Data Privacy Statement

Crimson Limited, is a leading IT recruitment and IT solutions consultancy working on an annual basis with thousands of candidates and clients world-wide.

Crimson Limited is part of Nash Squared and also follows the Group’s privacy policy..

This website offers you a platform to engage with us on IT Projects/IT Recruitment/Consultations or Consultative Engagements and upload your personal data to improve your user experience.  You are responsible for the accuracy of the personal data inputted. If you use functions on the website which access data from external sources, such as LinkedIn, please be aware that the website will access your personal data from these sources.

Our reputation is reliant on the trust of people we work with, and consequently the effective and professional use of the information you provide us is paramount.

Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.


This Privacy Statement explains what we do with your personal data, if providing you with a service that may be of interest, or simply as a result of you visiting our website.

We respect your right to privacy. Our overall aim is to ensure that our collection and use of personal information is appropriate to the provision of services to you and is in accordance with applicable data protection laws.

Important definitions in this policy

“You” are a candidate, potential candidate, consultant, client contact or contact at any other organisation References in this policy to:

“hirer” and “client” mean any hiring organisation/organisation to which we offer and/or provide temporary and/or permanent recruitment services or project consultancy to;

“client contact” means a responsible owner at a client;

“candidate” means a potential or actual candidate for a permanent or temporary role;

“consultant” means a person whose services are supplied via Crimson to work on temporary assignments with a hirer;

“referee and/or emergency contact” means a person whose personal details a candidate provides for the purposes of providing a reference or acting as their emergency contact

Specifically, this Privacy Statement provides you with details about the personal information we collect and hold about you, how we use your personal information and your rights regarding your personal information. 

It does not cover any use of your personal information by:

  • an actual or potential employer or hirer;
  • an umbrella company; or
  • any other organisation involved in the supply of your services via us to a hirer, to whom we may provide your personal information as part of the recruitment process/consultative service. That use will be governed by the relevant employer’s or hirer’s Privacy Statement
  • Any other organisation involved in the supply chain of services offered by us

What does Crimson do?

The core of what we do is to provide services to help candidates develop their careers. We do this through assessing and matching people with potential job opportunities, as well as providing wider services to help them in their careers, such as invitations to networking events and opportunities to take part in research.

To work with clients to provide recruitment, consultancy and outsourcing services to help them solve recruitment, talent, technology and other related challenges.


Where does Crimson collect data from?

This Privacy Statement applies to the collection, storage and use of personal information collected by Crimson (“we” or “us”):

  • via our website at www.crimson.co.uk; or any other website operated by us (the “Site”); or
  • as a result of you responding to an advertisement posted by us on a job board, online CV library or via social media; or
  • as a result of us matching your CV, as uploaded by you onto a job board, online CV library or a social media site, to a vacancy we are seeking to fill for one of our clients; or
  • as a result of personal recommendations; or
  • from company websites; or
  • from your business card; or
  • in the course of us providing recruitment, resourcing, outsourcing or consultancy services to you (“Services”); or
  • from an engagement/potential engagement between Crimson and our client contact/s; or
  • events (networking/conferences etc) and any other business-related activity; or
  • Customer Referral – from known associates including our parent company and its associated companies

What information do we collect on Candidates?

Candidates: the personal information we collect about you were “you” are a candidate or placed consultant.

Crimson aims to collect the minimum data it needs to perform its role. Typically, this is name, address, job title and contact details. In addition, if you are a candidate being considered for a role it may also include your CV / resume as well as other details about your skills and experience.

We may also collect other personally identifiable data, for instance we may be engaged in equal opportunity monitoring or need information to complete a contract for you or our client. This data can include age, identity card number, passport number, driver license number, address, email address, user ID and passwords, gender, date of birth, marital status, occupation, income range, bank account details, financial information, contact information such as telephone, mobile, nationality, personal website or social media links or other data which may be required by local regulations.

Referees and emergency contacts: we collect basic contact details (such as name, title, address, email and telephone number) so that we can contact you for a reference or as an emergency contact for one of our candidates/or contractors.


What information do we collect on Client contacts?

Client contacts:  the personal information we collect about you were “you” are a contact at one of our clients or at an MSP, umbrella company or personal service company involved in the supply of a person’s services to a hirer.

We need to collect information about you as an essential part of providing our Services. 

We may collect personal information about you when:

  • we contact you with a view to providing Services to you; or
  • you email us expressing an interest in working with us;
  • you provide us with your business card or other information provided to us, given to our employees at sales and marketing events;
  • you post information or advertisements on job boards or social media websites;
  • we provide Services to you as an actual or a potential hirer of your services; or
  • we complete contractual documentation relevant to the Services,

we will usually collect the following information from or about you:

  • your name;
  • your postal address;
  • your phone and e-mail details;
  • details of your role, title and responsibilities within your organisation;
  • where “you” are a client:
  • any opinion or feedback you share with us regarding a candidate or consultant;
  • details of any queries you raise with us regarding the Services;
  • details of any recruitment and/or resourcing requirements or plans you share with us.

What is our lawful basis for processing your personal data?

We use the data we gather to perform a number of tasks, including:

  • placement of a candidate into a particular employment role as defined by our clients; or the provision of resourcing, outsourcing or consultancy
  • maintaining our records of our candidates, clients and contacts – project engagement/contractual etc;
  • conducting marketing, profiling and business development activities as well as market research and statistical analysis regarding our products and/or services;
  • complying with any legal or regulatory requirements and to make the necessary disclosure under the requirements of any applicable law, regulation, direction, court order, guideline, circular or code which are applicable to us for the prevention of crime.
  • Reporting requirements to clients where we offer Managed Services (RPO / MSP)

Client contacts: We use the information collected from clients to ensure that we provide business services to you. This will involve identifying candidates that will meet your requirements or providing other business services from our portfolio.

Suppliers: we use the data collected to ensure the business arrangements between us run smoothly.

Referees and emergency contacts: we use the data collected to contact you for a reference or to contact you as a candidate’s emergency contact in the event of an accident or other emergency.  


We consider that it is necessary for our legitimate interests as a business to process your personal data. At different stages in the processes we also have other lawful grounds for processing your data such as compliance with our legal obligations and where it is necessary for the performance of contracts related to the recruitment/project process. 

We think you will have an expectation that if you are looking for employment or have posted your CV or other professional information on a job board or professional networking site, that you are happy for us to collect and use your personal data to provide our services to you and to share that information within our business/supply chain and potential employers. 

During the recruitment process the client may want additional information (such as the results from psychometric evaluations or skills tests) or to confirm your references, qualifications and criminal record, where appropriate and in accordance with local laws. We may also need to use your personal information for internal administrative purposes, such as contract administration, payroll and invoicing. We also have our own obligations under law, and we may be required to share your data in connection with those legal requirements.

Where we are required by law to obtain your consent to the processing of your personal data, we will obtain it. 

A full statement of our legitimate interest may be found here.

Client contacts and other third parties involved in the supply of resourcing services (e.g. umbrella companies and personal service companies, suppliers and partners) 

We collect, store and use your name and contact details for our legitimate interests, so that we can:

  • send you the details about our Services; and
  • maintain our business relationship with you. 

This allows you to be contacted to receive and administer any Services which you or your organisation has requested.  The exchange of personal data is an essential part of what we do as a business and, as such, it is in our legitimate interests to process your data for such purpose.

In the case of contacts at umbrella companies and personal service companies this allows you to be contacted to receive, on behalf of your employer, details of current and future assignments, related timesheet data and payment details. 

We do not believe that this storage and use of your personal information will unduly prejudice your rights or freedoms.

All users of the Site and our Services

We collect, store and use your personal information for the following purposes:

  • to make the Site available to you; and
  • to provide any Services that you request.

Sometimes, our use of your personal information is for purposes which are ancillary to the provision of the Site and then Services, or which are desirable to make them to operate more effectively.  In those circumstances, we believe we have a legitimate interest in handling your personal information, and do not believe that this storage and use of your personal information will unduly prejudice your rights or freedoms.


How do we share your personal information and who do we share it with?

Your personal data provided to us is processed by Crimson Limited. We will ensure that:

  • access to your personal data is restricted to staff who are required to process such data as part of their job;
  • only necessary information is released to the relevant employees;
  • we seek your consent before sharing your details with any prospective employer, user of your services, supplier or partner
  • Referees: unless you specify otherwise, we may share your information with any of our group companies and client(s) in relation to whose vacancy your reference was given.

We will disclose information under the following circumstances:

Service and Site usage information: When we share anonymous information generated by our Services with our clients.

Third-party service providers: When we share information with third-party service companies for them to facilitate and support us in the provision of the Services. This includes:

  • IT support service providers;
  • providers of credit reference, vetting and screening services;
  • payment processors and software providers;

These organisations are appointed by Crimson as data processors and authorised to use your personal information only as necessary to provide the relevant services to us. These organisations are required to process such information based on our instructions and in accordance with this Privacy Statement. They do not have any independent right to share this information.

Group companies: We provide your personal information to our subsidiaries or affiliated companies for the purpose of processing personal information on our behalf to provide the Site and the Services. These parties are required to process such information based on our instructions and in accordance with this Privacy Statement. They do not have any independent right to share this information. 

Compliance with laws and legal proceedings: When we respond to court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. When we believe it is necessary to share information in order to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.

Merger or acquisition: When we need to transfer information about you if we are acquired by or merged with another company.  If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified by email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Recruitment and resourcing services: When we are using your personal information in the context of our recruitment and resourcing services, then we may share your personal information with clients where we believe that you may be appropriate for a particular role or vacancy with that client.  

Umbrella companies and personal service companies:  When you inform us that you are supplying or intend to supply your services via Crimson to a client through an umbrella company or personal service company.

Recruitment Process Outsourcing and Managed Service Providers:  In certain cases, there may be an organisation such as a managed service provider acting as a gateway for the supply of Services made via Crimson to the hirer.  Where this is the case, we will share your information with such organisations to the extent that it is necessary for the purposes of the supply.

Where personal information is shared with clients, hirers, umbrella companies, personal services companies or managed service providers in the circumstances described above, then those organisations will handle your personal information in line with their own privacy policies.


International transfers

We want to make sure that your data is stored and transferred in a way which is secure. We will only transfer data outside of the European economic area where the recipient is compliant with the data protection legislation and the means of transfer provides approved safeguards. These will include contractual clauses, the EU – US privacy shield framework, or where the country concerned has been found adequate by the European commission in respect to the levels of data protection.

As a business, we transfer personal data between our EU and UK entities, including storing EU data subjects’ personal data on UK servers. In preparation for the UK exiting the EU we have implemented standard contractual clauses between our EU and UK entities to provide appropriate safeguards for data transfers from the EU to the UK. Your personal data will be processed to the same high standards, as Crimson implements the GDPR across all its EU and UK entities.

We may send your information between Crimson’s parent company/group companies which may exist outside of Europe, to overseas clients or to clients within your country who may in turn transfer your data internationally.

Your information/data may be stored on cloud-based storage for parts of our overall business process.

Please be aware that countries which are outside the European Economic Area may not offer the same level of legal protection for your personal information as under EU law, although any collection, storage and use of your personal data by us (or on our behalf) will continue to be governed by this Privacy Statement.


Personal information, cookies and websites

Our website may offer you the opportunity to pass your personal information to us in relation to a particular role which is of interest to you. This information may be routed through one of our 3rd party suppliers before it is delivered electronically to us. All our 3rd party suppliers have been vetted to ensure that they will meet our own privacy and security standards in the collection and processing of your personal information.

Our website may also link or direct you to other websites or external content which are not within our control. Links to other websites may be provided for your convenience and information. While we will use our best endeavour to ensure that we link or direct you only to websites that share our privacy and security standards, we are not in the position to guarantee the same and we will not be responsible for the protection and privacy of any personal data which you provide on those websites. These sites have their own privacy statement in place, and we recommend you review these if you visit any linked website. You should therefore exercise caution including reviewing the Privacy Statement of those websites before disclosing any personal data.

Technologies such as cookies, beacons, tags and scripts are used by us and our affiliates, or analytics or service providers. These technologies are used in analysing trends, administering the Site, tracking users’ movements around the Site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies, for example, to remember users’ settings (e.g. language preference) and for authentication. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Site, but your ability to use some features or areas of our Site may be limited.

See Appendix 4 for further information on cookie usage.


How we safeguard your personal data

Crimson is passionate about protecting your information. To this end we have put in place appropriate measures that are designed to prevent unauthorised access to and misuse of your personal data. These include measures to deal with any suspected data breach. If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately by emailing GDPR@Crimson.co.uk

Your information is held on servers hosted by us or our Internet Services Provider. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

Data retention

The period for which data is retained in each circumstance is determined by the balanced interests of the company and the data subjects concerned. If personal data needs to be retained to fulfil the documented business interests of the company, and that interest would align with the interests of the data subject, then we will continue to retain for a reasonable period.

However, we do not keep data for any longer than is necessary. For most people where we have limited contact it will be for a maximum of two years from the date of last contact with us. Where we have engaged with you more extensively, for instance we have worked with you as client, or interviewed / placed you as a candidate, we may retain data longer.

We will delete personal data after that time except where we need to keep any personal information to comply with our contractual (i.e. reporting requirements) or other legal obligations, resolve disputes, or enforce our agreements.

For more information on our data retention policy please contact GDPR@crimson.co.uk


Your rights, complaints, questions and suggestions

You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at GDPR@Crimson.co.uk at any time.

See Appendix 5 for further information.

Crimson tries to meet the highest standards when collecting and using personal information. We take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. 

If you wish to complain about this policy or any of the procedures set out within, please contact our Data Protection Officer via J.Emery@Crimson.co.uk. You can also seek a remedy through local courts if you believe your rights have been breached.

EU Supervisory Authorities

Crimson’s parent company, Harvey Nash has appointed a representative in the EU, based at its Netherlands business. To contact this individual about your rights or any concerns you have about processing being carried out in the EU, please email GDPR@Crimson.co.uk.

You may make a complaint to any supervisory authority for data protection matters in the EU. Crimson is registered as a data controller with the Information Commissioner’s Office in the UK, but also operates across the EU where other supervisory authorities operate.


Marketing activities

Periodically we may send you information that we think you will find interesting or to ask for your expertise in completing a survey. We may also send you information to:

  • market our full range of services
  • send you details of networking and client events and information about the industry sectors we think may be of interest to you.
  • Subject to any applicable local laws and requirements we will not, as a matter of course, seek your consent when sending marketing materials relating to the above but we will always give you the option to unsubscribe of any such mails.

Where we have previously engaged with you, you will have the right to withdraw such permission at any time.  Please email GDPR@Crimson.co.uk (as per agreed email address) or email via our website, www.crimson.co.uk


Profiling, Anonymous data & Third-party sites

Profiling:

Crimson does not utilise any form of automated profiling currently. All our recruitment activities involve human decision-making during the process. This may change in the future if we implement automated technologies or machine learning, but we will only do so where appropriate and in accordance with local laws and regulations.  Any changes to this policy will be notified as set out below.

Anonymous data:

We collect anonymised details about visitors to our website for the purposes of aggregate statistics or reporting purposes.  However, no single individual will be identifiable from the anonymised details we collect for these purposes.

Third party sites:

This website contains links to other websites operated by third parties.  Please note that this Privacy Statement applies only to the personal information that we collect through the Site or the Services, and we cannot be responsible for personal information that third parties may collect, store and use through their website.  You should always read the Privacy Statement of each website you visit carefully.


Appendix 1

We may collect personal data when:

  • you access and browse the Site (including when you submit personal information to us through data entry fields on the Site); or
  • you respond to an advert posted by us whether via a job board, LinkedIn or other social networking site; or
  • we download details uploaded by you onto a job board, LinkedIn or other social networking site in relation to a vacancy we are seeking to fill for one of our clients; or
  • we download details uploaded by you onto a job board, LinkedIn or other social networking site in connection with our internal market research; or
  • you contact us by phone, email or otherwise; or
  • we provide Services to you or to an actual or a potential hirer of your services; or
  • we contact you with a view to providing Services to you; or
  • we provide on-boarding services to a hirer of your services,
  • we may collect the following information from or about you:
  • your name;
  • your postal address;
  • your phone and e-mail details;
  • your bank details
  • a copy of your passport details including your passport photograph;
  • your current and previous employment/work details, including job title and employer;
  • recruitment-specific details such as any professional certifications, education and qualifications, skills, career history, salary range, right to work status, citizenship, referee details and any other information relevant or required by law to enable us to provide the Services;
  • any other information which you include in your CV or a completed application form;
  • any information which has been published or made available on a social media profile or job board (whether by you or a third party), or in any news media;
  • details of your umbrella company or personal service company;
  • the contract for services we hold with your umbrella company or personal service company relating to the work you do or will do for our client, including timesheet data and charge rates relating to the work you perform under that contract;
  • details of your referees and emergency contacts
  • references from third parties such as previous employers and nominated referees;
  • the results of pre-employment screening or vetting checks which we are asked or required to undertake in relation to you (including the results of any Disclosure and Barring checks and any information you provide relating to current and/or spent criminal convictions carried out on behalf of the hirer during the on boarding process);
  • any e mail communications, including attachments, which you send to us
  • the results of right to work checks.

You can update your CV or personal data at any time by forwarding a copy to info@crimson.co.uk.


Appendix 2

We collect, store and use information that we obtain in relation to you for our legitimate interests:

  • so that we can contact you (via email, SMS or phone) about opportunities, services and assignments that we believe you may be interested in;
  • to help us to provide suitable candidates and consultants for our clients who engage us to assist them fulfil their recruitment and resourcing requirements;
  • to provide a channel through which you may submit your CV for general applications, to apply for specific jobs or to subscribe to our job alerts;
  • to match your details with vacancies, to assist us in finding a position that is most suitable for you and to send your information to clients for potential jobs. Please note that we will always obtain verbal or written consent before presenting your personal details to a client.
  • to enter into contracts which are necessary for your service to be supplied or made available to a hirer;
  • to provide recruitment-related support;
  • to carry out market research for our internal use;
  • to develop an industry-relevant database of candidates and clients to help meet our clients’ resourcing requirements and connect candidates with work opportunities;
  • for internal record keeping purposes;
  • to carry out services that we, you or our client have requested including work-related references, qualifications and criminal references checking services, verification of the details you have provided from third party sources, psychometric evaluations or skills tests. 

This storage and use of your personal information allows you to be contacted about all of Crimson’s service offerings which may be of interest to you, now or in the future, and we do not believe that this storage and use will unduly prejudice your rights or freedoms.

We will store and use your personal information in order to comply with relevant legal obligations to which Crimson is subject, including carrying out:

  • verification of your identity to comply with The Conduct of Employment Agencies and Employment Businesses Regulations 2003;
  • right to work checks to comply with relevant immigration legislation;
  • In other, relatively limited circumstances, we will carry out further relevant background checks as may be requested by our client.  In these circumstances we will be acting on behalf of our client and the handling of your personal data will be governed by the client’s Privacy Statement.

Where you are successful in securing temporary assignment work with one of our clients we will store and use your personal information for the purposes of completing and administering contracts with your chosen personal service company or umbrella company and for processing payment to such company in respect of services you have performed for our client.  Such processing will be for our legitimate interests so that we can provide Services to you and our client.  We do not believe that this storage and use of your personal information will unduly prejudice your rights or freedoms. 

Such processing will also be necessary for the performance of a contract to which you are party (i.e. your contract with the umbrella company or your personal service company relating to the supply of assignment services) and/or in order to take steps prior to you entering into such contract.

If our client requires us to collect, store and use your health data and/or any Disclosure and Barring Checks we will, on our client’s behalf, seek your consent to processing such data.  You can withdraw your consent at any stage, but this may prevent us from being able to deliver our recruitment services to you.


Appendix 3

The relevant circumstances are:

  • detecting and preventing fraud;
  • keeping our Site, apps, products and IT systems secure;
  • ensuring that our own processes, procedures and systems are as efficient as possible;
  • analysing and enhancing the information that we collect;
  • determining the effectiveness of our promotional campaigns and advertising; and
  • contacting you with products and services which we think may interest you.
  • In some, relatively limited, circumstances we need to handle your personal information in a certain way to be able to comply with our legal obligations.  For example, if we:
    • are requested to disclose your personal information to regulatory bodies;
    • need to demonstrate our compliance with applicable law;
    • are subject to any enquiry from the Employment Agencies Standards Inspectorate or HMRC.

Appendix 4

A cookie (small text files that store information on your hard drive) may be used in the processing of your personal data. A copy of this text file is sent to your computer and/or device whenever it communicates with our server. Cookies help us to understand which sections of our websites are frequently visited. With this information we can adapt our website to suit your demands and provide you with a more customised and personalised user experience. We may collect the following information during your visit to our website and/or the fully qualified domain name from which you accessed our site, or alternatively, your IP address:

  • the date and time you access each page of our website
  • the URL of any web page from which you accessed our site (the referrer)
  • the web browser that you are using and the pages you accessed.

Some webpages may require you to provide a limited amount of personal information in order to enjoy certain services on a website (system login credentials, email addresses and contact information). This personal information will only be used for its intended purpose, i.e. to respond to your message or deliver the requested services. You may configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent.


Appendix 5

You have the right to request that we:

  • provide access to any personal information we hold about you;
  • update any of your personal information which is out of date or incorrect;
  • delete any personal information which we are holding about you;
  • restrict the way that we process your personal information;
  • prevent the processing of your personal information for direct-marketing purposes;
  • provide your personal information to a third-party provider of services;
  • provide you with a copy of any personal information which we hold about you; or
  • consider any valid objections which you have to our use of your personal information.

We will consider all such requests and provide our response within a reasonable period (and in any event within any time period required by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances.  

If an exception applies, we will tell you this when responding to your request.  We may request you provide us with information necessary to confirm your identity before responding to any request you make.  

You may request to unsubscribe from job alerts and marketing material at any time. If you wish to contact us with respect to the above matters, please email us at GDPR@Crimson.co.uk