North Highland Privacy Policy

North Highland recognizes that your privacy is important, and that you care about the information that is collected about you. We want you to feel secure when using northhighland.com. This online privacy statement provides an overview of our privacy and data protection practices, so that you can better understand the steps we take to safeguard your information. If you have further questions, please contact us.

1. About This Privacy Policy

This privacy policy sets out how and why North Highland collects and uses your personal data when you visit this website, including any data you may provide through this website.  

2. Who We Are and Our Data Protection [Officer/Representative]

North Highland is made up of different legal entities, details of which can be found on this website. This privacy policy is issued on behalf of the North Highland Group so when we mention “North Highland”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the North Highland Group responsible for processing your data. For all EU and UK data subjects, North Highland UK Limited is the data controller and responsible for this website.

North Highland is a global consulting firm with a twist. We bring big ideas and challenge the norm. We work with our clients, not at them. We deliver value in a way that others cannot, through our seamlessly integrated offerings.

We have appointed a Data Protection Representative for managing our data protection matters and fielding questions about this privacy policy. The contact details of our Data Protection Representative are set out below in the Contact Details.

3. The Types of Data We Collect and How We Collect It

Types of Data.  We collect, use, store and transfer different types of both personal and non-personal information through our website.

Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data from which you cannot identify a person.

We collect the following categories of personal data about you:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data includes your username and password.
  • Usage Data includes information about how you use our website and services.
  • Marketing and Communications Data includes [your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share non-personal information such as statistical data for any purpose. This non-personal information may be derived from your personal data but is not considered personal data by the law as this data does not directly or indirectly reveal your identity.  For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

If we combine any non-personal information with your personal data so that you can be identified from it, we will treat the combined data as personal data which will be used and protected in accordance with this privacy policy.

How we collect data. We collect data in different ways through our website. You may provide us the data directly when you:

  • register an account;
  • request marketing to be sent to you; or
  • contact us.

Additionally, through the use of cookies, [server logs] and similar technologies, we may automatically collect Technical Data about your equipment, browsing activity and patterns. Please see the Cookies Policy.

We may also receive personal data about you from certain third parties as follows:

Cookie

Description

Opt-out Link/Further details regarding specific privacy policy

Google Analytics

The single session and global session cookies are provided on our behalf by Google Inc. They assist with reporting of user behaviour, market research and improving Site functionality. This user behaviour is analysed in order to improve our Site.

The information collected is not linked to personal data.  To see how this applies to Google Analytics visit http://www.google.co.uk/intl/en/analytics/privacyoverview.html.

You can stop Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout?hl=en-GB

LinkedIn

Twitter

Facebook

Audience targeting

Add targeting

The information collected is not linked to personal data.  

Pardot (Salesforce)

Lead Generation

Form completion data

Page view data

The information collected is linked to personal data and utilized for lead generation

JobScience

Staffing software

Corporate Recruiting software

 

4. What Happens If You Fail To Provide Personal Data to Us?

If you fail to provide personal data that we need to perform a contract with you or by law, then we may not be able to provide you with the service the contract relates to. We will notify you when this is the case.

5. Cookies

We may use cookies on our website. For more information on how we may use cookies and how you can use the My Cookie Preferences panel to disable or refuse cookies, please see our cookie policy.

6. How We Use Your Data - The Purposes and Lawful Grounds for Processing

Purposes and Lawful Bases. We will use your personal data only where we have a lawful basis for doing so. We process your personal data for a number of purposes. The lawful basis for processing your personal data will depend on the purpose for which it was obtained.  The table below sets out the purposes for which we may process your personal data and the relevant lawful basis/bases that allow for that processing:

GDPR

*“Legitimate interests” means our legitimate interests in conducting and managing our business, or the interests of third party, where these interests are not overridden by your fundamental rights, interests and freedoms.

Changes to the Purposes of Processing. We will only process your personal data for the purpose(s) for which we collected it. If we do need to use your personal data for a new purpose, we will notify you of this and explain the lawful basis we will be relying on.

Please be aware that we may process your personal data without your knowledge or consent where this is required or permitted by law.

 

7. Marketing

By using the ‘My Marketing Preferences’ tool you can control how we send you marketing communications. We will send you marketing communications if you have requested information from us or purchased services from us, or if you have provided us with your details when registering for a promotion, and in each case, where you have not opted out of receiving that marketing. 

As well as using the My Marketing Preferences tool, you can opt out of receiving marketing communications by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.

8. How We Share Your Personal Data and With Whom

We may need to share your information with certain third parties - these third parties are as follows:

  • Other companies in the North Highland Group acting also as controllers or processors and who are based UK and US, provide IT and system administration services and undertake leadership reporting.
  • Our suppliers acting as processors including 

Cookie

Description

Opt-out Link/Further details regarding specific privacy policy

Google Analytics

The single session and global session cookies are provided on our behalf by Google Inc. They assist with reporting of user behaviour, market research and improving Site functionality. This user behaviour is analysed in order to improve our Site.

The information collected is not linked to personal data.  To see how this applies to Google Analytics visit http://www.google.co.uk/intl/en/analytics/privacyoverview.html.

You can stop Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout?hl=en-GB

LinkedIn

Twitter

Facebook

Audience targeting

Add targeting

The information collected is not linked to personal data.  

Pardot (Salesforce)

Lead Generation

Form completion data

Page view data

The information collected is linked to personal data and utilized for lead generation

JobScience

Staffing software

Corporate Recruiting software

 

  • Additional 3rd party suppliers are located here:

GDPR 3rd Party Listing

GDPR 3rd Party_Client Services

GDPR 3rd Party_Human Resources

GDPR 3rd Party_Learning & Development

GDPR 3rd Party_Marketing

GDPR 3rd Party_Payroll

GDPR 3rd Party_Recruitment

  • Our professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, insurers who provide us with professional services based in UK and US

 

9. Third Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we strongly recommend you read the privacy policy of every website you visit.

10. Requesting Access to Your Personal Data

Under data protection law, individuals have the right to request access to information about them that we hold. To make a request for your personal data please contact GDPR@northhighland.com or privacy@northhighland.com 

11. International Transfers

We share your personal data in certain ways that will involve transferring your personal data to countries outside of the European Economic Area whose laws do not afford the same level of protection to personal data as within the EU.  We do this in the following ways:

  • to other entities within the [North Highland] Group in the U.S.
  • to the following third-party suppliers as referenced above
  • Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by putting in place the following safeguards:
  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see the website of the Information Commissioner’s Office (‘ICO’) at https://ico.org.uk/for-organisations/guide-to-data-protection/principle-8-international/
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see the ICO’s website at https://ico.org.uk/media/1571/model_contract_clauses_international_transfers_of_personal_data.pdf
12. Data Security

Whilst we store and use your personal data we will ensure the appropriate security of your personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach as is required by the law.

13. Retention of Your Data

We will not keep your personal data longer than is necessary for the purpose for which we use it. We will retain your personal data for 1 year as is required by the law and will delete or destroy it when it is no longer required.

In some circumstances we may anonymise your personal data (so that it can no longer identify you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

14. Your Other Privacy Rights

Persons living or working in some jurisdictions have certain additional privacy rights.

Data subjects in the European Union, Switzerland and the United Kingdom have a right to:

  • be informed of how we are processing your personal data – this privacy policy serves to explain this you but please do get in touch if you have any questions;
  • have your personal data corrected if it is inaccurate or incomplete;
  • have your data erased (the right to be forgotten) in certain circumstances – e.g. where it is no longer needed by us the purpose for which it was collected or you have withdrawn your consent. Please note however, that in certain circumstances, we may not be able to comply with your request of erasure for legal reasons. If this is the case, we will notify you at the time you request erasure;
  • restrict the use of your data in certain circumstances e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate;
  • object to the processing of your data in certain circumstances - e.g. you may object to processing of your data for direct marketing purposes;
  • object to decisions being taken by automated means;
  • request the transfer of your personal data to a third party. Please note this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; and
  • to withdraw your consent at any time to processing where we are relying on consent as the lawful basis - e.g. to receiving marketing communications. Please note if you withdraw your consent, we may not be able to provide certain services to you -  We will let you know if this is the case at the time you withdraw your consent.

If you have any concerns about the way we are collecting or using your personal data, please contact us in the first instance.   You also have the right to lodge a complaint with the UK’s supervisory authority for data protection matters -  the Information Commissioner’s Office at  https://ico.org.uk/concerns/

California Consumer Rights. The US state of California affords certain privacy rights to its residents (“Consumers”) regarding their personal information:

  • California Civil Code § 1798.83 permits California residents using our website to request and obtain a list of personal information we disclosed to third parties for the preceding calendar year as well as the names and addresses of those third parties. To make such a request, please contact us by http://www.northhighland.com/privacy-policy
  • California Civil Code § 1798.100 et seq. grants California residents (‘Consumers’) various privacy rights to their personal information including:
    • Request to Know. You have the right to request access to personal information that we collected for the previous 12 months. Please note that if your access request requires the disclosure of personal information of another individual, we won’t be able to comply with all of your access request. Similarly, if responding to your access request would cause us to violate any law, rule, regulation, or law enforcement request, we would not be able to fulfill your request.
    • Request to Delete. You have the right to request that we delete personal data that we collected from you. However, we are not required to comply with your request if it is necessary for us or our service provider to maintain your personal data in order to complete the transaction with you; detect security incidences; identify and repair errors; exercise free speech; comply with the California Electronic Communications Privacy Act; engage in certain public interest research; use internally in a manner reasonably aligned with your expectations; comply with a legal obligation or otherwise use your personal data internally in a way that compatible with the context in which you provided it.
    • Right to Opt-out. You have the right to opt-out of the sale of your personal data to Third Parties at any time. This means that once you exercise your right to opt-out of the sale of your personal information, we are required to honor your request. North Highland does not sell personal information to Third Parties.
    • Exercise of California-Specific Rights. You have the right to be free of discrimination for exercising your consumer privacy rights. We will not deny you goods or services, charge different amounts or provide a different quality level of goods or services for exercising your rights unless the difference is reasonably related to the value of your data.
15. Changes to Your Personal Data

It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data changes and we need to update our records.

16. Contact Details

If you have any questions about this privacy policy or about your legal rights, please contact the Information Security and Compliance Manager using the details set out below.

 

North Highland (UK) Limited

Israel Cortes

Information Security and Compliance Manager

GDPR@northhighland.com

3333 Piedmont Road | Suite 1000 | Atlanta, GA 30305

404.975.6380

California Consumer Privacy Act:

Israel Cortes

Information Security and Compliance Manager

Privacy@northhighland.com

3333 Piedmont Road | Suite 1000 | Atlanta, GA 30305

855.644.3578

California Consumer Protection Act

What This Notice Covers

This notice contains information pertaining to privacy rights impacting job applicants, contractors, and employees who are residents of California. North Highland is committed to protecting the privacy and security of personal information. Residents of California have been granted a limited number of the rights offered to Consumers under the California Consumer Privacy Act of 2018 (“The CCPA”) (Civil Code § 1798.100 et seq.) with respect to information maintained by companies where they apply for work, or where they are employed or perform contracted services. This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the CCPA.

This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practical.

It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what rights are available to California residents under the CCPA.

Categories of Personal Data We Process

In the employment and job application contexts described below, CCPA Consumer privacy rights do not attach except as specifically described. Under the CCPA, the personal information we collect is exempt where:

1) it is collected in the course of (i) your employment application process with us, your association with us as (ii) an employee, (iii) owner, (iv) director, (v) officer, (vi) medical staff member or (vii) contractor, all to the extent the PI is collected and used solely within these contexts;

2) the personal information we collect is your emergency contact information to the extent we use it solely in that context; and

3) it is necessary for us to retain your personal information for administration of benefits to the extent it is collected and used solely within that context.

California employees, contractors and job applicants have the right to know what personal information we collect and the purpose for its collection. We will not collect additional categories or use it for additional purposes without providing you additional notice.

We may collect, store, and use the following categories of personal information about you for the purpose of recruitment, hiring and placement, personnel administration, compensation and benefits, employment and statistical staffing reporting purposes, as required by law:

  • Personal contact information
  • Personal identification and individual traits (e.g., gender, racial identification);
  • Date of birth.
  • Marital status and dependants.
  • Next of kin and emergency contact information.
  • Government issued identification number.
  • Bank account details, payroll records and tax and withholding status information.
  • Salary, annual leave, pension and benefits and beneficiary designation information.
  • Start date and, if different, the date of your continuous employment.
  • Separation date and your reason for leaving.
  • Location of employment or workplace.
  • Documentation submitted in connection with verification of work authorization.
  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
  • Employment records (including job titles, work history, working hours, holidays, training records and professional memberships).
  • Compensation history.
  • Performance information.
  • Disciplinary information.
  • Information obtained through electronic means such as swipe card records.
  • Information about your use of our information and communications systems.
  • Photographs and video content.
  • Details of your interest in and connection with the intermediary through which your services are supplied.
  • Workplace injury and health information associated with medical leave or disability claims.
  • Employment-based background screening results.
Sources of Personal Data

We collect personal information about employees, workers and affiliates through the application and recruitment process, either directly from candidates or affiliates or sometimes from an employment agency or background check provider.

We may sometimes collect additional information from third parties including former employers, former academic institutions you have attended, credit reference agencies or other background check agencies.

We may also collect personal information from the trustees or managers of pension arrangements operated by a group company.

We will collect additional personal information in the course of job-related activities throughout the period of you working for us.

General Purposes for Processing Personal Information
General Purposes for Processing Personal Information

We will use your personal information in the following circumstances:

  1. Where we need to perform the contract we have entered into with you.
  2. Where we need to comply with a legal obligation.
  3. Where it is necessary for our legitimate interests (or those of a third party)

We may also use your personal information in the following situations, which are likely to be rare:

  1. Where we need to protect your interests (or someone else's interests).
  2. Where it is needed in the public interest.

We need all the categories of information in the list above primarily to allow us to enter into or perform our contract with you and to enable us to comply with legal obligations.

In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests do not override those interests.

Change of Purpose
Change of Purpose

We will only use your personal information for the general purposes outlined above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Transfer and Sale of Personal Information
Transfer and Sale of Personal Information

We do not sell personal information, and have not over the past twelve months, sold employee, contractor or applicant personal information to any third-party. We may have to share your data with service providers, other entities in the group and clients, prospective clients and referrers. We require all service providers to respect the security of your data. They are also not allowed to use personal information for any other purpose other than the purpose for which it is provided by us; and they are not allowed to transfer or sell your information to any other company or person.

Will personal information be shared with any Service Providers?

We might share your personal information with certain service providers (including contractors and designated agents) as relevant to their provision of services and benefits administration, as well as, to other entities within our group.

How secure is my information with service providers and other entities in our group?

All our service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies.

We do not allow our service providers to use your personal information for their own purposes.

We only permit them to process your personal information for specified purposes and in accordance with our instructions.

When might you share my personal information with other entities in the group?

We will share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.

We will share personal information relating to your participation in any share plans and pension arrangements operated by a group company with other entities in the group for the purposes of administering the stock ownership or other benefits plans.

What about other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal information with the other parties if and to the extent required under the terms of the transaction.

We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making returns to relevant taxing authorities.

How to Exercise Your Rights
How to Exercise Your Rights:

In order to exercise their rights, employees who are residents of California may submit a request for information by contacting us at 1-855-644-3578 or privacy@ northhighland.com

Changes to This Privacy Notice
Changes to This Privacy Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.