Privacy Policy
Comanos Consulting Ltd (Comanos) (“We, our, us") is committed to respecting your privacy as a leading recruiter within the renewable energy sector.
References to we, our or us in this privacy notice are to the Cobalt Consulting Group (being Cobalt Consulting Holdings Limited), and each of its direct and indirect subsidiaries, trading under the "Cobalt Consulting" brand. Details of our main trading entities are as follows:
Comanos Consulting Ltd is a limited company incorporated in England and Wales. Registered Number: 15323378. Registered Office: 7-10 Chandos Street, London, W1G 9DQ
Comanos GmbH is a limited company incorporated in Germany. Registered Number: HRH 37452 P Registered Office: Dortustraße 40, 14467 Potsdam
Cobalt Consulting (UK) Limited is a limited company incorporated in England and Wales. Registered Number: 04287243. Registered Office: 7 - 10 Chandos Street, London, W1G 9DQ.
Cobalt Deutschland GmbH is a limited company incorporated in Germany. Registered Number: HRB 133362 B. Registered Office: Uhlandstrasse 187,10623 Berlin, Germany.
Cobalt Consulting, Inc. is a Corporation registered in Delaware, US. DOS ID: 5687313. Office: 21W. 46th Street, Suite 905, New York, 10036, USA.
- For renewable energy
- Our London and Manchester offices operate through Comanos Consulting Ltd
- Our Bremen, Hamburg and Potsdam offices operate through Comanos GmbH
- For real estate and construction
- Our London and Manchester offices operate through Cobalt Consulting (UK) Limited;
- Our Berlin, Hamburg, Düsseldorf, Munich, Stuttgart and Frankfurt offices operate through Cobalt Deutschland GmbH.
- Our New York office operates through Cobalt Consulting, Inc.
We want to make sure all the personal information we have collected about you is safe and secure whether we collect it through our websites at www.comanos.co.uk, www.comanos.de, www.cobaltrecruitment.co.uk, www.cobaltrecruitment.de or www.cobaltrecruitment.com (“Sites”) or from other sources. This Policy sets out our commitments to you, in compliance with and beyond the General Data Protection Regulation (commonly known as the GDPR) and explains how we collect, store and use your personal information.
Privacy Notices
Collecting specific, relevant personal information is a necessary part of us being able to provide you with any services or products you may request from us or in providing services or products to our clients, providing you with information you have requested or just managing our relationship with you, whoever you are.
When we hold or use your personal information as a data controller or controller (see below for a description of what this is) we will provide you with a privacy notice which sets out in detail what information we hold about you (such as your contact details, address, etc.), how your personal information may be used and the reasons for these uses, together with details of your rights.
Where we collect personal information from you directly, we will provide this privacy notice at the time we collect the personal information from you. Where we receive your personal information indirectly, we will provide this privacy notice when we first contact you, first pass the data to someone else or within a month, whichever is the earlier.
We will only provide this privacy notice to you once, generally at the start of our relationship with you. However, if the applicable privacy notice is updated substantially, then we may provide you with details of the updated version. You are encouraged to check back regularly for updates.
Copies of our current privacy notices can be found below:
- Privacy Notice for candidates based in the UK or EU for UK roles.
- Privacy Notice for all candidates who live in Germany, who are working with our German offices can be found here.
- Candidates in any other locations are advised to read the Privacy Notice for those not covered by a specific privacy notice, as whilst not being legally required it does demonstrate our commitment to data protection.
- Privacy Notice for internal applicants based in the UK or EU for UK roles.
- Privacy notice for everyone else based in the EU or UK who is external to our organisation such as individuals who work with one of our clients or suppliers or where you use our Sites should refer to the Privacy Notice for those not covered by a specific privacy notice.
Please note that it is possible for you to be covered by more than one privacy notice.
The difference between data controllers/processors
A data controller or controller is a person who controls how personal information is processed and used. Data controller or controller are two terms that mean the same thing. A data processor is a person who processes and uses personal information in accordance with the instructions of a third party, i.e. the data controller or controller.
This distinction is important. You have certain rights in relation to your personal information, for example, the right to be provided with the personal information held about you and details of its use and the right to have certain of your personal information either erased or anonymised, commonly referred to as the right to be forgotten (see below to see what rights you have). These rights can generally only be exercised against a controller of your information.
In most cases we will be a controller of your personal information. In any case where we are not a controller, this means that you cannot exercise these rights against us directly (i.e. where we only act as a data processor), but you can do so against the controller (i.e. the person who controls how we process the personal information). In these cases we will endeavour to inform you who is the controller of your personal information so that you can direct any such requests to them.
Also it is only a controller that will provide you with a privacy notice about your personal information, so where we process your personal information as a controller we will provide you with a privacy notice. Where we process your personal information as a data processor for a third party, that third party should provide you with a privacy notice which will set out details regarding the processing of your personal information, which should also include the processing to be carried out by us on their behalf.
How do we use your personal information?
Where we are a controller we will use your personal information as described in the privacy notice provided to you, but, for example, we may use your personal information to perform a service for you or to send you information we think you might find useful, provided you have indicated that you are happy to be contacted for these purposes. To see how we use your personal information as a controller, please see our current privacy notices, which can be accessed below:
- Privacy Notice for candidates based in the UK or EU for UK roles.
- Privacy Notice for all candidates who live in Germany, who are working with our German offices can be found here.
- Candidates in any other locations are advised to read the Privacy Notice for those not covered by a specific privacy notice, as whilst not being legally required it does demonstrate our commitment to data protection.
- Privacy Notice for internal applicants based in the UK or EU for UK roles.
- Privacy notice for everyone else based in the EU or UK who is external to our organisation such as individuals who work with one of our clients or suppliers or where you use our Sites should refer to the Privacy Notice for those not covered by a specific privacy notice.
Customer testimonials and comments
If we post customer testimonials and comments on our website, which may contain personal data, we obtain each customer's consent via email prior to posting the customer's name and testimonial.
Who do we share your personal information with?
Details of how we disclose your personal information are set out in the relevant privacy notice provided to you, but generally, it is where we need to do so in order to run our organisation (e.g. where other people process information for us). In such circumstances, we will put in place arrangements to protect your personal information. Outside of that, we do not disclose your personal information unless we are required to do so by law.
We do not sell, trade or rent your personal information to others.
How long we do hold on to your personal information?
Further details of how long we hold onto your personal information for are set out in the relevant privacy notice provided to you, but we will only hold your information for as long as is necessary or where you ask us to delete records, we may delete it earlier.
The duration for which we retain your personal information will differ depending on the type of information and the reason why it was collected. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained for at least six years in accordance with usual commercial practice and regulatory requirements.
What are your rights?
Full details of your rights set out in the relevant privacy notice provided to you, but you are entitled by law to ask for a copy of your personal information at any time. You are also entitled to ask us to correct, delete or update your personal information, to send your personal information to you or another organisation and to object to automated decision making. Where you have given us your consent to use your personal information in a particular manner, you also have the right to withdraw this consent at any time.
To exercise any of your rights, or if you have any questions relating to your rights, please contact us by using the details set out in the "Contact" section below. You can also unsubscribe from any direct marketing by clicking on the unsubscribe link in the marketing messages we send to you.
You should note that some of your rights may not apply as they have specific requirements and exemptions which apply to them and they may not also apply to personal information recorded and stored by us. However, your right to withdraw consent or object to processing for direct marketing are absolute rights.
If you are unhappy with the way we are using your personal information you can complain to the UK Information Commissioner’s Office or your local data protection regulator. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/. However, we are here to help and would encourage you to contact us to resolve your complaint first.
1. Use of cookies
We use cookies on our website to personalise content and ads, to be able to offer social media functions and to analyse traffic to our website. Cookies make it possible to provide a user-friendly service that would not be possible without cookie setting.
Cookies are small data sets that are stored on a computer system (computer, tablet computer, smartphone) via an internet browser and kept for later retrieval.
The setting of cookies without consent is only permitted by law if the cookies are technically absolutely necessary for a service expressly requested by the site visitor. This means that cookies categorized as necessary/strictly necessary are processed on the basis of Art. 6 para. 1 lit. GDPR. We require your consent for all other cookies (Art. 6 para. 1 lit. a GDPR).
Please note that some cookies are set by third parties.
a) Cookies used
When you visit our website for the first time, our cookie banner (Cookiebot by Usercentrics) shows you the cookies used divided into different categories - Necessary, Preferences, Statistics, Marketing and Unclassified.
Necessary cookies are those that are strictly necessary. These help to make our website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies. We do not require consent for the use of these strictly necessary cookies.
Preference cookies allow a website to remember information that affects the way a website behaves or looks, such as: Your preferred language or the region you are in. You can opt in or opt-out of these cookies through our cookie banner.
Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously. You can opt in or opt-out of these cookies through our cookie banner.
Marketing cookies are used to follow visitors around websites. The intent is to show ads that are relevant and engaging to the individual visitor/user and therefore more valuable to publishers and third-party advertisers. You can opt in or opt-out of these cookies through our cookie banner.
Unclassified cookies are cookies that we are currently trying to classify, along with providers of individual cookies.
Each individual cookie is given to you by name, provider, purpose, expiration and type.
You can change your consent to cookies at any time for the future. To do this, please click on the bracket symbol at the bottom left of our website.
Further cookies can be set via third-party plug-ins. For more information, see 2. Use of third-party providers and social plugins.
b) Disabling cookies
You decide whether to accept or reject cookies that are not strictly necessary. When you visit our website for the first time, you can use our cookie banner to select and save your cookie preferences. You can change or revoke your settings at any time for the future by clicking on the bracket symbol at the bottom left of our website.
You can prevent the setting/storage of cookies at any time by means of the appropriate settings of the Internet browser you are using and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. If you deactivate the setting of cookies in your internet browser, you may not be able to fully use all functions of our website. Further details on how to disable cookies can be found under https://allaboutcookies.org/.
2. Use of third-party tools and social plugins
On our website, social plugins of social/professional networks (marked with the corresponding logo) of the service providers listed below are used, as well as other third-party tools. Third-party providers have been carefully selected by us and in accordance with the provisions of the GDPR. Where it is necessary to conclude order processing agreements, these have been concluded.
Under certain circumstances, information, which may include personal data, may be sent to the respective third-party service provider via plugins and, if necessary, used by them. We prevent the unconscious and unwanted collection and transmission of data to the service provider through a 2-click solution. To activate a desired social plugin, it must first be activated by clicking on the corresponding button. Only through this activation is a possible collection of information and its transmission to the service provider triggered. We do not collect any personal data ourselves by means of the social plugins or through their use.
If you are a member of one of the named networks and are logged in there while visiting our website, the corresponding service provider assigns this information to your personal user account. If you interact with one of the plugins, e.g. by clicking on one of the buttons, this information will be transmitted directly to the respective service provider via your browser and stored there in your respective personal user account. The information you share from our website will be transmitted to the relevant service provider.
We have no influence on what data an activated plugin collects and how it is used by the service provider. Currently, it must be assumed that a direct connection to the provider's services is established and that at least the IP address and device-related information are collected and used. There is also the possibility that the service providers try to store cookies on the computer used. For more information on the specific data collected and how it is used, please refer to the privacy policy of the respective service provider.
a) Use of Google
Our website uses a number of Google services, all of which are operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin 4, Ireland and are referred to below.
As part of the processing, it is possible that data may also be transmitted to the following recipients:
- Google LLC.
- Alphabet Inc.
Both located in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google's privacy policy can be found at Privacy Policy – Privacy & Terms – Google
As part of the processing by Google, data may be transferred to the USA. The European Commission has approved the use of so-called adequacy decisions as an appropriate means of ensuring an adequate level of protection when transferring data outside the EEA.
For more information, see A guide to international transfers | ICO, as well as Data Protection Law Compliance - Business Data Responsibility (safety.google) and Data protection adequacy for non-EU countries (europa.eu)
If a data transfer is not covered by an adequacy decision, standard contractual clauses may continue to apply. The standard contractual clauses issued by the European Commission can be found at Implementing decision - 2021/914 - EN - EUR-Lex (europa.eu)
In addition, it should be said that Google LLC. is DPF (Data Privacy Framework) certified. The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, see Data Privacy Framework
i) Google Analytics
Our website uses Google Analytics, a website analysis service, which makes it possible to draw conclusions about the user behaviour of our website by setting cookies.
The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on our website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf (we have concluded an order data agreement with Google), Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide other services related to website and internet use to us as a website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.
With the help of Google Analytics, the following data is collected and processed:
- IP address (anonymized)
- Usage
- Click path
- App updates
- Browser Information
- Device Information
- JavaScript-Support
- Pages visited
- Referrer URL
- Downloads
- Flash-Version
- Location information
- Widget Interactions
- Date and time of the visit
You can prevent the storage of cookies by setting your browser software accordingly. Please note, however, that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: Google Analytics Opt-out Browser Add-on Download Page
For more information, see Safeguarding your data - Analytics Help (google.com)
The data processing is carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. a GDPR (consent) and with the intention of being able to continuously adapt and optimize the evaluation of website usage on the basis of evaluations.
ii) Use of Google Maps
To display maps of the surrounding area, we use content from Google Maps, an online map service of Google LLC, on our website.
Through your use of the area maps, Google receives the information that you are accessing this page of our website.
With the help of Google Maps, the following data is collected and processed:
- IP-Address
- Location information
- Usage
- Date and time of the visit
- URLs
The data is transmitted regardless of whether you are logged into a Google user account or do not have one. If you are logged into a Google user account, this data will be assigned directly to your account. Log out of your Google user account if you do not want an assignment.
The data processing is carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. a GDPR (consent) and with the intention of showing you as simply as possible where you can find us and how you can get to us.
b) Use of Facebook
We have integrated components of the company Facebook on our website. Facebook's operating company is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter referred to as "Facebook"), a subsidiary of Meta Platforms Inc. (hereinafter referred to as "Meta"). If a data subject lives outside the USA or Canada, the controller of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Every time you call up a subpage of our website on which a Facebook component (Facebook plug-in) has been integrated, your internet browser is automatically prompted to download a representation of the corresponding Facebook component from Facebook. For a complete overview of all Facebook plug-ins, see Social Plugins (facebook.com). As part of this technical process, Facebook receives information about which specific subpage of our website you are visiting.
If you are logged in to Facebook at the same time, Facebook will recognise which specific subpage you are visiting every time you visit our website and for the entire duration of your stay. This takes place regardless of whether you click on the Facebook component or not.
The information about your use of our website is collected by the Facebook component and assigned to the respective Facebook account by Facebook. If you press one of the Facebook buttons integrated into our website, such as the "Like" button, or submit a comment, Facebook will assign this information to your personal Facebook user account and store this personal data.
If you do not want such a transmission to be made, you can prevent this transmission by logging out of your Facebook account before accessing our website.
Facebook's published data policy, which can be accessed at Meta Privacy Policy – How Meta collects and uses user data | Privacy Centre | Manage your privacy on Facebook, Instagram and Messenger | Facebook Privacy, provides information on the collection, processing and use of personal data by Facebook.
As part of the processing, data may be transferred to the USA. The European Commission has approved the use of so-called adequacy decisions as an appropriate means of ensuring an adequate level of protection when transferring data outside the EEA.
For more information, see https://www.facebook.com/legal/EU_data_transfer_addendum/
If a data transfer is not covered by an adequacy decision, standard contractual clauses may continue to apply. The standard contractual clauses issued by the European Commission can be found at Implementing decision - 2021/914 - EN - EUR-Lex (europa.eu)
In addition, it should be said that Meta Platforms, Inc. is DPF (Data Privacy Framework) certified. The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, see Data Privacy Framework
The data processing is carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. a GDPR (consent) and with the intention of being able to offer you a simple interface to the Facebook social network.
c) Use of Instagram
We have integrated components of the company Instagram on our website. The operating company of instagram.com is or is represented by Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.
Further information on Facebook can be found under Section 2b) and under Meta Privacy Policy – How Meta collects and uses user data | Privacy Centre | Manage your privacy on Facebook, Instagram and Messenger | Facebook Privacy and Privacy settings and information | Instagram Help Centre.
The data processing is carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. a GDPR (consent) and with the intention of being able to offer you a simple interface to the Instagram social network.
d) Use of LinkedIn
We have integrated components of the company LinkedIn on our website. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court. Mountain View, CA 94043, USA (hereinafter referred to as "LinkedIn"). If a data subject lives outside the USA or Canada, the controller of personal data is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter also referred to as "LinkedIn for short").
The cookies used in this case enable LinkedIn to recognise you as a visitor to our website within the LinkedIn network.
You can prevent the storage of cookies by setting your browser software accordingly. Please note, however, that in this case you may not be able to use all the functions of our website to their full extent. You can also object to advertising by LinkedIn based on your usage behaviour at any time. You can find out more under Cookie Table (linkedin.com) and LinkedIn Privacy Policy
For more information, see LinkedIn Data Processing Agreement.
As part of the processing, data may be transferred to the USA. The European Commission has approved the use of so-called adequacy decisions as an appropriate means of ensuring an adequate level of protection when transferring data outside the EEA.
If a data transfer is not covered by an adequacy decision, standard contractual clauses may continue to apply. The standard contractual clauses issued by the European Commission can be found at Implementing decision - 2021/914 - EN - EUR-Lex (europa.eu)
In addition, it should be said that the LinkedIn Corporation is DPF (Data Privacy Framework) certified. The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, see Data Privacy Framework
The data processing is carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. a GDPR (consent) and with the intention of being able to offer you a simple interface to the LinkedIn social network.
e) Using HubSpot
We use the services of the software manufacturer HubSpot on our website. HubSpot is a software company from the USA (HubSpot, Inc.) with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland).
HubSpot is a service platform. The service used is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. This includes, among other things, the analysis of landing pages and reporting. So-called "web beacons" are used and cookies are stored on the end device you are using.
For example, the following personal data may be collected:
- IP address (anonymized)
- Geographical location
- Type of browser
- Duration of the visit
- Pages viewed
The information collected as well as the content of our website is stored on servers of our software partner HubSpot Ireland. We use HubSpot to analyse the use of our website. This allows us to constantly optimize our website and make it more user-friendly. We also use information to determine which services of our company are of interest to customers and newsletter subscribers and to contact them for advertising purposes. In addition, we optimise our website for you with the evaluation.
However, we only use your IP address in an abbreviated version. This means that the IP address of the users is shortened by HubSpot within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
For more information, see HubSpot's Commitment to Protecting EU Data Transfers.
To learn more about how HubSpot works, see HubSpot Privacy Policy and HubSpot Trust Center | Powered by SafeBase.
As part of the processing, data may be transferred to the USA. The European Commission has approved the use of so-called adequacy decisions as an appropriate means of ensuring an adequate level of protection when transferring data outside the EEA.
If a data transfer is not covered by an adequacy decision, standard contractual clauses may continue to apply. The standard contractual clauses issued by the European Commission can be found at Implementing decision - 2021/914 - EN - EUR-Lex (europa.eu).
In addition, HubSpot, Inc is DPF (Data Privacy Framework) certified. The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, see Data Privacy Framework.
Data processing is carried out on the legal basis of Art. 6 (1) (a) GDPR (consent) and with the intention of being able to continuously adapt and optimise website usage on the basis of the evaluations.
f) Microsoft Bookings
We use (on our website) the planning tool Microsoft Bookings. Microsoft Bookings is a service provided by Microsoft Ireland Operations Limited (parent company in the USA Microsoft Corporation), One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft").
The data you enter in the form to book an appointment will be used exclusively for the purpose of contacting you.
In order to make a successful appointment booking, your input data will be passed on to Microsoft. Further information can be found under Microsoft Privacy Statement – Microsoft privacy
As part of the processing, data may be transferred to the USA. The European Commission has approved the use of so-called adequacy decisions as an appropriate means of ensuring an adequate level of protection when transferring data outside the EEA.
If a data transfer is not covered by an adequacy decision, standard contractual clauses may continue to apply. The standard contractual clauses issued by the European Commission can be found at Implementing decision - 2021/914 - EN - EUR-Lex (europa.eu)
In addition, it should be said that the Microsoft Corporation is DPF (Data Privacy Framework) certified. The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, see Data Privacy Framework
The data processing is carried out on the legal basis of Art. 6 (1) (a) GDPR (consent) and with the intention of being able to offer you an efficient appointment booking option.
3. Links to other websites
On our website you will find links to other websites. By clicking on these links (partially marked by the logo of the respective third-party provider), you activate a connection to the respective third-party provider. This could then result in data processing. We have no influence on what data is processed by clicking on links to other websites. Please inform yourself about possible processing of your data in the data protection information of the respective third-party provider.
Changes to this policy
Any changes we may make to this Policy in the future will be posted on our Sites and, where appropriate, notified to you by email. When we change this Policy in a material way, we will update the version date at the bottom of this page. Please check back frequently to see any updates or changes to this Policy and should you object to any alteration, please contact us as set out in the "Contact" section below.
Contact
In the event of any query or complaint in connection with the information we hold about you, please email info@comanos.co.uk or write to us at Data Protection Compliance Manager, 7 - 10 Chandos Street, London, W1G 9DQ.
Whilst this privacy policy sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
Version Date: 21st June 2024
Please note that in accordance with the General Data Protection Regulation (GDPR) this notice shall only apply to you if you are currently in the UK or EU dealing with our UK office.
This privacy notice does not apply to you if are dealing with our German offices. The notice that applies to you can be accessed here.
This notice applies to current and former candidates, who we have either placed into a role on a permanent or temporary basis as a non-PAYE Interim or who have contacted us/we have contacted about a prospective job role. This notice does not form part of any contract to provide services and does not apply to you if you are engaged by us as a PAYE interim.
This privacy notice does not apply to you in your capacity of a client of ours. The notice that applies to our clients is the "Privacy Notice for those not covered by a specific privacy notice" below.
References to we, our or us in this privacy notice are to the Cobalt Consulting Group (being Cobalt Consulting Holdings Limited), and each of its direct and indirect subsidiaries, trading under the "Comanos" brand. Details of our main trading entities are as follows:
Comanos Consulting Ltd is a limited company incorporated in England and Wales. Registered Number: 15323378. Registered Office: 7-10 Chandos Street, London, W1G 9DQ
Comanos GmbH is a limited company incorporated in Germany. Registered Number: HRH 37452 P Registered Office: Dortustraße 40, 14467 Potsdam
Cobalt Consulting (UK) Limited is a limited company incorporated in England and Wales. Registered Number: 04287243. Registered Office: 7 - 10 Chandos Street, London, W1G 9DQ.
Cobalt Deutschland GmbH is a limited company incorporated in Germany. Registered Number: HRB 133362 B. Registered Office: Uhlandstrasse 187,10623 Berlin, Germany.
Cobalt Consulting, Inc. is a Corporation registered in Delaware, US. DOS ID: 5687313. Office: 21W. 46th Street, Suite 905, New York, 10036, USA.
- For renewable energy
- Our London and Manchester offices operate through Comanos Consulting Ltd
- Our Bremen, Hamburg and Potsdam offices operate through Comanos GmbH
- For real estate and construction
- our London and Manchester offices operate through Cobalt Consulting (UK) Limited;
- Our Berlin, Hamburg, Düsseldorf, Munich, Stuttgart and Frankfurt offices operate through Cobalt Deutschland GmbH.
- Our New York office operates through Cobalt Consulting, Inc.
We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we are not required to do so, but our Data Protection Compliance Manager has overall responsibility for data protection compliance in our organisation. Contact details are set out in the "Contacting us" section at the end of this privacy notice.
We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your working relationship with us.
For the purposes of data protection, the company in our Group which is processing your personal information will be the controller of any of your personal information. Your personal data may also be shared between the Group’s offices and associated entities as necessary or appropriate. Don't worry, we've put measures in place to keep your personal data safe whichever entity processes it.
- PERSONAL INFORMATION
In order to support your career aspirations and source new job opportunities for you, you may provide us with or we may obtain personal information about you, such as information regarding your:
- personal contact details such as name, title, addresses, telephone numbers and personal email addresses;
- date of birth;
- gender;
- identification documents such as passport/driving licence details (including copies where we are required to hold such information for identification purposes);
- employment history and location of current workplace, salary, annual leave, pensions and benefits entitlement;
- location of employment or workplace;
- attendance at any events we host or organise;
- records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us;
- recruitment records including references and other information included in a CV, cover letter or as part of the application process) and activities (including information about interviews, jobs applications and offers);
- details about how you use our website e.g. the pages you look at and how you use them, usernames and passwords;
- referee details, next of kin, beneficiaries, details of family members and emergency contacts.
- Where you are engaged by us as a non-PAYE interim, and we provide your services to our clients on a contract/service basis, then additionally we may hold the following additional information: financial details such as bank accounts and details of payment transactions with you;
- national insurance number and other tax or governmental identifiers; and
- work records (including timesheets, working hours, details of any new position, start date, leaving date and remuneration).
- SPECIAL CATEGORIES OF PERSONAL INFORMATION
We generally do not collect the following “special categories” of more sensitive personal information:
- information about your and political opinions;
- information about your trade union memberships;
- information about your health, including any medical condition, health and sickness records, medical records and health professional information and disability information; and
- biometric information about you, for example fingerprints, retina scans.
In relation to the special category personal data that we do process we do so on the basis that:
- the processing is necessary for reasons of substantial public interest, on a lawful basis;
- it is necessary for the establishment, exercise or defence of legal claims;
- it is necessary for the purposes of carrying out the obligations and exercising our or your rights in the field of employment and social security and social protection law; or
- based on your explicit consent.
In the table below, we refer to these as the “special category reasons for processing of your personal data”.
We may also collect criminal records information. For criminal records information in relation to you we process it on the basis of legal obligations or based on your explicit consent.
- WHERE WE COLLECT YOUR INFORMATION
We typically collect personal information about candidates when you fill in forms on or upload a CV onto one of our websites or when you correspond with us by phone, email or otherwise.
We also may collect personal information about candidates through other sources such as LinkedIn, job board websites, online CV libraries, personal recommendations and referrals, hiring platforms and through the use of business development tools.
Where you are an interim worker we may collect additional information from third parties including the client you are working for and any background check agencies.
If you are providing us with details of referees, next of kin, beneficiaries, family members and emergency contacts they have a right to know and to be aware of how what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with those of them whom you feel are sufficiently mature to understand it. They also have the same rights as set out in the “Your rights in relation to personal information” section below.
- USES MADE OF THE INFORMATION
The table below describes the main purposes for which we process your personal information, the categories of your information involved and our lawful basis for being able to do this.
Purpose |
Personal information used |
Lawful basis |
Non-'special categories' of Personal Information |
|
|
To assess your CV and qualifications (where you have provided us with/we have collected your personal information directly from you) |
All your personal information excluding ‘special categories’ of personal information and criminal records information |
We need this information to be able to perform and administer the recruitment process for you. |
To provide you with information regarding job opportunities based on your CV and qualifications and other recruitment related services that may be of interest to you (where you have provided us with/we have collected your personal information directly from you) |
All your personal information excluding ‘special categories’ of personal information and criminal records information |
As above. |
To contact you with information regarding job opportunities that may be of interest to you based on your CV and qualifications (where we have obtained your information from a third party source) |
All contact details and all information contained in any CV (including employment and education history and location of current workplace). |
Where your personal information has been sourced indirectly from either: (i) a hiring platform; (ii) social media platform where you have selected a function to let recruiters know that you are open to job opportunities; or (iii) a job board onto which you have uploaded your CV we have a legitimate business interest to do so but you always have the right to opt out from receiving such recruitment related marketing at any time. In all other cases, we will only contact you with information about job opportunities where we have your consent to do. |
To manage our relationship with you including dealing with any support enquiries made by you |
All your personal information excluding ‘special categories’ of personal information and criminal records information |
To be able to manage and perform our contract with you |
To share your CV or details of your qualifications with a client in relation to potential job roles |
All the non-'special categories' of personal information we collect for the purposes of the recruitment process. |
We have a legitimate business interest to do so. |
To arrange an interview with/introduction to a prospective employer in relation to a particular job role and managing the introductory process, provided you have indicated that you are happy for an introduction to be arranged |
All the non-'special categories' of personal information we collect for the purposes of the recruitment process. |
We will only do so with your consent. |
Storage of records relating to you and also records relating to our business such as your recruitment records and records of your interactions with us |
All non-‘special categories’ of personal information |
To be able to manage and fulfil our contract with you, we may have a legal obligation to do so and we also have a legitimate business interest to keep proper records. |
Dealing with legal disputes involving you. |
All your personal information excluding ‘special categories’ of personal information and criminal records information |
We have a legitimate interest to ensure that all legal claims are managed effectively. |
To send you information we think you might find useful or which you have requested from us, including other recruitment related information about our services and any events we are running. |
Personal contact details |
We may ask for your consent to process your data for this purpose, you may revoke your consent at any point. Alternatively, if you have previously engaged with us (for example by submitting a job application or CV to us) or requested this information from us previously, we may market these other recruitment related activities to you as a legitimate interest in developing our business. You have the right to opt out from such marketing at any time. |
To conduct data analytics studies to review and better understand market trends within the recruitment industry |
All the personal information we collect for the purposes of the recruitment process excluding ‘special categories’ of personal information and criminal records information. |
We have a legitimate interest in doing so to ensure that our business is targeted and relevant. |
Complying with health and safety obligations |
Personal identifiers e.g. when you sign it at one of our offices |
We have a legal obligation to comply with Health and Safety laws. |
For the purpose of complying with any legal or regulatory requirements |
All the personal information about you excluding special category information and criminal records data |
We may have a legal obligation to comply with certain requirements and we have a legitimate interest in complying with any regulatory requirements |
‘Special categories’ of Personal Information or criminal records |
|
|
Storage of records relating to you and also records relating to our business |
All ‘special categories’ of personal information |
We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above. For criminal records information we process it on the basis of legal obligations or based on your explicit consent. |
We will use and retain information about criminal convictions to comply with law and in order to determine your eligibility to undertake particular types of work Analysing diversity statistics in the sector |
Information about your criminal convictions and offences
Information collected in our “Diversity Survey” which is completed voluntarily by you and held separate from your recruitment data and only used in anonymised form for statistical analysis |
For criminal records information we process it on the basis of legal obligations or based on your explicit consent.
Your explicit consent is required when completing the survey |
Interim Workers
Where you are engaged by us as a non-PAYE interim, then additionally we may also use your information as follows:
Purpose |
Personal information used |
Lawful basis |
Making a decision about your appointment with our client and managing the process |
All the personal information we collect for the purposes of the application process |
We need this information to be able to perform and administer the recruitment process for you to engage you This is necessary to enter into a contract with you |
To administer the contract we have entered into with you and to facilitate our payroll and invoicing processes |
Personal identifiers and all the personal information we collect for the purposes of the recruitment process. Working records. All payment and transaction details. |
We need this information to be able to perform and administer our contract with you. |
Assessing qualifications for a particular role or job. |
All the personal information we collect for the purposes of the recruitment process |
We may be legally obliged to do so To be able to manage and perform our contract with you We have a legitimate interest to run and manage our business and to ensure that our interims are suitable for the roles we place them into. |
To check you are legally entitled to work in the UK |
Personal contact details and identification documents and right to work documentation |
We may have a legal obligation to do so and it is also in our legitimate business interest to ensure that you are suitable for a role. |
For some of your personal information you will have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information we may not be able to engage you or we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate your engagement. For other personal information, whilst you may not be under an obligation to provide it to us, if you do not provide it then we may not be able to properly perform our contract with you.
You should be aware that you are not required under any contract with us to agree to any request for consent. Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the "Contacting us" section below.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide certain services to you.
- DIRECT MARKETING
Email, post and SMS marketing: from time to time, we may contact you by email, post or SMS with information about products and services we believe you may be interested in.
We will only send marketing messages to you in accordance with the marketing preferences you set. You can then let us know at any time that you do not wish to receive marketing messages by emailing info@comanos.co.uk with the subject “unsubscribe”. You can also unsubscribe from our marketing by clicking on the unsubscribe link in the marketing messages we send to you.
- DISCLOSURE OF YOUR PERSONAL INFORMATION
We share personal information with the following parties:
- Companies in the same group of companies as us: for the purpose of providing a service to you and as part of its regular reporting activities on Group performance, for system maintenance support, hosting of data, for the purposes of data mapping and analysis of different recruitment markets and for cross-selling opportunities;
- Any party approved by you;
- Other service providers to our business and advisors: for example: payroll, email marketing specialists, business development tool providers, professional advisors, contractors, administration and IT services (including CRM and website service providers). All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information;
- Purchasers of our business: buyers or perspective buyers to whom we sell or negotiate to sell our business;
- Prospective new employers: our clients for the purpose of introducing you as a prospective new candidate;
- Clients of our business: where you are an interim worker who we are placing/have placed with a client.
- The Government or our regulators: where we are required to do so by law or to assist with their investigations or initiatives, for example HMRC or the Information Commissioner’s Office; and
- Police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security.
We do not disclose personal information to anyone else except as set out above.
- TRANSFERRING YOUR PERSONAL INFORMATION INTERNATIONALLY
Due to the international reach of our Group, each member of the Group will actively share personal data with other members of the Group as part of its regular reporting activities on Group performance, for system maintenance support, hosting of data, for the purposes of data mapping and analysis of different recruitment markets and for cross-selling opportunities. Therefore, the personal data we collect shall be transferred to and stored in countries outside of the UK and the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in. We will take all reasonable steps to ensure that your personal information is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure and where a third party processes your data on our behalf, we will put in place appropriate safeguards as required under data protection laws. For further details please contact us by using the details set out in the "Contacting us" section below.
Our directors and other individuals working for us may also in limited circumstances access personal information outside of the UK and European Union if they are working overseas or on holiday abroad outside of the UK or European Union. If they do so they will be using our security measures and will be subject to their arrangements with us which are subject to English Law and the same legal protections that would apply to accessing personal data within the UK.
In limited circumstances the people to whom we may disclose personal information as mentioned in the section “Disclosure of your personal information” above may be located outside of the UK and European Union. In these cases, we will impose any legally required protections to the personal information as required by law before it is disclosed.
If you require more details on the arrangements for any of the above, then please contact us using the details in the “Contacting us” section below.
- HOW LONG WE KEEP PERSONAL INFORMATION FOR
The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements. Generally, where there is no legal requirement, we retain all physical and electronic records for a period of 6 years after your last contact with us.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move home or change your phone number or email address. You may be able to update some of the personal information we hold about you through website. Alternatively, you can contact us by using the details set out in the "Contacting us" section below.
- YOUR RIGHTS IN RELATION TO PERSONAL INFORMATION
You have the following rights in relation to your personal information:
- the right to be informed about how your personal information is being used;
- the right to access the personal information we hold about you;
- the right to request the correction of inaccurate personal information we hold about you;
- the right to request the erasure of your personal information in certain limited circumstances;
- the right to restrict processing of your personal information where certain requirements are met;
- the right to object to the processing of your personal information;
- the right to request that we transfer elements of your data either to you or another service provider; and
- the right to object to certain automated decision-making processes using your personal information.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
To find out how to access the personal information we hold about you, please refer to the Subject Access Request section below.
To find out how to request the deletion of your personal information, please refer to the Right to Erasure section below.
To exercise any of the other rights outlined in this section, or if you have any questions relating to your rights, please contact us by using the details set out in the "Contacting us" section below.
If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage you to contact us to resolve your complaint first.
- CHANGES TO THIS NOTICE
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this page. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.
- CONTACTING US
In the event of any query or complaint in connection with the information we hold about you, please email info@comanos.co.uk or write to us at Data Protection Compliance Manager, 7 - 10 Chandos Street, London, W1G 9DQ.
Version dated . 21st June 2024
Please note that in accordance with the General Data Protection Regulation (GDPR) this notice is only intended to apply to you if you reside in the European Union or United Kingdom, dealing with our UK office. In all other cases this notice is not intended to apply to you as we are not legally required to adhere to our privacy notice obligations under GDPR for non-EU or UK based citizens. That said, we do take data protection very seriously and therefore endeavour to adhere to the terms of this privacy notice in respect of everyone affected by our activities as a recruiter.
This notice applies to you if we process your personal information and you are not an employee or worker of ours, a prospective candidate employee or worker, a candidate we are looking to place into a job or an individual to whom we have provided a specific privacy notice. You may be, for example, an individual that works at a supplier or client or another organisation that we deal with, an attendee at one of our marketing events, or a user of our websites or someone else who is affected by our activities.
References to you, your and yourself in this privacy notice are to either you as an individual or any organisation that you work for.
References to we, our or us in this privacy notice are to the Cobalt Consulting Group (being Cobalt Consulting Holdings Limited), and each of its direct and indirect subsidiaries, trading under the "Comanos" brand. Details of our main trading entities are as follows:
Comanos Consulting Ltd is a limited company incorporated in England and Wales. Registered Number: 15323378. Registered Office: 7-10 Chandos Street, London, W1G 9DQ
Comanos GmbH is a limited company incorporated in Germany. Registered Number: HRH 37452 P Registered Office: Dortustraße 40, 14467 Potsdam
Cobalt Consulting (UK) Limited is a limited company incorporated in England and Wales. Registered Number: 04287243. Registered Office: 7 - 10 Chandos Street, London, W1G 9DQ.
Cobalt Deutschland GmbH is a limited company incorporated in Germany. Registered Number: HRB 133362 B. Registered Office: Uhlandstrasse 187,10623 Berlin, Germany.
Cobalt Consulting, Inc. is a Corporation registered in Delaware, US. DOS ID: 5687313. Office:21W. 46th Street, Suite 905, New York, 10036, USA
- For renewable energy
- Our London and Manchester offices operate through Comanos Consulting Ltd
- Our Bremen, Hamburg and Potsdam offices operate through Comanos GmbH
- For real estate and construction
- Our London and Manchester offices operate through Cobalt Consulting (UK) Limited;
- Our Berlin, Hamburg, Düsseldorf, Munich, Stuttgart and Frankfurt offices operate through Cobalt Deutschland GmbH.
- Our New York Office operates through Cobalt Consulting, Inc.
This privacy notice also covers any joint venture companies, bodies or organisation that we have an interest in and to which you are seconded, carrying out activities on behalf of or are appointed as one of its officers or representatives.
We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we not required to do so, but our Data Protection Compliance Manager has overall responsibility for data protection compliance in our organisation. Contact details are set out in the “Contacting Us” section at the end of this privacy notice.
We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your relationship with us. This notice explains how we comply with the law on data protection and what your rights are.
For the purposes of data protection, the company in our Group which is processing your personal information will be the controller of any of your personal information. Your personal data may also be shared between the Group’s offices and associated entities as necessary or appropriate. Don't worry, we've put measures in place to keep your personal data safe whichever entity processes it.
- PERSONAL INFORMATION WE COLLECT
We may collect the following types of personal information about you:
- Contact details: information that allows us to identify and contact you directly such as your name, address email address, telephone number and addresses.
- Identification information: passport and other official identification details, information from a third-party money laundering check provider, Companies House information, national insurance number, membership of relevant schemes.
- Details of your work history: This may include positions, roles, responsibilities, professional qualifications.
- Personal history and information: This includes hobbies, interests, marital status, family details and dietary requirements.
- Advisors appointed by you: including, lawyers, financial advisors, surveyors.
- Business information: including property owned by you, transactions, amounts paid or owed and tenants.
- Responses to surveys, competitions and promotions: we keep records of any surveys you respond to or your entry into any competition or promotion we run.
- Creditworthiness: We may undertake investigations into your creditworthiness in order to establish whether to enter into or continue a business relationship with you or the organisation you work for.
- Details of your performance: when working with or for us or in relation to any project or work we are engaged in.
- How you use our websites: we collect information about the pages you look at and how you use them, usernames and passwords.
- Videos, photographs and audio recordings: which you or other people take and provide to us or we take ourselves.
- Your usage of the IT systems we make available to visitors to our premises: for example, our client internet and Wi-Fi facilities.
- Details of the correspondence (including e-mail correspondence) you send and receive from us and details of any claims: this includes letters and emails, SMS, MMS and other electronic communication and may in some cases include audio recording of telephone conversations.
- Subscription information: for example, when you subscribe to one of our blogs, newsletters or other materials.
- IP address information: your computer's IP address allows us to track your usage of our websites.
- SPECIAL CATEGORIES OF PERSONAL INFORMATION
We generally do not collect, store and use the following “special categories” of more sensitive personal information regarding you:
- information about your political opinions;
- information about your trade union memberships;
- information about your health, including any medical condition, health and sickness records, medical records and health professional information; and
- biometric information about you, for example fingerprints, retina scans.
If we do collect any special category personal information, we do not currently rely on consent as a basis for processing special category personal information.
We will also not collect, store and use any criminal records information in relation to you. If we do collect any criminal records information, we do not currently rely on consent as a basis for processing criminal records information.
- SOURCES WE COLLECT YOUR PERSONAL INFORMATION FROM
We will collect personal information from a number of sources. These may include the following:
- Directly from you: when you indicate that you may wish to attend an event, complete forms we provide to you, use our websites, enter our competitions and promotions, make a claim, make a complaint, provide money laundering information to us contact us by phone, email or communicate with us directly in some other way.
- From referrals and recommendations: usually given by other people who know you or have a working relationship with you.
- Organisations we work with: in relation to joint or sponsored events;
- Our websites: provides us with information about how you use it and the devices that you use to connect to our websites.
- Providers of information: which may include professional bodies or trade associations, credit reference agencies, money laundering check provider, Companies House, the Land Registry, LinkedIn and other web platforms.
- Journalists or other investigators: they may provide us with details or make enquires about you or matters concerning you or ourselves.
- Your employer or the organisation you work for: they may provide us with your name, position contact details and background information about you.
- Our professional advisors: such as lawyers, accountants, financial advisors, consultants and other advisors.
- Your professional advisors: such as lawyers, accountants, financial advisors, consultants and other advisors.
- The Government, local authorities or relevant regulators: to assist with investigations, for example the Information Commissioner's Office or HMRC.
We will also collect additional personal information throughout the period of our relationship with you.
If you are providing information regarding other individuals to us, it is your responsibility to ensure that you have the right to provide the information to us.
If you are providing us with details about other individuals they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with those of them whom you feel are sufficiently mature to understand it. They also have the same rights as set out in the “Your rights in relation to personal information” section below.
- WHAT WE USE YOUR PERSONAL INFORMATION FOR
The table below describes the main purposes for which we process your personal information, the categories of your information involved and our lawful basis for being able to do this. Which will apply will depend upon the nature of your relationship and interactions with us.
Purpose |
Personal information used |
Lawful basis |
Carrying out identity and credit checks |
Contact details and payment information |
We may have a legal obligation to undertake identification We also have a legitimate interest in knowing your identity and carrying out money laundering checks and ensuring that we are likely to be paid |
Anti-money laundering checks |
|
We may have a legal obligation to undertake anti-money laundering checks |
Enter into and perform contracts, where we may be supplying products/services to you and/or you may be supplying products/services to us or we may be involved in similar arrangements with third parties |
All the personal information we collect |
To enter into and perform contracts with either yourself or the organisation that you represent We have a legitimate to properly perform contracts with third parties |
Deal with your queries or complaints, claims, legal disputes or raise queries, claims, legal disputes or complaints with you or the organisation you work for |
All the personal information we collect |
This may be necessary to perform a contract with you or the organisation that you represent We have a legitimate interest to improve the services and/or products we provide To defend, bring or establish legal claims |
Maintain and improve our services and/or products |
All the personal information we collect |
We have a legitimate interest to improve the services and/or products we provide |
Data analytics, statistical analysis and other research to help us improve our online services |
How you use our websites |
We have a legitimate interest to improve the online services we provide and user experience |
Security of our IT systems |
All the personal information we collect |
We have a legitimate interest in ensuring the security of our IT systems |
Staff training |
All the personal information we collect |
We have a legitimate interest to improve the products and services we provide |
Direct marketing |
Contact details and services and products that we have determined may be of interest to you or your organisation and/or which you or your organisation has purchased in the past |
We may ask for your consent to process your data for this purpose, you may revoke your consent at any point. Alternatively, if you or your organisation have purchased similar services from us previously we may market similar products or services as a legitimate interest in developing our business. You have the right to opt out from such marketing at any time |
Events we hold or sponsor |
Your contact details, details of attendance, your comments in response forms and dietary requirements and images |
We have a legitimate interest in holding events and tracking attendance and providing appropriate food and drinks at events We may also have a legal obligation to comply with health and safety requirements |
To comply with our legal obligations |
All the personal information we collect |
To comply with any legal obligations or requirements |
To manage our relationship with you or the organisation you work for and to operate and manage our business and internal reporting |
All the personal information we collect |
We have a legitimate interest to operate our business in an efficient way and to expand our business To enter into and perform contracts with either yourself or the organisation that you represent |
Storage of records relating to you and also records relating to our business |
All the personal information we collect |
To be able to manage and fulfil any contract with you, we may have a legal obligation to do so and we also have a legitimate interest to keep proper records |
For some of your personal information you may have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information we may not be able to properly perform our contract with you or the organisation you represent or comply with legal obligations and we may have to terminate our relationship. For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our arrangements with you or the organisation you represent.
Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting Us” section below. We will generally only ask for your consent for direct marketing.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide marketing information to you.
We may anonymise and aggregate any of the personal information we hold (so that it does not directly identify you). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site and developing new products and services.
- Who we share your personal information with
We may share personal information with the following parties:
- Organisations in the same group as us: in relation to joint events or joint work.
- Other companies in our supply chain: so that they can contact you about any issues in the supply chain or where your personal information is relevant to a subcontractor or party above us in the supply chain.
- Credit reference and other identification agencies: so that we can assess your creditworthiness and to verify your identity. These agencies may retain a footprint that a search has been undertaken.
- Third parties who ask for or want referrals: we may provide your details to a third party who is seeking services/products which are the same or similar to those that you provide.
- Marketing and public relations companies: to help us to develop, carry out and assess marketing and PR campaigns
- Other service providers and advisors to us: such as companies that support our IT, help us analyse the data we hold, process payments, send communications to our customers, provide us with legal, property or financial advice and generally help us deliver our services to you or the organisation that you represent or for us to purchase them from you or the organisation you represent.
- Information providers: which may include credit reference agencies, money laundering check provider, Companies House, the Land Registry.
- Purchasers of our business: buyers or perspective buyers to whom we sell or negotiate to sell our business.
- The Government, local authorities, planning authorities or relevant regulators: where we are required to do so by law or to assist with their investigations, for example the Information Commissioner's Office.
- Police, law enforcement agencies and security services: to assist with the investigation and prevention of crime and the protection of national security.
We also use Google Analytics which sets cookies to collect information about how visitors use our websites. We use the information to compile reports and to help us improve the websites. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
We may provide third parties with aggregate statistical information and analytics about users of our products and services, but we will make sure no one can be identified from this information before we disclose it.
We do not disclose personal information to anyone else except as set out above unless we have your consent, or we are legally obliged to do so. We do not sell, rent or trade your data.
- Direct Marketing
Email, post and SMS marketing: from time to time, we may contact you by email, post or SMS with information about products or services we believe you may be interested in.
We will only send marketing messages to you in accordance with the marketing preferences you set when you create your account or that you tell us afterwards you are happy to receive or where you or the organisation you represent have purchased similar services or goods from us previously.
You can then let us know at any time that you do not wish to receive marketing messages by sending an email to us at info@comanos.co.uk or by using the by using the details set out in the “Contacting Us” section below. You can also unsubscribe from our marketing by clicking on the unsubscribe link in any marketing messages we send to you.
- Transferring your personal information internationally
Due to the international reach of our Group, each member of the Group shall share certain personal data with other members of the Group as part of its regular reporting activities on Group performance, for system maintenance support, hosting of data, for the purposes of data mapping and analysis of different recruitment markets and for cross-selling opportunities. Therefore, the personal information we collect will be transferred to and stored in countries outside of the UK and the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in. We will take all reasonable steps to ensure that your personal information is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure and where a third party processes your data on our behalf we will put in place appropriate safeguards as required under data protection laws. For further details please contact us by using the details set out in the “Contacting Us” section below.
Our directors and other individuals working for us may in limited circumstances access personal information outside of the UK and European Union if they work or are on holiday abroad outside of the UK or European Union. If they do so they will be using our security measures and will be subject to their arrangements with us which are subject to English Law and the same legal protections that would apply to accessing personal data within the UK.
In limited circumstances the people to whom we may disclose personal information as mentioned in the “Who we share your personal information with” section above may be located outside of the UK and European Union. In these cases, we will impose any legally required protections to the personal information as required by law before it is disclosed.
If you require more details on the arrangements for any of the above, then please contact us using the details in the “Contacting Us” section below.
- How long do we keep personal information for
We will keep your personal information for as long as is necessary for the purpose for which it has been obtained and then for as long as there is any risk of a potential claim, which will be dependent upon the limitation period for the particular type of claim. We have set out below the main retention periods which will apply:
- For individual contacts at customers and suppliers this will be for as long as we continue to have a relationship with that customer or supplier and then for a period of 6 years afterwards.
- Where you or the organisation you work for have not yet become a customer and we are only engaged in marketing to you, we will retain your details for a period of 6 years since our last interaction, unless you or the organisation you work for later becomes a customer;
- For website users it will generally be a period of 2 years after you used our websites.
- For individuals seeking information, making complaints or otherwise corresponding with us it will generally be 6 years.
- For individuals attending an event it will generally be a period of 6 years after the event.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move position or work for a different organisation or change your phone number or email address. you can contact us by using the details set out in the “Contacting Us” section below.
- Security
We have numerous security measures in place to protect the loss, misuse and alteration of information under our control, such as passwords and firewalls. We cannot, however, guarantee that these measures are, or will remain, adequate. We do, however, take data security very seriously and will use all reasonable endeavours to protect the integrity and security of the personal information we collect about you.
- Your rights in relation to your personal information
You have the following rights in relation to your personal information:
- the right to be informed about how your personal information is being used;
- the right to access the personal information we hold about you;
- the right to request the correction of inaccurate personal information we hold about you;
- the right to request the erasure of your personal information in certain limited circumstances;
- the right to restrict processing of your personal information where certain requirements are met;
- the right to object to the processing of your personal information;
- the right to request that we transfer elements of your data either to you or another service provider; and
- the right to object to certain automated decision-making processes using your personal information.
You should note that some of these rights, for example, the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the "Contacting Us" section below.
If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage you to contact us to resolve your complaint first.
- CHANGES TO THIS NOTICE
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this notice. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.
- CONTACTING US
In the event of any query or complaint in connection with the information we hold about you, please email info@comanos.co.uk or write to us at: 7 - 10 Chandos Street, London, W1G 9DQ.
Version 21st June 2024
At Comanos Consulting Ltd, we take your privacy seriously and will only use your personal information for the purposes of administering your application to work directly for us and any subsequent employment. This privacy notice is intended for applicants to work directly for Comanos Consulting Ltd and who are residents in the UK or EU.
If this does not apply to you, please refer to one of the other Privacy Notices provided as part of our Privacy Policy listed on this page.
Under the GDPR (General Data Protection Regulation), we are required to provide detailed information regarding the processing of personal data, at the point of data collection.
References to we, our or us in this privacy notice are to the Cobalt Consulting Group (being Cobalt Consulting Holdings Limited), and each of its direct and indirect subsidiaries, trading under the "Comanos " brand. Details of the main trading entities are as follows:
- Comanos Consulting Ltd is a limited company incorporated in England and Wales. Registered Number: 15323378. Registered Office: 7-10 Chandos Street, London, W1G 9DQ
- Comanos GmbH is a limited company incorporated in Germany. Registered Number: HRH 37452 P Registered Office: Dortustraße 40, 14467 Potsdam
- Cobalt Consulting (UK) Limited is a limited company incorporated in England and Wales. Registered Number: 04287243. Registered Office: 7 - 10 Chandos Street, London, W1G 9DQ
- Cobalt Deutschland GmbH is a limited company incorporated in Germany. Registered Number: HRB 133362 B. Registered Office: Uhlandstrasse 187,10623 Berlin, Germany.
- Cobalt Consulting, Inc. is a Corporation registered in Delaware, US. DOS ID: 5687313. Office: 21 W. 46th Street, Suite 905, New York,10036, USA
We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we are not required to do so, but our Data Protection Compliance Manager – Sara Burton - has overall responsibility for data protection compliance in our organisation.
We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your employment with us.
For the purposes of data protection, the company in our Group which is processing your personal information will be the controller of any of your personal information, in this case, Comanos Consulting Ltd. Your personal data may also be shared between the Group’s offices and associated entities as necessary or appropriate.
- PERSONAL INFORMATION
The data contained on our systems will be processed for Comanos’ internal recruitment and your potential employment purposes only. We are committed to being transparent about how we collect and use this data and to meeting our data protection obligations. We will only collect, store and process information about you that is relevant to the recruitment process and your potential employment with us. You may provide us with or we may obtain personal information about you, such as information regarding your:
- personal contact details such as name, addresses, telephone numbers and personal email addresses;
- date of birth;
- gender;
- identification documents such as passport/driving licence details (including copies where we are required to hold such information for identification purposes);
- employment history and location of current workplace;
- Contracts of Employment (which includes such information as your pay and benefits);
- records of your interactions with us such as, emails and other correspondence and your instructions to us;
- recruitment records including references and other information included in a CV, cover letter or as part of the application process) and activities (including information about interviews, jobs applications and offers with us);
- referee details, next of kin, beneficiaries, details of family members and emergency contacts;
- information about endorsements on Driving Licences;
- national insurance number and other tax or governmental identifiers;
- information relating to family leave and sabbaticals;
- psychometric assessments or other profiling results undertaken at interview stage; and
- information about your gender, age, sex, ethnic origin and disability.
- SPECIAL CATEGORIES OF PERSONAL INFORMATION
We may collect the following “special categories” of more sensitive personal information about you during the course of your employment:
- information about your health and sickness records;
- information about your criminal record;
- results of drug and alcohol tests; or
- occupational health and medical advice.
We generally do not collect the following “special categories” of more sensitive personal information:
- information about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
- information about your trade union memberships; or
- biometric information about you, for example, fingerprints, retina scans.
In relation to the special category personal data that we do process, we do so on the basis that:
- the processing is necessary for reasons of substantial public interest, on a lawful basis;
- it is necessary for the establishment, exercise or defence of legal claims;
- it is necessary for the purposes of carrying out the obligations and exercising our or your rights in the field of employment, social security, social protection law or health and safety legislation; or
- based on your explicit consent.
- WHERE WE COLLECT YOUR INFORMATION
We typically collect personal information about you when you apply to us either directly or through a third party with a CV, during the interview process, when you complete information on our HR system on commencing employment with us, return your employment contract, update your details with our Backbone team or when you correspond with us by phone, email or otherwise. In some cases, we may collect personal data about you from third parties, such as references, employment background checks and information about criminal records.
During the interview process, you may be asked to complete a personality or psychometric assessment. . You will be provided with more information about the process at the point of sitting the assessment, but your consent is explicitly required to undertake the assessment.
If you are providing us with details of referees, next of kin, beneficiaries, family members and emergency contacts they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with those of them whom you feel are sufficiently mature to understand it. They also have the same rights as set out in the “Your rights in relation to personal information” section below.
- USES MADE OF THE INFORMATION
The table below describes the main purposes for which we process your personal information, the categories of your information involved and our lawful basis for being able to do this. Where we rely on legitimate interests as a reason for processing data, we have considered whether or not these interests are overridden by the rights and freedoms of Applicants, Employees or Workers and have concluded that they are not.
Purpose |
Personal information used |
Lawful basis |
Non- ‘special categories’ of Personal Information |
||
To assess your CV and qualifications(where you have provided us with/we have collected your personal information directly from you) |
All your personal information excluding ‘special categories’ of personal information and criminal records information |
We need this information to be able to perform and administer the initial recruitment process for you and it is in our legitimate business interest to ensure you are suitable for a role.
|
To manage our relationship with you including dealing with any support enquiries made by you |
All your personal information excluding ‘special categories’ of personal information and criminal records information
|
To be able to manage and perform our contract with you. |
To check you are legally entitled to work in the UK |
Personal contact details and identification documents and right to work documentation
|
We may have a legal obligation to do so and it is also in our legitimate business interest to ensure that you are able to undertake a role. |
Storage of records relating to you and also records relating to our business such as your recruitment records and records of your interactions with us |
All non-‘special categories’ of personal information |
To be able to manage and fulfil our contract with you, we may have a legal obligation to do so and we also have a legitimate business interest to keep proper records. |
Dealing with legal disputes involving you |
All your personal information excluding ‘special categories’ of personal information and criminal records information |
We have a legitimate interest to ensure that all legal claims are managed effectively. |
Complying with health and safety obligations |
Personal identifiers e.g. when you sign it at one of our offices |
We have a legal obligation to comply with Health and Safety laws. |
For the purpose of complying with any legal or regulatory requirements |
All the personal information about you excluding special category information and criminal records data |
We may have a legal obligation to comply with certain requirements and we have a legitimate interest in complying with any regulatory requirements. |
For the purpose of executing a contract we may have with you |
All the personal information about you excluding special category information and criminal records data |
We may have obligations under a contract with you and require this information in order to execute that contract E.g making payment to you. |
‘Special categories’ of Personal Information or criminal records |
||
Storage of records relating to you and also records relating to our business |
All ‘special categories’ of personal information |
We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above. |
We will use and retain information about criminal convictions to comply with law and in order to determine your eligibility to undertake particular types of work |
Information about your criminal convictions and offences |
For criminal records information we process it on the basis of legal obligations or based on your explicit consent. |
For the purpose of the initial recruitment process and induction of you |
Results of personality or psychometric profiling |
We use this information to inform our questions at interview stage and may use the results to ensure the best induction process for you. |
For drug and alcohol testing |
Information about your health, including any medical condition, health and sickness records, medical records and health professional information |
Special categories of personal data shall be processed on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above. |
To prevent and detect criminal or improper acts |
Information about your criminal convictions and offences |
Criminal records information will be processed on the basis of legal obligations or based on your explicit consent.
|
To use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments and to monitor and manage sickness absence |
Information about your health, including any medical condition, health and sickness records, medical records and health professional information |
Special categories of personal data shall be processed on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.
|
To use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting |
Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
|
Special categories of personal data shall be processed on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above. |
For some of your personal information you will have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information we may not be able to engage you, or we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate your engagement. For other personal information, whilst you may not be under an obligation to provide it to us, if you do not provide it then we may not be able to properly perform our contract with you.
Where psychometric assessments or other profiling techniques are used, this is only to provide further information to us for the interview and induction process; a human is always involved in the decision-making process on whether to offer you a role, or which role to offer you. You can refuse to sit any assessment of this type. By its very nature, consent is required from you before undertaking the assessment. More information will be provided to you at the point of sitting the assessment.
You should be aware that you are not required under any contract with us to agree to any request for consent. Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the "Contacting us" section below.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent.
- DISCLOSURE OF YOUR PERSONAL INFORMATION
We share personal information with the following parties:
- Companies in the same group of companies as us: for the purpose of providing a service to you and as part of its regular reporting activities on Group performance, for system maintenance support, hosting of data, and for the purposes of data mapping and analysis of different recruitment markets;
- Any party approved by you;
- Other service providers to our business and advisors: for example: payroll, HR and other external professional advisors, contractors, administration and IT services (including CRM and website service providers). All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information and do so on the basis of written instruction, with a duty of confidentiality;
- Internally: data may be shared internally, including with payroll, recruiting Managers, HR and the office management team (if access to the data is necessary for performance of their roles);
- Purchasers of our business: buyers or perspective buyers to whom we sell or negotiate to sell our business;
- The Government or our regulators: where we are required to do so by law or to Commissioner’s Office; and
- Police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security.
We do not disclose personal information to anyone else except as set out above. The data held on you will be retained by the Finance Team who will store this on our systems. Where personal data is held on our HR system you are notified who has access to it. For information on how long we store your information for, please see section 8 below.
We have controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed to someone who does not have authority to see it, and is not accessed except by our employees in the performance of their duties.
6. TRANSFERRING YOUR PERSONAL INFORMATION INTERNATIONALLY
Due to the international reach of our Group, each member of the Group will actively share personal data with other members of the Group as part of its regular reporting activities on Group performance, for system maintenance support, hosting of data, and for the purposes of data mapping and analysis of different recruitment markets. Therefore, the personal data we collect shall be transferred to and stored in countries outside of the UK and the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in. We will take all reasonable steps to ensure that your personal information is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure and where a third party processes your data on our behalf we will put in place appropriate safeguards as required under data protection laws. For further details please contact us by using the details set out in the "Contacting us" section below.
Our directors and other individuals working for us may also in limited circumstances access personal information outside of the UK and European Union if they are working overseas or on holiday abroad outside of the UK or European Union. If they do so they will be using our security measures and will be subject to their arrangements with us which are subject to English Law and the same legal protections that would apply to accessing personal data within the UK.
In limited circumstances the people to whom we may disclose personal information as mentioned in the section “Disclosure of your personal information” above may be located outside of the UK and European Union. In these cases, we will impose any legally required protections to the personal information as required by law before it is disclosed.
If you require more details on the arrangements for any of the above, then please contact us using the details in the “Contacting us” section below.
- HOW LONG WE KEEP PERSONAL INFORMATION FOR
The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. Should you become an employee of ours, your personal information will be retained for the duration of your employment and could be retained for a period of up to 6 years thereafter, where we need to retain it for legal purposes in accordance with usual commercial practice and regulatory requirements. Generally, where there is no legal requirement we retain all physical and electronic records for a period of 6 years after your last contact with us.
Should you not become an employee of ours, then your data will be kept on file for future opportunities for up to 2 years, unless you request that we delete it in accordance with section 9 below.
- YOUR RIGHTS IN RELATION TO PERSONAL INFORMATION
You have the following rights in relation to your personal information:
- The right to be informed about how your personal information is being used;
- The right to access the personal information we hold about you;
- The right to request the correction of inaccurate personal information we hold about you;
- The right to request the erasure of your personal information in certain limited circumstances;
- The right to restrict processing of your personal information where certain requirements are met;
- The right to object to the processing of your personal information;
- The right to request that we transfer elements of your data either to you or another service provider; and
- The right to object to certain automated decision-making processes using your personal information.
You should note that some of these rights, for example, the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use purely automated decision-making in relation to your personal data. However, some have no conditions attached.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the "Contacting us" section below.
If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage you to contact us to resolve your complaint first.
- CHANGES TO THIS NOTICE
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this page. For significant changes to this notice, we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.
- CONTACTING US
In the event of any query or complaint in connection with the information we hold about you, please contact Sara Burton, Global Operations Director, acting as Data Compliance Manager for this purpose:
Email: sburton@cobaltrecruitment.com
Tel: 0207 478 2500
Post:7 - 10 Chandos Street, London, W1G 9DQ.
For Subject Access Requests, changes in your personal information or to withdraw your consent, please contact Sara Burton, Global Operations Director:
Email: sburton@cobaltrecruitment.com
Tel: 0207 478 2500
Post:7 - 10 Chandos Street, London, W1G 9DQ.
Version: 21st June 2024
Under GDPR, you have the right to access the data we hold on you, know why we hold this, where it came from and who has processed it. If you have dealt with any of our offices outside of Germany, to request this information, please email us at info@comanos.co.uk or write to our London office at 7 - 10 Chandos Street, London, W1G 9DQ, FAO the Data Compliance Manager.
If you have dealt with our German offices please go here.
Subject Access Requests should preferably be made in writing. Using either the email or postal address above will enable us to respond efficiently to your request. To enable a prompt response, please provide:
- Your name (as you believe we know you, for instance a married or maiden name)
- A contact telephone number
- The information you require
- Where the information should be sent to (e.g email or postal address)
- How you would like to receive this information (e.g electronically, or in hard-copy)
We will then take steps to verify your identity. Where possible we do this over the telephone by verifying contact or other information which we hold on you, but if it is necessary then we may ask to meet you with photo ID. If you are requesting this information on behalf of someone else, then we require evidence that you have been instructed to act on behalf of that individual.
Once we have confirmed your identity and that we hold the information required (for example, it hasn’t been deleted under our Data Retention Policy) then we will request payment of £10 as a processing fee. This can be remitted via BACS. Once that has been received then we will provide the information within 40 calendar days in the format requested.
Where possible, we will provide:
- CVs and Documents such as passport, registration forms, references and any additional information such as DBS or proof of address
- Email correspondence
- Written notes of telephone calls
- Any meetings with Comanos and notes from those meetings
- Any interviews you had with our clients and notes from those meetings
- Any offers you received
- Any banking or tax information captured in our HSBC banking and accounting system (for those candidates placed on a PAYE interim basis)
In addition, we will notify you of those with whom we shared your data, including organisations we sent your CV to. Where third party details are contained within your records, such as an author of a reference or a person involved in a recruitment process, we may exclude or redact this information if we believe it breaches another’s confidence or privacy.
More information about the process will be sent to you on receipt of a Subject Access Request.
Under our Privacy Notice and in accordance with GDPR, you have a right to request erasure of your data from our systems, sometimes known as a right to be forgotten. This is not an absolute right and there may be certain circumstances where we need to retain data for legal obligation or have legitimate business reasons for retaining some, or all of the data.
A member of our Compliance team will respond to a request for erasure within 1 week but often sooner. Depending on the amount of data on file, we should complete the process within 2 weeks of receiving the initial request, assuming the correct information is provided to us. It will certainly be completed within 1 month, and a final email will be sent to you confirming this deletion.
A request for erasure can be made verbally or in writing to anyone at Comanos. However, the most efficient way to start the process is to email info@comanos.co.uk and provide the following information:
- Your name(s) which you believe we will hold data under
- Your email address(es) you believe we hold for you
- Whether you wish to be – a) Absolutely deleted or b) retained as a “Right to be forgotten” (RTBF) individual
The reason for this last point is that if we absolutely delete or your files, then we would no longer know that you had requested to be forgotten. It is possible therefore that we could contact you in the future as we might find your details again, for instance through our research team, through LinkedIn or through CV job boards.
Alternatively, we can delete all files and records, except for your name, current organisation and job title. We would then mark your details as someone who had requested to be forgotten and know not to contact you in the future should we find your details again.
However you make the request, a member of our Compliance Team in London will be in touch to confirm receipt of the request and clarify any outstanding details. We will then examine our records as to whether there are any legal obligations or legitimate business interests in retaining some or all or your data. If there is, you will be informed by the Data Compliance Manager and we will agree which data can be removed without impacting these other lawful basis for processing.
If there is no reason for retaining your data, then we will follow our deletion protocol. This includes removing information from our CRM, email marketing system, Office365, mobile devices, our website, client portals, banking systems and notifying clients (as applicable).
Once this has been completed, a member of the compliance team will send you a final email confirming that your details have been either absolutely deleted or deleted with a note to be forgotten in accordance with your wishes.
If you have any queries about this process, please contact the Data Compliance Manager, as outlined in the Privacy Notice relevant to you.