For clarity, this policy applies when LAESC acts as a “Controller” (as defined in the General Data Protection Regulation (the “GDPR”) or “Business” as defined under the California Consumer Privacy Act of 2018 (the “CCPA”)). Note that we may also process Personal Data of our customers’ job applicants in connection with our provision of services to customers, in which case we are the processor of Personal Data. If we are the processor or service provider for your Personal Data (i.e., not the controller or business), please contact the controller/business party in the first instance to address your rights with respect to such data. Please read the following carefully to understand our views and practices regarding your Personal Data and how We will treat it.
For the purpose of the GDPR and the CCPA:
What information do we collect?
LAESC is an executive search firm which collects, uses and stores a variety of personal data necessary to provide such services.
For Executive Search and related Services Data
If you are a potential candidate for one of our executive search assignments, categories of personal data we collect may include the following identifiers:
This data may be obtained directly from you, through publicly available sources, your professional networking profile, news reports, and/or third parties such as our clients, sources/referees, and our authorized background check providers.
Referee or Source Data
If you are an individual who provides a personal reference or feedback for a candidate (depending on the circumstances we may classify you as a Referee or Source), we may collect and process:
We may collect this information directly from you, the candidate, or from publicly available sources. We will use this information to gather information on the relevant potential candidate such as your connection to, experience with, and opinion about such potential candidates. Any reference or feedback you provide about a candidate would not be attributed to you if shared with third parties. We may also use your contact details to contact you in relation to any of our services that we believe may be of interest to you.
Client or Supplier Data
If you are a LAESC client or supplier, we will collect and use information about your company and individuals within your company for the purposes of fulfilling our obligations to you and furthering our business relationship. Data collected will typically comprise your:
Why do we process Personal Data?
As a candidate:
Finally, your information may also be shared with any competent law enforcement, regulatory or governmental body, or a court of law if necessary to exercise our legal rights, protect your interests or as required by applicable law.
As a Referee or Source:
As a Client or Supplier Data
You may opt out of receiving these contacts at any time.
IP Addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration, customer support and to collect aggregate information for internal reporting purposes.
The cookies we use are "analytical" cookies. Some of the common uses for our cookies are as follows:
To explore what cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about cookies, including information about how to manage and delete cookies, please visit https://ico.org.uk/for-the-public/online/cookies/ or http://www.allaboutcookies.org/
What is our legal basis for processing your Personal Data?
Our legal basis for collecting and processing your personal data described in this policy will depend on the personal information and processing activity involved and the context in which it was obtained.
Executive Search and services related:
We will process basic personal information about you, such as your contact details (name, address, email, phone number) and information that would normally be included in a curriculum vitae (education history, employment history, professional experience, offer letters, compensation history where permitted by local law, etc.), and competencies, as well as any additional information that may assist us in presenting the best individuals for the most appropriate roles (such as professional or relocation interests) on the basis of legitimate interest, or other legal grounds (such as consent) where required by applicable local legislation, provided the processing of such information is not overridden by your own privacy interests or your rights and freedoms as provided by law.
Once we proceed to the later stages of the search process, we will ask you to sign a consent form allowing us to process (and share with our clients, data processor and background check providers if relevant and necessary to the search process) any information required for background checks and/or employment diversity requirements, including any potentially sensitive information that may come to light during interviews, as well as any insights that we may provide to our clients based on the foregoing.
If we are unable to obtain your consent at the relevant stage of the process, any information we process for employment diversity requirements shall be done on the basis of reasons of substantial public interest, or applicable laws and/or the requirements imposed by local authorities. However, we shall obtain your consent prior to sharing such information with our clients.
In order to facilitate the interview processes we may request to record the interview session which will then be transcribed by a third party to ensure the information obtained is entirely accurate for our review. In the event of a planned recorded interview session, we will obtain your consent prior to recording.
We will process basic personal information about you, such as your contact details (name, address, email, phone number) and information that would normally be included in a reference check interview (employment history, professional experience, your opinion about the candidate, etc.), as well as any additional information that may assist us in getting a reference insight about the candidate on the basis of legitimate interest, or other legal grounds (such as consent) where required by applicable local legislation, provided the processing of such information is not overridden by your own privacy interests or your rights and freedoms as provided by law.
If you require any further information concerning the legal basis on which we process your personal information, you may contact us at email@example.com.
How long do we retain Personal Data?
LAESC will retain your personal data only for as long as the data is needed in connection with the purposes for which is it being collected and used. The following criteria will be used to guide us when retaining your information:
We endeavor to only collect personal data that are necessary for the purposes for which they are collected, and to retain such data for no longer than is necessary for such purposes. The length of time personal data is retained, and criteria for determining that time, are dependent on the nature of the personal data and the purpose for which it was provided.
You may contact us at firstname.lastname@example.org to obtain additional information about retention of your personal data.
Where we store your Personal Data?
The data that We collect from you and process as a result of your use of the Services may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for Us or for one of our suppliers. By submitting your Personal Data, you agree to this transfer, storing or processing.
In particular, your data may be accessible to i) LAESC’s staff in the USA ii) with the LAESC´s client that hired Us for the assignment, or iii) may be stored by LAESC’s hosting service provider on servers in the USA as well as in the EU. The USA does not have the same data protection laws as the United Kingdom and EEA. A Data Processing Agreement has been signed between LAESC and their overseas group companies, and between LAESC and Loxo Holdings, LLC. (our Data Processor) . These Data Processor Agreements that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your Personal Data.
If you would like further information please contact Us (see ‘Contact’ below). We will not otherwise transfer your Personal Data outside of the United Kingdom OR EEA or to any organization (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
We do not sell, lease, rent or otherwise disclose your personal data to third parties unless otherwise stated below.
Third Party Websites
We may be obligated by mandatory law to disclose your personal data to certain authorities or other third parties, for example, to law enforcement agencies in the countries where we or third parties acting on our behalf operate. We may also disclose and otherwise process your personal data in accordance with applicable law to defend LAESC’s legitimate interests, for example, in legal proceedings or in connection with governmental requests and filings.
Mergers and Acquisitions
If we decide to sell, buy, merge or otherwise reorganize our businesses in certain countries, this may involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers.
How do we address the privacy of children?
We do not knowingly collect or solicit Personal Data from children under 16; if you are a child under 16, please do not attempt to use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at email@example.com.
How do we address Data Quality?
What steps are taken to safeguard Personal Data?
Privacy and security are key considerations in the creation and delivery of our products and services. We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities. We take appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, we limit access to our data bases containing personal data to authorized persons having a justified need to access such information.
What are your rights?
You have a right to know what personal data we hold about you, and to access it. You have a right to have incomplete, incorrect, unnecessary or outdated personal data updated.
You have the right to request that your personal data be erased, and to obtain a copy of your data in a machine-readable format. Please submit your request using this link https://loxo.co/latin-america-executive-search/gdpr-form or contact us at firstname.lastname@example.org
You have the right to object to or restrict processing in certain circumstances, such as where you believe the data is inaccurate or the processing activity is unlawful.
You have a right to unsubscribe from direct marketing messages and to request that we stop processing your personal data for direct marketing purposes or on other compelling legal grounds.
However, if you opt-out from marketing and other communications from LAESC, critical alerts may still be sent to you.
If you are located in a European Union member state or within the European Economic Area, you have the right to lodge a complaint about our data collection and processing activities with the supervisory authority concerned.
You may exercise your rights by contacting us or by managing your account and choices through available profile management tools on your device and our services.
In some cases, especially if you wish us to delete or stop processing your personal data, this may also mean that we may not be able to continue to provide the services to you.
Applicable data protection law may provide certain restrictions on the extent to which these rights may be exercised. If a restriction applies, we will respond to your request with an explanation of what action will be taken, to the extent required under applicable data protection law.
Who is the controller of your Personal Data?