Data Protection and Privacy Policy

The Data Protection Act 2018 describes how organisations – including Minerva – must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials.To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

This policy helps to protect Minerva from some very real data security risks, including;

• Breaches of confidentiality. For instance, information being given out inappropriately.
• Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them. 
• Repetition damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.

This policy helps to protect Minerva from some very real data security risks, including;

Data you send us, which is likely to be included in the content of a CV, cover letter, email or additional attachment, will be stored confidentially and securely by us.   We will only use this data in connection with the management of executive search processes, and will only disclose it to third parties when you have expressed an interest in a particular role, for the following purposes: (a) assessing and evaluating your suitability for a particular appointment; and (b) verifying your identity and the accuracy of the information provided.   From time to time we may also contact you about other appointments on which we are working, and may invite you to events or share with you information which we feel may be of interest to you in your career progression.   We do not send round-robin emails, or untailored marketing.

Data you send us, which is likely to be included in the content of a CV, cover letter, email or additional attachment, will be stored confidentially and securely by us.   We will only use this data in connection with the management of executive search processes, and will only disclose it to third parties when you have expressed an interest in a particular role, for the following purposes: (a) assessing and evaluating your suitability for a particular appointment; and (b) verifying your identity and the accuracy of the information provided.   From time to time we may also contact you about other appointments on which we are working, and may invite you to events or share with you information which we feel may be of interest to you in your career progression.   We do not send round-robin emails, or untailored marketing.

If you provide us with information about other individuals, for example details of a referee or personal contact, you must ensure that they have agreed to you providing us with their details.  We would advise you to keep a record of their agreement and provide them with a copy of, or link to, this policy to avoid any concern.

If you work with us at Minerva, we will typically require data concerning bank details, address, NI number and other personal data, to facilitate your employment with us and to meet our legal obligations as an employer on areas such as tax, health and safety and equality legislation. This data will be stored securely and confidentially. From time to time individuals with whom we interact in our general business will also supply data such as bank details, for example in relation to reimbursing of expenses. We will delete this data from our database and systems as soon as it is no longer required by us. The lawful bases for the this processing will usually be conducted under Article 6 (b) of the GDPR ‘the processing is necessary for the performance of a contract with the data subject’ for the majority of employment matters (e.g. setting up a staff IT account, paying travel expenses, etc.). Some processing of personal data will be conducted under Article 6 (c) of the GDPR ‘processing is necessary for compliance with a legal obligation (e.g. providing personal data to HMRC for the purposes of taxation).

General Employee Guidelines

• The only people able to access data covered by this policy should be those who need it for their work.
• Data should not be shared informally. When access to confidential information is required, employees can request it from a partner.
• Minerva will provide training to all employees to help them understand their responsibilities when handling data.
• Employees should keep all data secure, taking sensible precautions and following the guidelines below.
• In particular, strong passwords must be used and they should never be shared.
• Personal data should not be disclosed to unauthorised people, either within the company or externally.
• Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
• Employees should request help from a partner if they are unsure about any aspect of data protection.

Responsibilities

• Everyone who works for or with Minerva has some responsibility for ensuring data is collected, stored, handled appropriately and processed in line with this policy and data protection principles. The Partners are ultimately responsible for ensuring that Minerva meets its legal obligations.

The Partners are also responsible for:

• Reviewing all data protection procedures and related policies, in line with an agreed schedule.
• Ensuring adequate advice has been given for the people covered by this policy.
• Handling data protection questions from employees and anyone else covered by this policy.
• Dealing with requests from individuals to see the data Minerva holds about them (also called ‘subject access requests’).
• Checking and approving any contracts or agreements with third parties that may handle our sensitive data.

Fitzrovia IT Cloud & Support Services provider are a member of the Commissioner’s Office (no: Z151879X) and comply with the current terms of the Data Protection Act and are responsible for:

• Evaluating monitoring and maintaining data and network integrity and security ensuring all systems, services and equipment used for storing data meet acceptable security standards.
• Performing regular checks and scans to ensure security hardware and software is functioning properly.
• Actively ensure that Cloud services are up to date and operating at the latest versions and update levels as and when necessary
• Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.

Data Use

• The law requires Minerva to take reasonable steps to ensure that our data is kept accurate and up to date.
• The more important it is that the personal data is accurate, the greater the effort Minerva put into ensuring its accuracy.
• It is the responsibility of all employees and partners who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
• Data will be held in Invenias CRM system and on our drive and employees shall avoid creating any unnecessary and additional data sets.
• Employees and partners will take every opportunity to ensure data is updated in Invenias and data will be updated as soon as inaccuracies are discovered.

Data Storage

• Minerva are mindful of the environment and sustainability as such do not advocate the paper storage of documents, unless they are originals we are required to keep for archiving purposes.
• Data stored on paper is housed in filing cabinets in a secure and locked office, and any data printouts are disposed of securely when no longer required.
• Data stored electronically is protected by strong passwords that are changed with system notifications and are not shared between employees.
• Data is stored on designated drives and is linked to an approved cloud computing service
• Data is backed up frequently and the backups tested regularly and in line with standard back up procedure
• All laptops and tablets containing data are protected by an approved security software and a firewall.

We will collect personal data only if it is directly provided to us by you the user, e.g. your e-mail address, name, home or work address and telephone number, and therefore has been provided by you with your consent.  We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally). 

The transmission of information via the Internet or email is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk.  Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

On occasion, we may gather information about your computer for our services and to provide statistical information regarding the use of our website to our advertisers. Such information will not identify you personally – it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. Similarly to the above, we may gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and the service that we provide to you. All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our website. Our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our website.

For legitimate business purposes, we will store data for five years.   This is in accordance with legal, tax and accounting requirements.  Where your information is no longer required, we will ensure it is disposed of in a secure manner and, where required by applicable law, we will notify you when such information has been disposed of.

We will continue to oversee implementation of and compliance with this policy and will adapt the policy to reflect changes in technology and the expectations of everyone they deal with. 

If you have any questions or comments on Minerva and its data protection policy please contact one of the partners at hello@minervasearch.com. If you have a complaint about the handling of data, you have the right to involve the Information Commissioner – but please inform us first, preferably by e-mail to hello@minervasearch.com, so that we may have the opportunity to address any issues directly with you. 

We may disclose your personal data outside of our group: (a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and (b) if Minerva’s business is bought by a third party, in which case personal data held by it about its customers will be one of the assets to transfer to the buyer.  However any such transfer will only be on terms that the confidentiality of your personal data is protected and that the terms of this privacy policy will continue to be complied with by the recipient.

The Data Protection Act 2018 gives you the right to access information held about you by us. This right can be exercised by you in accordance with the Act as an access request. Should you wish to receive details that we hold about you, please contact us using hello@minervasearch.com

Subject Access Requests

All individuals who are the subject of personal data held by Minerva are entitled to:

right to be informed;

right of subject access;

right to rectification;

right to erasure;

right to restrict processing;

right to data portability;

right to object to data processing;

rights in relation to automated decision making and profiling.     

If an individual wishes to submit a subject access request it should be made by email, addressed to a partner at hello@minervasearch.com. Minerva has an obligation to respond within one calendar month. Minerva reserves the right to verify the identity of anyone making a request before handing over any information.

Disclosing data for other reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances, Minerva will disclose requested data. However, the partners will ensure the request is legitimate, seeking assistance from legal advisers where necessary.