MENU menu

Close close menu

Data Protection and Privacy Policy


This data protection and privacy policy applies to Minerva.  We at Minerva take your privacy seriously. This policy covers the collection, processing and other use of personal data under the Data Protection Act 2018, and in compliance with the General Data Protection Regulations (GDPR), for which purpose the data controller is Minerva.  

We are registered with the Information Commissioner’s Office for this purpose.


The Data Protection and Privacy Policy employed by Minerva has been developed as an extension of our commitment to combine quality services with the highest level of integrity for the confidentiality of the clients, suppliers, associates and staff we interact with.  We do not distribute sensitive data outside of Minerva, and only collect it when there is a legitimate reason for doing so.   The policy details how we collect, store and use information about individuals and organisations. 


Data Protection Law


The Data Protection Act 2018 describes how organisations – including Minerva – must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials.To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.


Date Protection Risks


This policy helps to protect Minerva from some very real data security risks, including;


Breaches of confidentiality. For instance, information being given out inappropriately.


Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.


Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.




Data you send us, which is likely to be included in the content of a CV, cover letter, email or additional attachment, will be stored confidentially and securely by us.   We will only use this data in connection with the management of executive search processes, and will only disclose it to third parties when you have expressed an interest in a particular role, for the following purposes: (a) assessing and evaluating your suitability for a particular appointment; and (b) verifying your identity and the accuracy of the information provided.   From time to time we may also contact you about other appointments on which we are working, and may invite you to events or share with you information which we feel may be of interest to you in your career progression.   We do not send round-robin emails, or untailored marketing.


Clients and service providers


Data you send us, in relation to specific assignments, tenders or other interactions, will be stored securely and confidentially to ensure that we are able to meet our contractual commitments to you, and to notify you about any changes to our website, such as improvements or service/product changes, that may affect our service.  If you are an existing client, we may contact you with information about services similar to those which were the subject of a previous sale to you, or to provide you with information requested from us about our services. 


Information about others


If you provide us with information about other individuals, for example details of a referee or personal contact, you must ensure that they have agreed to you providing us with their details.  We would advise you to keep a record of their agreement and provide them with a copy of, or link to, this policy to avoid any concern.




If you work with us at Minerva, we will typically require data concerning bank details, address, NI number and other personal data, to facilitate your employment with us and to meet our legal obligations as an employer on areas such as tax, health and safety and equality legislation. This data will be stored securely and confidentially. From time to time individuals with whom we interact in our general business will also supply data such as bank details, for example in relation to reimbursing of expenses. We will delete this data from our database and systems as soon as it is no longer required by us. The lawful bases for the this processing will usually be conducted under Article 6 (b) of the GDPR ‘the processing is necessary for the performance of a contract with the data subject’ for the majority of employment matters (e.g. setting up a staff IT account, paying travel expenses, etc.). Some processing of personal data will be conducted under Article 6 (c) of the GDPR ‘processing is necessary for compliance with a legal obligation (e.g. providing personal data to HMRC for the purposes of taxation).


General Employee Guidelines


The only people able to access data covered by this policy should be those who need it for their work.

Data should not be shared informally. When access to confidential information is required, employees can request it from a partner.

Minerva will provide training to all employees to help them understand their responsibilities when handling data.

Employees should keep all data secure, taking sensible precautions and following the guidelines below.

In particular, strong passwords must be used and they should never be shared.

Personal data should not be disclosed to unauthorised people, either within the company or externally.

Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.

Employees should request help from a partner if they are unsure about any aspect of data protection.




Everyone who works for or with Minerva has some responsibility for ensuring data is collected, stored, handled appropriately and processed in line with this policy and data protection principles. The Partners are ultimately responsible for ensuring that Minerva meets its legal obligations.


The Partners are also responsible for:


Reviewing all data protection procedures and related policies, in line with an agreed schedule.

Ensuring adequate advice has been given for the people covered by this policy.

Handling data protection questions from employees and anyone else covered by this policy.

Dealing with requests from individuals to see the data Minerva holds about them (also called ‘subject access requests’).

Checking and approving any contracts or agreements with third parties that may handle our sensitive data.



Fitzrovia IT Cloud & Support Services provider are a member of the Commissioner’s Office (no: Z151879X) and comply with the current terms of the Data Protection Act and are responsible for:


Evaluating monitoring and maintaining data and network integrity and security ensuring all systems, services and equipment used for storing data meet acceptable security standards.

Performing regular checks and scans to ensure security hardware and software is functioning properly.

Actively ensure that Cloud services are up to date and operating at the latest versions and update levels as and when necessary

Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.


Data Use


The law requires Minerva to take reasonable steps to ensure that our data is kept accurate and up to date.

The more important it is that the personal data is accurate, the greater the effort Minerva put into ensuring its accuracy.

It is the responsibility of all employees and partners who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.


Data will be held in Invenias CRM system and on our drive and employees shall avoid creating any unnecessary and additional data sets.

Employees and partners will take every opportunity to ensure data is updated in Invenias and data will be updated as soon as inaccuracies are discovered.



Data Storage


Minerva are mindful of the environment and sustainability as such do not advocate the paper storage of documents, unless they are originals we are required to keep for archiving purposes.

Data stored on paper is housed in filing cabinets in a secure and locked office, and any data printouts are disposed of securely when no longer required.

Data stored electronically is protected by strong passwords that are changed with system notifications and are not shared between employees.

Data is stored on designated drives and is linked to an approved cloud computing service

Data is backed up frequently and the backups tested regularly and in line with standard back up procedure

All laptops and tablets containing data are protected by an approved security software and a firewall.



Website visitors



We will collect personal data only if it is directly provided to us by you the user, e.g. your e-mail address, name, home or work address and telephone number, and therefore has been provided by you with your consent.  We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally). 


The transmission of information via the Internet or email is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk.  Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.


You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.


On occasion, we may gather information about your computer for our services and to provide statistical information regarding the use of our website to our advertisers. Such information will not identify you personally - it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. Similarly to the above, we may gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer's hard drive. They help us to improve our website and the service that we provide to you. All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our website. Our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our website.




For legitimate business purposes, we will store data for five years.   This is in accordance with legal, tax and accounting requirements.  Where your information is no longer required, we will ensure it is disposed of in a secure manner and, where required by applicable law, we will notify you when such information has been disposed of.


We will continue to oversee implementation of and compliance with this policy and will adapt the policy to reflect changes in technology and the expectations of everyone they deal with. 

If you have any questions or comments on Minerva and its data protection policy please contact one of the partners at If you have a complaint about the handling of data, you have the right to involve the Information Commissioner - but please inform us first, preferably by e-mail to, so that we may have the opportunity to address any issues directly with you. 


We may disclose your personal data outside of our group: (a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and (b) if Minerva's business is bought by a third party, in which case personal data held by it about its customers will be one of the assets to transfer to the buyer.  However any such transfer will only be on terms that the confidentiality of your personal data is protected and that the terms of this privacy policy will continue to be complied with by the recipient.


The Data Protection Act 2018 gives you the right to access information held about you by us. This right can be exercised by you in accordance with the Act as an access request. Should you wish to receive details that we hold about you, please contact us using



Subject Access Requests


All individuals who are the subject of personal data held by Minerva are entitled to:


If an individual wishes to submit a subject access request it should be made by email, addressed to a partner at Minerva has an obligation to respond within one calendar month. Minerva reserves the right to verify the identity of anyone making a request before handing over any information.


Disclosing data for other reasons


In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances, Minerva will disclose requested data. However, the partners will ensure the request is legitimate, seeking assistance from legal advisers where necessary.



Version: March 2020