Introduction

Your privacy is genuinely important to us. Optimus Search Limited and its subsidiaries and affiliates (“Optimus“, “we“, “our” or “us“) are committed to safeguarding your data in line with the latest data protection and privacy laws.

The data we collect depends on the context of your interactions with us. Unless otherwise defined below, “You” or “Your” means any person that is authorised to use our website.

Should we ask you to provide certain information by which you can be identified when using our website, then you can be assured that it will only be used in accordance with this Privacy Policy.

Data Collection

“Personal Data” as defined by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (known as the “UK GDPR”)), means any information relating to an identified or identifiable natural person. Some laws may use different definitions, if you are asserting your rights under law, the applicable legal definition governs your rights.

Personal Data we collect. In general, we may collect data about you in the following situations, when you:

• apply for a job with us as part of the recruitment process
• enquire about any of our services
• fill in a form or survey for us
• subscribe to our mailing/marketing lists
• participate in a competition or promotion or marketing activity
• contact us, for example by email, telephone or social media
• participate in interactive features

Personal Data collected directly from you. We may collect Personal Data that you voluntarily provide, such as your: (a) title; (b) first and last name; (c) email address; (d) business address; (e) residential address; (f) professional title and affiliation; (g) telephone number; and (h) fax number. We also record your communications preferences when you sign up to receive marketing communications from us.

Technical Data collected automatically. We may automatically collect certain technical data about your use of our website and data about the device you are using. Technical data may include your: (a) Internet Protocol (“IP”) address (which may tell us your general location); (b) browser type and version; (c) device IDs or other unique identifiers; (d) the referring webpage; and (e) viewing history. To collect this information, we may use cookies, web beacons, pixels and other automatic information gathering technologies. Please see our Cookie Policy for more information.

Data collected by Marketing Partners or public sources. We may collect data about you from: (a) trusted third parties providing us with services and purchased data for marketing purposes (our “Marketing Partners”); or (b) public sources. These sources vary over time, but could include: (a) service providers that help us determine a location based on your IP address in order to customise our service and for other uses consistent with this Privacy Policy; (b) security service providers who provide us with data to secure our systems and prevent fraud; (c) online and offline data providers, from which we obtain aggregated demographic, interest based and online advertising related data; and (e) publicly-available sources such as publicly available posts on social media platforms and information available through public databases.

Aggregated Data. We may also collect, use, and share data such as statistical or demographic data (“Aggregated Data”) for any purpose. Aggregated Data may be derived from your Personal Data, but it is still not considered Personal Data in law, as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we will treat this combined data as Personal which will be used in accordance with this Privacy Policy.

Special Categories of Personal Data. We do not collect any Special Categories of Personal Data (as defined in the UK GDPR). This includes details about your race, or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, data about your health or genetic and biometric data.

If you choose not to provide data. The provision of Personal Data is not mandatory. However, you may not be able to access and use the website and communicate with Optimus without disclosing some Personal Data to us.

Use of Data

Why do we collect your Personal Data? We use your Personal Data solely for certain legitimate business purposes, which include some or all, of the following:

• contacting you and sending you communications that we think will be of interest to you
• providing you the information you request through our website
• remembering data you previously entered on our website to enhance, modify, personalise, or otherwise improve your experience
• improving our website and/or services
• customising the advertising and content you see
• conducting research and providing statistical reporting to understand how individuals interact with our website
• determine the effectiveness of promotional campaigns and advertising
• to process job applications and conduct any pre-employment screening
• formalise any contracts of employment and/or agreements of service
• allow you to participate in interactive features
• notify you about changes to our services
• respond to requests where we have a legal or regulatory obligation to do so
• assess the quality and/or type of care you have received and any concerns or complaints you may raise, so that these can be properly investigated
• to ensure that content is presented in the most effective manner for you and for your computing device
• to enable us to carry our obligations to you in connection with the service we provide.

Lawful Basis.  To process your Personal Data in accordance with data protection laws, we must establish a lawful basis for doing so. We process your Personal Data: (a) where we have your consent to do so; (b) where we need the Personal Data to perform a contract with you; or (c) where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights or freedoms (for example, our direct marketing activities in accordance with your preferences). In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person. Mostly, however, Optimus processes your personal information for our legitimate business interests as described in the section “Why do we collect your Personal Data?”. If we collect and use your Personal Data in reliance on any legal basis other than our legitimate interests, we will make it clear to you at the relevant time. For example, if we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as possible consequences if you do not provide your Personal Data). If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the details set out in the “Contacting Us” section below.

Recorded telephone calls. Please note, we record our telephone calls for the purposes of training and compliance. Telephone call recording is in the legitimate interests of the recorder (Optimus) for both training and compliance purposes. 

Disclosure of Data

Disclosure of your Personal Data. We do not disclose Personal Data about you to third parties except under the following circumstances and for the following purposes:

• when we have your permission to provide you with services you requested and to carry out your instructions
• we may share your data internally with our affiliates, as needed for: (a) data processing and storage; (b) providing you with access to our services; (c) providing support services; (d) making decisions about service improvements; (e) content development; and (f) for other purposes described in the “Why do we collect your Personal Data section?”
• when required by law to respond to subpoenas, court orders, or legal process by public authorities, including disclosures required by national security or law enforcement agencies
• when we need to establish or exercise our legal rights, or to defend against legal claims, or when we believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, data breaches, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law
• we may transfer your Personal Data if Optimus is acquired by or merged with another company, to ensure the continuity of our business and services. In such event, Optimus will make public announcement before data about you becomes subject to a different privacy policy
• we may share your Personal Data with third party IT system support and hosting service providers that we engage to support our business. For example, Bullhorn.
• third party debt collectors for the purposes of debt collection
• with our Marketing Partners, as described above

Third-Party Processors. Where a third-party data processor is used, we make sure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under data protection laws. We do not allow third parties to use your Personal Data for their own purposes.

Third-Party Links. Our website may include links to third-party websites, plug-ins and applications. We do not control these third-party websites and are not responsible for the privacy and security practices of any third-party websites, which are governed by their own practices.

Data Transfers

Outside the UK/EEA. Outside the UK/EEA. Optimus is headquartered in the UK, but we operate internationally. We may share your Personal Data within Optimus and transfer it to countries in the world where we do business (specifically to Germany and Switzerland) where our affiliates Optimus Search GmbH and Optimus Search Swiss GmbH provide our services. We may also share Personal Data with third-party processors who process Personal Data outside of the UK/European Economic Area on our behalf. We transfer this Personal Data only where necessary and only where appropriate security measures and controls are in place to protect your Personal Data in accordance with applicable data protection laws. This means these transfers will take place on the basis of an approved data transfer mechanism, such as UK/EU Standard Contractual Clauses or UK/EU Commission Decisions on Adequacy. Regardless of location, Optimus takes care to ensure that our affiliates, employees, agents, and processors in other countries act in a manner consistent with this Privacy Policy.

Data Security

Security Measures. We use reasonable administrative, logical, physical and managerial measures to safeguard your Personal Data against loss, theft and unauthorised access, use and modification. All Personal Data will be stored on our secure servers that have limited access and are in controlled facilities. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a legitimate business reason to have such access. To learn more about security, including the security measures we have taken and steps you can take to enhance the security of your information when using the website, please contact us using the details set out in the “Contact Us” section of this Privacy Policy.

Data Breach. Despite the above “Security Measures”, please note that no data transmission over the internet or any other network can be guaranteed to be 100% secure. While we strive to protect data transmitted on or through the website, we cannot and do not guarantee the security of information you transmit. At your request, we may occasionally transfer Personal Data to you via email, or you may choose to transfer data to us via email. Email is not a secure method of data transmission; if you choose to send or receive such data via email, you do so at your own risk. When we transmit highly confidential data (such as passwords or payment details) over the internet, we protect it through the use of encryption. We also have appropriate procedures to deal with any actual or suspected data breach and will notify you when we are legally required to do so.

Data Retention

Length of Retention. We may retain your data for as long as you use our services and we reasonably need to use it, having regard to the purpose for which it was collected, and in accordance with all applicable data protection laws. In some circumstances you can edit or delete your Personal Data, see the “Your Rights” section of this Privacy Policy. We take reasonable measures to destroy or de-identify Personal Data in a secure manner when it is no longer required.

Your Rights

Rights of UK or EU/European Economic Area (“EEA”) Residents. If you are in one of the EU/EEA countries, you are entitled to certain rights under the EU General Data Protection Regulation 2016/679 (“GDPR”). If you are in the UK, you are entitled to the same rights under the UK GDPR. By visiting the website or communicating with us you acknowledge that we may process your Personal Data for the purposes described above, either on the basis of your consent or if we have other lawful grounds to do so. Under the GDPR or the UK GDPR, you have the below additional rights in respect of your Personal Data.

• Right to withdraw consent to processing, where consent is the basis for processing (withdrawing your consent will not affect the lawfulness of any processing conducted prior to your withdrawal, nor affect processing of Personal Data conducted on reliance on lawful processing grounds other than consent). This includes your right to withdraw consent to us using your Personal Data for marketing purposes.
• Right to access your Personal Data that we hold and request further details about how it’s processed.
• Right to demand rectification of inaccurate Personal Data about you. Please note, if you are an Account Owner, you can access and update a broad range of information about your account (such as your contact information).
• Right to object to the unlawful processing of your Personal Data, including processing for direct marketing.
• Right to erasure of past data about you (your “right to be forgotten”).
• Right to restrict processing of your Personal Data if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, or if you believe your Personal Data is inaccurate.
• Right to data portability of Personal Data that you provided us in a structured, commonly used, and machine-readable format.
• Right in relation to automated decisions you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you, unless it is necessary for entering into an agreement with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.
• Right to complain to a data protection supervisory authority in your country if you believe that we are processing your Personal Data in violation of applicable laws.

To learn more about your rights under the GDPR, you can visit the European Commission’s page on the Protection of Personal Data: https://europa.eu/european-union/index_en

To learn more about your rights under the UK GDPR, you can visit the Information Commissioner’s Office page: https://ico.org.uk/your-data-matters/

Exercising your rights. If you want to exercise any of the rights described above, please contact us using the contact details in the “Contacting Us” section of this Privacy Policy. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or we may refuse to comply with your request in these circumstances.

Opting Out of Marketing Communications

You may opt out of receiving marketing communications from us by clicking the “unsubscribe” link in a particular promotional communication. Alternatively, you can contact us at any time using the details in the “Contacting Us” section of this Privacy Policy. Please note that you cannot opt out from receiving all communications from us, including administrative messages, service announcements, and messages regarding the terms and conditions of your account because they may contain important information.

Changes to our Privacy Policy

Optimus may update this Privacy Policy at any time. We encourage you to review this Privacy Policy regularly to make sure you are familiar with our most updated policies and practices. When we make material changes, such as a change to the purposes of processing of personal data that is not consistent with the purpose for which it was originally collected, we will notify you by email if you have provided us with your email addresses. Your continued use of our website and other products and services following the publication or notification of any changes will constitute acknowledgement and (as applicable) acceptance of those changes. This Privacy Policy was last updated on 7 September 2023.

Contacting Us

Data Protection Officer. If you have any queries about this Privacy Policy, including any requests to exercise your legal rights, all correspondence should be directed to Optimus’s data protection officer by email at [email protected]. You may also send inquiries to the following postal address:

FAO: Data Protection Officer

Optimus Group Limited, 3-7 Herbal Hill, Farringdon, London, England EC1R 5EJ.

Information from you. Please note that if you contact us to assist you, we may need to request specific information from you to ensure that Personal Data is not disclosed to any person who has no right to receive it.

Our response. We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

You have a right to make a complaint to a supervisory authority at any time. In the UK, this is the Information Commissioner’s Office (“ICO”) (www.ICO.org.uk). If you are in the EU/EEA/US you may also submit unresolved complaints to binding arbitration in front of the American Arbitration Association (“AAA”) under certain conditions. Information about AAA services can be found at: http://go.adr.org/. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO or AAA, so please contact us in the first instance using the details in the “Contacting Us” section of this Privacy Policy.