Privacy Policy

This privacy policy sets out how Hutton Consulting uses and protects any information that you give Hutton Consulting when you use this website.

Hutton Consulting Services Limited (Hutton, Us, We) is a leading provider of executive search. Protection of your privacy is important to us and we are committed to protecting your personal data.

This Privacy Policy outlines how we collect, store and process your personal data and relates to any individual receiving this policy which is not a current member of staff at Hutton. This includes third party suppliers to Hutton, clients, candidates, previous candidates and users of our website.

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by [the General Data Protection Regulation 2016/679 (the “GDPR”)[1]]. It does not include anonymised data.

Who are we?

Hutton Consulting Services Limited is, in most cases, the controller of personal data processed as laid out in this Privacy Policy and in accordance with the GDPR. This means we decide how your personal data is processed and for what purposes. We will use your personal data to enable us to provide you with professional advice and services as a recruitment company; both that which you request and that which we think may be of interest to you.

How do we collect your personal data?

Hutton Consulting Services Limited will collect personal data through you directly, third party referrals, recommendations or references. This may include information received by a variety of mediums including email, text, phone conversations, face-to-face conversations, through our website or within your CV. The personal data collected, stored and processed by us on you will vary depending on our relationship but may include:

Personal contact details and demographic information (name, title, email addresses, postcode)

Past and present workplace and education details
Personal details (date of birth, marital status, gender)
Information on you which is in the public domain (LinkedIn etc)
Information about your visits to our website (Cookies)

How do we process your personal data?

Hutton Consulting Services Limited complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure, by ensuring that appropriate technical measures are in place to protect personal data and by using personal data in a way that people would reasonably expect.

We are following the basis of Legitimate Interest to use your personal data for the following purposes:

  • To keep data about Candidates who have contacted us in the past or who we have identified as possible Candidates on our Database up to date. This data is only accessible by current employees of Hutton and third parties who require access to your personal data in order to do their job, and is password protected
  • To share with prospective employers, including our Clients and Prospective Clients who main retain such data for future recruitment purposes, with your permission, for roles relevant to your experience
  • To inform you about roles or events relevant to your experience
  • To ask you for references and professional opinions
  • To share with external vetting agencies, such as those who check criminal records or credit checks, with your permission
  • To share with professional external consultants, such as those required for pre-employment screening services
  • To allow us to accurately map the marketplace in which we specialise.  
  • To improve our products and services
  • To customise our website according to your interests

What are we doing to ensure the security of your personal data?

We have effective endpoint, network and email protection that filters out spam, malware and dangerous file types.

We have implemented an Internal Data Protection Policy which guides employees on how to keep personal data secure and we have trained employees to be suspicious of emails, especially those that contain attachments, and to report any unusual emails or attachment behaviour to our IT team.

Where appropriate, we look to use measures such as pseudonymisation and encryption.

Sharing your personal data

Your personal data will be treated as strictly confidential and will be shared only with third parties following your permission, or when required by law. Third parties may include payment providers, IT service providers and auditors.

We do not share your data with third-parties for marketing purposes.

How long do we keep your personal data?

We will keep your personal data for no longer than reasonably necessary for the purposes for which the personal data is processed, including any legal requirements. When deciding on its retention period, we’ll take into account the type and nature of the personal data, alongside the purpose for which it was collected.  We will regularly review our data retention policy.

Your rights and your personal data 

Unless subject to an exemption [under the GDPR], you have the following rights with respect to your personal data: -

  • The right to request a copy of your personal data which Hutton Consulting Services Limited holds about you;
  • The right to request that the Hutton Consulting Services Limited corrects any personal data if it is found to be inaccurate or out of date; 
  • The right to request your personal data is erased where it is no longer necessary for Hutton Consulting Services Limited retain such data;
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable)
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable)
  • The right to lodge a complaint with the Information Commissioners Office.

Transfer of Data Abroad

It may be necessary for us to send information on you to Clients outside of the European Union. Where this is needed, we will make transfers in full compliance of the Data Protection Act and GDPR ensuring that any third parties treat your personal data in conjunction with European data protection laws.

Website use

Hutton Consulting Services Limited is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

About cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Cookies that we use

We use cookies for the following purposes:

(a) to help us to analyse the use and performance of our website and services (cookies used for this purpose are: Google Analytics and

(b) to store your preferences in relation to the use of cookies more generally.

Cookies used by our service providers

Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google's privacy policy is available at: https://www.google.com/policies/privacy/. Google Analytics uses the following cookies:_utma This randomly generated number is used to determine unique visitors to our site. It expires after 2 years. _utmb. This randomly generated number works with _utmc to calculate the average length of time users spend on our site. It expires after 30 minutes. _utmc  This randomly generated number works with _utmb to calculate when you close your browser.It expires when you close your browser._utmz This is a randomly generated number and information about how the site was reached (e.g. direct or via a link, organic search or paid search). It expires after 6 months.

Our service providers use cookies and those cookies may be stored on your computer when you visit our website. We use exp_cookies_allowed, exp_cookies_accepted or exp_cookies_declined to track and respect your choices. Around all our websites we use cookies to remember where you are and to help and protect you. We use exp_last_activity so every time the page is reloaded the last activity is set to the current date and time. It is used to determine form or login expiry. This is essential for logged in users to record their data and not lose it as it is being input. The expiry time 12 months. exp_last_visit Sets the date and time that the you last visited the site. Affects guests and logged in users. The expiry time is 12 months. exp_tracker Tracks the last 5 pages you viewed and is used primarily for redirection after some actions on the site ie moving back to pages. This affects guests and logged in users. This cookie expires when you leave the site. We also use exp_csrf_token. This cookie protects against Cross Site Request Forgery (CSRF). A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. It expires from your computer after one hour.

Managing cookies

You can manage cookie preferences here.

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);

(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);

(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);

(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

(e) https://support.apple.com/kb/PH21411 (Safari); and

(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

Blocking all cookies will have a negative impact upon the usability of many websites.

If you block cookies, you will not be able to use all the features on our website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Contact Details

To exercise all relevant rights, queries or complaints please contact the Data Protection Officer at:

Hutton Consulting Services Limited
33 Queen Street
London
EC4R 1BR

Email: dpo@huttonconsulting.com  

The Privacy Policy was last updated on 24/05/2018

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Hutton Consulting Services Limited is registered with the Information Commissioners Office under registration reference: Z8828733

 


[1] At the time of going to press the new Data Protection Bill, which incorporates the GDPR into national law, has started its journey through parliament.  The final form of this legislation is not yet known, we have therefore referred to the GDPR as the relevant legislation.