ECKSTEEN HR Consulting Logo White

DE

EN

DATA PRIVACY POLICY

At ECKSTEEN, we are committed to ensuring the privacy and protection of your personal data. This Privacy Policy explains how we collect, utilize, and manage your information in line with our legal responsibilities. Protecting your data is of the utmost importance to us, and we take all necessary steps to safeguard your privacy.

This policy covers personal data for several groups, including but not limited to:

  • Candidates
  • Freelancers
  • Clients
  • Suppliers and Other Third Parties
  • Individuals Whose Data Has Been Provided to Us
  • Website Visitors
  • Former Employees, and
  • Visitors to our physical locations.


For members of ECKSTEEN staff, a specific Staff Privacy Policy is accessible on the company’s internal platform. Similarly, those seeking internal job opportunities should consult our Recruits Privacy Policy for detailed information.

ECKSTEEN complies with various data protection regulations, including the General Data Protection Regulation (GDPR) and the UK GDPR. Any references to GDPR in this document apply to both regulations.

As the data controller responsible for processing your personal information, ECKSTEEN („we“ or „us“) ensures that your data is handled according to the most stringent standards. You can find further details on this here.

We periodically update this Privacy Policy to reflect any changes in our practices or regulatory requirements. If you wish to stay informed about the most current version, please revisit this page regularly, where updates will be made available.

If you feel that any aspect of this Privacy Policy does not meet your expectations, you may have specific legal rights. These rights, where applicable, are explained in this document.

‘You’ means a candidate, potential candidate, consultant, client contact or a contact at another organisation involved in the introduction (and / or) provision of a candidate’s services.

„Principle“ and „client“  Both terms refer to our customers, with Principle referring to the hiring of freelance experts over ECKSTEEN and Client referring to all other of our solutions.

„Customer contact“ This refers to all of our client stakeholders 

„Candidate“  These are potential or actual candidates for a permanent position (Direct Recruiting)

„Consultant“  This refers to freelancers, whose services are provided through ECKSTEEN in assignments from the Customer.

Reference (and / or) emergency contact’. These are people whose personal details a candidate provides so that they can be used as a reference or emergency contact.

The use of your personal data by the following parties is not covered:

  • actual or potential employers or hirers
  • a parent company,
  • or other organisations involved in the provision of your services by us to a hirer, to whom we may transfer your personal data in the course of the recruitment process.

 

Such use is subject to the privacy policy of the respective employer or Principle.

This Privacy Policy outlines how we handle your personal data and, importantly, details your rights concerning that data. You are entitled to:

  • request the deletion of your information
  • inquire about the specifics of what we hold about you
  • withdraw any consent previously given
  • and file a complaint directly to the mail address: DScomplaints@ecksteen.com if you have concerns regarding our practices.

The policy is organized into two main sections:

  1. Audience-Specific Privacy Information: This section addresses the specific categories of individuals that this Privacy Policy covers.

  2. General Privacy Information: This part applies universally to all groups mentioned in this policy.

Audience-Specific Privacy Information

Under this Privacy Policy, Candidates are defined as individuals who have not yet been in direct contact with ECKSTEEN but are reasonably identified as having a potential interest in, or who may benefit from, ECKSTEEN’s services. This includes those who may be considered for roles that ECKSTEEN advertises or promotes, such as permanent, part-time, temporary, or freelance opportunities with ECKSTEEN’s Clients (including those looking to engage in temporary work).

Candidates may also include individuals who have submitted speculative applications or CVs to ECKSTEEN without targeting a specific position, as well as those who have interacted with ECKSTEEN regarding its services or any available roles. Additionally, independent contractors, freelancers, or employees of suppliers or third-party providers who are put forward for positions with ECKSTEEN’s Clients, whether as part of a regardless through own or external means are considered Candidates in the context of this policy.

What kind of Information do we collect?

ECKSTEEN prioritizes collecting only the information necessary to perform its functions. Typically, this includes basic details such as your name, address, job title, and contact information. If you are being considered for a position, we may also gather your CV and relevant data regarding your qualifications and professional experience.

Additionally, if we engage in equal opportunity monitoring or need to fulfill contractual obligations for you or our Client, we may collect personally identifiable information. This can include data such as age, identification or passport numbers, driver’s license information, address, email, user IDs and passwords, gender, date of birth, marital status, occupation, salary range, financial and account details, contact numbers (both phone and mobile), nationality, personal website or social media profiles, or any other information required by applicable local laws.

Nevertheless, here is a list of the information which we may collate dependent upon the situation:

ECKSTEEN may collect the following personal data to provide our services:

  • Your name
  • Your mailing address
  • Your phone number and email address
  • Your bank account information
  • A copy of your passport, including the photograph
  • Details regarding your current and previous employers, such as job titles and employer names
  • Recruitment-related information, including professional certifications, education, qualifications, skills, career history, salary range, employment status, nationality, references, and other legally required or relevant details
  • Any other information you’ve included in your CV or provided in an application form
  • Data available from social media profiles, job boards, or public media sources (either yours or third-party)
  • Information about your umbrella company or employment agency
  • The terms of our service contract with your umbrella company or employment agency, including timesheets and work rates, relevant to your engagement with our Client
  • Details about your referees and emergency contacts
  • Third-party references, such as feedback from former employers or nominated referees
  • Results from pre-employment checks or security screenings, including criminal records checks and any disclosures about current or suspended sentences carried out during the onboarding process
  • Email correspondence, including any attachments you’ve sent us
  • Results of work authorization checks


How do we collect your Information?

ECKSTEEN collects personal data from Candidates in three primary ways:

  1. Information you provide directly to us
  2. Data we receive from external sources
  3. Information collected automatically

In order to deliver our services effectively, ECKSTEEN requires certain information about you. This helps us identify the best opportunities for you, sparing you the effort of sorting through irrelevant job offers or services.

1. How do we collect your Information?

You can share your personal data with ECKSTEEN in various ways, such as:

  • Submitting your details through the ECKSTEEN website or via an application form during registration;
  • Providing a hard copy of your CV at one of our recruitment events, job fairs, or offices;
  • Sending your CV or other information via email to an ECKSTEEN consultant, or discussing it during an interview;
  • Applying for a job through a third-party platform, which then redirects you to ECKSTEEN’s website;
  • Participating in campaigns through social media platforms like Linked or X.

The information you provide to us through these channels may include:

  • Key identification and contact details;
  • Educational background and employment history;
  • Financial data;
  • Special category information;
  • Criminal conviction data; and
  • Any additional details you choose to disclose.

2. Personal Data received from other sources

ECKSTEEN also acquires Candidate personal data from external sources. Depending on the circumstances and applicable local laws, this may occur in the following situations:

  • We search for Candidates through third-party platforms like LinkedIn or job boards, or when conducting other pre-recruitment processes (see the „Pre-recruitment activities“ section below);
  • Your referees may provide personal information about you;
  • Our Clients, Suppliers, other Candidates, or ECKSTEEN colleagues (for example, when referring a Candidate) might share information with us;
  • If you engage with us on social media (e.g., Communication via LinkedIn or XING, or following us on X), we may receive your information from those platforms;
  • If you were referred to us via a Recruitment Process Outsourcing (RPO) or Managed Service Provider (MSP), they might share your personal data with ECKSTEEN.

The information we receive from these sources may include personal data that others share about you, as outlined in the “What Kind of Personal Information Do We Collect?” section.

3. Automatically Collected Data

When you browse our website or interact with emails from ECKSTEEN, we may gather certain data automatically. This collection is done through tools like cookies, pixels, or other tracking technologies, always in accordance with local laws and regulations. Occasionally, this information is provided by your direct interaction with these digital tools.

For a more detailed explanation of how we handle data collected through our website or emails, please refer to the section of this Privacy Policy that specifically covers Website Users.

The information gathered through these automated processes, as explained in the section „What Kind of Personal Information Do We Collect?“ includes details classified as “Automatically collected information.”

How do we utilise your personal data?

ECKSTEEN processes Candidate data in several key ways, which include:

1. Potential Talent Mapping Phase

2. Recruitment Process

3. Marketing Purposes

4. Fairness Monitoring

5. Processing Personal Data for Legal Claim Purposes

6. Profiling and Automation

7. Data Sharing
.

1. Potential Talent Mapping Phase

During the pre-recruitment stage, we use your personal information to assess your potential interest in or benefit from our services, and to evaluate how we might be able to assist you in your job search. If we identify opportunities that may be suitable, we will reach out (typically via email) to see if you are interested, always in compliance with relevant legal requirements.

  • To carry out these activities, we may:
  • Gather and store your personal data in our database, making updates as necessary;
  • Reach out to inform you about how we process your data and direct you to our Privacy Policy;
  • Analyse your details to determine how our services could support your career;
  • Contact regarding the services we offer.

 

2. Recruiting Phase

At ECKSTEEN, our primary focus is on recruitment—matching the right Candidates with suitable job opportunities. Below, we outline various ways in which we may utilize and process your personal data for recruitment purposes, ensuring compliance with local laws and regulations. Please note that this list is not comprehensive.

In many instances, we process your personal information based on our legitimate interests. According to Article 6(1)(f) of the GDPR, we are permitted to process your data when it “is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of you which require protection of personal data.”

We believe that the activities we conduct under this legitimate interests provision do not negatively impact Candidates; instead, they enhance our ability to provide a more personalized and efficient service. Nonetheless, you are entitled to object to our processing of your personal data on this basis. For information on how to do this, please refer to the section titled “Access / Edit / Delete the personal data that you have given to us” in the General Privacy Information section of this Privacy Policy.

In certain situations, we may process your personal data to fulfil a contractual obligation to you or to respond to a pre-contract request. Article 6(1)(b) of the GDPR states that we can process your data when it “is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject before entering into a contract.”

If we process your information for recruitment purposes based on your consent, you have the right to withdraw that consent at any time. This withdrawal will not affect the lawfulness of processing prior to your withdrawal. For details on how to withdraw your consent, please refer to the section titled “Access / Edit / Delete the personal data that you have given to us” in the General Privacy Information section of this Privacy Policy.

3. Marketing Purposes

We will periodically provide you with information we believe may be of interest, including requests to assist in connecting other Candidates / Contractors with job / Project opportunities. Your explicit consent is required for certain activities, while a “soft opt-in” applies when we’ve obtained your contact details from prior interactions, such as job applications or inquiries about our services. This allows us to inform you about other relevant job openings, enhancing your chances of securing a new position. You can withdraw your consent at any time, and we will respect your preferences, though occasional recapture of your details may occur.

4. Fairness

We are committed to ensuring that our recruitment processes are aligned with our approach to equal opportunities, and so we will process certain sensitive or special category data about you to facilitate this. Where appropriate and in accordance with local laws and requirements, we will use this information on an anonymized basis to monitor our compliance with our equal opportunities bespoke practices. We will collect other sensitive or special category personal data about you, such as health-related information or religious affiliation, if this is appropriate in accordance with local laws. Article 9(2)(b) of the GDPR allows us to do this where the processing is “necessary for the purposes of carrying out the obligations and exercising our or your specific rights… in the field of employment and social security and social protection law,” as long as this is allowed by law. We may also collect details of any criminal convictions if appropriate in accordance with local laws, which may require your consent. If you are not happy about this, you are entitled to withdraw your consent at any time, and you can find out how to do so by referring to the section entitled “How you can access, amend or take back the personal data you have given us” in the General Privacy Information section of this Privacy Policy.

5. Processing Personal Data for Legal Claim Purposes

There are instances when it becomes necessary for us to process personal data based on the legitimate interests legal basis. When applicable and in line with local laws and regulations, this may include special category data related to the establishment, exercise, or defence of legal claims. Article 9(2)(f) of the GDPR permits this processing when it is essential for “the establishment, exercise, or defence of legal claims or whenever courts are acting in their judicial capacity.” Such situations may occur, for instance, when we seek legal counsel regarding ongoing legal proceedings or when we are mandated by law to retain or disclose specific information as part of the legal process.

In certain situations, we may process your personal data to fulfill our legal obligations. According to Article 6(1)(c) of the GDPR, we are permitted to handle your data when it “is necessary for compliance with a legal obligation to which (we) are subject.”

6. Profiling & AI Automation

Profiling refers to a specific processing activity designed to enhance our understanding of the information we gather about you, thereby facilitating the development of a tailored “profile.” This profile enables us to discern your preferred modes of interaction with our services, the nature of requests you may submit, and, importantly, your preferences and aversions. The primary objective of creating this personalized profile is to optimize our service delivery, thereby increasing the likelihood of promptly and efficiently presenting you with content that is most pertinent and beneficial to your needs.

We will employ profiling methodologies in relation to your personal data when we deem it necessary to serve our legitimate interests, as articulated in the accompanying table below. Should you object to this practice, you possess the right to raise such concerns under specific circumstances, and further information regarding the process for doing so can be found in the section titled Managing Personal Data

Additionally, we occasionally utilise automated systems, including filtering tools and more advanced technologies involving artificial intelligence—such as algorithms and machine learning (some of which may be supplied by third parties)—to facilitate rapid, efficient, and precise analysis of the data we possess concerning you, other candidates, and our clients’ requirements. This approach aids us in making informed decisions based on the data analysed. Such automated systems may include algorithmic tools applied to candidate personal data, which assist us in generating an optimal shortlist for particular positions. The application of this technology is intended to significantly diminish the time required to identify candidates who are best suited for relevant job opportunities. Thus enhancing the efficiency and efficacy of the recruitment process, and ultimately improving your overall experience with our services.

As advancements in technology continue to evolve, certain profiling and processing activities utilizing automated systems, as described herein, may constitute „Artificial Intelligence driven Decision Making“ in accordance with Article 22 of the GDPR. This entails a decision-making process conducted by automated means with minimal or no human intervention. We will only engage in automated decision-making concerning your personal data when we determine that such action is necessary for the execution of pre-contractual steps initiated at your request.

7. Data Sharing

Upon Instruction from you, We disseminate your personal data to various entities through multiple channels and for several purposes. Our primary objective in sharing your information is to enhance your opportunities for obtaining your desired position by connecting you with potential employers.

For a comprehensive list of parties with whom your personal data may be shared, please refer to the section titled “Who do we share your personal data with” in the General Privacy Information portion of this Privacy Policy.

Customers encompass all stakeholders and entities to whom ECKSTEEN renders its services during the course of its operations, as well as those whom ECKSTEEN reasonably believes may have an interest in our offerings. In specific situations, ECKSTEEN also provides services directly to individual employees of Client organizations, such as recruitment coaching or our purpose workshops.  It is important to note that in such instances, ECKSTEEN expects Clients to relay the pertinent sections of this Privacy Policy (specifically those aimed at Clients, Visitors, and Website Users) to their employees.

What Information do we gather?

The information we gather regarding Clients is quite limited. Typically, we only require your contact details or those of key individuals within your organization to ensure effective communication about our services, facilitate a smooth partnership, and occasionally provide services to your employees. We may also collect data related to your online interactions with Candidate profiles and other materials published by ECKSTEEN, which helps us tailor our marketing communications to be relevant and timely. Additionally, we may retain any supplementary information that individuals from your organization choose to share with us. In specific situations, such as interactions with our Finance and Debt Recovery teams, calls may be recorded in compliance with applicable laws and regulations. Should we require any further personal data for any reason, we will inform you accordingly.

Types of Information Collected:

1. Key Identification and Contact Details:

    • Names
    • Job Titles
    • Phone Numbers
    • Email Addresses

2. Automatically Collected Information:

    • Data regarding your online engagement with Candidate profiles
    • Data related to your interactions with ECKSTEEN’s published materials
    • IP Address
    • Usage statistics, including access frequency, dates, and times
    • User preferences (e.g., marketing options)
    • Log files and troubleshooting data
    • Device information when you access our services
    • Website navigation data (limited to ECKSTEEN websites)
    • Engagement metrics with ECKSTEEN emails
    • Location data inferred from jobs, IP addresses, application history, or system-stored information
    • Account access information (e.g., PINs for verification purposes)

 

3. Information Provided by Third Parties:

Details shared by our Candidates about you or sourced from other external entities

4. Additional Information You Provide:

    • Any further information that you or someone in your organization chooses to communicate to us, including through email or other forms of correspondence.

Please be aware that this list of personal data categories we collect is not comprehensive.

Data Collection Methods:

We gather Client personal data through several means:

1. Direct Information from You:

    • Data is collected when you reach out to us, usually via phone or email.
    • We may also obtain information when we contact you, either through phone, email, or general business development initiatives from our consultants.

The types of information we collect in this manner include:

  • Key identification and contact details.
  • Additional details that you voluntarily share, as outlined in the section “What Kind of Personal Information Do We Collect?”

 

2. Information from Other Sources:

When permitted by local laws and regulations, we may seek further information about you or your colleagues through due diligence or market research, which may include:

Third-party market research and analysis of online and offline media, conducted either by us or through external organizations.

  • Data from reputable business-to-business data vendors, in compliance with GDPR.
  • Delegate lists from relevant events.
  • Other limited sources and third parties, including Candidates, who may provide your information to us for reference or feedback on specific assignments.

The types of information we may receive through these methods can include data provided by others, as described in the section “What Kind of Personal Information Do We Collect?”

3. Website and Communication Interactions:

  • When you visit our website or interact with any emails or text messages from us, we may collect certain data automatically or through your voluntary submission. For further details, please refer to the context-specific section of this Privacy Policy for Website Users. The information collected in this manner includes automatically gathered data, as discussed in the section “What Kind of Personal Information Do We Collect?”
 

How We Utilise Your Personal Data

We use Client information for the following purposes:

  1. Service Provision: Our services include providing Candidates, Recruitment Process Outsourcing (RPO), Managed Service Provider (MSP) programs, and consultancy. We may also offer training courses to your employees, which requires their personal data for access.
  2. Marketing Activities
  3. Digital Profiling / AI based research & Decision Making
  4. Data Sharing
  5. Legal Compliance: 

1. Service Provision

We rely on legitimate interests for most data processing activities, as permitted by Article 6(1)(f) of the GDPR. We believe these actions do not adversely affect Clients’ rights. You are entitled to object to this processing; for details, please refer to the section “How can you access, amend or take back the personal data that you have given to us” in the General Privacy Information section of this Privacy Policy.

2. Marketing Activities

Unless local laws require otherwise, we typically do not seek your consent to send marketing materials, such as our Global Skills Index, to corporate email or postal addresses. If you prefer not to receive these materials, you can opt out by referring to the section “How can you access, amend or take back the personal data that you have given to us” in the General Privacy Information section of this Privacy Policy. Note that we adhere to additional local law requirements in certain jurisdictions regarding marketing activities.

 3. Digital Profiling / AI based research & Decision Making

Profiling involves processing your data to create a personalized profile, helping us understand your preferences and interactions with our services. This allows us to tailor our offerings and provide relevant content efficiently. We may use profiling to pursue our legitimate interests, as detailed below. You are entitled to object to this processing, and you can find out how in the section “How can you access, amend or take back the personal data that you have given to us” in the General Privacy Information section of this Privacy Policy.

With advancements in technology, some profiling may qualify as Automated Decision-Making under Article 22 of the GDPR, where decisions are made with limited or no human intervention. We will only engage in automated decision-making when necessary to fulfill pre-contractual steps at your request.  

4. Data Sharing

We will share your data mainly to ensure you receive an appropriate selection of Candidates, consultancy, purpose workshops and other advisory services. Unless instructed otherwise, we will also share your information with, including service providers, to achieve these objectives. For a detailed list of those with whom we share your data, please refer to the “Who do we share your personal data with” section in the General Privacy Information part of this Privacy Policy.

5. Legal Compliance

In specific and rare situations, we will process your personal data based on our legitimate interests to assist in establishing, exercising, or defending legal claims.

Suppliers encompass partnerships, companies (including individual advisory companies), and non-traditional workers such as independent contractors and freelancers who deliver services to ECKSTEEN. In certain instances, ECKSTEEN may subcontract services provided to Clients to third-party suppliers acting on its behalf. In this context, individual contractors, freelancers, or employees of suppliers will be regarded as Candidates for data protection purposes. It is important to note that ECKSTEEN requires Suppliers to communicate the relevant sections of this Privacy Policy (specifically, those directed at Candidates) to their employees.

Types of Personal Information Collected

ECKSTEEN collects limited personal data about Suppliers and other business partners, such as investors, primarily to maintain effective relationships. The information collected typically includes:

  • Key Identification and Contact Details:  Names, job titles, phone numbers, and email addresses of individuals within your organization.
  • Banking Information:
  • Bank details for payment purposes.
  • Additional Information: Any extra information voluntarily provided by your organization or others, including insights from Candidates or Clients.

Please note that this list is not exhaustive. We may also gather data if you access our website or interact with our communications. For further details, please refer to the section relevant to Website Users in this Privacy Policy.

Methods of Collecting Personal Data

We gather Supplier and third-party personal data in two primary ways:

Direct Information:

We receive data when you proactively contact us via phone or email, or when we reach out to you.

Information from Other Sources: We may obtain additional data through due diligence or market intelligence, including:

  •  Third-party market research
  •  Delegate lists from events
  •  Other limited sources


Use of Personal Data

Your personal data will typically be used for our legitimate interests, as allowed by Article 6(1)(f) of the GDPR, which permits processing when necessary for those interests, provided they do not override your rights. We do not generally seek consent for sending marketing messages to corporate addresses.

We believe that our activities do not negatively impact Suppliers or other parties. However, you are entitled to object to the processing of your personal data. For more information on exercising this right, please refer to the section titled “How can you access, amend or take back the personal data that you have given to us” in the General Privacy Information section of this Privacy Policy.

Sharing of Data

If you are identified as a Supplier or third party, we may share your personal data with our group companies and relevant third parties, such as service providers, to communicate with you about our services.

The legal basis for sharing this information aligns with those mentioned in the previous section. For a comprehensive list of parties with whom we may share your data, please refer to the section titled „Who do we share your personal data with“ in the General Privacy Information section of this Privacy Policy.

This section applies to anyone who uses ECKSTEEN’s website 

Personal Data Collected

We gather minimal information from website and app users to enhance your experience and manage services. This includes data such as how often you access the site, device type, browser, location, language preference, and any direct communication you have with us (e.g., through chat or registering for newsletters). We may collect:

Identification details

  • Name, email, and phone number.
    Automatically gathered data
  • IP address, browsing activity, and device information.
    Additional details
  • Anything you choose to share with us directly.


How Data is Collected

Your data is collected automatically (via cookies, tracking pixels, etc.) or when you contact us. Cookies and similar technologies are used to track site usage, aligned with your settings. For more information, please see the „Cookies Page“ 

How We Use Your Data

We use the data to:

  • Provide services like Workshops you’ve signed up for.
  • Safeguard our systems.
  • Improve your experience by tailoring content (e.g., job recommendations).

We process this data based on our legitimate interests. If you wish to object, please refer to the section titled “How can you access, amend or take back the personal data you have given us” in the General Privacy Policy.

Data Sharing Summary

Unless you request otherwise, we may share your information with our group companies and trusted third-party service providers to contact you regarding our services.

We rely on the same legal grounds mentioned earlier for data sharing. For a detailed list of who we share your personal data with, please refer to the „Who do we share your personal data with“ section in the General Privacy Information of this Privacy Policy.

General Privacy Information

  • We may share your personal data with relevant parties in compliance with local laws and regulations. These include:
  • Individuals or companies / organisations related to your employment or reference (e.g., past or prospective employers, trainers, recruitment agencies).
  • Authorities such as tax and audit bodies when legally required.
  • Service providers, consultants, IT support, and external professionals under appropriate agreements.
    Marketing platforms and providers.


Additionally, for Candidates, Temporary Workers, or referees, we may share your data with:

  • Potential employers, job boards, MSP suppliers, and other recruitment-related platforms.
  • Third parties conducting reference, qualification, and criminal checks.
  • Clients where Temporary Workers are placed or potential employers for references.
  • Internal/external auditors and compliance teams when necessary.

We take a range of measures to protect your personal data. These include implementing technical and organizational safeguards to ensure its security. We regularly update and test our systems to prevent unauthorized access, misuse, loss, or disclosure. Only authorized personnel with a legitimate business need are granted access to your information. In cases where we share your data with third parties, we ensure that they also implement adequate security standards. Additionally, we adhere to legal requirements and best practices to maintain the confidentiality and integrity of your data.

When determining how long to retain personal data, we consider the volume, nature, and sensitivity of the data, the potential risks of unauthorized use or disclosure, the purposes for which the data is processed, and whether those purposes can be fulfilled by other means. We also ensure compliance with legal, regulatory, and risk management obligations.

For Candidates / Consultants

we retain your personal data for up to two years from the date of collection or your last meaningful contact with us (or the company you work with). If we believe the data is still relevant, such as in cases of tax obligations or potential legal matters, we may retain it longer. „Meaningful contact“ includes actions like submitting your CV, participating in training, or communicating with us about job opportunities. Passive activities, such as receiving or reading emails, do not qualify unless you engage directly with us by clicking links or replying.

If your services are provided through a third party, meaningful contact is defined by the relationship with that company. If you request the deletion of your data, we will comply, unless legal or regulatory reasons necessitate its retention.

The GDPR ensures that individuals in the EU have clear rights regarding their personal data. You can exercise these rights even after sharing your data with us. Here’s a summary:

1. „Right to Object“ You can object to how we process your data for reasons like legitimate interests, public tasks, direct marketing, or research. We will stop processing unless we have compelling reasons or legal claims.

2. „Right to Withdraw Consent“: You can withdraw consent at any time if we’ve processed your data based on it (e.g., for cookies). We will stop unless another valid reason justifies continued processing.

3. „Data Subject Access Requests (DSAR)“: You can request details of the data we hold about you. We may need to verify your identity and could charge a fee for excessive requests. In certain cases, we may lawfully refuse your request.

4. „Right to Erasure“: You may request deletion of your data under specific circumstances, such as when it’s no longer necessary or if you’ve withdrawn consent. There are some exceptions (e.g., legal obligations).

5. „Right to Restrict Processing“: In certain cases, you can limit how we use your data (e.g., if you contest its accuracy or object to its use for legitimate interests). We’ll notify third parties if necessary.

6. „Right to Rectification“: You can ask us to correct any inaccurate or incomplete data. We’ll inform third parties of the changes unless doing so is too difficult or impractical.

7. „Right to Data Portability“: You can transfer your data to another service provider. We’ll provide it in a machine-readable format or transfer it directly if you prefer.

8. „Right to Lodge a Complaint“ You can submit a complaint to a supervisory authority:DataProtect@ecksteen.com if you feel your data rights are violated.

You can contact us to exercise any of these rights, and we’ll respond within one month. We may keep records of these communications to resolve any issues. please keep your information up to date to ensure accuracy.

  • At this point, your data is saved on an external drive that is not permanently connected with the internet or our network.  This may change as we integrate a cloud solution, however such a solution must provide us with certificates of conformity to European GDPR guidelines.
    • to third parties (such as Consultants or other Suppliers to our business); 
    • to our customers who may, in turn, transfer your data internationally; 
    • To other third parties such as Recruiting Software Platforms like LinkedIn and XING, however no data is transferred from us to these systems, this is only for candidates sourced in the respective system. 
  • We want to make sure that your data are stored and transferred in a way which is secure. All of our clients are based in the EU and UK which adhere to the strictest guidelines.
    • All candidates and contractors have to sign a data consent agreement, and no information is sent by us to any party without prior consent.
    • where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a Client of ours); 

When using our services, Candidates, and Freelance Consultants, may choose to visit independent websites or use third-party services (e.g., job platforms) that we do not operate. These external sites and services are beyond our control, and we do not take responsibility for their content or privacy practices. It’s up to you to assess whether to engage with these sites or use their services.

Additionally, some third-party providers we work with may process personal data we supply to them, acting as independent data controllers. They might use this data for their purposes, such as internal reporting, responding to security threats, legal compliance, or improving their services in anonymized or aggregated form. These providers will typically have their own privacy policies that explain these practices in more detail.

ECKSTEEN HR Consulting Logo White

Services

Employer Branding
Recruiting
Executive HR Search
HR Interim
Digital Transformation / HR Analytics
Purpose-Driven Solutions

Legal

Disclaimer
Cookie Preferences
Privacy Policy

Copyright – ECKSTEEN 2024 – All Rights Reserved