Important information and who we are
At the MSQ Partners Limited group (“we”, “MSQ group”, “us”, or “our”) we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and all other relevant and applicable data protection laws and regulations.
As your Data Controller, the MSQ group will determine the purposes for which and the way any Personal Data is processed. Additionally, the MSQ group will be responsible for your personal data as well as compliance with data protection principles.
Address: 34 Bow Street, Covent Garden, London, WC2E 7AU
Privacy contact email: Privacy@msqpartners.com
ICO registration number: ZA156809
Any inquiries about your data should be sent to the above email. It can also be sent directly to the company, if you prefer, in a letter to the listed address. We cannot guarantee prompt responses if physical mail is your chosen method of communication.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance if possible.
1. Legal basis for data collection
1.1 Types of data / Policy scope
“Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect, use, store and transfer different kinds of Personal Data about our applicants which we have outlined below. Not all the following types of data will necessarily be collected, but this is the full scope of data that could be collected from our applicants:
- Contact Data: This covers any data relating to your phone number, addresses, email addresses, phone numbers.
- Application Data: This includes; applicants name, age and birth information, gender information, race, employment information, educational information, and in certain instances criminal conviction information.
- Communications Data: This is your preferences in receiving information from us related to your application. This could be, for example, updates to your application, requests from the hiring team, etc.
- Technical Data: This is your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to engage with us.
- Customer Support Data: This includes feedback and survey responses.
We encourage you to not provide unnecessary personal data in your application outside of what is requested. During the application process there is a section allowing you, the applicant, to provide information on any relevant disabilities that may result in you requiring further assistance. This information is optional and is securely stored and not used for any other purpose. You will not be discriminated against as a result of providing this information.
1.2 The legal basis for collecting that data
There are several justifiable reasons under the UK GDPR that allow the collection and processing of Personal Data. The main bases we rely upon during the process of your application, as well as examples of when we could rely on it, are the following:
- “Consent”: Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or ‘opt in’ to a service.
- To: opt in to receive emails regarding other roles that may be relevant to you (“job alert emails”). After 12 months, you will no longer receive these emails as your data will be deleted.
- “Contractual Obligations”: We could require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
- To: if successful, your contact data and personal information will be processed in order to enter into an employment contract. E.g., we would have to process your name, address, email address, etc to create the employment contract.
- “Legitimate Interest”: We need to collect certain information from you to be able to meet our legitimate interests - these cover aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. We are processing your data in order to assist you in finding a job within our organisation, and for us to fill vacancies.
- To: process your applicant data and contact details in order to assess your suitability for our job openings.
- To: send you emails related to your application.
Legitimate interest is relied on for the processing of your application upon submission as your data is being processed in a way you would reasonably expect, with minimal privacy impact. When legitimate interest is relied upon, we conduct a Legitimate Interest Assessment (LIA) to validate the processing is not considered unfair or infringing on the data protection rights of any individuals we work with.
If, at any time, you wish to contest this legitimate interest, or if you wish your application to be managed directly by the agency you are applying to based on your consent or the legitimate interests of that agency alone, please contact our privacy team at firstname.lastname@example.org.
The MSQ group relies on consent in order to send you emails regarding similar roles that may fit your profile. You can revoke your consent via the unsubscribe button or via your settings in the Kallidus Recruit platform.
If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.
The lawful basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the UK GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. As well as this, Schedule 1 part 1 (1) of the DPA 2018 will be relied upon which again relates to processing for employment purposes.
2. How we use applicant's personal data
2.1 What will we do with the application data?
We’ll use all the information you provide during the recruitment process to progress your application with a view to considering your suitability for, and potentially offering you, an employment contract with us and, where required, to fulfil our legal or regulatory requirements.
We will not share any of the information you provide with any third parties outside of the group for marketing purposes. Your application data will be shared with the HR manager of the agency you have applied to. See section 2.6 below for further information.
We’ll use the contact details you give us to contact you to progress your application. We may also contact you to request your feedback about our recruitment process based on our legitimate interest in developing and improving our future recruitment campaigns.
2.2 Assessments & offers
Depending on the role you are applying for, we could ask you to participate in assessments and/or to complete tests; attend an interview; or a combination of these. Data will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by us.
If you are unsuccessful after assessment for the role, we will ask if you would like your details retained for our standard 12 month retention period. If you say yes, we will proactively contact you should any further suitable vacancies arise.
If we make a conditional offer of employment, we may ask you for further information depending on the role so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We must confirm the identity of our staff and their right to work in the United Kingdom, and seek assurance as to their trustworthiness, integrity and reliability.
2.3 Sources of data
We primarily obtain the data from applicants upon the initial application stage. If we do not collect the personal data directly from applicants, e.g. via recruiters, we will also tell you the source of the personal data.
2.4 Content updates & communications
Applicants will receive communications from us for two reasons:
1. Updates to your application (UK GDPR 6(1)(f))
2. Job alerts of similar jobs at the group that may be fit your profile (UK GDPR 6(1)(a))
Communications from reason 1 are necessary to progress your application. If you wish to stop receiving these emails, you will be removed from the application process. You may request to stop receiving updates and thus remove yourself from the application process at any time by emailing email@example.com.
Communications from reason 2 are opted into by the applicant. You can unsubscribe from these by clicking the unsubscribe button in the email[s], or by editing your settings in the Kallidus Recruit platform.
If you have any questions about how we communicate with you, please contact us at firstname.lastname@example.org.
2.5 How is my applicant data shared within the MSQ Group?
When you follow a link to apply from one of our agency websites, you will be sent to the respective Kallidus Recruit applicant portal. The subsidiary marketing agencies that make up the MSQ Partners Limited group are controlled undertakings which, in accordance with the UK GDPR Art. 4 (19), Recital 37 & 48, allow for a legitimate interest in the MSQ group accessing and controlling the processing of personal data during your application. The MSQ group has implemented the Applicant Tracking System for all subsidiaries. The list of agencies within the MSQ group are as follows:
- Brave Spark
- MMT Digital
- Stein IAS
- The Gate
- Walk in the Gate
Within the group, your personal data will be shared with the HR manager of the agency you have applied to in order to evaluate your fit for the role. Your data will not be shared unnecessarily within the organisation unless you apply to another role in another agency, and access to your data will be strictly limited.
2.6 Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
3. Your rights and how you are protected by us
3.1 What rights do I have over the MSQ group’s use of my personal data?
As a data subject under the UK GDPR, you have the right in law to:
- Information, in accordance with Art. 15 UK GDPR,
- Rectification, in accordance with Art. 16 UK GDPR,
- Data erasure ("right to be forgotten"), in accordance with Art. 17 UK GDPR,
- Limitation of processing, pursuant to Art. 18 UK GDPR,
- Data portability, according to Art. 20 UK GDPR and/or
- Objection to the processing, pursuant to Art. 21 UK GDPR.
To exercise these rights, you can send an email to us at any point at the following email address email@example.com.
We will handle any request to exercise these rights in accordance with the relevant laws, but please note that these rights are not absolute. We can refuse or deny a request in accordance with these rules, though where possible you will be informed why this is happening.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, if your request is clearly unfounded, we could refuse to comply with your request.
We could also need to request specific information from you to help us confirm your identity and ensure you have the right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We could also contact you to ask you for further information in relation to your request to speed up our response
3.2 Information on the right to object pursuant to Article 21 (4) UK GDPR
You have the right to object at any time, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the UK GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling that is related to direct marketing.
If you object to the processing of your application under 6(1)(f) via the group, but wish for your application process to continue directly via the agency in question, you may contact us at firstname.lastname@example.org to request this. Please see section 1.2 for more information.
3.3 What control do I have over my application account with the MSQ Group?
You can delete your account at any time – this will remove your application account page from our systems and our related software.
Your application account information will be protected by a password for your privacy and security. You need to prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and by signing off after you have finished accessing your account.
You can access information associated with your application account by logging into your account you created with us.
California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to email@example.com
3.4 How do we protect applicant personal Data?
We are concerned with keeping your data secure and protecting it from inappropriate disclosure. Any Personal Data collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. When we use subcontractors to store your data, we will not relinquish control of your Personal Data or expose it to security risks that would not have arisen had the data remained in our possession.
However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. It could be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us at firstname.lastname@example.org.
4. Your data and third parties
4.1 Will we share your data with third parties?
We will not share your Personal Data with third parties, except in the case where we use Processors and Subprocessors for screening. The Subprocessors are also subject to our confidentiality and data protection obligations and contracts have been executed to ensure that your data is at least as protected when our Subprocessors are involved. They only use it for the purposes for which we disclose it to them and pursuant to our instructions in a Data Processing Agreement and the necessary international transfer guarantee[s].
The MSQ group relies on the Kallidus Recruit Application Tracking System (ATS) ‘RECRUIT’ to administer and manage applicants. The ATS uses the following Subprocessors:
- Amazon Web Services (AWS), geolocated to Europe
The MSQ group occasionally relies on 3rd party recruitment consultancies to assist in our applicant management and filtering process. Access to your data is only provided for this purpose, and the consultancies is bound by a Data Processing Agreement (DPA) to ensure your data is processed safely.
The above providers all store data in the EU/EEA or UK. Applicant data does not leave the EU/EEA + UK area at any point in our processing.
4.2 Third-party links
5. How long will we retain applicant data for?
We store applicant documents for a period of twelve  months if the application does not lead to an employment relationship and no further storage has been agreed.
We do not store applicant data in a talent pool and instead set a standard 12 month auto-delete function to ensure your data is not stored for an unnecessary length of time.
6. Notification of changes and acceptance of policy
Date: 11 May 2023