and our regulatory and legal obligations attached to this use. We will keep personal data throughout the period of an individual’s relationship with us and whilst we are providing that individual with our services. Once our relationship with an individual has ended, that individual’s personal data may still be relevant for our current or future legitimate business purposes, for example we may retain information for our business records; to be able to establish, exercise or defend our legal rights; to show that we are compliant with applicable laws; or to show that we have fulfilled or continue to fulfil our obligations towards our clients.
Typically, we will keep personal data on our database for seven years from our last interaction with that individual.
The only exceptions to this are where the law requires us to hold personal data for a longer period, or delete it sooner; or an individual exercises their right to have the data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.
When we no longer need to retain an individual’s information, we will ensure it is securely disposed of, at the appropriate time.
You have a number of rights in relation to your personal data under data protection legislation. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data.
Except in rare cases, we will respond to you within one month from either the date that we have confirmed your identity; or, where we do not need to do this because we already have this information, from the date we received your request.
Accessing your personal data
You have the right to ask for a copy of the data that we hold about you by emailing or writing to us at the address at the end of this notice. We may not provide you with a copy of your personal data if it concerns other individuals or we have another lawful reason to withhold that data.
Correcting and updating your personal data
The accuracy of your data is important to us. If, for example, you change your name or email address, or you discover that any of the other data we hold is inaccurate or out of date, please let us know by contacting us using the details set out at the end of this notice.
Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal data, as set out under ‘How and why we use personal data’, you may withdraw your consent at any time by speaking to your point of contact or emailing email@example.com.
Objecting to our use of your personal data
Where we rely on our legitimate interests as the legal basis for processing your personal data for any purpose, as set out under ‘How and why we use personal data’, you may object to our using your personal data for this purpose by emailing or writing to us at the address at the end of this notice. Except for the purposes for which we are sure we can continue to process your personal data, we will temporarily stop processing your personal data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection legislation, we will permanently stop using your data for those purposes. Otherwise, we will provide you with our justification as to why we need to continue using your data.
Erasing your personal data or restricting its processing
In certain circumstances, you may ask for your personal data to be removed from our systems by emailing or writing to us at the address at the end of this policy. Provided we do not have any continuing lawful reason to continue processing or holding your personal data, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal data where you believe our processing is unlawful, you contest its accuracy, you have objected to its use and our investigation is pending, or you require us to keep it in connection with legal proceedings. We may only process your personal data whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Transferring your personal data in a structured format
Where we rely on your consent as the legal basis for processing your personal data or need to process it in connection with your contract, as set out under ‘How and why we use personal data’, you may ask us to provide you with a copy of that data in a structured format. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.
You can ask us to send your personal data directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal data if this concerns other individuals or we have another lawful reason to withhold that data.
We do not make recruiting decisions or give advice based solely on automated decision-making without any human involvement.
Complaining to the UK data protection regulator
You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal data. Please visit the ICO’s website for further details.
Security and links to other sites
Security measures we put in place to protect personal data
Falcon Brook employs technical and organisational measures designed to protect the integrity, confidentiality, security and availability of personal data, and to comply with applicable legal requirements for information security.
Links to other websites
Our website may contain links to other websites of interest. However, once you have accessed these links to leave our site, we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information provided by an individual whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy statement applicable to the website in question.
Cookies are text files which identify a user’s computer to our server. Cookies in themselves do not identify the individual user, just the computer used.
Cookies help us identify which pages of our website are most visited. This information can be used to help us improve our website and ensure we provide the best service. We only use this information for statistical analysis purposes and it will be aggregated or anonymised i.e. it will not identify individual users of our website.
We will never share personal data with third parties for their own marketing uses, although we may use service providers to assist us with our own marketing.
Please direct any queries about this notice or about the way we process personal data in writing to Falcon Brook Search Ltd, Lynton House, 7-12 Tavistock Square, London, WC1H 9LT or by email to firstname.lastname@example.org. If you would prefer to speak to us by phone, please call +44 (0)207 993 2890.
This policy was last updated on 15th July 2020 and will be reviewed next by 15th July 2021.