Henrok Consulting LLP takes your privacy rights seriously and is committed to respecting your privacy. This policy describes the data Henrok (“we”) collect from and about you, the basis on which we will process it and how we will treat it.

Henrok Consulting LLP is the data controller for purposes of the Data Protection Act 1998 and any successor statute, EU General Data Protections Regulation (GDPR), tailored by the Data Protection Act 2018.

This policy applies to all information provided by or about candidates, prospective candidates, clients and prospective clients. All partners and employees of Henrok are required to comply with this policy and their party providers to Henrok are required to confirm they comply with the provisions contained herein.

Information we collect about you
 

We will automatically collect the following information about you when you engage with us via our website (www.henrokconsulting.com), via phone or text conversations, via email or in person at our offices or third party sites or when third parties provide information about you:

 

• Name, address, location, date of birth, gender, education, work history, compensation, performance and capability assessments, phone/email/social media contact details, formal and informal reference, and information freely available online or otherwise collected by our research including profile pictures sourced online

• Technical information relating to your use of our website, including but not limited to IP address, URL, clickstream to, from and through our website

• CV, biography, training and development information, psychometric assessments and candidate reports created by us

• Sensitive personal data, such as family status, ethnic origin, identification documents, credit, criminal record and social media checks that you explicitly provide to us during interview or give us permission to collect

How we will process your personal data

The personal data listed above is obtained, recorded, retained indefinitely, used, disclosed and transferred within the EEA on the basis of legitimate business interest. Executive candidate reports and reports containing sensitive personal data will only be shared with third party clients with the explicit consent of candidates.

 

The processing of this data is critical to Henrok’s ability to assess candidates’ abilities and their respective progression and is critical in the discharge of our legitimate business interests. This data may be transferred to Henrok employees and a third party client, for instance where you may wish to be employed or from which you are receiving services pursuant to your engagement with Henrok, such as business travel arranged for you by us and our third party suppliers.

Your rights

​

We will process your data in line with your rights under the aforenamed statues and regulations. Accordingly, you have the right to:

 

1. Confirmation your data is being processed and request access to your personal data. In response, we will provide you with a copy of the personal data we hold on you. When you make such as request in writing, we will provide you with you data within three weeks

2. Request corrections to be made to any personal data we hold about you that is inaccurate or incomplete. You may ask us to suspend processing your personal data until you have established its accuracy

3. Request that your personal data is destroyed/deleted where there is no legitimate reason for us to continue processing it or where you have objected to us processing your personal data on the basis of legitimate interest

4. Request the transfer of personal data to another party.

 

We will only transfer your personal data outside the EEA if one of the following conditions is satisfied:

​

1. The European Commission has issued a decision confirming the country to which we transfer the data ensures an adequate level of protection for your rights and freedoms; or

2. The transfer is necessary for one of the other reasons in the GDPR and in some instances, for our legitimate interest; or

3. We have relied on Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) to ensure adequate protection and you have provided explicit consent to the transfer after being made aware of the potential risks.

 

Data breaches

​

In the event of a data breach about which we become aware, we will report the details of the breach to the Data Commissioners Office and any individual(s) and client(s) affected within 72 hours, where feasible or as soon thereafter as possible.

Contacting us in relation to your privacy rights

 

You can write to us to exercise your rights over the personal data we hold about you at any time by emailing privacy@henrokconsulting.com.

 

You can write to us with questions or comments about this policy by emailing privacy@henrokconsulting.com.

 

We reserve the right to make changes to our privacy policy in future. Where we do so, the updated policy with be posted on our website and we may notify you by email.