PRIVACY POLICY

Who are we?

We are GeekyMindzUSA, Inc. We provide permanent and temporary recruitment services to clients looking to recruit personnel for their businesses. We also provide Recruitment Process Outsourcing (RPO) services to clients.

What does this privacy policy cover?

This Privacy Policy explains our use of personal data processed through the website, if you choose to contact us, and our use of business contact details. It also explains how we use candidate personal data and the personal data of our clients.

What personal data do we collect and why do we use it?

Here’s a rewritten version of your content with improved structure and readability while keeping all key details intact:

Privacy Policy: Personal Data Collection and Processing

This table outlines the individuals we collect personal data about, the types of personal data collected, the purposes of processing, and the lawful basis for doing so, as required by data protection regulations.

Under these rules, companies may only process personal data if they can identify a lawful basis for processing from those listed in the legislation.

Individual Personal Data Source and Purpose Lawful Basis for Processing
Candidates CVs, identification documents, educational records, work history, employment records, references, correspondence, and other personal data provided during recruitment. Rarely, special category data (e.g., racial, disability, trade union, health information). Primarily collected directly during recruitment, engagement, and onboarding. Also from third parties (e.g., agents, references) and publicly available sources (e.g., LinkedIn, job boards). Candidate data may be processed for RPO services on behalf of Clients. Legitimate interests: Assessing suitability for roles and finding potential candidates. Special category data processed only with express consent.
References/Referees Contact details and correspondence. Provided by candidates during recruitment or directly by referees. Legitimate interests: Obtaining references for candidates.
Individuals with General Queries Contact details and correspondence. Provided directly by individuals. Used to respond to queries and maintain records. Legitimate interests: Responding to and maintaining records of correspondence.
Clients and Potential Clients Contact details, correspondence, and contracts. Provided by clients or obtained from publicly available sources (e.g., websites). Used to fulfill contracts and engage in business discussions. Legitimate interests: Responding to and maintaining records of correspondence. Some information is necessary to perform contracts (e.g., contact details).
Suppliers and Contractors Contact details and correspondence. Provided by suppliers or obtained from publicly available sources (e.g., websites). Used to fulfill contracts and engage in business discussions. Legitimate interests: Responding to and maintaining records of correspondence. Some information is necessary to perform contracts (e.g., contact details).
Website Visitors Information from cookies. Collected through cookies when using the website. Non-essential cookies installed only with consent. [See our Cookie Notice for details.]

Additional Information

1. Legitimate Interests and Balancing Tests


Where we rely on legitimate interests for processing personal data, we conduct a ‘balancing’test to ensure the processing is necessary and does not outweigh your fundamental privacy rights. Records of these tests are maintained. You have the right to request details about these tests by contacting us.


2. Publicly Available Candidate Information


Candidate data may be collected from public sources using software tools such as LinkedIn, job boards, and publicly available internet resources. These tools use role-specific parameters to search for candidates and only output data that aligns with the job criteria.
Parameters are limited to publicly available details such as name, age, and job role, where it is reasonably expected such data may be processed by recruiters.

How long do we keep your personal data for?

We retain your information only for as long as it is necessary for the relevant purpose. For instance, if
we have a contract with you, we will retain your information for 6.5 years after the contract's expiry to assist with any potential contractual claims. The retention period is determined based on several criteria, including legal obligations, the need to defend or bring contractual claims within the statutory limitation period, and the original purpose for which the data was collected.

Who do we share your personal data with?

Data Sharing Policy

We may share your personal data under the following circumstances:

For Candidates:

1. With Clients:

  • Your personal data is shared with clients who have positions to fill to assess whether you are a good fit for the role.

  • Our clients operate across various industries, including IT, Manufacturing, Finance, and Marketing, among others. These clients are located in the EU, UK, and USA.

2. For Verification and Onboarding:

  • We may conduct checks to verify the information you provide.

  • Occasionally, or when specifically requested, your information may be shared with clients as part of their onboarding process.

3. With Professional Advisors:

  • Personal data may be shared with legal, financial, or other professional advisors when necessary.

4. In the Event of a Sale:

  • If the company or its assets are sold, personal data may be transferred as part of the
    transaction.

5. With Suppliers:

  • Personal data may be shared with suppliers but only under robust contractual protections to ensure its security and proper use.

6. Within Our Group:

  • Your personal data may be shared with other companies within our group for
    operational purposes.

Exclusions:

Marketing/Promotional Purposes:

  • No personal data (e.g., name, email, or mobile number) will be shared with third parties or affiliates for marketing or promotional purposes.

  • Text messaging originator opt-in data and consent will not be shared with any third parties under any circumstances.

This policy ensures that data sharing is carried out responsibly and only for legitimate business purposes. Let me know if you'd like to refine or expand on any section!

What happens if you do not provide us with the information we request or ask that we stop processing your information?

If you do not provide the necessary personal data, we may be unable to respond to your query, consider your application or request, match you with available role opportunities, or deliver the relevant services to you.

Do we make automated decisions concerning you?


Automated Decision-Making

Automated decisions are made without human intervention and can have a legal or similarly significant effect on you (e.g., determining job eligibility).
For Candidates:

1. Recruitment Assessments:

  • During the recruitment process, we may make automated decisions about candidates at the assessment stage.

  • Candidates are evaluated through a structured screening process to determine if they meet the specific criteria for a position. This may include fully automated assessments, such as online pre-screening tests.

2. Consent for Automated Decisions:

  • Automated assessments may result in a candidate being deemed unsuitable for a position based solely on the automated evaluation.

  • We conduct such activities only with the candidate’s explicit consent.

3. Personality Profiling:

  • Personality profiling is also carried out on candidates but only with their explicit consent.

This approach ensures transparency and that candidates' rights are respected in processes involving automated decision-making.

Do we transfer your data overseas?


International Data Transfers


We may sometimes transfer personal data from the UK or the EU to countries outside the UK and the European Economic Area (EEA). This may occur, for example, when transferring data between our group companies, working with a client, or using a supplier based in another country.

You can find a list of European member states by clicking on the following link: EU Member Countries. Please note that privacy laws in countries outside the UK and EEA may differ from those in your home country.

Current Data Transfer Destinations:

  • USA
  • India

Safeguards for Data Transfers:

When transferring personal data from the UK/EU to countries outside these regions, we ensure the implementation of security measures and use UK/EU-approved model clauses or other adequate safeguards to protect your personal data.

If you would like more information about the safeguards we use for international data transfers, please contact us.

What rights do you have in relation to the data we hold on you?

Your Rights Regarding Personal Data

By law, you have various rights concerning your personal data. The availability and scope of these rights depend on the jurisdiction in which you are based. Further details and advice can be obtained from the data protection regulator in your country (e.g., in the UK, this is the Information Commissioner). A list of data protection regulators for EU member states can be found here.

General Information on Requests:

  • We usually act on requests and provide information free of charge.
  • However, where permitted by law, we may charge a reasonable fee to cover administrative
    costs for:

- Baseless, excessive, or repeated requests.
- Additional copies of the same information.

  • In some cases, we may refuse to act on a request if justified under the law.

We aim to respond promptly, typically within one month of receiving your request. If more time is needed, we will inform you accordingly.

Rights for Individuals in the UK and EU:

Right What Does It Mean?
Right to Be Informed You have the right to receive clear, transparent, and easily understandable information about how we use your data. This Privacy Policy provides such details, but you can contact us with further questions (e.g., about data transfers or legitimate interest processing).
Right of Access You can request access to your data (if we are processing it) and related information, ensuring compliance with data protection laws.
Right to Rectification If your data is inaccurate or incomplete, you have the right to request its correction.
Right to Erasure Also known as the "right to be forgotten," this enables you to request deletion of your data when there's no compelling reason for us to retain it. Exceptions may apply.
Right to Restrict Processing You can request the restriction of your data's use. While restricted, we may store your data but will not process it further (e.g., for individuals who request to "block" their data usage).
Right to Data Portability You can request to obtain and reuse your personal data for your own purposes across different services. Though less relevant to our services, you can contact us with inquiries.
  • Processing for direct marketing.
  • Processing based on legitimate interests (e.g., receiving job opportunities). | | Right to
    Lodge a Complaint | If you're dissatisfied with how we handle your data, you can file a
    complaint with your national data protection regulator. | | Right to Withdraw Consent | If
    you've given consent for data processing, you can withdraw it at any time. This doesn't affect
    the legality of processing done before withdrawal (e.g., withdrawing consent for marketing
    purposes). |

These rights ensure transparency and provide you with control over your personal data. If you have
any concerns or requests, please don’t hesitate to contact us.

Updating this Privacy Policy

Policy Updates

This Privacy Policy may be updated periodically to reflect changes in personal data protection laws
and best practices. When we update this Privacy Policy, the “last updated” date at the top will be
modified. We will also notify you of any significant changes to the policy.

How can you contact us?

If you are unhappy with how we’ve handled your information or have further questions regarding the
processing of your personal data, please contact us by email at info@geekymindz.com.