OUR PRIVACY COMMITMENT
We are committed to being open and transparent about how we manage your personal information.
At Sheffield we have a few fundamental principles:
- We will only use your personal information when it is necessary for us to deliver you our services or perform other necessary business functions and activities.
- We will not use or disclose your personal information for purposes unrelated to our business activities and the services we provide, unless we first obtain your consent.
You can read the whole policy below, or if you haven't got much time, you can jump directly to the section you need using the navigation menu.
We are bound by the requirements of those laws, which regulate how we may collect, store, use and disclose your personal information. Those laws also specify other requirements, such as how individuals may access, correct and delete information held about them.
When we say "personal information" we mean identifiable information about you, such as your name, email, address, telephone number, work experience, qualifications and so on. When we say "sensitive information" we mean a special category of personal information containing information regarding racial or ethnic origin, political opinions, religious beliefs, genetic data, health information and so on.
Sheffield is a specialist executive recruitment company that provides a range of integrated leadership advisory and organisational development services. Our business relies on the collection of personal information that is submitted by you, or with your authority, to enable us to better assess your suitability, eligibility and qualifications for employment ("Services").
WHAT INFORMATION DO WE COLLECT?
Information you provide to us directly: Our usual practice is to collect personal information directly from you, when you complete any form, including online forms, register to use our Services, or provide any other information in connection with your use of our Services. A few examples include:
- Personal details: given name(s); photograph; employment history; education, and other typical CV content provided as part of an application process.
- Demographic information: gender; date of birth; age; nationality; title; languages spoken.
- Contact details: correspondence address; telephone number; email address; details of your public social media profile(s).
- Consent records: records of any consent you may have given and the subject matter of that consent.
- Vaccination details: If the role you have applied for has been assessed as being high-risk for COVID-19 or is covered by a Public Order requiring vaccination, it will be a legal requirement for you to be fully vaccinated before you can be placed in that role. In this case, we may seek information about your vaccination status.
Sensitive information you provide: We may collect or obtain sensitive information directly from you (for example, where your CV or job application contains health information).
Information we get from third parties: We collect or obtain personal information from authorised third parties (e.g. Linkedin, researchers, credit reference agencies, law enforcement agencies). This includes information such as public information, references, results from former employers, competency or medical tests, or background checks such as credit and criminal record checks.
Information we collect automatically: We may collect personal information about you automatically when you visit our websites or use our Services, like your IP address and device type. Some of this information may be collected using cookies and similar tracking technologies.
Information we create in the performance of the Services: We may also create or obtain personal information, such as evaluative records about your interactions with us, and any interactions we have with clients on your behalf. Evaluative information may be confidential to us.
Information you make public: We may collect or obtain your personal information that you manifestly choose to make public, including via online channels such as social media (e.g. Linkedin, Facebook etc.)
You can always choose not to provide your personal information to Sheffield, but it may mean that we are unable to provide you with the Services.
HOW IS YOUR PERSONAL INFORMATION PROCESSED?
Where we collect personal information or sensitive information, we will only process it:
- to perform a contract with you; or
- where we have legitimate interests to process the personal information or sensitive information and these interests are not overridden by your rights; or
- in accordance with a legal obligation; or
- where we have your consent.
Sheffield collects your personal information so that we can provide you with the Services and any related services you may request. In doing so, Sheffield may use the personal information we have collected from you for purposes related to the Services including:
- to process and administer the Services, and to help us develop, improve, manage, administer and facilitate our Services and business operations;
- to contract with authorised individuals (such as prospective employers);
- to process your personal information for Sheffield's internal business purposes;
- verify your identity and application details; for general internal purposes (such as record keeping, database management, training, billing);
- assist with the resolution of any issues relating to the Services; and comply with all laws and regulations in all applicable jurisdictions; and communicate with you.
IN WHAT VERY LIMITED CIRCUMSTANCES MIGHT WE DISCLOSE YOUR PERSONAL INFORMATION?
Your personal information will not be sold, traded rented or otherwise provided to others without your consent.
- a prospective employer, as part of your job application process;
- third party service providers, including any sub-contractors, to enable us to provide our recruitment and related services; and
- researchers who assist us to find and place potential candidates.
We will not otherwise disclose your personal information unless we believe on reasonable grounds that you have provided your authorisation. However, you should be aware that we may be required to disclose your personal information without your consent in order to comply with any court orders, subpoenas or other legal process or investigation including by tax authorities, if such disclosure is required by law. We may disclose your personal information if we consider it necessary to reduce a serious threat to an individual’s life or health or to the health or safety of the general public. Where possible and appropriate, we will notify you if we are required by law to disclose your personal information.
INTERNATIONAL DATA TRANSFERS
In connection with providing the Services, you accept that your personal information may be disclosed to recipients in, or transferred to, or processed in, countries other than New Zealand. We may provide your personal information to third parties in countries other than New Zealand if we have reasonable grounds to believe the recipient is required to protect your personal information will be protected in a way that, overall, provides comparable safeguards to those required by New Zealand’s privacy laws.
However, there may be differences between New Zealand's privacy laws and those of the overseas locations in which we may store and process your personal information. If we cannot ensure that recipients in those locations are required to protect your personal information using comparable safeguards to those under New Zealand’s privacy laws then we will only provide your personal information to recipients in those locations if you authorise us to do so.
For individuals in the European Economic Area (EEA), this means that your personal information may be transferred outside of the EEA. Where your personal information is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal information (e.g. by entering into the European Commission's Standard Contractual Clauses).
For further information, please contact us using the details set out in the contact section below.
STORAGE AND SECURITY
We are committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure.
Our data hosting servers are currently located in Australia.
Sheffield implements and maintains organisational and technical security measures that are designed to provide reasonable protection against the loss, interference or misuse of your personal information and to prevent unauthorised access, modification or disclosure of that information.
WHAT ABOUT LINKS TO OTHER WEBSITES?
EMAIL, TEXT AND TELEPHONE COMMUNICATIONS
We are committed to full compliance with the Unsolicited Electronic Messages Act 2007.
By subscribing to emails and/or text communications, or otherwise providing your email address and/or mobile number, you consent to receiving emails and/or texts (as the case may be) which promote and market our products and services, or the products and services of others, from time to time.
You can unsubscribe from our email communications and/or text communications at any time by clicking the "Unsubscribe" link in any promotional or marketing email or text received or by emailing firstname.lastname@example.org
Once you have unsubscribed from the email or text communications, you will be removed from the corresponding marketing list as soon as is reasonably practicable.
HOW YOU CAN ACCESS OR CORRECT YOUR PERSONAL INFORMATION
It is your responsibility to ensure that the personal information you provide is accurate, complete and up-to-date.
You may request access to the information we hold about you, or request that we update or correct any personal information we hold about you, or ask us to restrict or cease processing your personal information or even delete your personal information, by setting out your request in writing and sending it to us at email@example.com.
We will review your request as soon as reasonably practicable to comply with our legal obligations. If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
The length of time we keep your personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you've requested or to comply with applicable legal requirements such as money laundering and financial reporting legislation).
We'll retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our internal retention policies and practices. Following that period, we'll make sure it's deleted or anonymised. Otherwise, as a general rule, we only keep your personal information for as long as we require it for the purposes of providing you with our Services.
We take your concerns seriously. If you have any concerns about privacy or the use or collection of your personal information by Sheffield please contact our Privacy Officer at firstname.lastname@example.org and include the words 'ATT: THE PRIVACY OFFICER' or call us on +64 9 377 3119.
We will respond as quickly as possible (our target response is 20 days) and handle all complaints in a way that is fair and consistent. However, if you remain dissatisfied, you can make a formal complaint with Office of the Privacy Commissioner.