Valtus UK Privacy Policy

Our contact details

Name: Valtus UK
Address: 5 Chancery Lane London WC2A 1LG
Phone No: 02073987500
E-mail: enquiries@valtus.uk
Website: https://valtus.uk

Valtus Group (hereinafter “Valtus” or “we”) and all its subsidiary companies including but not limited to Valtus Transition and Valtus UK are interim providers and trusted partners to leading businesses around the world.

We take the privacy of our interims and clients very seriously. As such, we have adopted and implemented a data protection policy in line with current regulations.

In this respect, we comply with the European laws pertaining to the protection of personal data, and particularly the General Data Protection Regulation number 2016/679 of April 27, 2016 (also known as the GDPR). Since the UK left the European Union on December 31, 2020, we also comply with the UK General Data Protection Regulation (also known as the UK GDPR) of January 1, 2021. Hence forth both regulations will be referred to as the GDPR.

GDPR Legal Content

The purpose of this paragraph is to inform the persons concerned (hereinafter “you” or “your”) in a clear, complete and straightforward manner about how Valtus, as the data controller, collects and uses the personal data pertaining to you (hereinafter “Personal Data”) and the means you have to control this use and exercise your rights relating thereto.

What does this policy cover?

This policy sets out the types of personal data that we collect and explains the following:

  • What personal data is collected and processed by Valtus
  • Where do we collect personal data about you
  • How and why we may use your personal data
  • What legal basis do we have for using your personal data
  • How long do we keep personal data for
  • Who has access to your personal data
  • Where is your personal data stored
  • Your rights and choices surrounding your personal data
  • How you may contact us

What Personal Data is collected and processed by Valtus?

Valtus adheres to the principles of data minimization. As a result, we only collect relevant, adequate information, which is limited to what is genuinely necessary in relation to the purposes for which it is processed.

Within the context of managing its staff, Valtus may be required to collect data to fulfill certain legal obligations and/or data useful for administrative tasks, work organisation or social initiatives (e.g.: First and last names, date of birth, postal address, French police insurance or UK national insurance, bank data, etc.).

Within the context of its business relationships with clients and prospects, Valtus must collect personal data such as first and last names, postal addresses and business details such as telephone numbers, fax and email addresses.

We may also collect personal data such as your IP address or your connection data to our services if it proves necessary to ensure proper processing of your Personal Data.

If you are an Interim Manager, please limit the information you provide to us to a strictly professional framework. We do not wish to collect data unrelated to the assignments that we may give you. In particular, please be sure not to include any sensitive information or special category information (especially relating to your religion, trade union membership or health) on your resume. This data is not relevant to our business and shall be disclosed at your own risk.

The professional personal information we do need on your resume and will be collected by us is:

  • Title, first name, last name
  • Date of birth
  • Personal email address
  • Personal postal address
  • Professional background, including dates, locations and job descriptions.
  • Training courses, including qualifications or certifications obtained, experience (subject to verification), etc.
  • Your previous salary levels and daily rates
  • Non-profit work, distinctions and other awards
  • Administrative information (particularly police insurance number, identification documents and bank details) required for contract purposes
  • Any other information contained in your resume that was provided by you.

Mandatory declarative Personal Data is indicated by an asterisk on our forms, whether it is online on a website, or as a hard copy. Apart from the above, you are free to provide some, all or none of your Personal Data. However, such a decision could limit our chances of finding you a job as a manager and limiting your access to certain services offered by Valtus.

Where do we collect Personal Data about you?

Valtus may collect your Personal Data as follows:

  • If you are a client, prospect or supplier: from your business card, via social media, by prospecting or within the framework of our agreements
  • If you are a Valtus employee: through our work relationship before, during or after you joined our company
  • If you apply for a job with Valtus: when you send us your application (by any means but especially via our website), interviews or social media discussions
  • If you are an interim manager:
    • Directly from yourself. This is information that you will provide whilst searching for an assignment. Valtus may collect your Personal Data via the form on the online portal of its website, in the context of interviews, professional meetings, partnerships, or applications made via email or post

This is “Declarative Personal Data” you provide via forms, whether it is online on a website, as a hard copy or in response to questions asked by members of the company:

  • From an agent/third party acting on your behalf e.g. an interim management company
    • Through publicly available sources such as: – Social media, such as LinkedIn – Company websites – Articles and marketing literature
    • By referencing or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or even a present employer
    • Search databases such as job boards where you will have uploaded personal data

How and why we may use your Personal Data

We collect and use your Personal Data to enable us to do business with you, in particular to:

  • Connect with you to discuss business together
  • Enable you to obtain and receive information about Valtus, the services it offers or associates
  • Offer you the opportunity to partake in our satisfaction surveys, analyses and statistics in order to improve our services and better understand our clients and prospects
  • Update your data in our files and enable you to exercise your Data Protection rights (requests to access, correct, delete, portability, objection, etc.)
  • Fulfil our pre-contractual and contractual obligations
  • Carry out the administrative management of our relations, particularly concerning contracts, orders, invoices, etc., or for any other objective imposed by the current legislation
  • Improve the client experience
  • Manage job applications for opportunities with Valtus

If you are an Interim Manager, Valtus collects and uses your Personal Data for the purposes of its business and in particular to:

  • Discuss assignments with you and list you in the Valtus managers database
  • Assess your skills, experience and professional potential before, while and after you take on a potential assignment as a Valtus manager
  • Introduce you and put you in touch with Valtus customers and/or prospects to obtain assignments and/or in the context of your performance of said assignments
  • Monitor our relationship to improve your managerial experience and the experience of our customers
  • Enable you to request, obtain or be sent information about Valtus, or about the services offered by the company or its partners
  • Enable you to subscribe to and receive subject specific information (training, documentation, invitations, activity reports, etc.)
  • Organize and invite you to special candidate events
  • Manage the administrative side of our relationship, including contracts, orders, and invoices, or for any other purpose necessary to comply with prevailing regulations
  • Update your data (update campaigns) and allow you to exercise your rights vis-à-vis Valtus (requests for rights of access, rectification, erasure, portability or objection).

We will always ask your permission (on each separate occasion) prior to sending your CV to prospective clients. If you are chosen by the client and go through to the next stage of the recruitment process, we will then collect more information from you at the interview (or equivalent) stage onwards, in that manner.

Marketing

In addition to the uses described above, where we have your consent to do so, we may use your Personal Data to provide you with information about our services, business updates and general market intel we think may be of interest.

What legal basis do we have for using your Personal Data

For prospective candidates, interim managers and clients, our processing is necessary for 2 legal bases, the Legitimate Interests basis and the Contractual basis.

Legitimate Interests Legal Basis

For interim managers, prospective candidates and referees of candidates our processing of your data is necessary for our legitimate business interests. That is, we require this information to assess suitability for potential roles and to contact referees. If you are shortlisted as a candidate, then this may involve processing more detailed personal data including sensitive data such as health information that you or others provide about you. In these cases, we always ask for consent before undertaking such processing.

Clients personal data, such as contact details, our processing of your data is necessary for our legitimate business interests. That is to enable us to market our services and offers to you with your consent.

Our Legitimate Business Interests

Our legitimate interests in collecting and retaining your personal data are described below: As a HR business and interim management company, we introduce candidates to clients. The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process. To support our candidates’ career aspirations and our clients’ resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements. Such historical information will be kept in line with the restrictions set out in this policy. To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts. To deliver our ancillary services we need to contact candidates on a regular basis, through various routes such as email, phone and other relevant notifications.

Contract Legal Basis

As an interim manager we have a contract with you for each assignment you are contracted for. The processing of your data is necessary for us to deliver our obligations under that contract, e.g., to pay you.

As a client of Valtus we have a contract with you to provide interim managers. The processing of your data is necessary for us to deliver our obligations under that contract, e.g., to offer your available roles to prospective interim managers, we may also store, process and use data, such as contact details, to fulfil programmes of work we have been engaged to undertake.

We contract with you as suppliers to provide us a service. The processing of your data is necessary to enable us to pay you.

How long do we keep your personal data for?

We retain your information as follows:

  • Candidate data: Two years from the last point of contact, unless the candidate says they do not wish to be contacted, in which case, this information is deleted (unnecessary and outdated data will be deleted before this).
  • Interim Manager data:
    • Two years from the end of the service contract from the last point of contact, unless the interim manager states that they do not wish to be contacted, in which case, this information is deleted (unnecessary and outdated data will be deleted before this) and unless a specific consent was given about a particular retention period.
    • Interim Manager data in our financial accounting system and bank account to enable us to pay you will be retained for 7 years after our last payment in the UK to meet our legal obligations. To meet our legal obligations in France the data will be kept for 10 years after our last payment.
  • Client contact details:
    • Two years from the end of the service contract from the last point of contact, subject to us having had no further contact with you during this time (unnecessary and outdated data will be deleted before this).
    • Client data in our financial accounting system to enable us to receive payment from you will be retained for 7 years after your last payment to us in the UK to meet our legal obligations. To meet our legal obligations in France the data will be kept for 10 years after your last payment to us.
  • Supplier contact details:
    • Two years from the end of your contract with us or two years from an unsuccessful proposal to become a supplier subject to us having had no further contact with you during this time (unnecessary and outdated data will be deleted before this).
    • Supplier data in our financial accounting system and bank account to enable us to pay you will be retained for 7 years after our last payment in the UK to meet our legal obligations. To meet our legal obligations in France the data will be kept for 10 years after our last payment.
  • Employee contact details:
    • Two years after you left the employ of Valtus or two years after our last contact with you (unnecessary and outdated data will be deleted before this).
    • Employee data in our financial accounting system to enable us to pay you during your employment with Valtus in the UK will be retained for 7 years after our last payment to you to meet our UK legal obligations. To meet our legal obligations in France the data will be kept for 10 years after our last payment.

Who has access to your Personal Data?

The right to access personal data is granted by Valtus according to the employees’ functions and is modified if and when those functions change. Valtus employees are bound by confidentiality obligations with respect to your personal data.

Your personal data is confidential and only the employees of Valtus for whom access to such data is necessary for their work can access it, without prejudice to their possible transmission to those responsible for a control or inspection mission in accordance with the applicable regulations.

Our certifying bodies may also be required to process certain personal data strictly necessary for the realization of the services we entrust to them (computer maintenance, postal and electronic mailing, logistics and restoration, verification of compliance with our certified procedures, etc.)

Interim Manager and Candidate data

Your personal data may be shared with any client organization initiating a search for personnel. Publicly available data may be shared with any client organization instructing us on a search. Please note, personal data will not be shared with any client unless we have been given explicit consent.

We may also conduct checks to verify the information that you have provided and where we do this, we may share your information with the client.

Client data

Your personal data may be shared with any Interim Manager who is appointed to your organization to carry out an assignment or a Candidate who we have put forward for your consideration for an assignment.

Where is your personal data stored?

Valtus UK stores your personal data securely in our CRM system which can also be accessed by the managing company of this database. The CRM system we currently use is RDP ProNet a product of Access Partnership, whose privacy policy can be found by clicking the following link https://www.theaccessgroup.com/en-gb/privacy-notice/

In France personal data entered via our website (valtus.fr) transits through the servers of a partner specialised in recruitment technologies, located in the Netherlands. Valtus has a signed contract with this partner guaranteeing the rights of people concerned about their personal data. The data is then stored on servers, located in France, dedicated specifically to Valtus.

In all cases of transfer of your personal data to third parties, Valtus ensures that the personal data transmitted continues to benefit from a level protection equivalent to that set up by Valtus and requests contractual commitments so that your personal data is exclusively processed for the purposes you have previously accepted, with the necessary confidentiality and security.

The data that we collect from you may/will be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may be transferred to third parties outside of the EEA for the purpose of our recruitment services. It may/will also be processed by staff operating outside the EEA who works for us or for one of our suppliers. This includes staff engaged in, among other things, our recruitment services and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this privacy notice.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. You should not share your password with anyone.

Unfortunately, the transmission of information via the internet is never completely secure. Although we will use our best endeavours to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission of your data by you is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

What security measures have been implemented?  

Valtus provides reasonable assurance over the security of your personal data with reinforced protection through both physical and IT security measures.

Despite these reasonable steps to protect your personal data, no transmission or storage technology is foolproof. Therefore, in accordance with the applicable UK and European regulations, in the event of a proven infringement of personal data likely to lead to a high risk to the rights and freedoms of the persons concerned, Valtus will communicate this violation to the competent supervisory authority in the UK and EU and, where required by the regulations, to the persons concerned (individually or generally as appropriate).

It is also up to you to exercise caution to prevent unauthorized access to your personal data and devices (computer, smartphone, tablet, etc.).

In addition, the Valtus website may offer links to third-party websites that may be of interest to you. Valtus has no control over the content of these third-party websites or their protection policies regarding the data they may collect. Valtus consequently declines all responsibility for the processing by these third parties of your personal data, not subject to this policy. It is your responsibility to learn about the privacy policies of these third parties.

Valtus UK uses technical and organizational measures to safeguard your personal data, for example:

  • Our internal systems are secured from the internet using a CheckPoint perimeter
  • This system is locked down to a high degree
  • Additionally, our internal systems are all password protected, using complex passwords
  • Desktop security is provided to us through the use of Trend OfficeScan software
  • We also utilise MessageLabs security, meaning that all emails must first pass through MessageLabs anti-spam filters before entering the network
  • We protect internal data by regular nightly backups, and each server is imaged on a regular basis.

Whilst we use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the internet.

Use of cookies

We may obtain information about your online movements and use of the internet. We do this by placing a ‘cookie’, which is a small file, on your computer’s hard disk. Cookies can be used for several reasons, including to recognise you when you visit this website and to store your personal preferences.

Most web browsers accept cookies. When you first enter our website a Privacy Overview pop-up will ask you to consent to Necessary and Non-necessary cookies. You have the option to accept all cookies or just necessary cookies.

Necessary cookies are essential for the website to function correctly and, on valtus.uk, store your consent to allow cookies.

Non-necessary cookies are any cookies that that are used to anonymize your personal data and to collect your personal data via analytics on how you use our website, your use of embedded content (such as YouTube videos) and adverts. The anonymized personal data collected by non-necessary cookies is likely to be stored in the USA by companies such as Google and LinkedIn. The USA is not an “adequate” country under either GDPR. An adequate country is one that affords the same level of protection or a higher level of protection to your personal data as the GDPR. The companies who place non-necessary cookies on your computer have mitigated this risk by signing up to the EU and the UK’s standard contractual clauses so that they offer the same level of protection, as a company, to your personal data as the GDPR.

However, you can change your consent at any time either by clearing your browser history and then entering our Valtus.uk website or by visiting www.aboutcookies.org for further information about cookies and how to disable them. If you do not consent to all cookies, including necessary cookies, you may lose some functionality of the website.

What are your rights regarding your personal data?

Through this policy, Valtus strives to provide you with clear, precise information about the conditions under which your personal data is handled (incompliance with your right to be informed).

You also have the following rights:

The right to access, rectify or delete your personal data:

You have the right to access all the personal data concerning you that Valtus has on file as well as the confirmation that your personal data is or is not processed, and the conditions thereof.

You also have the right to obtain from Valtus, as soon as possible (and by default, within 30 days), the rectification of your personal data.

Finally, subject to the exceptions provided by the applicable laws (e.g. conservation necessary to comply with a legal obligation), you have the right to request that Valtus delete, as soon as possible, all your personal data, in the following cases:

  • Your personal data is no longer necessary in view of the purposes for which they were collected or otherwise processed;
  • You wish to withdraw your consent on which the processing of your personal data was based and there is no other basis for processing it;
  • You consider and can establish that your personal data has been the subject of illicit processing;
  • Your personal data must be deleted under a legal obligation.

The right to object to the processing of your personal data

When the processing of your personal data is necessary for the performance of a public service mission or under the exercise of a public authority in which Valtus has a vested interest, or because of the legitimate interests of Valtus or a third party, you have the right to object to the treatment of any personal data related to your particular situation.

If your personal data is processed for prospecting purposes, you have the right, whatever the legal basis of this treatment, at any time and free of charge, to object to this processing, including profiling to the extent that it is linked to such prospection, whether it is an initial or later processing.

The right to limit the processing of your personal data

The applicable regulations provide that this right may be invoked in certain cases, particularly the following:

  • When you challenge the accuracy of your personal data
  • When you consider and can establish that the processing of your personal data is illicit but that rather than deleting your personal data, you prefer its processing be limited
  • When Valtus does not need your personal data but you need it to assert, exercise or defend your rights in legal proceedings
  • When you object to the processing of your personal data that is founded on the interests of the person processing it during the verification process as to whether the legitimacy of the motives for the processing prevail over those of the person concerned.

The right to the portability of your personal data

When the treatment is based on your consent or contract, this right to portability allows you to receive raw personal data that you have provided to Valtus in a structured, commonly used format, and to transmit such data to another controller without Valtus impeding it. When technically possible, you can request that this personal data be forwarded directly to another processing manager by Valtus.

The data concerned with portability is limited to the raw data that you have transmitted to us, excluding data resulting from work done by Valtus.

The right to withdraw consent to the processing of your personal data

When Valtus processes your personal data on the basis of your consent, you can withdraw consent at any time by sending a request to Valtus (see below “How to exercise my rights?”). on the other hand, and in accordance with the applicable law, the withdrawal of your consent is only valid for the future and cannot therefore call into question the legality of the processing done before the consent withdrawal request or on another basis such as for example the execution of a contract.

The right to submit a claim to a supervisory authority regarding your personal data

If, despite Valtus’ efforts, you believe that your rights have not been respected, you can make a claim with a supervisory authority.

If you entered your data on the https://valtus.uk website, you live in the UK and/or are contracted to Valtus UK the appropriate supervisory authority is:

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

If you entered your data on the https://www.valtus.fr website, you live in the EU and/or are contracted to Valtus in the EU the appropriate supervisory authority is available on the European Commission’s website.

The right to decide the fate of your personal data after your death

Finally, you have the right to determine the fate of your personal data after your death by adopting general or special guidelines. Valtus is committed to complying with these guidelines. In the absence of directives, Valtus recognizes your heirs’ ability to exercise certain rights, in particular the right to object and/or delete and/or close the deceased’s account and to object to the processing of his/her data.

How do you exercise your rights?

You can exercise your privacy rights by sending us your request along with a copy of any identity documents to dpo@valtusgroup.com for EU complaints and enquiries@valtus.uk for UK based complaints.

Valtus is committed to responding to you as soon as possible, and in any event, within one month of receipt of your request.

If necessary, this period may be extended by two months, given the complexity and the number of requests addressed to Valtus. In this case, you will be informed of this extension and the reasons for the postponement.

If your request is submitted electronically, the information will also be provided to you electronically wherever possible, unless you expressly request that it be done otherwise.

If we do not follow up on your request, we will inform you of the reasons for our inaction and you will have the possibility of making a claim with a supervisory authority and/or by seeking a judicial remedy.

For the purposes of traceability and proof of deletion of your data, we will retain your deletion request, the effective date of deletion and the date of the reply sent by Valtus for a period of five (5) years from deletion of the data.

We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.

Applicable law and competent courts

This policy is subject to UK law where the data has been entered into https://valtus.uk and/or you live in the UK and/or are contracted to Valtus UK. In the event of a dispute, and if an amicable agreement cannot be reached, the competent courts shall be those of the jurisdiction of England and Wales notwithstanding multiple defendants or third-party proceedings.

Otherwise, the policy is subject to French law. In the event of a dispute, and if an amicable agreement cannot be reached, the competent courts shall be those of the jurisdiction of the Paris Court of Appeals, notwithstanding multiple defendants or third-party proceedings.