Privacy policy

We recognize that personal information you provide to us must be stored and handled in a safe and secure manner in order to ensure that it remains confidential. Our Privacy Policy sets out our strict confidentiality standards, which are designed to protect the information we hold regarding you and your documents.

With regard to UK’s Data Protection Act 1998 (DPA), the German Federal Data Protection Act (BDSG), including the amendments to the Act by Article 12 of the Act of 20 November 2019, and the General Data Protection Regulation (EU) 2016/679 (GDPR) implemented in May 2018, this privacy policy outlines how George Analytica GmbH (“GA”) manages personal information and will be made available to any person upon reasonable request.

Personal information

For the purposes of this policy, “personal information” means information or an opinion about an identified person, or a person who is reasonably identifiable, from that data or from that data and other information to which GA has or is likely to have access:

(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.

Where GA is providing technology and consulting services, examples of personal information it may collect and hold include your contact details (mobile number, email address etc.) and career history. Personal information may also include information collected from you during, for the purpose of and as a result of the recruitment evaluation process in a number of ways including through your resume, reference checking, verification of educational qualifications and/or professional membership, reference data, results of background and reference checks as well as any other personal information obtained by GA in connection with your possible candidature for a position in the future.

Sensitive information

For the purposes of this policy, “sensitive information” means personal information about a person’s:

(a) racial or ethnic origin; or
(b) political opinions; or
(c) membership of a political association; or
(d) religious beliefs or affiliations; or
(e) philosophical beliefs; or
(f) membership of a professional or trade association; or
(g) membership of a trade union; or
(h) sexual orientation or practices; or
(i) criminal record; or
(j) health information about a person; or
(k) genetic information about a person that is not otherwise health information; or
(l) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(m) biometric templates.

“Sensitive personal data”, as defined in the DPA, BDSG and GDPR, shall have the same meaning as “sensitive information” referred to above.

Privacy principles

GA will follow the privacy principles set out below.

Collection: GA may collect information about you in various ways, including by way of dealing with you in person, over the telephone, via video link, through its website https://www.georgeanalytica.com, over an email server, by conducting reference checks and background checks (including checks to verify educational qualifications, relevant professional membership or working rights) or through customer feedback or survey forms.

Personal information: GA will only collect personal information about you to the extent that it is reasonably necessary to do so for one or more of GA’s functions or activities as a global technology and consulting firm.

Sensitive information: GA will only collect sensitive information about you with your consent and, again, only where collection is reasonably necessary, or where collection of the sensitive information is required or authorized by or under a relevant law or a court/tribunal order, or where a “permitted general situation” exists, as defined under the DPA, BDSG and GDPR.

GA will only ask for information from you by fair and lawful means. In the case of personal information that GA asks for, we will collect personal information directly from you unless it is unreasonable or impracticable to do so.

In the case of unsolicited personal information, GA will treat the personal information in accordance with the DPA, BDSG and GDPR.

Notification of collection

You will be told when GA collects personal information by way of a Privacy Collection Statement. In the Privacy Collection Statement, you will be notified of the purpose of the collection, your rights to access your personal information, the fact that your personal information will be shared between GA employees and consultants and what will happen (if anything) if you do not give the information to GA.

Use and disclosure

Your personal information may be disclosed to employees or consultants of GA for the purposes described in this privacy policy.

GA will use or disclose personal information for the primary purpose for which it is collected, being your possible GA employment or consulting position in the future.

GA may also use your personal information for secondary purposes related to the primary purpose, which could include: analysis of test results (including medical tests and assessments); identification of training needs; workplace rehabilitation; management of any complaint, investigation or inquiry in which you are involved; or client/candidate business relationship management. GA will also use or disclose personal information for a secondary purpose in circumstances where GA has obtained your consent to such use or disclosure, where use or disclosure is required or authorized by or under a relevant law or a court/tribunal order, or a “permitted general situation” exists, as defined under the DPA, BDSG and GDPR.

GA will also inform all candidates of their right to privacy during the evaluation process by taking a range of steps, including by:

a) sending candidates an acknowledgement of written personal information collected (e.g. a candidate’s resume), which will contain a link to GA’s privacy policy.
b) informing all candidates of GA’s privacy policy as part of the communication relating to a specific job evaluation process in the future.
c) taking reasonable steps not to disclose potential candidate resumes to a third party except with the consent of the potential candidate or in exceptional circumstances permitted under the DPA.

Direct marketing: GA will not use or disclose sensitive information about you for the purpose of direct marketing unless such disclosure is permitted under the DPA, BDSG and GDPR. In the case of personal information which is not sensitive information and which GA has received directly from you, GA may use and disclose such information for the purposes of sending you a newsletter or other information related to GA’s business or activities. GA will not send you these communications if you choose to opt out by contacting GA at any time by way of an opt out option contained in such communications.

GA will only disclose sensitive information about you with your consent.GA will disclose your personal information to third parties outside of GA where it is required to do so in order to carry out identity and qualification verification checks through third party providers (which might include proof of identity checks, police checks, right to work checks and others).

Quality of personal information

GA will take reasonable steps in the circumstances to facilitate the personal information it collects being accurate, complete and up to date.

Security of personal information

GA will take reasonable steps in the circumstances to protect the personal information it collects from misuse, loss, and unauthorised access, modification or disclosure.

Access and correction

Access: Subject to applicable exceptions set out in the DPA, BDSG GDPR (including where access would pose a serious threat to the life, health or safety of a person), GA provides the opportunity for potential candidates to view and obtain a copy of personal information that GA has collected about them.

Correction: If you ask GA to correct any of your personal information, GA will take such steps (if any) as are reasonable in the circumstances to correct or update the personal information. As this procedure could involve retrieving information from storage or archives, please allow up to one week for your request to be actioned. GA may also contact you from time to time to update your details. GA will not charge you for the cost of making a request or for the cost of correcting the personal information.

If GA is unable to agree that the personal information it holds about you is accurate, complete and up to date, you may ask GA to place with the information, a statement by you claiming that the information is not accurate, complete and up to date indicating that the correction was requested but not made. GA will not charge you for the cost of making of the request or for the cost of associating the statement with the personal information.

Cross border disclosure of personal information

GA may disclose personal information to overseas recipients where permitted under the DPA, BDSG and GDPR.

In these circumstances, personal information will be disclosed to GA’s related business associates located in the EU, and the United Kingdom. From time to time, the nature of the consulting work may mean that your personal information is disclosed to a recipient in a jurisdiction not listed in this privacy policy (for example, the jurisdiction where the role is located).

Subject to any applicable exceptions set out in the DPA, BDSG and GDPR, GA will only transfer personal information to an overseas jurisdiction in circumstances where the information will have an appropriate level of protection.

By submitting your personal information, you agree to this transfer, storing or processing.

Complaints regarding personal information

Complaints about a breach of the DPA, BDSG and GDPR may be made to office@georgeanalytica.com or to the company’s registered address at Hohe Bleichen 2, 20354 Hamburg, Germany.

Variation

GA reserves the right to vary this privacy policy at any time and will publish all updated versions on its website, https://www.georgeanalytica.com.