Who are we?
We are a global executive search firm with offices in Hong Kong, Singapore and the United Kingdom. We provide retained and contingent recruitment services, and related work, to investment banks, financial services firms and commodity houses. This policy covers the following legal entities:
Pemberton Stewart International Limited
Pemberton Stewart (Singapore) Pte Limited
Pemberton Stewart UK Limited
Purpose for Collecting Your Data
Our purpose for collecting data is to be able to find suitable candidates for recruitment needs. Personal data collected enables us to best match candidate skill sets with client requirements. We have taken appropriate measures to ensure that client and candidate data is securely processed and is only used for the legitimate purpose of our recruitment business.
What information is collected?
Candidate: We collect information regarding a candidate’s name, address, identity number, nationality, residential status, phone number, social media links, email address, curriculum vitae, employment history, educational background, residential status and references in connection with their consideration for a role with a client. When necessary, with prior consent, we will also request compensation details.
Client: For clients, we collect information such as contact details, role and responsibilities within their organization, relevant team structures, detail about mandates they wish us to work on, any contractual agreements, feedback on candidates and details of any recruitment plans.
Who is collecting it?
Our consultants will be collecting the data. They will give you an opportunity to provide your explicit consent for sharing this data with us over email. The record of this consent will be maintained in our database.
How is data being collected?
Personal data about the candidate or client can be collected from various sources. It will depend on how the candidate was introduced to us. It can be through direct contact from the candidate, researched through online platforms/databases, or through referrals. Once this information is obtained, they will be contacted to confirm their interest in the opportunity or a certain candidate profile, following which a formal written consent will be requested. Once this is received, this information will be processed and stored in our database.
How is it used?
The data collected is used to find suitable opportunities with our clients and assess candidate eligibility throughout the various stages of the recruitment process.
Who will it be shared with?
Candidate data is shared with our clients such as investment banks, financial services firms and commodity houses. We share it with our clients where we a have legitimate purpose to do so i.e. when we are working on a recruitment mandate. Similarly, a client’s data is shared with a candidate once they have demonstrated a legitimate interest in the opportunity.
Where there is a legal requirement, in a specific jurisdiction, an aspect of your data will be shared anonymously.
How long will it be kept?
Your data will be retained in our database so that you can be contacted for future roles. We will keep it for a period of five years. After five years, we will seek your consent again. If you choose not to consent, we will then delete it.
All the personal data is secured in Pemberton Stewart’s database which is hosted on Amazon Web Services (AWS) located in Singapore. Although our database server is hosted outside European Union (EU), it is General Data Privacy Regulation (GDPR) Compliant.
AWS is compliant with the following Industry Standard Accreditations:
1. SAS70 Type II – Detailed Service Auditor Report
2. PCI DSS Level 1 – PCI Data Security Standard
3. ISO 27001 – Certification for Security Management System
4. FISMA – Government Agency’s standard for Federal Information Security Management Act.
Your data is securely maintained in our recruitment database which is password protected and is only accessible to relevant company staff. All employees of Pemberton Stewart sign employment contracts that contain robust confidentiality clauses. We also conduct quarterly Privacy Impact Assessments (PIAs) to ensure that our clients and candidates data is safe within our database servers. If there is any breach, we have processes in place that can help us identify it and we can inform the relevant clients and candidates within 48 hours.
Transfer outside EU
Candidate and Client’s rights
You have certain rights regarding how your personal information is handled and our data processing procedures ensure that you can exercise them. Please be assured that we will only maintain the record of the data for which you have provided explicit consent over email. You can request your data to be updated or deleted from our database by emailing us anytime. You can also request to obtain a copy of your record. Please note that if you request us not to process your data, we will not be able to represent you for any future opportunities. Also note, we do not do any automatic profiling. All decisions are made based on human interaction. If you have any other concerns or questions regarding how we store your data and process it, please contact us at firstname.lastname@example.org.