Tenth Revolution Group Privacy Notice
Effective date: 25 March, 2018
Last updated: 15 July, 2024
Table of Contents
I. Introduction
Your privacy is important. This Privacy Notice (the “Privacy Notice”) together with its addendums, our Terms of Use and any other documents referred to in this Privacy Notice or the Terms of Use explains how we comply with applicable privacy requirements and sets out minimum standards for how we deal with all personal data that we collect from you, or that you provide to us including via this w^debsite and any other websites using the tenthrevolution.com domain or Tenth Revolution Group-branded applications of Frank Recruitment Group Services Limited and its Affiliates as defined below (collectively, the “Websites”). The Tenth Revolution Group is a trademark and brand owned by Frank Recruitment Group Services Limited (“Tenth Revolution Group, ” “we” “us” “our” “TRG”). TRG has many affiliates including Nigel Frank International Limited, Mason Frank International Limited, Frank Recruitment Group UK Services Limited, Frank Recruitment Group Services USA Ltd., Frank Recruitment Group Inc., Frank Recruitment Group Services Inc., Frank Recruitment Group Private Limited (Singapore), Frank Consulting Services Private Limited (Singapore), Frank Recruitment Group Pty Limited (Australia), Frank Recruitment Group GmbH (Germany), Frank Recruitment Group K.K. (Japan), Frank Recruitment Group Sp Zo.o. (Poland), Frank Recruitment Group Poland Sp Zo.o. (Poland), Frank Recruitment Group BV (Netherlands), Frank Recruitment Group S.L. (Spain), Frank Consulting Services S.L. (Spain), Frank Recruitment Group Sarl (Switzerland), Frank Recruitment Group Inc. /Groupe de Recrutement Frank Inc. (Canada), Frank Consulting Services SAS (France), Frank Recruitment Group SRL (Italy), Tenth Revolution Consulting Services SRL (Italy), and businesses operated by our group under the brand names including Frank Recruitment Group (FRG), Nigel Frank, Mason Frank, Nelson Frank, Jefferson Frank, Revolent, Tenth Revolution Group, Anderson Frank, Washington Frank, TRG Technology Consulting, Digital Revolution Awards, and Dynamic Jobs.
This Privacy Notice sets out the basis on which we collect, store, use and disclose personal data we receive in writing, through our Websites, or through the cloud talent solution services that we provide. It therefore applies to personal data that you provide to TRG telephonically, electronically (including email) and in person.
This information may be updated from time to time, and should be read in the context of any additional specific information such as that provided in privacy policies applicable to specific businesses or local areas as displayed on the relevant Website or distributed to you from time to time.
This Privacy Notice also informs you how we obtain and use information gained by us through your use of the Websites, including by using “cookies” and third party vendors.
Please read the following carefully to understand our views and practices regarding your personal data, how we will treat it and your rights.
This Privacy Notice applies to TRG globally. The first part of the policy is general and applies globally. The second of the Privacy Notice is comprised of country-specific addendums, and where applicable, TRG will handle Personal Data relying on certain exemptions under local law. Please be sure to check the addendums below to see if there is one that applies to your country or local jurisdiction. In the event of a conflict between the general part of this Privacy Notice and an addendum, the addendum prevails.
II. Who are we?
Tenth Revolution Group is the world’s leading provider of technology talent solutions. Our mission and purpose is to solve the tech skills gap and change people’s lives. Through our portfolio of specialist brands including Nigel Frank International, Mason Frank International, Washington Frank, Anderson Frank, Nelson Frank, FRG Technology Consulting, Jefferson Frank and Revolent, we find, train, and deploy tech talent, giving businesses access to the skills they need to digitally transform their operations and empower people to build a rewarding career in tech. If you want to contact TRG or any of its group companies, please click here.
You can contact TRG’s Chief Privacy Officer (“CPO”) by emailing privacy@tenthrevolution.com or by sending written correspondences here:
Frank Recruitment Group Services Limited
The St. Nicholas Building
St. Nicholas Street
Newcastle-Upon-Tyne
Tyne & Wear U.K. NE1 1RF
Attn: Chief Privacy Officer
Your TRG Personal Data is governed by this Privacy Notice unless you interact with us through Revolent or Digital Revolution Awards, which are governed by one of the following individual privacy notices:
1. For Revolent’s privacy notice, click here.
2. For Digital Revolution Awards privacy notice, click here.
III. Who does this Privacy Notice protect?
This Privacy Notice protects individuals throughout the world who access our Websites or receive recruitment services, or participate in awards competitions from us. In addition to candidates who are looking for a new or different job or career, this also includes individuals who are employed by an actual, former or prospective TRG client. An TRG “client” is one of (a) a business that TRG has contracted with to provide recruitment or is in the process of doing so, (b) a business that TRG may solicit with the intention of providing recruitment or (c) a business to whom TRG may provide relevant IT market information. Additionally, TRG acts as the data controller for Personal Data (as defined below) obtained concerning those protected under this Section III.
IV. What information will we collect?
Some of the data that we collect and receive from you is personal data which means that it is information that could personally identify you (“Personal Data” or “PII”). The Personal Data that we may collect from all users of our Websites and users of our recruitment services may include any of the following:
• Your name;
• Your gender;
• Contact details e.g. street address, email address, cell (or mobile) or home telephone numbers;
• Work Experience;
• Job Title;
• Professional Certifications;
• Education & Qualifications;
• Skills;
• Career History;
• Salary Range;
• Right to work status \ citizenship;
• Other information relevant to help us provide recruitment services;
• References from past employers; and
• IP address
A. For Contract Candidates Only (individuals who are employed by, consult with and/or own an entity recruited by TRG to provide contract or temporary technical professional services to an TRG client (or an TRG client’s client))
In addition to the Personal Data listed above, TRG may collect the following from you:
• Tax details and proof of payment and submission;
• Commercial insurance information; and
• Bank and payment details.
While this information may relate to your company or your employer rather than being your Personal Data, we have listed this information for transparency.
If your provision of Personal Data to TRG is necessary to enter into a contract with your company or your employer, your failure to provide us with accurate Personal Data may result in TRG not being able to offer or render recruitment services to you, your company or your employer.
V. Why do we process your Personal Data?
Generally, we use your Personal Data for our business and activities, and in our efforts to expand and improve our business. Examples include:
A. All users of the Websites and/or our services
• To provide our recruitment services to you, your employer or your company;
• To facilitate the recruitment process, including but not limited to:
o Qualifying and submitting candidates;
o For clients, negotiating TRG terms of business;
o Arranging interviews and obtaining feedback;
o Negotiating compensation packages; and
o Providing post placement follow up.
• Where permitted by applicable law and unless you tell us otherwise, we (or a third party to whom we have provided your Personal Data under part VI below of this Privacy Notice) may send you emails, SMS messages, or text messages (standard SMS or text message rates may apply);
• To assess data about you against vacancies which we judge may be suitable for you;
• To enable you to submit your CV/resume to TRG, apply online (including through the Websites) for jobs or to subscribe to alerts about jobs we think may be of interest to you;
• To enable us to develop and market other products and services and where you have consented to being contacted for such purposes;
• To improve our customer service and to make our services more valuable to you (including tailoring the Websites when you log on to enrich your personal online experience);
• To send you electronically or by post surveys, reports, TRG event details, promotions, offers, networking and client events and general information about relevant industry sectors which we think might be of interest to you, where you have consented to being contacted for such purposes (and we will provide you with an opportunity to opt out);
• To identify you, and respond to and process your requests for information and provide you with a product or service;
• To amend records to remove personal information;
• To use your information on a pseudonymized basis to monitor compliance with our equal opportunities policy, other TRG policies and any legal or compliance requirements;
• To use your information on a pseudonymized basis to create marketing materials such as a salary survey; and
• To carry out our obligations arising from any contracts entered into between you and us, and for other everyday business purposes that involve use of Personal Data.
B. Actual or Prospective Candidates
• To help find you or your company a job;
• To contact you (permanent hire candidates), your employer or your company (contract candidates) about jobs that TRG is filling or may fill for TRG clients;
• To provide you or your company with information about the job market;
• To communicate with you (permanent hire candidates), your employer or your company (contract candidates) after you or it has started a job to make sure all is going well or to remedy, or attempt to remedy, any problems;
• To answer any questions you have about a job or the job market;
• To fulfill any aspect of your employer’s or your company’s contract with TRG (for contract candidates only);
• To collect any money due, or allegedly due, to TRG or any TRG client (or TRG’s client’s client);
• To obtain or inquire about any property (including computers and confidential business information) owned, or allegedly owned, by TRG or any TRG client (or TRG’s client’s client);
• To determine if an TRG client or other entity (or their respective affiliates) to whom TRG presented you has (a) employed you or (b) retained you or any entity (i) that employed you or (ii) that retained you or (iii) in which you have a financial interest;
• To establish, exercise or defend any legal claims; and
• To assist you (permanent hire candidates), your employer or your company (contract candidates) if you are dissatisfied or dislike the job, or any aspect of it.
C. Individuals who work for TRG clients (i.e. a “client contact”)
• To fill an open vacancy at your company or employer;
• To contact you about candidates for jobs with whom TRG has a relationship;
• To provide you with information about the job market;
• To communicate with you after your company or employer has hired/retained an TRG candidate to make sure all is going well and to remedy, or attempt to remedy, any problems;
• To negotiate and fulfil any aspect of your company’s or employer’s contract with TRG;
• To answer any questions you have about a job or a candidate or your company’s or employer’s contract with TRG;
• To resolve any issue with the issuance, payment, collection or enforcement of an TRG invoice;
• To collect any property owned by TRG or any TRG candidate;
• To establish, exercise or defend any legal claims.
D. Individuals who participate in awards’ competitions
a) To provide our awards’ competition services to you;
b) To facilitate the awards’ competition process, including but not limited to:
o Publishing contest rules;
o Collecting, qualifying and submitting participants, contest applications, judges, and winners;
o Facilitating the acceptance, rejection, or delivery of contest awards;
o Providing post award follow up.
VI. Who do we send your Personal Data to?
A. All users of the Websites and/or our services
• To third parties where we have retained them to provide services that we or you have requested or that TRG clients have requested including references, qualifications and background reference checking services and to verify the details you have provided from third party sources.
• To third parties to provide data storage, CV/resume parsing, data cleansing and marketing services to TRG where such third parties have agreed to maintain the confidentiality of, and to protect, your Personal Data in accordance with applicable law.
• To third parties to assist with credit control and payment management
• To third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, in connection with legal proceedings or other similar cause or circumstance.
• To TRG affiliates, whose locations can be found at https://www.tenthrevolution.com/contact . These entities will process your Personal Data in accordance with this Privacy Notice.
• In the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets, or a controlling interest in the equity, of TRG (or any of its group companies) provided that such counterparty(ies) to any such transaction agrees to adhere to the terms of this Privacy Notice (or a similar document) and applicable law.
B. Actual or Prospective Candidates
• To TRG clients in order for them to determine if you (permanent hire candidate) or your company or employer (contract candidate) are or may be qualified to fill a vacancy.
• To third parties that you authorize us to send your personal data to such as “umbrella” companies, insurance brokers and insurance carriers;
• For contract candidates, to third parties under contract with TRG who may serve as your employer or with whom your company may enter into a contract;
• To third parties to determine if an TRG client or other entity (or their respective affiliates) to whom TRG presented you has (a) employed you or (b) retained you or any entity (i) that employed you or (ii) that retained you or (iii) in which you have a financial interest.
C. Individuals who work for TRG clients (i.e. a client contact)
1) To candidates in the course of providing your company or employer with recruiting services and to further the recruitment process.
• To third parties where we have retained them to provide services that you have requested including candidate skill tests and other testing.
• To third parties to determine if an TRG client or other entity (or their respective affiliates) to whom TRG presented a candidate has (a) employed the candidate or (b) retained the candidate or any entity (i) that employed the candidate or (ii) that retained the candidate or (iii) in which the candidate has a financial interest.
VII. What will TRG do if my Personal Data is breached?
TRG has put in place reasonable technical, administrative and physical safeguards intended to prevent a breach of your Personal Data. That being said, TRG cannot guarantee that your Personal Data will not be breached.
A breach can take many forms, including, without limitation, the loss of your Personal Data or the unauthorized access to, disclosure, modification, copying and transfer of your Personal Data.
Once TRG becomes aware of the breach, TRG will take reasonable steps to isolate the breach, stop the breach, determine the root cause, determine the Personal Data breached, fix the root cause and determine if notice to you and/or the appropriate government agency(ies) is required. TRG will comply with all applicable law in reacting to, and dealing with, a breach of Personal Data.
If you believe, for any reason, that your Personal Data has been breached while in TRG’s care, custody or control, please email TRG immediately at privacy@tenthrevolution.com.
If TRG obtains your Personal Data from someone other than you, this Privacy Notice includes all information required under applicable law except that TRG shall not provide you with this information if you already possess this information, providing you with such information is against (or not mandatory under) applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, TRG shall take appropriate measures to protect your rights, freedoms and legitimate interests. If you have any questions, please contact TRG at privacy@tenthrevolution.com.
VIII. Will my Personal Data be transferred to another country?
Yes, TRG may transfer your Personal Data to the categories of third parties described in this Privacy Notice, some of whom are located outside of the country in which you provided your Personal Data to TRG or the country of collection.
If so, TRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. The countries where TRG may transfer your Personal Data will have varying levels of data security practices and laws, some of which may be less stringent or protective than your country. TRG will use all reasonable efforts to require that any of its suppliers and vendors who receive your Personal Data are contractually bound to (a) keep your Personal Data confidential and (b) take, at a minimum, reasonable efforts to maintain the privacy and security of your Personal Data.
Under certain circumstances, TRG may share your Personal Data with one or more of its group companies who may be located in a country other than yours or other than the country in which TRG collected your Personal Data. In such cases, TRG will comply with applicable laws and its Intercompany Data Processing Agreements (“DPAs”). The DPAs are incorporated by reference into this Privacy Notice.
IX. How long will TRG store my Personal Data for?
We are required by applicable law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations. This period of time will vary based on the law in your country and in the country where TRG stores your Personal Data.
In addition, TRG will keep your Personal Data for the identified purposes until it reasonably believes that it no longer needs it, that there is no reasonable chance that you, your employer or your company will do business with TRG, and there is no reason to believe that we will need the Personal Data for any special circumstances such as the issuance or defence of legal proceedings, audit, investigation or collections.
X. Sending TRG Personal Data over the internet
Your Personal Data is held on servers hosted by us, our internet services providers or third party vendors with whom TRG has a contract. The transmission of information via the internet is not completely secure. Although we will take the efforts set forth in the Privacy Notice to protect your Personal Data, we cannot guarantee the security of any data transmitted through or to our Websites. Any transmission of data by you to us over the internet is at your own risk.
XI. How we collect and aggregate information about visitors to our Websites
We also collect information about the way job seekers and visitors use the Websites in order to improve our services, to understand our users better, and to determine aggregate trends, most popular pages, etc. By using the Websites, you agree that we may share de-identified aggregate data with selected third parties to assist with these purposes. We may also undertake marketing profiling to help us identify candidates, clients, or jobs which may be of interest to you. We may process Personal Data that you submit to us through the Websites under one or more of the permissible bases for processing Personal Data set forth in the Privacy Notice.
XII. Technology and Tools
Like many companies, we use technology and tools that tell us when a computer or device has visited or accessed our content. Those tools include services from search engines and other companies that help us to tailor our products and services to better suit our customers and potential customers. Search engines provide facilities to allow you to indicate your preferences in relation to the use of those tools in connection with computers and other devices controlled or used by you.
We also set out further information below about Cookies and Web Beacons.
A. What are cookies?
A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options to you based upon the stored information about your last visit. You can normally alter the settings of your browser to prevent acceptance of cookies. Cookies are used are many, many websites, including TRG’s Websites.
B. How do we use cookies and plug-ins?
We use “cookies” and plug ins to: (1) make the Websites function properly and as a user would normally expect of a commercial website, (2) monitor Website user traffic patterns and Website usage.; and (3) help us to advertise to you jobs we think you, your company or your employer will be interested in. Our use of these tools helps us to understand how our users use our Websites so that we can develop and improve the design, layout and functionality of the Websites and to provide more efficient and relevant services to you.
C. There are different kinds of cookies with different functions.
The cookies we use are explained below:
1. Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
2. Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
3. Strictly necessary cookies: these cookies are essential to enable you to use the Websites effectively and therefore cannot be turned off. Without these cookies, the services available to you on our Websites cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
4. Performance cookies: these cookies enable us to monitor and improve the performance of our Websites. For example they allow us to count visits, identify traffic sources and see which parts of the Websites are most popular. These cookies do not collect information that identifies a visitor, as all information these cookies collect is anonymous and is only used to improve how our Websites work.
5. Functional cookies: these cookies allow our Websites to remember choices you make (such as your user name, language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other pages of our Websites that you can customise. They may also be used to provide services you have requested such as viewing a video or commenting on a blog.
6. Personalisation cookies: the TRG Websites use personalisation cookies to help us to advertise jobs that we think may be of interest to you. These cookies are persistent and mean that when you log in, or return to, the particular TRG Website, you may see advertising for jobs that are similar to jobs that you have previously browsed.
7. Targeting cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.
For information on how to reject these cookies, see Section E below.
D. Cookies and Plug-ins set by TRG or Third Parties used by TRG
In addition to our various branded Privacy Preference Centers (see the blue shield in the bottom left-hand corner of your screen), below are tables listing the cookies that you may encounter on our Websites and the purpose for which we use each one and the duration that the cookie remains in place (unless you take action to reject the cookie). TRG may update these tables and its Privacy Preference Centers from time to time. Most of the cookies on our Websites are set by third parties. TRG works with several third parties to provide services which help us to keep the Websites tailored to your needs. Some of these vendors use cookies to help them deliver these services.
Our developers are working hard on creating an interactive cookie table to improve your experience. For now, please see the following table below.
Host | Cookie | Description | Type ⇅ | Duration |
tenthrevolution.com | _ga_xxxxxxxxxx | Used by Google Analytics to identify and track an individual session with your device. | Performance Cookies | 729 Days |
pi.pardot.com | lpv661413 | This domain is owned by Pardot, a marketing automation platform which provides lead generation services to businesses. | Functional Cookies | 0 Days |
www.facebook.com | This domain is owned by Facebook, which is the world’s largest social networking service. As a third party host provider, it mostly collects data on the interests of users via widgets such as the ‘Like’ button found on many websites. This is used to serve targeted advertising to its users when logged into its services. In 2014 it also started serving up behaviourally targeted advertising on other websites, similar to most dedicated online marketing companies. | Targeting Cookies and Web beacons (Tracking pixels) | SESSION | |
tenthrevolution.com | _gat_UA-155270382-1 | This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites. | Performance Cookies | 0 Days |
www.tenthrevolution.com | _gd############# | This cookie contains no identifying information and is used for diagnostic purposes by Impact Radius, a service we use to track signup commissions for our affiliate program. We have categorized it under Functionality because it is necessary for the operation of our affiliate program. | Performance Cookies | 730 Days |
careers.tenthrevolution.com | _gd############# | This cookie contains no identifying information and is used for diagnostic purposes by Impact Radius, a service we use to track signup commissions for our affiliate program. We have categorized it under Functionality because it is necessary for the operation of our affiliate program. | Functional Cookies | 730 Days |
onetrust.com | _cfuvid | This domain is owned by OneTrust, a privacy management software which helps organizations achieve compliance with global regulations. | Strictly Necessary Cookies | SESSION |
linkedin.com | lidc | This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a primarily tracking/targeting domain. | Functional Cookies | 1 Days |
youtube.com | VISITOR_INFO1_LIVE | This cookie is used as a unique identifier to track viewing of videos | Performance Cookies | 180 Days |
tenthrevolution.com | _gat_UA-nnnnnnn-nn | Google Analytics Cookies | Targeting Cookies and Web beacons (Tracking pixels) | 0 Days |
www.youtube.com | TESTCOOKIESENABLED | YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. | Targeting Cookies and Web beacons (Tracking pixels) | 0 Days |
tenthrevolution.com | _fbp | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers | Targeting Cookies and Web beacons (Tracking pixels) | 90 Days |
careers.tenthrevolution.com | PHPSESSID | PHP session cookie associated with embedded content from this domain. | Strictly Necessary Cookies | SESSION |
youtube.com | VISITOR_PRIVACY_METADATA | YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. | Targeting Cookies and Web beacons (Tracking pixels) | 179 Days |
careers.tenthrevolution.com | OptanonAlertBoxClosed | This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user. The cookie has a normal lifespan of one year and contains no personal information. | Strictly Necessary Cookies | 364 Days |
www.tenthrevolution.com | OptanonAlertBoxClosed | This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user. The cookie has a one year lifespan and contains no personal information. | Strictly Necessary Cookies | 362 Days |
t.co | muc_ads | This domain is owned by Twitter. It is used as a URL shortening service, which allows Twitter to collect data on how links are shared. | Targeting Cookies and Web beacons (Tracking pixels) | 729 Days |
careers.tenthrevolution.com | drift_campaign_refresh | This is the session identifier token. It is used to tie the visitor on your website with a current website session within the Drift system. This is enables session-specific features, such as popping up a messaging only once during a 30 minute session as to prevent a disruptive experience. | Targeting Cookies and Web beacons (Tracking pixels) | 0 Days |
go.frankgroup.com | pardot | Performance Cookies | 0 Days | |
pi.pardot.com | pardot | This domain is owned by Pardot, a marketing automation platform which provides lead generation services to businesses. | Performance Cookies | 0 Days |
linkedin.com | bcookie | This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a primarily tracking/targeting domain. | Functional Cookies | 731 Days |
youtube.com | YSC | YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. | Targeting Cookies and Web beacons (Tracking pixels) | SESSION |
tenthrevolution.com | driftt_aid | This is the anonymous identifier token. It is used to tie the visitor on your website with the profile within the Drift system. This allows Drift to remember the information that this site visitor has provided through the chat on subsequent site visits. | Targeting Cookies and Web beacons (Tracking pixels) | 729 Days |
twitter.com | personalization_id | This domain is owned by Twitter. The main business activity is: Social Networking Services. Where twitter acts as a third party host, it collects data through a range of plug-ins and integrations, that is primarily used for tracking and targeting. | Targeting Cookies and Web beacons (Tracking pixels) | 730 Days |
www.linkedin.com | bscookie | This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a primarily tracking/targeting domain. | Functional Cookies | 731 Days |
tenthrevolution.com | drift_aid | This is the anonymous identifier token. It is used to tie the visitor on your website with the profile within the Drift system. This allows Drift to remember the information that this site visitor has provided through the chat on subsequent site visits. | Targeting Cookies and Web beacons (Tracking pixels) | 729 Days |
frank-group.involve.me | lvapp_session | Functional Cookies | 0 Days | |
www.tenthrevolution.com | OptanonConsent | This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor. | Strictly Necessary Cookies | 362 Days |
careers.tenthrevolution.com | OptanonConsent | This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor. | Strictly Necessary Cookies | 364 Days |
linkedin.com | AnalyticsSyncHistory | This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a primarily tracking/targeting domain. | Functional Cookies | 30 Days |
tenthrevolution.com | _gid | This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited._gid | Performance Cookies | 1 Days |
linkedin.com | li_sugr | This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a primarily tracking/targeting domain. | Targeting Cookies and Web beacons (Tracking pixels) | 89 Days |
careers.tenthrevolution.com | visitor_id##### | This is a cookie pattern that appends a unique identifier for a website visitor, used for tracking purposes. | Targeting Cookies and Web beacons (Tracking pixels) | 3649 Days |
pardot.com | visitor_id##### | This is a cookie pattern that appends a unique identifier for a website visitor, used for tracking purposes. | Performance Cookies | 3650 Days |
go.frankgroup.com | visitor_id##### | This is a cookie pattern that appends a unique identifier for a website visitor, used for tracking purposes. | Performance Cookies | 3650 Days |
tenthrevolution.com | _ga | This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners._ga | Performance Cookies | 730 Days |
linkedin.com | UserMatchHistory | This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a primarily tracking/targeting domain. | Functional Cookies | 30 Days |
linkedin.com | li_gc | This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions. For this reason it is classified as a primarily tracking/targeting domain. | Performance Cookies | 727 Days |
pardot.com | visitor_id661413-hash | This is a cookie pattern that appends a unique identifier for a website visitor, used for tracking purposes. | Performance Cookies | 3650 Days |
careers.tenthrevolution.com | visitor_id661413-hash | This is a cookie pattern that appends a unique identifier for a website visitor, used for tracking purposes. | Targeting Cookies and Web beacons (Tracking pixels) | 3649 Days |
go.frankgroup.com | visitor_id661413-hash | This is a cookie pattern that appends a unique identifier for a website visitor, used for tracking purposes. | Performance Cookies | 3650 Days |
E. How to reject cookies
If you don’t wish to receive cookies that are not strictly necessary to perform basic features of our Websites, you may choose to opt out of them by selecting the blue shield in the bottom left-hand corner of any of the Websites, called “Privacy Preference Center”.
Note that most web browsers will accept cookies, but if you would rather that we did not collect data in this way you can choose to accept or reject some or all cookies in your browser’s privacy settings. Rejecting all cookies means that certain features of the Website(s) cannot then be provided to you and accordingly you may not be able to take full advantage of all our Websites’ features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.
For more information generally on cookies, including how to disable them or change cookies’ settings, please refer to aboutcookies.org (http://www.allaboutcookies.org/). You will also find details on how to delete cookies from your computer. Find out how to manage cookies on popular browsers:
• Google Chrome
• Microsoft Edge
• Mozilla Firefox
• Microsoft Internet Explorer
• Opera
• Apple Safari
To find information relating to other browsers, visit the browser developer’s website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
F. Web Beacons
TRG may use or include web beacons in emails or other electronic communications that TRG sends to you. We use web beacons to help us analyze the effectiveness of our communications to you. For example, we may use web beacons to understand when and if you opened our email, how many times you opened the email, if you have forwarded the email to another email address, or if you clicked on a link in an email that we sent to you. The web beacons do not collect or give us your PII but they do provide information to us about your actions after receiving a communication from us. If you would like to stop receiving emails with web beacons from us, you may unsubscribe by clicking the “Unsubscribe” link in the email. However, you may receive auto generated emails from TRG after you create an account on the Websites or take some other affirmative action on the Websites which contain web beacons but do not contain an “Unsubscribe” link. In those cases, just simply email privacy@tenthrevolution.com if you would like to stop receiving emails from TRG with web beacons.
Also, TRG works with third parties to help manage online advertising who embed web beacons in online job postings and job advertisements that TRG requests these third parties to post online. One such third party that we use is Broadbean. These web beacons allow Broadbean to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by a third party that Broadbean uses such as Google Analytics. These files enable Google Analytics to recognize a unique cookie on your web browser, which in turn enables Broadbean to learn which advertisements bring users to our Websites or websites on which Broadbean placed our advertisements. The cookie on your web browser was placed by Broadbean, or by another advertiser who works with Google Analytics. With both cookies and web beacon technology, the information that Google Analytics (either directly, see cookie/plug-in chart above) or Broadbean collects and shares with us is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address. For more information about Google Analytics, including information about how to opt out of these technologies, go to www.google-analytics.com. For more information about web beacons and cookies placed by Broadbean, please click https://www.broadbean.com/uk/privacy-policy/.
XIII. Links to other websites
Please note that clicking on links and banner advertisements and RSS (Rich Site Summary) feeds may result in your transfer to another website, where data privacy practices may be different than described in this Privacy Notice. It is your responsibility to check other website privacy notices and policies to ensure that you are happy for your personal information, including Personal Data, to be used in accordance with those third parties’ privacy notices and policies. We accept no responsibility for, and have no control over, third party websites, links, adverts or RSS feeds or information that is submitted to or collected by third parties.
XIV. Changes to our Privacy Notice
We reserve the right to change this Privacy Notice from time to time by updating this Privacy Notice on our website. Any changes to this Privacy Notice or any of its addendums will be posted on this Website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We encourage you to check this Website frequently for updates. Your continued use of this Website or any TRG services shall constitute your acceptance of the revised Privacy Notice.
TRG will interpret and enforce this Privacy Notice in accordance with all applicable law.
The effective date of this Privacy Notice is March 25, 2018. This Privacy Notice was updated on March 25, 2018; October 4, 2018; April 15, 2019; July 10, 2019; January 1, 2020; April 20, 2020; May 18, 2020, October 8, 2020, February 18, 2021, May 12, 2021, June 30, 2021, July 9, 2021, July 16, 2021, September 13, 2022 April 3, 2023, November 1, 2023, December 15, 2023, March 1, 2024, April 4, 2024, April 18, 2024, May 15, 2024 and June 30, 2024.
This Privacy Notice was last updated on July 15 2024.
United Kingdom Addendum
I. Who is TRG’s Supervisory Authority for Data Protection Purposes?
TRG has designated the UK Information Commissioner’s Office (“ICO”) as the supervisory authority for purposes of Data Protection Act of 2018 (“DPA 2018”) and UK General Data Protection Regulation (“UK GDPR”).This addendum applies to the United Kingdom only.
II. How do we lawfully process your data?
In order to process your Personal Data lawfully TRG must have a legal basis to do so. TRG relies on three main legal basis for processing your Personal Data:
• where we obtain your affirmative consent to use your Personal Data in this way;
• where we have a legitimate interest in processing your Personal Data, which we have balanced against your rights and freedoms and concluded that our processing is justifiable; or
• where our handling of your Personal Data is necessary for us to perform the obligations under your company’s or employer’s contract with TRG (inapplicable to candidates for permanent hire).
We may rely on one or more legal bases to process your Personal Data.
A. All users of the Websites and/or our services
Legitimate Interests: TRG uses Personal Data that we collect for the following general purposes in the performance of our legitimate interests as a business: to provide the services to our candidates and clients; to enhance their experience, to improve our services and to contact candidates and clients.
B. Actual or Prospective Candidates
Consent: If you, whether on your own behalf (permanent hire candidate) or on behalf of your company or your employer (contract hire candidate), would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to TRG processing your Personal Data for this purpose. TRG may also ask you via email, text message or SMS (standard SMS or text message rates may apply), or telephone for your affirmative consent to receive marketing and other communications from us.
Legitimate interest: TRG has a legitimate interest in processing your Personal Data in order to fill a job, to provide you (permanent hire candidate) or your company or your employer (contract hire candidate) with other products and services to help you in your career and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. TRG also has legitimate interest to process your Personal Data if you apply for, or seek further information about, a job posted on one of the Websites or a job advertised by TRG on a job board, social media site or other forums.
Necessary for the performance of a contract: TRG can process your Personal Data in the performance of its contract with your company or employer.
C. Individuals who work for TRG clients (i.e. a client contact)
Consent: If you would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to TRG processing your Personal Data for this purpose. TRG may also ask you via email, text message or SMS (standard SMS or text message rates may apply), or telephone for your affirmative consent to receive marketing and other communications from us.
Legitimate Interest: TRG has a legitimate interest in processing your Personal Data in order to fill a vacancy at your company or employer, and provide you with other products and services relevant to your company or employer and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. TRG also has legitimate interest to process your Personal Data if you seek or obtain further information about TRG or an TRG candidate.
Necessary for the performance of a contract: TRG can process your Personal Data in the performance of its contract with your company or employer.
With respect to actual or prospective client contacts and candidates, if TRG obtains your Personal Data from someone other than you, TRG shall inform you of the identity and contact details of the person or entity from whom TRG obtained your Personal Data, whether TRG obtained your Personal Data from publicly available sources, the categories of Personal Data that TRG obtained and, if TRG is processing your Personal Data based on its legitimate interest (see Section III below), the nature of TRG’s legitimate interest. TRG shall provide you with the information listed in this paragraph by the earlier of (1) forty-five (45) days (for candidates) or ninety (90) days (for client contacts) after TRG obtains your Personal Data or (2) if TRG uses your Personal Data to communicate with you, the first time that TRG communicates with you.
TRG shall not provide you with the information described in the paragraph immediately above if you already possess this information, providing you with such information is against applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, TRG shall take appropriate measures to protect your rights, freedoms and legitimate interests.
III. Your Special Rights under Data Protection Laws
A. Do I have a right to be erased (forgotten)?
Yes. You have the right to request that TRG deletes or removes your Personal Data where there is no compelling reason for us to continue to process it. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.
Please note that your right to erasure is not absolute. TRG will remove your Personal Data when:
1. the Personal Data is no longer necessary in relation to the purpose for which TRG originally collected and/or processed it;
2. if TRG is processing your Personal Data on the basis of your consent and you withdraw consent;
3. you object to the processing of your Personal Data and there is no overriding legitimate interest for us to continue to process it;
4. the Personal Data was unlawfully processed; and
5. the Personal Data must be erased to comply with a legal obligation.
TRG can refuse to comply with an erasure request in the following limited circumstances:
(a) to exercise TRG’s right of freedom of expression and information;
(b) to comply with a legal obligation or for the performance of a public interest task;
(c) for archiving purposes in the public interest, scientific research, historical research or statistical purposes; or
(d) for the establishment, exercise or defence of legal claims.
If we remove your Personal Data per your request for erasure, then we will confirm this with you.
If we have disclosed any of your Personal Data to a third party and you submit an erasure request to us, then we will inform (1) you about the recipients and (2) any such third parties of your erasure request unless doing so is impossible or involves disproportionate efforts.
We will respond to your erasure request without undue delay. Please note that, for your and TRG’s protection, we cannot respond to an erasure request until we have verified the identity of the person making the request. This verification process may extend the response timeframes set forth in this paragraph.
B. Do I have a right of access to a copy of my Personal Data?
Yes. You have the right to:
• obtain confirmation that your Personal Data is being processed;
• a copy of your Personal Data being processed;
• the purposes of the processing;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom TRG has disclosed your Personal Data; and
• the criteria TRG uses to determine how long it will store your Personal Data.
You can exercise this right by sending an email to TRG at privacy@tenthrevolution.com.
This right is in place to ensure that you are aware of and can verify the lawfulness of the processing. In most cases, we will provide you with a copy of your Personal Data free of charge. However, we may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive. With respect to unfounded, excessive or repetitive requests, in rare cases, TRG may refuse to respond to your request but will explain the reason(s) for its refusal to you without undue delay and within one month of its receipt of your request. If TRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.
If you submit your access request to TRG electronically, TRG will provide you with its response, and a copy of your Personal Data (if applicable) via email or other commonly used electronic form.
If TRG did not collect your Personal Data from you, TRG will inform you about the source from which it obtained your Personal Data. Your right of access does not adversely affect your right of erasure (forgotten) and right of rectification, both of which are described in this Privacy Notice.
Generally, TRG will provide you with a copy of your Personal Data without undue delay and within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex or numerous. If TRG exercises this extension of time, TRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. If your request is large or complex, TRG may ask you to specify the particular information or category of information you seek.
Please note that, for your and TRG’s protection, TRG cannot respond to an access request until it verifies the identity of the person making the request for your Personal Data. This verification process may extend the response timeframes set forth in the paragraph above.
C. Do I have a right to object to the processing of my Personal Data, including the processing of my Personal Data by TRG for direct marketing?
Yes, you have a right to object to the processing of your Personal Data where:
• TRG’s processing is based on its legitimate interest; or
• where TRG is using your Personal Data to directly market to you.
You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.
If TRG receives an objection request from you for reasons unrelated to direct marketing, TRG will stop processing your Personal Data unless we can show compelling legitimate ground(s) for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of any legal claims.
If TRG receives an objection request from you for reasons related to direct marketing, we will stop processing your Personal Data.
If you receive a direct marketing communication from TRG and you do not wish to receive future direct marketing communications from TRG, you may request to unsubscribe from future marketing communications by sending TRG an email at privacy@tenthrevolution.com. In addition, if the direct marketing communication you received was via email, you can click the “Unsubscribe” link at the bottom of the email, fill out the required form and TRG will process your unsubscribe request. Please allow up to ten (10) business days for your unsubscribe request to take effect.
D. Do I have a right to restrict processing of my Personal Data?
Yes, you have a right to restrict, the processing of your Personal Data. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com. When you exercise this right, TRG may continue to store your Personal Data but cannot further process it. TRG will cease processing your Personal Data in the following circumstances:
1. when you file a rectification request with TRG (see the “Do I have a right to have any inaccurate or incomplete Personal Data rectified?” section below) in accordance with this Privacy Notice and applicable law. The restriction shall remain in place until such time as TRG has verified the accuracy of the Personal Data that is the subject of your rectification request;
2. where TRG is processing your Personal Data based on its legitimate interest and you file a notice with TRG objecting to the processing of your Personal Data (see the “Do I have a right to object to the processing of my Personal Data?” section above) in accordance with this Privacy Notice and applicable law, TRG will cease processing your Personal Data until such time as TRG has made a determination as to whether its legitimate grounds for continued processing override your reasons for objecting to the processing;
3. when the processing is unlawful and you do not seek or want erasure and you file a restriction request with TRG in accordance with this Privacy Notice and applicable law instead; and
4. if TRG no longer needs the Personal Data and you require the data to establish, exercise or defend a legal claim.
While the processing of your Personal Data is restricted, TRG may continue to process such data by storing it, processing it with your consent or processing it for the establishment, exercise or defence of legal claims.
TRG will inform you if it decides to lift a restriction on processing.
If TRG has disclosed any of your Personal Data to a third party and you submit a request to restrict processing, TRG will inform (1) you about the recipients if you so request and (2) any such third parties of your restriction request unless doing so is impossible or involves disproportionate efforts.
TRG will act on your restriction request in accordance with this Privacy Notice without undue delay. Please note that, for your and TRG’s protection, TRG cannot act on a restriction request until it verifies the identity of the person making the request. This verification process may extend the timeframe in which TRG acts on your restriction request.
E. Do I have a right to Personal Data portability?
Yes. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com. This right exists to allow you to obtain and use your Personal Data for your own purposes across different services. Under this right, you can move, copy or transfer your Personal Data from TRG to another data controller.
This right applies where TRG is processing your Personal Data with your consent or for the performance of a contract. It also applies if we process your Personal Data by automated means. If your portability request concerns someone other than you, TRG will have to consider whether providing or porting the Personal Data would prejudice the other person’s or people’s rights.
Generally, TRG will respond to your portability request without undue delay and within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex or numerous. If TRG exercises this extension of time, TRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. Where technically feasible, you may request that TRG transmit your Personal Data to another data controller.
F. Do I have a right to object to decision been taken by automated means?
If TRG uses automated (i.e. non-human) methods to process your Personal Data to make decisions that could potentially have a damaging legal or similarly significant effect on you (each, an “Automated Decision”), you have the right not to be subject to the Automated Decision. This right is inapplicable to any Automated Decision made by TRG that is necessary for entering into or the performance of a contract between you and TRG, is authorized by law or is based on your explicit consent.
If TRG makes any Automated Decisions to which this right applies, TRG will ensure that you are able to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.
If TRG engages in “profiling” by automated means, TRG will ensure that appropriate safeguards are in place including (1) ensuring that the processing is fair and transparent by providing you with meaningful information about the logic involved and the significance and consequences of the outcome of the decision, (2) using appropriate mathematical or statistical procedures for the profiling, (3) implementing appropriate technical and organizational measures to enable inaccuracies to be corrected and minimize the risk of errors and (4) securing the Personal Data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.
G. Do I have a right to have any inaccurate or incomplete Personal Data rectified?
Yes. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.
Generally, TRG will respond to your rectification request within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex. In rare cases, TRG may refuse to respond to your request but will explain the reason(s) for its refusal to you within one month of its receipt of your request. If TRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.
If TRG has disclosed any of your Personal Data to a third party and you submit a rectification request to TRG that TRG is going to honor, TRG will inform (1) you about the recipients and (2) any such third parties of your rectification request as well as any corrected Personal Data, unless doing so is impossible or involves disproportionate efforts.
We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date.
H. What are my rights if the Security of my Personal Data is breached?
A breach of Personal Data (a “Breach”) means a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data for which we are responsible under applicable law.
If the Breach is likely to have a significant detrimental effect on your rights and freedoms (such as resulting in discrimination, damage to reputation or financial loss), TRG will notify the ICO without undue delay, and if feasible, within one business day of TRG’s becoming aware of the Breach. TRG will assess the determination of “significant detrimental effect” on a case by case basis.
If the Breach is likely to result in a “high risk” to your rights and freedoms, TRG will notify you without undue delay. To be clear, the threshold requiring TRG to notify you of a Breach is higher than the threshold requiring TRG to notify the ICO of a Breach so it is possible that TRG will notify the ICO of a Breach but not you. TRG will assess the determination of “high risk” on a case by case basis.
Any Breach notice issued by TRG will contain, where possible, (1) the categories and approximate number of individuals and Personal Data records effected by the Breach, (2) the name and contact details of the Information System Manager (“ISM”) (or other TRG contact representative if TRG does not have a ISM at the time that TRG issues the Breach notice), (3) a description of the likely consequences of the Breach, (4) a description of the measures that TRG has taken, and may take, to stop the Breach and, where appropriate, to mitigate the adverse effects of the Breach and (5) recommendations on actions you can take to protect yourself in light of the Breach.
I. Will my Personal Data be transferred outside the UK?
TRG may transfer your Personal Data to third parties described in this Privacy Notice who are located outside of the UK. If so, TRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. Some of the countries outside the UK where your Personal Data may be transferred will be on the ICO’s list of countries that it has deemed to have adequate security controls in place (the “Approved List”). Given the European Court of Justice’s decision in Data Protection Commissioner v. Facebook Ireland and Maximilian Schrems, Case C-311/18 (July 16, 2020) (“Schrems II”) , and absent consent from the Data Subject (or any other reason provided in UK GDPR Article 49(1)(b)-(f) as may be amended from time to time), if TRG transfers your Personal Data to processors (which could be external third party vendors or suppliers) that store, transfer, process, or control your Personal Data in a country not on the Approved List or not in the UK (“Third Countries”), then TRG shall determine whether each processor (and each subprocessor that a processor has provided TRG formal notice of) can store, transfer, process, or control the Personal Data solely within the UK, or a country on the Approved List.
(a) If TRG determines that the processor (and each subprocessor that a processor has provided TRG formal notice of) can store, transfer, process, or control the Personal Data solely within a country on the Approved List or in the UK, we will require such processor (and will require the processor to require each of its applicable subprocessors) to do so.
(b) If TRG determines that the processor (and each subprocessor that a processor has provided TRG formal notice of) cannot store, transfer, process, or control the Personal Data in a country on the Approved List or in the UK, then:
(i) TRG will require such processor (and will require the processor to require each of its applicable subprocessors) to be bound by the model clauses promulgated by the ICO under S119A(1) Data Protection Act 2018, including but not limited to the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses VERSION B1.0, as in force 21 March 2022, any successor versions thereto, and any other valid transfer mechanism promulgated by the ICO (collectively for this Addendum, “Model Clauses”). When relying on the Model Clauses, TRG shall (a) monitor the laws and regulations of Third Countries for the adequate protections of UK. Data Subjects as required by the UK GDPR or other local laws and regulations; and (b) terminate the storage, transfer, processing , or control of Personal Data by a processor (or a subprocessor where the process has informed TRG of the country in which such subprocessor is processing your Personal Data) when (i) such laws and regulations of Third Countries are incompatible with the UK GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the UK GDPR or other local laws and regulations. If the events described in III(I)(b)(i)(b)(i) or (ii) occur, TRG will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.
(c) TRG shall also require the processor (and will require each processor to require its applicable subprocessors) to determine whether each processor or subprocessor can store, transfer, process, or control the Personal Data solely within the UK, or a country on the Approved List.
1. If processor (or its applicable subprocessors) can store, transfer, process, or control the Personal Data solely within the UK, or a country on the Approved List, then TRG shall contractually require the processors (and require processor to require its subprocessors to) do so.
2. If processor (or its applicable subprocessors) must store, transfer, process, or control the Personal Data in a Third Country, then TRG shall require its processors (and require processor to require its subprocessors to) to be bound by the Model Clauses. When relying on the Model Clauses, TRG shall contractually require such processors (and shall also require processors to require their subprocessors) to agree to (a) monitor the laws and regulations of Third Countries for the adequate protections of UK Data Subjects as required by the UK GDPR or other local laws and regulations; and (b) terminate the transfer, processing, or control of Personal Data when (i) such laws and regulations of Third Countries are incompatible with the UK GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the UK GDPR or other local laws and regulations. If the events described in III(I)(c)(2)(b)(i) or (ii) occur with respect to your Personal Data (and if TRG has formal notice that the events described in III(I)(c)(2)(b)(i) or (ii) have occurred), TRG will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.
Under certain circumstances, TRG may share your Personal Data with one or more of its group companies who may be located in a Third Country. In such cases, TRG will comply with its DPAs. The DPAs are incorporated by reference into this Addendum.
J. How long will TRG store my Personal Data for?
We are required by law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations.
With respect to UK GDPR (and similar laws), we will store and process your Personal Data that we obtain via: (i) your consent, until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) you inform us that you have withdrawn your consent; (ii) our legitimate interest until the earlier of (a) your Personal data is no longer necessary for the purpose for which it is being processed, or (b) TRG concludes that your rights and freedoms outweigh our right to process your Personal Data; and (iii) our necessity for the performance of a contract, until the termination or expiration of the contract including the termination or expiration of TRG’s and your employer’s or company’s duties or obligations that survive any such termination or expiration.
Furthermore, we will store your Personal Data in special circumstances related to the issuance or defense of legal proceedings, outstanding invoices or in connection with any investigation by or of a government authority.
K. What Protections do I have if TRG transfers my Personal Data to the U.S.?
If TRG transferred any of your data to the U.S. you have the protections of the Model Clauses and the UK Extension to the EU-U.S. Data Privacy Framework. Frank Recruitment Group Inc., a Delaware corporation, is TRG’s primary affiliate and operating company in the United States (“TRG US Parent”). TRG US Parent has a subsidiary, Frank Recruitment Group Services Inc., also a Delaware corporation (“TRGS US Sub,” collectively with TRG US Parent, “TRG US”).
TRG US and TRG US Sub participates in the UK Extension to the EU-U.S. Data Privacy Framework (“UK Ext. DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the United Kingdom, as applicable to the United States in reliance on UK Ext. DPF. TRG US and TRG US Sub has certified to the Department of Commerce that it adheres to the UK Ext. DPF Principles with respect to such information. If there is any conflict between the terms in this Privacy Notice and the UK Ext. DPF Principles, the UK Ext. DPF Principles shall govern. To learn more about the UK Ext. DPF program, and to view evidence of our participation, please visit the U.S. Department of Commerce’s Data Privacy Framework website.
This Privacy Notice only applies to Personal Data within the scope of the TRG US’s UK Ext. DPF participation. TRG US’s contractual clauses for its clients are in the United States of America Addendum below.
TRG US’s UK Ext. DPF participation covers Personal Data regarding:
(1) current, former, and prospective employees in connection with the employment relationship which is covered by a separate, employee only, Privacy Notice that has been made available to TRG US employees;
(2) Personal Data regarding client contacts and candidates (temp and perm), such as the sale and delivery of recruitment services and the administration of the client and candidate relationship; and
(3) Personal Data regarding third parties (such as service providers and independent contractors) and their personnel and employees, in connection with recruitment services and the provision and performance of technical professional services to client and, where applicable, their end customers and the management and administration of the business relationships with such third parties.
Our participation does not cover any disclosure of an individual’s Personal Data to a third party who processes the Personal Data for its own purposes when the disclosure is made at the request of the individual.
TRG US disclose Personal Data to third party service providers in connection with the operation of their respective businesses, including their provision of services to clients and candidates. TRG US ascertain that these third party service providers provide at least the same level of privacy protection as is required by the UK Ext. DPF Principles. TRG US may be liable if both
(a) third parties fail to meet these obligations and (b) TRG US is responsible for the event giving rise to the damage.
TRG US are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. TRG US may be required to disclose Personal Data to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.
Any questions or complaints concerning TRG US’s UK Ext. DPF compliance, or requests to access, correct, amend, delete, or limit the use or disclosure of Personal Data (opt out) may be directed to privacy@tenthrevolution.com. If TRG US has not been able to satisfactorily resolve the issue, then you may raise it with the Information Commissioner’s Office. Under certain conditions, individuals may have the possibility to engage in binding arbitration through the UK Ext. DPF Panel. To find out more about individual binding arbitration, please visit the U.S. Department of Commerce’s Data Privacy Framework Annex 1.
In compliance with the UK Ext. DPF. Tenth Revolution Group US commits to cooperate and comply respectively with the advice of the panel established by the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the UK Ext. DPF.
Should your complaint relate to TRG US’s failure to comply with its UK Ext. DPF commitments and remains unresolved and you reside in the UK, then you should contact the Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel: 0303 123 1113 (local rate) Fax: 0162 552 4510 Or via below link : https://ico.org.uk/make-a-complaint/
ICO regional offices
Scotland
Information Commissioner’s Office
45 Melville Street
Edinburgh
EH3 7HL
Tel: 0303 123 1115
Email: scotland@ico.org.uk
Wales
Information Commissioner’s Office
2nd floor
Churchill House
Churchill way
Cardiff
CF10 2HH
Tel: 0330 414 6421
Email: wales@ico.org.uk
Northern Ireland
Information Commissioner’s Office
3rd Floor
14 Cromac Place
Belfast
BT7 2JB
Tel: 028 9027 8757 or 0303 123 1114
Email: ni@ico.org.uk
European Economic Area & Swiss Addendum
This Addendum applies to the European Economic Area (“EEA”) and Swiss residents.
I. Who are TRG’s Supervisory Authorities and European Union Representative for Data Protection Purposes?
TRG’s EEA Lead Supervisory Authority under GDPR Chapter 6 is the Autoriteit Persoonsgegevens (AP) within the Kingdom of the Netherlands (“EEA LSA”). Our European Union Representative for purposes of GDPR Article 27 is Frank Recruitment Group Netherlands B.V. (“EU Rep.”). TRG’s Switzerland Lead Supervisory Authority is the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). For this Addendum, the EEA LSA and the FDPIC shall collectively be referred to as “LSA.”
II. How do we lawfully process your data?
In order to process your Personal Data lawfully TRG must have a legal basis to do so. TRG relies on three main legal basis for processing your Personal Data:
• where we obtain your affirmative consent to use your Personal Data in this way;
• where we have a legitimate interest in processing your Personal Data, which we have balanced against your rights and freedoms and concluded that our processing is justifiable; or
• where our handling of your Personal Data is necessary for us to perform the obligations under your company’s or employer’s contract with TRG (inapplicable to candidates for permanent hire).
We may rely on one or more legal bases to process your Personal Data
A. All users of the Websites and/or our services
Legitimate Interests: TRG uses Personal Data that we collect for the following general purposes in the performance of our legitimate interests as a business: to provide the services to our candidates and clients; to enhance their experience, to improve our services and to contact candidates and clients.
B. Actual or Prospective Candidates
Consent: If you, whether on your own behalf (permanent hire candidate) or on behalf of your company or your employer (contract hire candidate), would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to TRG processing your Personal Data for this purpose. TRG may also ask you via email, text message or SMS (standard SMS or text message rates may apply), or telephone for your affirmative consent to receive marketing and other communications from us.
Legitimate interest: TRG has a legitimate interest in processing your Personal Data in order to fill a job, to provide you (permanent hire candidate) or your company or your employer (contract hire candidate) with other products and services to help you in your career and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. TRG also has legitimate interest to process your Personal Data if you apply for, or seek further information about, a job posted on one of the Websites or a job advertised by TRG on a job board, social media site or other forums.
Necessary for the performance of a contract: TRG can process your Personal Data in the performance of its contract with your company or employer.
C. Individuals who work for TRG clients (i.e. a client contact)
Consent: If you would like to receive general marketing and other communications from us, you will have the option to affirmatively check a box consenting to TRG processing your Personal Data for this purpose. TRG may also ask you via email, text message or SMS (standard SMS or text message rates may apply), or telephone for your affirmative consent to receive marketing and other communications from us.
Legitimate Interest: TRG has a legitimate interest in processing your Personal Data in order to fill a vacancy at your company or employer, and provide you with other products and services relevant to your company or employer and to market its products and services to you in order to grow our business, to demonstrate our knowledge of the marketplace and relevant technologies and to enhance the standing and recognition of our brands. TRG also has legitimate interest to process your Personal Data if you seek or obtain further information about TRG or an TRG candidate.
Necessary for the performance of a contract: TRG can process your Personal Data in the performance of its contract with your company or employer.
With respect to actual or prospective client contacts and candidates, if TRG obtains your Personal Data from someone other than you, TRG shall inform you of the identity and contact details of the person or entity from whom TRG obtained your Personal Data, whether TRG obtained your Personal Data from publicly available sources, the categories of Personal Data that TRG obtained and, if TRG is processing your Personal Data based on its legitimate interest (see Section III below), the nature of TRG’s legitimate interest. TRG shall provide you with the information listed in this paragraph by the earlier of (1) forty-five (45) days (candidates) or ninety (90) days (for client contacts) after TRG obtains your Personal Data or (2) if TRG uses your Personal Data to communicate with you, the first time that TRG communicates with you.
TRG shall not provide you with the information described in the paragraph immediately above if you already possess this information, providing you with such information is against applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, TRG shall take appropriate measures to protect your rights, freedoms and legitimate interests.
III. Your Special Rights under Data Protection Laws
A. Do I have a right to be erased (forgotten)?
Yes. You have the right to request that TRG deletes or removes your Personal Data where there is no compelling reason for us to continue to process it. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.
Please note that your right to erasure is not absolute. TRG will remove your Personal Data when:
1. the Personal Data is no longer necessary in relation to the purpose for which TRG originally collected and/or processed it;
2. if TRG is processing your Personal Data on the basis of your consent and you withdraw consent;
3. you object to the processing of your Personal Data and there is no overriding legitimate interest for us to continue to process it;
4. the Personal Data was unlawfully processed; and
5. the Personal Data must be erased to comply with a legal obligation.
TRG can refuse to comply with an erasure request in the following limited circumstances:
(a) to exercise TRG’s right of freedom of expression and information;
(b) to comply with a legal obligation or for the performance of a public interest task;
(c) for archiving purposes in the public interest, scientific research, historical research or statistical purposes; or
(d) for the establishment, exercise or defence of legal claims.
If we remove your Personal Data per your request for erasure, then we will confirm this with you.
If we have disclosed any of your Personal Data to a third party and you submit an erasure request to us, then we will inform (1) you about the recipients and (2) any such third parties of your erasure request unless doing so is impossible or involves disproportionate efforts.
We will respond to your erasure request without undue delay. Please note that, for your and TRG’s protection, we cannot respond to an erasure request until we have verified the identity of the person making the request. This verification process may extend the response timeframes set forth in this paragraph.
B. Do I have a right of access to a copy of my Personal Data?
Yes. You have the right to:
• obtain confirmation that your Personal Data is being processed;
• a copy of your Personal Data being processed;
• the purposes of the processing;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom TRG has disclosed your Personal Data; and
• the criteria TRG uses to determine how long it will store your Personal Data.
You can exercise this right by sending an email to TRG at privacy@tenthrevolution.com.
This right is in place to ensure that you are aware of and can verify the lawfulness of the processing. In most cases, we will provide you with a copy of your Personal Data free of charge. However, we may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive. With respect to unfounded, excessive or repetitive requests, in rare cases, TRG may refuse to respond to your request but will explain the reason(s) for its refusal to you without undue delay and within one month of its receipt of your request. If TRG so refuses, you have the right to file a complaint with our LSA against either our EU Rep. in the EEA or our Swiss entity in Switzerland and to seek a judicial remedy.
If you submit your access request to TRG electronically, TRG will provide you with its response, and a copy of your Personal Data (if applicable) via email or other commonly used electronic form.
If TRG did not collect your Personal Data from you, TRG will inform you about the source from which it obtained your Personal Data. Your right of access does not adversely affect your right of erasure (forgotten) and right of rectification, both of which are described in this Privacy Notice.
Generally, TRG will provide you with a copy of your Personal Data without undue delay and within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex or numerous. If TRG exercises this extension of time, TRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. If your request is large or complex, TRG may ask you to specify the particular information or category of information you seek.
Please note that, for your and TRG’s protection, TRG cannot respond to an access request until it verifies the identity of the person making the request for your Personal Data. This verification process may extend the response timeframes set forth in the paragraph above.
C. Do I have a right to object to the processing of my Personal Data, including the processing of my Personal Data by TRG for direct marketing?
Yes, you have a right to object to the processing of your Personal Data where:
• TRG’s processing is based on its legitimate interest; or
• where TRG is using your Personal Data to directly market to you.
You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.
If TRG receives an objection request from you for reasons unrelated to direct marketing, TRG will stop processing your Personal Data unless we can show compelling legitimate ground(s) for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of any legal claims.
If TRG receives an objection request from you for reasons related to direct marketing, we will stop processing your Personal Data.
If you receive a direct marketing communication from TRG and you do not wish to receive future direct marketing communications from TRG, you may request to unsubscribe from future marketing communications by sending TRG an email at privacy@tenthrevolution.com. In addition, if the direct marketing communication you received was via email, you can click the “Unsubscribe” link at the bottom of the email, fill out the required form and TRG will process your unsubscribe request. Please allow up to ten (10) business days for your unsubscribe request to take effect.
D. Do I have a right to restrict processing of my Personal Data?
Yes, you have a right to restrict, the processing of your Personal Data. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com. When you exercise this right, TRG may continue to store your Personal Data but cannot further process it. TRG will cease processing your Personal Data in the following circumstances:
1. when you file a rectification request with TRG (see the “Do I have a right to have any inaccurate or incomplete Personal Data rectified?” section below) in accordance with this Privacy Notice and applicable law. The restriction shall remain in place until such time as TRG has verified the accuracy of the Personal Data that is the subject of your rectification request;
2. where TRG is processing your Personal Data based on its legitimate interest and you file a notice with TRG objecting to the processing of your Personal Data (see the “Do I have a right to object to the processing of my Personal Data?” section above) in accordance with this Privacy Notice and applicable law, TRG will cease processing your Personal Data until such time as TRG has made a determination as to whether its legitimate grounds for continued processing override your reasons for objecting to the processing;
3. when the processing is unlawful and you do not seek or want erasure and you file a restriction request with TRG in accordance with this Privacy Notice and applicable law instead; and
4. if TRG no longer needs the Personal Data and you require the data to establish, exercise or defend a legal claim.
While the processing of your Personal Data is restricted, TRG may continue to process such data by storing it, processing it with your consent or processing it for the establishment, exercise or defence of legal claims.
TRG will inform you if it decides to lift a restriction on processing.
If TRG has disclosed any of your Personal Data to a third party and you submit a request to restrict processing, TRG will inform (1) you about the recipients if you so request and (2) any such third parties of your restriction request unless doing so is impossible or involves disproportionate efforts.
TRG will act on your restriction request in accordance with this Privacy Notice without undue delay. Please note that, for your and TRG’s protection, TRG cannot act on a restriction request until it verifies the identity of the person making the request. This verification process may extend the timeframe in which TRG acts on your restriction request.
E. Do I have a right to Personal Data portability?
Yes. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com. This right exists to allow you to obtain and use your Personal Data for your own purposes across different services. Under this right, you can move, copy or transfer your Personal Data from TRG to another data controller.
This right applies where TRG is processing your Personal Data with your consent or for the performance of a contract. It also applies if we process your Personal Data by automated means. If your portability request concerns someone other than you, TRG will have to consider whether providing or porting the Personal Data would prejudice the other person’s or people’s rights.
Generally, TRG will respond to your portability request without undue delay and within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex or numerous. If TRG exercises this extension of time, TRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. Where technically feasible, you may request that TRG transmit your Personal Data to another data controller.
F. Do I have a right to object to decision been taken by automated means?
If TRG uses automated (i.e. non-human) methods to process your Personal Data to make decisions that could potentially have a damaging legal or similarly significant effect on you (each, an “Automated Decision”), you have the right not to be subject to the Automated Decision. This right is inapplicable to any Automated Decision made by TRG that is necessary for entering into or the performance of a contract between you and TRG, is authorized by law or is based on your explicit consent.
If TRG makes any Automated Decisions to which this right applies, TRG will ensure that you are able to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.
If TRG engages in “profiling” by automated means, TRG will ensure that appropriate safeguards are in place including (1) ensuring that the processing is fair and transparent by providing you with meaningful information about the logic involved and the significance and consequences of the outcome of the decision, (2) using appropriate mathematical or statistical procedures for the profiling, (3) implementing appropriate technical and organizational measures to enable inaccuracies to be corrected and minimize the risk of errors and (4) securing the Personal Data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.
G. Do I have a right to have any inaccurate or incomplete Personal Data rectified?
Yes. You can exercise this right, free of charge, by sending an email to TRG at privacy@tenthrevolution.com.
Generally, TRG will respond to your rectification request within one month of its receipt of your request, provided that TRG may extend this time period for up to two additional months if your request is complex. In rare cases, TRG may refuse to respond to your request but will explain the reason(s) for its refusal to you within one month of its receipt of your request. If TRG so refuses, you have the right to file a complaint with the LSA and to seek a judicial remedy.
If TRG has disclosed any of your Personal Data to a third party and you submit a rectification request to TRG that TRG is going to honor, TRG will inform (1) you about the recipients and (2) any such third parties of your rectification request as well as any corrected Personal Data, unless doing so is impossible or involves disproportionate efforts.
We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date.
H. What are my rights if the Security of my Personal Data is breached?
A breach of Personal Data (a “Breach”) means a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data for which we are responsible under applicable law.
If the Breach is likely to have a significant detrimental effect on your rights and freedoms (such as resulting in discrimination, damage to reputation or financial loss), TRG will notify the LSA without undue delay, and if feasible, within one business day of TRG’s becoming aware of the Breach. TRG will assess the determination of “significant detrimental effect” on a case by case basis.
If the Breach is likely to result in a “high risk” to your rights and freedoms, TRG will notify you without undue delay. To be clear, the threshold requiring TRG to notify you of a Breach is higher than the threshold requiring TRG to notify the LSA of a Breach so it is possible that TRG will notify the LSA of a Breach but not you. TRG will assess the determination of “high risk” on a case by case basis.
Any Breach notice issued by TRG will contain, where possible, (1) the categories and approximate number of individuals and Personal Data records effected by the Breach, (2) the name and contact details of the ISM (or other TRG contact representative if TRG does not have a ISM at the time that TRG issues the Breach notice), (3) a description of the likely consequences of the Breach, (4) a description of the measures that TRG has taken, and may take, to stop the Breach and, where appropriate, to mitigate the adverse effects of the Breach and (5) recommendations on actions you can take to protect yourself in light of the Breach.
I. Will my Personal Data be transferred outside the EEA & Switzerland?
TRG may transfer your Personal Data to third parties described in this Privacy Notice who are located outside of the EEA or Switzerland. If so, TRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. Some of the countries outside Switzerland or EEA where your Personal Data may be transferred will be on the EU Commission’s or Swiss Federal Data Protection and Information Commission’s list of countries that it has deemed to have adequate security controls in place (for this Addendum, the “Approved List”). Given the European Court of Justice’s decision in Data Protection Commissioner v. Facebook Ireland and Maximilian Schrems, Case C-311/18 (July 16, 2020) (“Schrems II”) as well as the September 8, 2020 Swiss Federal Data Protection and Information Commissioner’s Policy paper on the transfer of personal data to the USA and other countries lacking an adequate level of data protection within the meaning of Art. 6 Para. 1 Swiss Federal Act on Data Protection, and absent consent from the Data Subject (or any other reason provided in GDPR Article 49(1)(b)-(f) or Swiss law as may be amended from time to time), f TRG transfers your Personal Data to processors (which could be external third party vendors or suppliers) that store, transfer, process, or control your Personal Data in a country not on the Approved List or not in Switzerland or EEA (for this Addendum, “Third Countries”), then TRG shall determine whether each processor (and each subprocessor that a processor has provided TRG formal notice of) can store, transfer, process, or control the Personal Data solely within Switzerland EEA, or a country on the Approved List.
(a) If TRG determines that the processor (and each subprocessor that a processor has provided TRG formal notice of) can store, transfer, process, or control the Personal Data solely within a country on the Approved List or in Switzerland or EEA, we will require such processor (and will require the processor to require each of its applicable subprocessors) to do so.
(b) If TRG determines that the processor (and each subprocessor that a processor has provided TRG formal notice of) cannot store, transfer, process, or control the Personal Data in a country on the Approved List or in Switzerland or EEA, then:
(i) TRG will require such processor (and will require the processor to require each of its applicable subprocessors) to be bound by the model clauses promulgated by the European Commission as provided here (or any updated link which the European Commission may supply from time to time) (for this Addendum, the “Model Clauses”). When relying on the Model Clauses, TRG shall (a) monitor the laws and regulations of Third Countries for the adequate protections of Swiss or EEA Data Subjects as required by the GDPR or other local laws and regulations; and (b) terminate the storage, transfer, processing , or control of Personal Data by a processor (or a subprocessor where the process has informed TRG of the country in which such subprocessor is processing your Personal Data) when (i) such laws and regulations of Third Countries are incompatible with the GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the GDPR or other local laws and regulations. If the events described in III(I)(b)(i)(b)(i) or (ii) occur, TRG will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.
(c) TRG shall also require the processor (and will require each processor to require its applicable subprocessors) to determine whether each processor or subprocessor can store, transfer, process, or control the Personal Data solely within Switzerland, EEA, or a country on the Approved List.
1. If processor (or its applicable subprocessors) can store, transfer, process, or control the Personal Data solely within Switzerland, EEA, or a country on the Approved List, then TRG shall contractually require the processors (and require processor to require its subprocessors to) do so.
2. If processor (or its applicable subprocessors) must store, transfer, process, or control the Personal Data in a Third Country, then TRG shall require its processors (and require processor to require its subprocessors to) to be bound by the Model Clauses. When relying on the Model Clauses, TRG shall contractually require such processors (and shall also require processors to require their subprocessors) to agree to (a) monitor the laws and regulations of Third Countries for the adequate protections of Swiss or EEA Data Subjects as required by the GDPR or other local laws and regulations; and (b) terminate the transfer, processing, or control of Personal Data when (i) such laws and regulations of Third Countries are incompatible with the GDPR or other local laws and regulations, or (ii) access to Personal Data is requested by the public authorities of Third Countries and such access is lawful under the laws of the Third Countries but is prohibited under the GDPR or other local laws and regulations. If the events described in III(I)(c)(2)(b)(i) or (ii) occur with respect to your Personal Data (and if TRG has formal notice that the events described in III(I)(c)(2)(b)(i) or (ii) have occurred), TRG will confer with the appropriate supervisory authority regarding appropriate actions to safeguard your Personal Data.
Under certain circumstances, TRG may share your Personal Data with one or more of its group companies who may be located in a Third Country. In such cases, TRG will comply with its DPAs. The DPAs are incorporated by reference into this Addendum.
J. How long will TRG store my Personal Data for?
We are required by law to store your Personal Data for as long as is necessary to comply with our legal, regulatory and contractual obligations.
With respect to GDPR (and similar laws), we will store and process your Personal Data that we obtain via: (i) your consent, until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) you inform us that you have withdrawn your consent; (ii) our legitimate interest until the earlier of (a) your Personal data is no longer necessary for the purpose for which it is being processed, or (b) TRG concludes that your rights and freedoms outweigh our right to process your Personal Data; and (iii) our necessity for the performance of a contract, until the termination or expiration of the contract including the termination or expiration of TRG’s and your employer’s or company’s duties or obligations that survive any such termination or expiration.
Furthermore, we will store your Personal Data in special circumstances related to the issuance or defense of legal proceedings, outstanding invoices or in connection with any investigation by or of a government authority.
K. What Protections do I have if TRG transfers my Personal Data to the U.S.?
If TRG transferred any of your data to the U.S. you have the protections of the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as defined below and the Model Clauses as defined above. Frank Recruitment Group Inc., a Delaware corporation, is TRG’s primary affiliate and operating company in the United States (“TRG US Parent”). TRG US Parent has a subsidiary, Frank Recruitment Group Services Inc., also a Delaware corporation (“TRGS US Sub,” collectively with TRG US Parent, “TRG US”).
TRG US and TRG US Sub participates in the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework(s) (“DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, EEA, and/or Switzerland, as applicable to the United States in reliance on DPF. TRG US and TRG US Sub has certified to the Department of Commerce that it adheres to the DPF Principles with respect to such information. If there is any conflict between the terms in this Privacy Notice and the DPF Principles, the DPF Principles shall govern.
To learn more about the DPF program, and to view evidence of our participation, please visit the U.S. Department of Commerce’s Data Privacy Framework website.
This Privacy Notice only applies to Personal Data within the scope of the TRG US’s DPF participation. TRG US’s contractual clauses for its clients are in the United States of America Addendum below.
TRG US’s DPF participation covers Personal Data regarding:
(1) current, former, and prospective employees in connection with the employment relationship which is covered by a separate, employee only, privacy policy that has been made available to TRG US employees;
(2) Personal Data regarding client contacts and candidates (temp and perm), such as the sale and delivery of recruitment services and the administration of the client and candidate relationship; and
(3) Personal Data regarding third parties (such as service providers and independent contractors) and their personnel and employees, in connection with recruitment services and the provision and performance of technical professional services to client and, where applicable, their end customers and the management and administration of the business relationships with such third parties.
Our certifications do not cover any disclosure of an individual’s Personal Data to a third party who processes the Personal Data for its own purposes when the disclosure is made at the request of the individual.
TRG US disclose Personal Data to third party service providers in connection with the operation of their respective businesses, including their provision of services to clients and candidates. TRG US ascertain that these third party service providers provide at least the same level of privacy protection as is required by the DPF Principles. TRG US may be liable if both (a) third parties fail to meet these obligations and (b) TRG US is responsible for the event giving rise to the damage.
TRG US are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. TRG US may be required to disclose Personal Data to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.
Any questions or complaints concerning TRG US’s DPF participation, or requests to access, correct, amend, delete, or limit the use or disclosure of Personal Data (opt out) may be directed to privacy@tenthrevolution.com. If TRG US has not been able to satisfactorily resolve the issue, then you may raise it with (1) your data protection authority (see paragraph immediately below) or (2) the International Centre for Dispute Resolution/American Arbitration Association (“ICDR/AAA“) for non-HR related recourse, which can be contacted at https://go.adr.org/dpf_irm.html. Under certain conditions, individuals may have the possibility to engage in binding arbitration through the DPF Panel. To find out more about individual binding arbitration, please visit U.S. Department of Commerce’s Data Privacy Framework Annex 1.
In compliance with the DPF, TRG US commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“SAs”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of personal data received in reliance on the DPF.
L. EEA residents. Should your complaint relate to TRG US’s failure to comply with its DPF commitments and remains unresolved and you reside in the EEA, then you should contact the SAs who act as an independent recourse mechanism to settle all such disputes. Such complaints can be directed either to the EEA SAs panel secretariat or individual EEA SAs.
Currently, the contact information relevant to the submission of the standard complaint form is as follows: Commission Européenne, Directorate General Justice, Directorate C (Fundamental Rights and Union Citizenship) of the European Commission, Data Protection Panel, B-1049 Brussels, Belgium, Telephone: (32-2) 299 11 11, Fax: (32-2) 298.80.94, email: ec-dppanel-secr@ec.europa.eu.
TRG’s Lead Supervisory Authority is Autoriteit Persoonsgegevens (AP) within the Kingdom of the Netherlands and our European Union Representative is Frank Recruitment Group Netherlands BV.
You can find the standard complaint form at https://edps.europa.eu/data-protection/our-role-supervisor/complaints/edps-complaint-form_en.
The contact information for individual EU SAs can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm.
M. Swiss residents. Should your complaint relate to TRG US’s failing to comply with our DPF commitments and remains unresolved and you reside in Switzerland, then you should contact the FDPIC with whom TRG US has agreed to cooperate regarding such disputes.
The contact information for the FDPIC can be found at: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html.
Under the EU-U.S. DPF, the following independent dispute resolution bodies designated to address complaints will provide appropriate recourse free of charge to the individual: (1) the panel established by SAs, (2) an alternative dispute resolution provider based in the EU, or (3) an alternative dispute resolution provider based in the United States.
Also, under the Swiss-U.S. DPF, the following independent dispute resolution bodies designated to address complaints will provide appropriate recourse free of charge to the individual: (1) the Commissioner of the FDPIC, (2) an alternative dispute resolution provider based in Switzerland, or (3) an alternative dispute resolution provider based in the United States.
Singapore Addendum
This Singapore Addendum shall prevail in the event of inconsistency between the principles stated herein and those as described under the Privacy Statement.
1. Introduction To The Personal Data Protection Act 2012 as amended by the Personal Data Protection Act Amendment 2020 (collectively, “PDPA”)
1.1 “Personal Data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access.
1.2 We will collect your Personal Data in accordance with the PDPA. In general, before we collect any Personal Data from you, we will notify you of the purposes for which your Personal Data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your Personal Data for the intended purposes.
1.3 Your Personal Data may also be collected, used or disclosed if we have assessed that to do so would be in our legitimate interests and beneficial to the public. Before doing so, we will take steps to ensure that any adverse effects that might arise for you have already been identified and eliminated, reduced or mitigated.
2. Purposes For Collection, Use & Disclosure Of Personal Data
2.1 The Personal Data which we collect from you may be collected, used and/or disclosed for the following purposes:
(a) facilitating, processing, dealing with, administering, and/or managing your employment with TRG;
(b) processing and/or administering any consultations, negotiations, and an a suitable placement within TRG;
(c) processing and/or administering requests for access and/or correction of your Personal Data;
(d) processing your registration and/or participation for seminars, exhibitions, and other events organized or co-organized by TRG;
(e) carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
(f) conducting employee due diligence or other screening and personal identification in accordance with laws, regulations or our risk management procedures that may be required by law or that may have been put in place by us;
(g) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned;
(h) complying with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on us and/or for the purposes of any guidelines issued by regulatory or other authorities, whether in Singapore or elsewhere, with which we are expected to comply;
(i) complying with or as required by any request or direction of any governmental authority, or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclose your Personal Data to the aforementioned parties upon their request or direction; etc.
(collectively, the “Purposes”).
2.2 To conduct our business operations more smoothly, we may also be disclosing the Personal Data you have provided to us to our third-party service providers, agents and/or our affiliates or related corporations, which may be sited outside of Singapore, for one or more of the above-stated Purposes. This is because such third-party service providers, agents and/or affiliates or related corporations would be processing your Personal Data on our behalf for one or more of the above-stated Purposes.
3. Disclosure Of Your Personal Data To A Third Party
3.1 We respect the confidentiality of the Personal Data you have provided to us.
3.2 In that regard, we will not disclose any of your Personal Data to any third parties without first obtaining your express consent permitting us to do so. However, please note that we may disclose your Personal Data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:
(a) cases in which the disclosure is required based on the applicable laws and/or regulations;
(b) cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;
(c) cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
(d) cases in which there are reasonable grounds to believe that the health or safety of yourself or another individual will be seriously affected and consent for the disclosure of the data cannot be obtained in a timely way, provided that we shall, as soon as may be practicable, notify you of the disclosure and the purposes of the disclosure;
(e) cases in which the disclosure is necessary for any investigation or proceedings;
(f) cases in which the Personal Data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorization signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the Personal Data is necessary for the purposes of the functions or duties of the officer; and/or
(g) cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest.
3.3 The instances listed above at paragraph 3.2 are not intended to be exhaustive. For an exhaustive list of exceptions, you are encouraged to peruse the First and Second Schedules of the PDPA which is publicly available at https://sso.agc.gov.sg/ .
3.4 In all other instances of disclosure of Personal Data to third parties with your express consent, we will endeavour to provide adequate supervision over the handling and administration of your Personal Data by such third parties, as well as to provide for adequate forms of protection over such Personal Data.
3.5 Where Personal Data is transferred by us to any third parties outside of Singapore, we will ensure that such transfers are compliant with the requirements under the PDPA. In this regard, we will take such necessary measures to ensure that such overseas recipients are bound by legally enforceable obligations to ensure that these overseas recipients provide a standard of protection to the Personal Data so transferred that is comparable to the protection under the PDPA.
4. Request For Access And/Or Correction Of Your Personal Data
Access Request
4.1 An individual may request for us to provide access to Personal Data about the individual that is in our possession or under our control as well as information about the ways in which the Personal Data has been used or disclosed by us within a year before the date of the request.
4.2 Unless an exception to the access request applies, we will respond to your access request as soon as reasonably possible from the time the access request is received. If we are unable to respond to an access request within thirty (30) days after receiving the request, we shall inform you in writing within the thirty (30) day period, of the reasonably soonest time in which we will respond.
Correction Request
4.3 An individual may also request for us to correct Personal Data that is in our possession or under our control. Unless an exception to the correction request applies, or we are satisfied on reasonable grounds that a correction should not be made, we will endeavour to correct the Personal Data as soon as practicable and send the corrected Personal Data to every other organisation to which the Personal Data was disclosed by us within a year before the date the correction was made. This is unless that other organisation does not need the corrected Personal Data for any legal or business purpose.
4.4 Where we are unable to respond to a correction request within thirty (30) days after receiving the request, we shall inform you in writing within the thirty (30) day period, of the reasonably soonest time in which we will respond.
4.5 You may submit your access or correction request to the contact details listed at paragraph 7.2 of this Singapore Addendum.
5. Request To Withdraw Consent
5.1 You may withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control at any time by submitting your request to the contact details listed at paragraph 7.2 of this Singapore Addendum.
5.2 We will process your request as soon as practicable such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using and/or disclosing your Personal Data in the manner stated in your request.
6. Administration And Management Of Personal Data
6.1 We will take appropriate measures to keep your Personal Data accurate, complete and updated.
6.2 We will also take commercially reasonable efforts to take appropriate precautions and preventive measures to ensure that your Personal Data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data. However, we cannot assume responsibility for any unauthorized use of your Personal Data by third parties which are wholly attributable to factors beyond our control.
6.3 We will also take commercially reasonably efforts to ensure that the Personal Data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.
7. Complaint Process
7.1 If you have any complaint or grievance regarding about how we are handling your Personal Data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance.
7.2 The contact details of Tenth Revolution Group’s Chief Privacy Officer (“CPO”) are:
Frank Recruitment Group Services Limited
The St. Nicholas Building
St. Nicholas Street
Newcastle-Upon-Tyne
Tyne & Wear UK NE1 1RF
Attn: Chief Privacy Officer
Email: privacy@tenthrevolution.com
7.3 Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant department within TRG to handle. For example, you could insert the subject header as “PDPA Complaint”.
7.4 We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
United States of America Addendum
I. If you would like a copy of TRG’s US comprehensive information security program, please email TRG’s CPO at privacy@tenthrevolution.com.
If TRG receives a “Do Not Track” signal or request from a web browser, TRG will not honor such request or signal. TRG has taken this position in part to provide you with a personalized and efficient experience on the Websites.
As discussed in this Privacy Notice, there are third parties who conduct tracking on the Websites.
Information about web beacons used by TRG and third parties with whom it contracts can be found in Section XII.F of the Privacy Notice above.
II. For information on TRG US’s compliance with the UK Extension, EU-U.S. and Swiss-U.S. Data Privacy Frameworks, see the sections titled “What Protections do I have if TRG transfers my Personal Data to the U.S.?” in the United Kingdom Addendum and the European Economic Area and Switzerland Addendum above.
Additionally, U.S. law requires certain contracts entered into by TRG US contain the rights, obligations and requirements set forth in Sections II(A) through II(C) inclusive below (collectively, the “DPF Terms”). Accordingly, the following DPF Terms, to which TRG reserves the right to revise from time to time without notice, shall be incorporated by reference where these DPF Terms are required in client contracts:
(A). In the event TRG US transfers to client or any of its affiliates, or provides client or any of its affiliates with access to any Personal Data (as defined for this Section II below) of European Union or Switzerland residents, including employees of TRG or its affiliates and actual or prospective TRG clients contacts or candidates, and client maintains, receives, has access to, stores, uses or processes such Personal Data in the United States, client shall comply with data protection, data security and confidentiality requirements at least as strong as those set forth in the DPF Principles issued by the U.S. Department of Commerce, as revised from time to time (collectively, the “Principles”) During the term of such contracts and while client creates, receives, maintains, stores, uses, processes or disseminates any Personal Data, client shall:
1. use the Personal Data only for the specific and limited purposes intended in the client contract including for recruitment purposes;
2. provide immediate written notice to either TRG US Parent or TRG US Sub as applicable if (a) client determines that it can no longer meet its obligation to provide the same level of protection of the Personal Data as is required by the Principles, and in such case client shall cease processing the Personal Data or (b) client becomes aware of any accidental or unlawful destruction of, or accidental loss or alternation of or unauthorized disclosure or access to, any Personal Data (a “Breach”) which notice shall include a description of the quantity of Personal Data subject to the Breach, the approximate length and duration of the Breach, the data subjects whose Personal Data was subject to the Breach and a Breach remediation plan;
3. at its cost, employ its best efforts to stop, limit and remediate the Breach, perform a “root cause” analysis of the Breach, employ its best efforts to prevent the same or a similar Breach from reoccurring and keep TRG up to date on all its efforts under this subsection II(A)(3);
4. implement appropriate technical and organizational measures to protect Personal Data against a Breach;
5. not transfer any Personal Data to third parties without the data subject’s prior written or email consent (which either TRG US Parent or TRG US Sub as applicable shall attempt to obtain after receiving notice from client of its need to transfer Personal Data to a third party);
6. assist TRG US in responding to data subjects exercising their rights under the Principles;
7. act only on instructions from TRG US; and
8. either have in place an independent recourse mechanism to handle data subject complaints that complies with the requirements of the Principles or make available an equivalent mechanism.
(B) Upon the termination or expiration of the applicable client contract, client shall, at TRG US’s option, return all Personal Data to either TRG US Parent or TRG US Sub as applicable or permanently destroy all Personal Data (and all copies and derivative works thereof) in its care, custody or control except for any Personal Data that applicable law, if any, requires client to maintain (“Archival Personal Data”). With respect to any Archival Personal Data, client’s obligations and requirements under this Section II shall remain in full force and effect for as long as such Archival Personal Data remains in client’s care, custody or control.
(C) If client forwards or gives access to any of the Personal Data to any third party at any time, including any subprocessor or controller of client, client shall ensure that its written contract with such third party contains the Data Privacy Framework Terms.
(D) For purposes of this Section II, the term “Personal Data” shall have the same meaning ascribed to that term as in the Principles which can be found at the EU-U.S. Data Privacy Framework as revised from time to time.
Generally, TRG voluntarily extends the same protections for residents of US states that have comprehensive data privacy laws (including without limitation California, Colorado, Connecticut, Iowa, Utah, and Virginia) to those residents in US states without such laws. To the extent you reside in either, the following disclosures may apply to you:
California Consumer Privacy Act, California Privacy Rights Act, Colorado Privacy Act, Connecticut Act Concerning Personal Data Privacy and Online Monitoring, Iowa Consumer Data Protection Act, Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act Disclosures
Our goal is to enable individuals and organizations to comply as easily as possible with the California Consumer Privacy Act, California Privacy Rights Act, Colorado Privacy Act, Connecticut Act Concerning Personal Data Privacy and Online Monitoring, Iowa Consumer Data Protection Act, Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act Disclosures (all collectively, the “US State Data Privacy Laws”) requirement to protect the privacy and data of consumers. As a recruitment service, we respect and protect your privacy and security and are committed to following best practices to support this principle.
Thanks for using TRG. Our goal is to enable individuals and organizations to comply as easily as possible with the US State Data Privacy Laws’ requirement to protect the privacy and data of consumers. As a recruitment service, we respect and protect your privacy and security and are committed to following best practices to support this principle.
We – meaning Tenth Revolution Group, which is a trademark and brand owned by Frank Recruitment Group Services Limited and its subsidiaries, including without limitation, Nigel Frank International Limited, Mason Frank International Limited, Frank Recruitment Group UK Services Limited, Frank Recruitment Group Services USA Ltd., Frank Recruitment Group Inc., Frank Recruitment Group Services Inc., Frank Recruitment Group Private Limited (Singapore), Frank Consulting Services Private Limited (Singapore), Frank Recruitment Group Pty Limited (Australia; also registered in New Zealand), Frank Recruitment Group GmbH (Germany), Frank Recruitment Group K.K. (Japan), Frank Recruitment Group Sp Zo.o. (Poland), Frank Recruitment Group Netherlands BV (Netherlands), Frank Recruitment Group S.L. (Spain), Frank Consulting Services S.L. (Spain), Frank Recruitment Group Sarl (Switzerland), Frank Recruitment Group Inc. /Groupe de Recrutement Frank Inc. (Canada), Frank Consulting Services SAS (France), Frank Recruitment Group SRL (Italy), Tenth Revolution Consulting Services SRL (Italy) and businesses operated by our group under the brand names including Frank Recruitment Group (TRG), Nigel Frank, Mason Frank, Nelson Frank, Jefferson Frank, Revolent, Tenth Revolution Group, Anderson Frank, Washington Frank, TRG Technology Consulting, Digital Revolution Awards, and Dynamic Jobs (collectively, “we,” “us,” “our,” or “TRG”) – prepared this Privacy Addendum to help you understand our practices regarding the collection, use, and disclosure of information we collect from you through Revolent’s web applications, our websites that link to this Privacy Addendum, and any other services we provide to our customers (collectively, “Services”).
By accessing or using the Services, you agree to this Privacy Addendum, our Do Not Sell Notice, Privacy Notice, the Terms of Use.
I. Information from Children
TRG is not directed to children under the age of 13 and we do not knowingly collect personally identifiable information from children under the age of 13. If we learn that we have collected personally identifiable information of a child under the age 13, we will take reasonable steps to delete such information from our files as soon as is practicable. Please contact us at privacy@tenthrevolution.com, fill the webform here, or give us a call at 1-866-I-OPT-OUT (1-866-467-8688) and enter Service Code 717 if you believe we have any information from or about a child under the age of 13.
II. US State Data Privacy Law Disclosures
The US State Data Privacy Laws, require businesses subject to this law to provide consumers residing in California, Colorado, Connecticut, Iowa, Utah, and Virginia (“US State Data Privacy Law Consumer”) with certain rights regarding their personal information and sensitive personal information.
At this time, we may sell or share your personal information, and depending on the circumstances, your sensitive personal information, so the opt-out or opt-in choices may apply. For more information, visit www.tenthrevolution.com/legal/california-do-not-sell-my-personal-information/
Here’s a summary of rights for US State Data Privacy Law Consumers under the US State Data Privacy Laws:
A. Your Right to Opt Out. You have the right to tell businesses that do sell or share your personal information or sensitive personal information to third parties (i.e. us) not to sell or share it at any time. Businesses that sell or share your personal information or sensitive personal information to third parties must also ensure that the third parties do not resell or reshare it unless the business notified you explicitly and provided you with a chance to opt out of resales. These opt-out rights apply to businesses that do not know your age, or know you are older than 16. Additionally, we must also respect opt outs made by your authorized agent if such authorized agent provides signed written permission from you to do so.
B. Your Right to Opt In. If a business has actual knowledge that you are between ages 13 and 16 (e.g., based information the business collects), businesses cannot sell or share or allow resales or reshares of your personal information or sensitive personal information without your affirmative authorization. If a business has actual knowledge that you are younger than 13, it may not sell or share, or allow resales or reshares of your personal information or sensitive personal information without your parent or guardian’s affirmative authorization. This is your right to opt in.
C. Your Right to Disclosures. You have the right to know:
1. A link to TRG’s “Do Not Sell My Personal Information” notice.
a) Please visit www.tenthrevolution.com/legal/california-do-not-sell-my-personal-information/
2. A description of a consumer’s rights pursuant to US State Data Privacy Laws, including CCPA Section 1798.120:
(a) Your Right to Opt Out. If you’re a US State Data Privacy Law Consumerand we sell or share your information to third parties, you can tell us at any time not to sell or share your personal information or sensitive personal information. This right to opt-out applies if we do not know your age or if we know you are older than age 16. Additionally, we must also respect opt outs made by your authorized agent if such authorized agent provides signed written permission from you to do so.
(b) Your Right to Opt In. If we have actual knowledge that you are between ages 13 and 16 (e.g., based information we collect, or because someone informed us), we will never sell or share your personal information without your affirmative authorization. If we have actual knowledge that you are younger than 13, we will never sell or share your personal information or sensitive personal information without your parent or guardian’s affirmative authorization. This is your right to opt in.
(c) Do We Sell or Share Your Personal Information? At this time, we may sell or share your personal information or sensitive personal information and you can opt out at any time. If you opt out, or for children 16 and younger, if you have not opted in, we will not sell or share your personal information or sensitive personal information to third parties unless you expressly authorize us to do so.
3. A description of a consumer’s rights pursuant to US State Data Privacy Laws, including CCPA Section 1798.110: US State Data Privacy Law Consumers have the right to request that we disclose to you:
(a) The categories of personal information it has collected about you.
(b) “Personal information” is information that identifies or relates to a particular consumer or household including name, postal address, email address, IP address, social security number, personal property records, purchasing histories, biometric information, internet activity such as browsing or search history, geolocation data, employment information, sensitive personal information, education information and inferences drawn from this information, in so far as it is not publicly available information. In addition to the above types of personal information that we may collect, TRG may collect personal information such as:
(i) Name;
(ii) Contact details e.g. street address, email address, telephone number;
(iii) Work Experience;
(iv) Job Title;
(v) Professional Certifications;
(vi) Education & Qualifications;
(vii) Skills;
(viii) Career History;
(ix) Salary Range;
(x) Right to work status/citizenship;
(xi) Other information relevant to help us provide technology talent creation services;
(xii) References from past employers; and
(xiii) IP address.
(c) “Sensitive personal information” means: nonpublic personal information that reveals:
(i) A consumer’s social security, driver’s license, state identification card, or passport number;
(ii) A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
(iii) A consumer’s precise geolocation;
(iv) A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership;
(v) The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication;
(vi) A consumer’s genetic data;
(vii) The processing of biometric information for the purpose of uniquely identifying a consumer; and
(viii) Personal information collected and analyzed concerning a consumer’s health; and
(ix) Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
4. The categories of third parties with whom the business shares personal information and/or sensitive personal information.
(a) All users of the websites and/or our services
(i) To third parties where we have retained them to provide services that we or you have requested or that TRG clients have requested including references, qualifications and background reference checking services and to verify the details you have provided from third party sources.
(ii) To third parties to provide data storage, CV/resume parsing, data cleansing and marketing services to TRG where such third parties have agreed to maintain the confidentiality of, and to protect, your personal information and/or sensitive personal information in accordance with applicable law.
(iii) To third parties to assist with credit control and payment management.
(iv) To third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, in connection with legal proceedings or other similar cause or circumstance.
(v) To TRG affiliates, whose locations can be found at https://www.tenthrevolution.com/contact . These entities will process your personal information and/or sensitive personal information in accordance with the Privacy Addendum.
(vi) In the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets, or a controlling interest in the equity, of TRG (or any of its group companies) provided that such counterparty(ies) to any such transaction agrees to adhere to the terms of the Privacy Addendum (or a similar document) and applicable law.
(b) Actual or Prospective TRG Clients
(i) To TRG clients in order for them to determine if you are or may be qualified to fill a vacancy.
(ii) To third parties that you authorize us to send your personal information and/or sensitive personal information to such as your CV
(iii) To third parties to determine if an TRG client or other entity (or their respective affiliates) to whom TRG presented you has (a) employed you or (b) retained you or any entity (i) that employed you or (ii) that retained you or (iii) in which you have an financial interest.
(c) Individuals who work for TRG clients (i.e. a client contact)
(i) To Contacts in the course of providing your company or employer with recruiting services and to further the recruitment process.
(ii) To third parties where we have retained them to provide services that you have requested including Freelancer skill tests and other testing.
(iii) To third parties to determine if an TRG client or other entity (or their respective affiliates) to whom TRG presented a candidate has (a) employed the candidate or (b) retained the candidate or any entity (i) that employed the candidate or (ii) that retained the candidate or (iii) in which the candidate has a financial interest.
5. The categories of sources from which the personal information and/or sensitive personal information is collected.
(i) We collect personal information and/or sensitive personal information from you actively when you enter it into our services (e.g., your name, your CV/resume, etc.).
(ii) We collect personal information or sensitive personal information passively when you access our services, to the extent your web browser provides this information to our servers (e.g., your operating system) and also based on your service usage (e.g., when and from what IP address you log on to our services, which may reveal your precise geolocation).
(iii) We collect personal information when it is provided to us by either yourself or a third party (for example, LinkedIn, Jobboard, CV databases, etc.).
6. The business or commercial purpose for collecting, selling, or sharing personal information and/or sensitive personal information.
(a) Why do we process your personal information and/or sensitive personal information?
(i) Generally, we use your personal information and/or sensitive personal information for our business and activities, and in our efforts to expand and improve our business. Examples include:
1. All users of the Websites and/or our services
(a) To provide our technology talent creation services to you, your employer or your company;
(b) To facilitate the recruitment process, including but not limited to:
(i) Qualifying and submitting Candidates;
(ii) For clients, negotiating TRG terms of business;
(iii) Arranging interviews and obtaining feedback;
(iv) Negotiating compensation packages; and
(v) Providing post placement follow up.
(c) Where permitted by applicable law and unless you tell us otherwise, we (or a third party to whom we have provided your Personal Data under part VI below of this Privacy Notice) may send you emails, SMS messages, or text messages (standard SMS or text message rates may apply);
(d) To assess data about you against vacancies which we judge may be suitable for you;
(e) To third party vendors to assist us in hosting, managing and operating our websites;
(f) To third party vendors who provide data analysis and data updating services to us;
(g) To third party vendors who provide email and other communications related services to us
(h) To enable you to submit your CV/resume to TRG, apply online (including through the Websites) for jobs or to subscribe to alerts about jobs we think may be of interest to you;
(i) To enable us to develop and market other products and services and where you have consented to being contacted for such purposes;
(j) To improve our customer service and to make our services more valuable to you (including tailoring the Websites when you log on to enrich your personal online experience);
(k) To send you electronically or by post surveys, reports, TRG event details, promotions, offers, networking and client events and general information about relevant industry sectors which we think might be of interest to you, where you have consented to being contacted for such purposes (and we will provide you with an opportunity to opt out);
(l) To identify you, and respond to and process your requests for information and provide you with a product or service;
(m) To amend records to remove personal information and/or sensitive personal information;
(n) To use your information on an anonymized basis to monitor compliance with our equal opportunities policy, other TRG policies and any legal or compliance requirements;
(o) To use your information on an anonymized basis to create marketing materials such as a salary survey; and
(p) To carry out our obligations arising from any contracts entered into between you and us, and for other everyday business purposes that involve use of personal information and/or sensitive personal information.
2. Actual or Prospective Candidates
(a) To help find you a job;
(b) To contact you about jobs that TRG is filling or may fill for TRG clients;
(c) To provide you or your company with information about the job market;
(d) To communicate with you (permanent hire candidates), your employer or your company (contract candidates) after you or it has started a job to make sure all is going well or to remedy, or attempt to remedy, any problems;
(e) To answer any questions you have about a job or the job market;
(f) To fulfill any aspect of your Employment Agreement or Contract of Employment with TRG;
(i) To third party vendors who provide customer relationship management database services to us;
(ii) To third party vendors who provide data analysis and data updating services to us
(iii) To third party vendors who provide document execution, transmission and storage services to us
(iv) To third party vendors who provide email and other communications related services to us
(g) To collect any money due, or allegedly due, to TRG or any TRG client (or TRG’s client’s client);
(h) To obtain or inquire about any property (including computers and confidential business information) owned, or allegedly owned, by TRG or any TRG client (or TRG’s client’s client);
(i) To determine if an TRG client or other entity (or their respective affiliates) to whom TRG presented you has (a) employed you or (b) retained you or any entity (i) that employed you or (ii) that retained you or (iii) in which you have an financial interest;
(j) To establish, exercise or defend any legal claims; and\
(k) To assist you (permanent hire candidates), your employer or your company (contract candidates) if you are dissatisfied or dislike the job, or any aspect of it.
3. Individuals who work for TRG clients (i.e. a “client contact”)
(a) To fill an open vacancy at your company or employer;
(b) To contact you about candidates for jobs with whom TRG has a relationship;
(c) To provide you with information about the job market;
(i) To third party vendors who provide customer relationship management database services to us;
(ii) To third party vendors who provide data analysis and data updating services to us;
(iii) To third party vendors who provide document execution, transmission and storage services to us;
(iv) To third party vendors who provide email and other communications related services to us;
(d) To communicate with you after your company or employer has hired/retained an TRG candidate to make sure all is going well and to remedy, or attempt to remedy, any problems;
(e) To negotiate and fulfil any aspect of your company’s or employer’s contract with TRG Group;
(f) To answer any questions you have about a job or a candidate or your company’s or employer’s contract with TRG;
(g) To resolve any issue with the issuance, payment, collection or enforcement of an TRG invoice;
(h) To collect any property owned by TRG or any TRG candidate;
(i) To third parties to determine if a TRG client or other entity (or their respective affiliates) to whom TRG presented a candidate has (a) employed the candidate or (b) retained the candidate or any entity (i) that employed the candidate or (ii) that retained the candidate or (iii) in which the candidate has a financial interest; and
(J) To establish, exercise or defend any legal claims.
7. The specific pieces of personal information and/or sensitive personal information it has collected about that consumer.
(a) Please email us at privacy@tenthrevolution.com, fill out the webform here, or call us toll free at 1-866-I-OPT-OUT (1-866-467-8688) and enter Service Code 717 to request this information. Before we can respond to your request, we’ll need to verify your identity.
8. A description of a consumer’s rights pursuant to US State Data Privacy Laws, including CCPA Section 1798.115:
(a) If we sell or share your personal information and/or sensitive personal information or disclose it for a business purpose, you have the right to know:
(i) The categories of personal information or sensitive personal information that the business collected about the consumer.
(aa) See Section 3 4) above (e.g., web log data, registration data, resume/CV data, etc.).
(ii) The categories of personal information and/or sensitive personal information that the business sold about the consumer and the categories of third parties to whom the personal information and/or sensitive personal information was sold, by category or categories of personal information for each third party to whom the personal information and/or sensitive personal information was sold or shared.
(aa) See Sections 3 4), 3 5) and 3 6) above.
(iii) The categories of personal information that the business disclosed about the consumer for a business purpose.
(aa) See Section 3 6) above.
(b) If we sell or share your personal information or disclose it for a business purpose, you have the right to request that we disclose to you (1) the categories of personal information and/or sensitive personal information that we collected about you, (2) the categories of personal information and/or sensitive personal information we sold or shared about you and the categories of third parties to whom we sold it, by category of personal information and/or sensitive personal information for each third party to whom we sold or shared your personal information and/or sensitive personal information and (3) the categories of personal information and/or sensitive personal information that the business disclosed about the consumer for a business purpose. We are required to verify your identity before providing you with this information if the information would constitute your personal information and/or sensitive personal information.
To exercise these important rights, please: mail us at privacy@tenthrevolution.com or call us toll free at 1-866-I-OPT-OUT (1-866-467-8688) and enter Service Code 717 to request this information. Before we can respond to your request, we’ll need to verify your identity.
(c) If we sell or share your personal information and/or sensitive personal information to a third party or disclose it for a business purpose, we are required to disclose:
(i) The category or categories of consumers’ personal information and/or sensitive personal information we sold or shared, or if we have not sold or share your personal information and/or sensitive personal information, we shall disclose that fact.
(aa) If we sell or share your personal information and/or sensitive personal information, it will be in the form of your CV/resume, anonymized or pseudonymized.
(ii) The category or categories of consumers’ personal information and/or sensitive personal information it has disclosed for a business purpose, or if the business has not disclosed the consumers’ personal information or sensitive personal information for a business purpose, it shall disclose that fact.
(aa) We rely on vendors to operate our infrastructure, and accordingly for each category of personal information and/or sensitive personal information that we disclosed above as a category that we collect, we disclose it to one of our third-party vendors for a business purpose (i.e. to develop, market, provide and support our business services). Those categories are: web log data, registration data, payment data, service usage data, customer content, consumer content and marketing data.
(d) If we sell or share your personal information and/or sensitive personal information to a third party, it is not allowed to resell or reshare it unless we notified you explicitly and provided you with a chance to opt out.
(aa) We do not allow third parties to whom we sell or share your personal information and/or sensitive personal information to resell or reshare the personal information and/or sensitive personal information, so no opt-out choices apply. See https://www.tenthrevolution.com/privacy-notice/#ccpa for details.
9. A description of a consumer’s rights pursuant to US State Data Privacy Laws, including CCPA Section 1798.125:
(a) Businesses, including us, may not discriminate against you because you exercised any of your consumer privacy rights such as by: (1) denying you goods or services; (2) charging you different prices or rates for goods or services, including via discounts or other benefits or penalties; (3) providing you a different level or quality of goods or services or (4) suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Businesses may however discriminate where any difference is reasonably related to the value provided to you by your data.
(b) Businesses, including us, may offer you financial incentives, including payments as compensation, for the collection, sale or deletion of your personal information and/or sensitive personal information. If we offer any incentives we will (1) notify you about them in our privacy policy and in any California-specific descriptions of consumer privacy rights we post and (2) only enroll you in them with you opt-in consent after disclosing all material incentive program terms to you. Incentive programs may never be unjust, unreasonable, coercive, or usurious.
(i) We do not currently offer any financial incentives.
10. A description of a consumer’s rights pursuant to US State Data Privacy Laws, including CCPA Section 1798.105:
(a) You have the right to request that we delete any personal information and/or sensitive personal information about you that we have collected. Before we delete any information, we’ll need to verify your identity. If we delete your information, we’ll also instruct our vendors (aka service providers) to delete it. The US State Data Privacy Laws do not obligate us to delete information under all circumstances, including where we need the information to provide our services to you, to detect security incidents, to identify errors in our services, or to comply with legal obligations. If you request that we delete information, we’ll let you know if we are deleting it or if we are not deleting it based on exemptions provided by the applicable US State Data Privacy Laws.
11. One or more designated methods for submitting requests (at minimum, a toll-free telephone number):
(a) You may submit any consumer privacy requests by emailing us at privacy@tenthrevolution.com, fill out the webform below, or by calling us toll free at 1-866-I-OPT-OUT (1-866-467-8688) and entering Service Code 717. Before we can respond to your request, we’ll need to verify your identity.
III. Your Right to Data Deletion. You have the right to request that we delete any personal information and/or sensitive personal information about you that we have collected. Before we delete any information, we’ll need to verify your identity. If we delete your information, we’ll also instruct our vendors (aka service providers) to delete it. The US State Data Privacy Laws do not obligate us to delete information under all circumstances, including where we need the information to provide our services to you, to detect security incidents, to identify errors in our services, or to comply with legal obligations. If you request that we delete information, we’ll let you know if we are deleting it or if we are not deleting it based on exemptions provided by the US State Data Privacy Laws. You may also delete personal information and/or sensitive personal information by using our services dashboard as described above.
IV. Your Anti-Discrimination Rights. Businesses may not discriminate against you exercising any of your consumer privacy rights such as by: (1) denying you goods or services; (2) charging you different prices or rates for goods or services, including via discounts or other benefits or penalties; (3) providing you a different level or quality of goods or services or (4) suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Businesses may however discriminate where any difference is reasonably related to the value provided to you by your data. We will not discriminate against you in any way for exercising your privacy rights.
V. Your Rights Regarding Financial Incentives. Businesses may offer you financial incentives, including payments as compensation for the collection, sale or deletion of your personal information and/or sensitive personal information. In this case a business must: (1) notify you about the incentives in its Privacy Addendum and in any California-specific descriptions of consumer privacy rights it posts and (2) only enroll you in them only with your opt-in consent after disclosing all material incentive program terms. Incentive programs may never be unjust, unreasonable, coercive, or usurious. We do not currently offer any financial incentives.
VII. Changes to Privacy Addendum
Any information that we collect is subject to the Privacy Addendum in effect at the time such information is collected. We may, however, revise the Privacy Addendum from time to time. If a revision is material, as determined solely by us, we will notify you, for example via email. The current version will always be posted to our Privacy Addendum.
If you have any questions about this Privacy Addendum, or wish to exercise any of your privacy rights, please contact us at privacy@tenthrevolution.com or at any of the methods described above.
Australia and New Zealand Addendum
I. For users accessing the Websites or using our services in Australia or New Zealand, we comply with Australian and New Zealand privacy requirements including for Australia: the Privacy Act 1988 (Cth), Privacy Principles, the Spam Act 2003 (Cth) and Regulations 2021, and the Do Not Call Register Act 2006 (Cth); for New Zealand, the Privacy Act 2020, the Privacy Regulations 2020, Information Privacy Principles, and Unsolicited Electronic Messages Act 2007; and for Australia and New Zealand, any other applicable state/territory privacy laws or industry codes (collectively, the “AUSNZ Privacy Laws”).
II. We will deal with your Personal Data (which has the same meaning as “Personal Information” under the AUSNZ Privacy Laws in accordance with those laws, namely any information from which your identity is apparent or can be reasonably ascertained.
III. Residents of Australia or New Zealand accessing and using the Websites or services are notified that:
A. in addition to your respective countries, your Personal Data will be held and/or processed overseas including in the United States, Canada, United Kingdom, Netherlands, Germany, France, Switzerland, Italy, Spain, Japan or Singapore where our offices are located and other countries in which we may open offices in the future. We may also disclose your personal information to others, like our consultants, agents, contractors and service providers, and those that act as data processors, auditors or external advisers, and may be held and processed in other countries including without limitation those listed at the beginning of this subsection “A”;
B. If we use your Personal Data to contact you and you would prefer us not to, or if you indicate a preference for a method of communication, please let us know and we will do our best to respect your preference. When your choice is to continue to deal with us, we take it that you agree to and consent to us using your Personal Information in these ways, providing we follow the system and approach we explain in this Privacy Notice and comply with the applicable law. Where we do not have your Personal Information, we are not able to contact you, process your requests or provide our services to you; and
C. the governing law for the purposes of the Terms of Use and Privacy Notice, and any matters relating to them, including all disputes, will be governed, for Australia by the laws of New South Wales, Australia, and for New Zealand, for the law of New Zealand. You unconditionally submit to the non-exclusive jurisdiction of the courts having jurisdiction there.
IV. You may wish to contact us to request access to your Personal Information, to seek to correct it or to make a complaint about privacy. Our contact details for Australia and New Zealand are set out below:
Frank Recruitment Group Pty Ltd
Level 18
120 Spencer Street
Melbourne, Victoria 3000
Australia
Email: privacy@tenthrevolution.com
We will respond to your request for access to Personal Information we hold about you as soon as we reasonably can, including if we are unable to provide you with access (such as when we no longer hold the information).
We do not impose any charge for a request for access, but we may charge you a reasonable fee for our costs associated with providing you with access and retrieval costs.
For complaints about privacy, we will establish in consultation with you a reasonable process, including timeframes, for seeking to resolve your complaint.
Canada Addendum
I. Introduction
This Canada Addendum (“Canada Addendum”), in addition to the forgoing Privacy Notice, sets out the basis on which all “Personal Information” (“Personal Information” means information about an identifiable individual, including but not limited to sensitive Personal Information), that Frank Recruitment Group Inc. / Group de Recruitement Frank Inc. and its affiliated entities and their respective representatives trading under the TRG brand (collectively for the purposes of this Canada Addendum, “TRG,” “we,” “our,” or “us”) collects from you, or that you provide to us via the Websites (as defined elsewhere in the Privacy Notice) will be processed by us in Canada. If there is a conflict between the Privacy Notice and this Canada Addendum, the Canada Addendum controls with respect to Canadian users of our Websites. Please read the following carefully to understand our views and practices regarding your Personal Information in Canada and how we will treat it. All capitalized/defined terms not defined herein are defined elsewhere in the Privacy Notice.
II. Canadian Privacy Law and Privacy Principles
TRG is committed to maintaining the confidentiality, security, and accuracy of your Personal Information in accordance with applicable Canadian federal and provincial law, including but not limited to the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”), Canada’s Anti-Spam Legislation, SC 2010 c 23 (“CASL”), and the data privacy laws of Canada’s provincial counterparts including but not limited to the British Columbia Personal Information Protection Act, SBC 2003 c 63 (“BC PIPA”), Alberta Personal Information Protection Act, SA 2003 c P-6.5 (“AB PIPA”), and Quebec Act respecting the Protection of Personal Information in the Private Sector, CQLR c P-39.1 (“Quebec Private Sector Act”) to govern our activities as they relate to the use of your Personal Information. As part of this commitment, we follow the ten privacy principals established under the PIPEDA. These principals are as follows:
• Principle One: Accountability
TRG is responsible for the Personal Information it controls. TRG has designated its Chief Privacy Officer (privacy@tenthrevolution.com) as responsible and accountable for compliance with the Canadian Privacy Principles and other applicable Canadian data privacy law.
• Principle Two: Identifying Purpose
TRG must identify the purposes for which Personal Information is used, collected, and disclosed before or at the time we collect Personal Information. TRG demonstrates its compliance by making the Privacy Notice and this Canada Addendum available to individuals, among other actions.
• Principle Three: Consent
Your knowledge and consent are required for the collection, use or disclosure of your Personal Information, except where inappropriate or permitted by Canadian law. Depending on the level of sensitivity of the Personal Information, this consent may be implied or expressed; however, wherever commercially feasible, TRG shall attempt to obtain express consent. Consent to our use of your Personal Information can be withdrawn at any time by sending an email requesting same to privacy@tenthrevolution.com.
• Principle Four: Limited Collection
TRG must collect Personal Information by fair and lawful means and limit its collection of Personal Information to those details reasonably necessary for the purposes identified. Accordingly, TRG does not collect your race, ethnicity, or health Personal Information nor do we use Canadian Social Insurance Numbers (or a foreign equivalent) to identify or organize the information we hold, and will not record it if you submit it.
• Principle Five: Limiting Use, Disclosure and Retention
We may only use or disclose Personal Information for the purpose for which it was collected unless you have otherwise consented, or when it is required or permitted by law. We may only retain your Personal Information for the period of time required to fulfill the purpose for which it was collected (taking into account our statutory and contractual obligations to retain information).
• Principle Six: Accuracy
We shall maintain your Personal Information in as complete, accurate and up-to-date form as is necessary to fulfill the purpose for which we are to use it. Please inform us if any of your information changes by contacting us at privacy@tenthrevolution.com so that we can make any necessary changes.
• Principle Seven: Safeguarding Information
We must protect your Personal Information by following security safeguards that are appropriate to the sensitivity level of the Personal Information. For example, we have a document minimization process in our office to prevent inadvertent disclosures of your Personal Information. We also physically lock our offices after business hours to avoid/prevent unauthorized access.
• Principle Eight: Openness
We are required to make information available to you that is specific and easy-to-understand concerning TRG’s policies and practices that apply to the management of your Personal Information. A key method of making such information available is via this Canada Addendum, via our website.
• Principle Nine: Access
Upon request to privacy@tenthrevolution.com, we shall inform you of the use, disclosure, and existence of your Personal Information, and shall give you access to it. You may verify the completeness and accuracy of your Personal Information, and may request amendments to your Personal Information for these reasons, if appropriate. Contact us at the email address above. We will attempt to respond to requests for summary information within 30 days of receipt. If you send us a more detailed request (typically these require archival or other retrieval costs), we may take longer to respond and you may be subject to our normal disbursement and professional fees to the highest extent permitted by applicable law.
• Principle Ten: Challenging Compliance
Direct any complaints, suggestions, enquiries or questions respecting our privacy practices, compliance, or these principles by contacting privacy@tenthrevolution.com.
III. May We Deny Access To Your Personal Information?
Your right to access your Personal Information is not absolute. We may deny access to your Personal Information when:
• required by applicable law;
• such Personal Information relates to existing or anticipated legal proceedings against you or was generated as a result of a dispute resolution mechanism (whether arbitration, mediation, court cases, or similar proceedings);
• when granting you access would have an unreasonable impact on other people’s privacy, security or proprietary information;
• to protect our rights and property; or
• where the request is frivolous or vexatious or generates costs which are prohibitively expensive.
We shall explain to you in writing why we deny a request for access to, or refuse a request to correct your Personal Information.
IV. How To Ask A Question Or File A Complaint
TRG has a Chief Privacy Officer who may be contacted to answer any comments or questions about this Canada Addendum, including where to file a complaint. Please forward your communications to:
E-mail: privacy@tenthrevolution.com
Telephone: +44 20 733 0865
Address:
Frank Recruitment Group Inc. / Group de Recruitement Frank Inc.
d/b/a FRG
The St. Nicholas Building
St. Nicholas Street
Newcastle-Upon-Tyne
Tyne & Wear U.K. NE1 1RF
Attn: Chief Privacy Officer
Attention: Chief Privacy Officer
V. Sending Us Information Over The Internet
With respect to CASL, by using our Websites or Services, you hereby expressly consent to receiving, during and after our business relationship, electronic messages from TRG, including via emails and through social media, providing information to you including newsletters, updates, alerts, other publications, news and communications, other information of interest to you and/or information on our services. You can withdraw this consent or modify your preferences as to the types of electronic messages which you wish to receive from us, at any time, simply by notifying us at privacy@tenthrevolution.com or by using the unsubscribe mechanism on any of our electronic messages.
VI. Location of Personal Information and Transfers of Personal Information Outside Canada
Your Personal Information is stored on various servers, including our own, and those maintained by our third party service providers who help us provide our services to you. These servers may be located outside of Canada. Accordingly, by providing us Your Personal information, you explicitly consent to our transfer of your Personal Information to countries outside of Canada. If you do not wish for your Personal Data to be transferred outside of Canada, do not provide your Personal Information to us. You have rights to access and rectification of your Personal Information, among other rights, which you may invoke as otherwise described in this Canada Addendum or this Privacy Notice. When we transfer your Personal Information outside of Canada, we take commercially reasonable and legally required measures with data importers as is reasonably necessary for the protection of such Personal Information, which may include entering into contractual clauses or data protection/security agreements as appropriate. As required by the Quebec Private Sector Act, in general, our server is located in the United Kingdom; our customer relationship database provider keeps its main server in Germany and its disaster recovery server in United Kingdom; our word processing and office program, email, and cloud storage provider has its main servers in the United Kingdom and the European Union; and another cloud storage provider has its main server in Ireland. For more details about your specific Personal Information and where it is located, please contact privacy@tenthrevolution.com.
VII. What If I Do Not Agree With This Canada Addendum?
Please do not submit any Personal Information to us if you do not agree to our processing of your Personal Information as described herein in this Canada Addendum.
VIII. Changes to this Canada Addendum
We reserve the right to change this Canada Addendum and Privacy Notice from time to time by updating this Canada Addendum on our website or updating the Privacy Notice as described above. Any changes to this Canada Addendum and Privacy Notice will be posted on this Website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We encourage you to check this Website frequently for updates. Your continued use of this Website or any TRG services shall constitute your acceptance of the revised Canada Addendum.
TRG will interpret and enforce this Canada Addendum in accordance with all applicable law. This Canada Addendum was last updated on July 16, 2021.
Japan Addendum
Frank Recruitment Group 株式会社(以下「当社」といいます)は、個人情報保護法および当社の個人情報保護体制に則り、登録者の個人情報の適切な管理に努めます。
Frank Recruitment Group K.K (hereinafter referred to as “TRG“) will endeavor to properly manage the handling of personal information of registrants based on the Act on the Protection of Personal Information and the Company’s personal information protection framework.
ここでいう個人情報とは、当社に提供する個人(以下「本人」という)に関する情報で、氏名、住所、生年月日、電話番号、メールアドレス、その他の記述の組み合わせにより本人を特定できる情報をいいます。
Personal information is the information of the individual (hereinafter referred to as “person”) provided to and, which is the information received by the person who entered the name, entry, date of birth, telephone number, email address, and other versions.
個人情報の収集・利用目的
皆さまからお預かりした個人情報は、以下の目的にのみ利用いたします。
Purpose of collection and use of personal information
Personal information entrusted to you will be used only for the following purposes.
1. 人材派遣又は有料職業紹介等における最適な仕事のご案内・仕事に関するご連絡、及び契約締結に関する業務。
Guidance on optimal work in contract or perm, contact for introduce job details and work related to contract conclusion.
2. 提供していただいた本人の個人情報は、就職や転職のために、第三者である求人企業に提供するため。
To provide the personal information of the person provided to a third-party to company for applied to company.
3. 当社のサービス向上を目的として、意見、要望、情報の提供をお願いするために、個人情報を利用する場合。
We may use personal information to request opinions, requests, and information for the purpose of improving our service.
上記以外の目的で利用する場合は、事前にお知らせし同意を得たうえで利用いたします。
If we use it for purposes other than the above, we will inform you in advance and obtain your consent before using it.
個人情報の利用、提供について
About the use and provision of personal information
当社は収集目的の範囲内で個人情報を委託する場合があります。
We may entrust personal information within the scope of the purpose of collection.
また、以下の場合を除き、本人の同意を得ずに第三者に提供をすることはいたしません。
In addition, except in the following cases, we will not provide it to a third party without the consent of the person.
・ 人の生命、身体又は財産の保護のために必要がある場合であり、本人の同意を得ることが困難な時。
・ 公衆衛生の向上又は児童の健全な育成の推進のために特に必要のある場合であり、本人の同意を得ることが困難な時。
・ 国の機関若しくは地方公共団体又はその委託を受けた者が法令の定める事務を遂行することに対して協力する必要があり、本人の同意を得ることにより当該事務の遂行に支障を及ぼすおれがある時。
・ 法令に基づく場合。
・ 合併その他の事由による事業の承継に伴って個人情報の提供が必要な場合。
・ When it is necessary to protect the life, body or property of a person and it is difficult to obtain the consent of the person.
・ When it is particularly necessary to improve public health or promote the sound development of children, and it is difficult to obtain the consent of the person.
・ It is necessary for a national institution or a local public body or a person entrusted with it to cooperate in carrying out the affairs stipulated by laws and regulations, and obtaining the consent of the person will hinder the performance of the affairs. At one point.
・ When required by law.
・ When it is necessary to provide personal information due to business succession due to merger or other reasons.
個人情報の取り扱いについて
Handling of personal information
ご提供いただいた個人情報は、適切に取り扱います。
またご本人は、当社に個人情報を提供することは任意ですが、もしご提供をいただけなかった場合は、当社はご登録やサービスをお断りする場合がございます。
We will handle the personal information you provide appropriately.
In addition, the person is voluntary to provide personal information to us, but if we do not provide it, we may refuse registration or service.
個人情報に関する苦情・相談 に関する苦情・相談及び開示等の請求について 及び開示等の請求についてお預かりした個人情報に関する苦情・相談につきましては、速やかに対応させていただきます。
Complaints about personal information / complaints about consultations / requests for consultations and disclosures, etc. and requests for disclosures, etc. We will promptly respond to complaints / consultations regarding personal information that we have received.
お預かりした個人情報につきまして、利用目的の通知、開示、訂正、追加、削除、利用停止をご希望の場合は、ご本人であることを確認させていただいた上で速やかに対応いたします。
If you wish to notify, disclose, correct, add, delete, or suspend the use of your personal information, we will promptly respond after confirming your identity.
お気軽にお問い合わせください
Please feel free to contact us on:
Tenth Revolution Group株式会社への個人情報に関するお問い合わせ窓口
TEL:03-4571-1146
E メール privacy@tenthrevolution.com
※本同意書の効力、適用、解釈にあたっては、日本国法が適用されるものとします。
制定日 2024年04月03日