Who are we and what do we do?
NAL Consulting FZE provides executive search services to clients within the field of Financial Services who
are looking to recruit talent for their businesses. We are headquartered in the United Arab Emirates with an
additional representative office in London.
Headquarters address: SM-Office – C1-915A. Ajman Free Zone, Ajman, United Arab Emirates.
What does this Privacy Policy cover?
We are committed to keeping your information secure and managing it in accordance with our legal
responsibilities under the privacy and data protection laws applicable wherever we operate in the world as
well as the General Data Protection Regulation 2016/679 in the European Union.
This Privacy Policy explains:
- • who this policy applies to;
- • what personal data we collect about you;
- • where we collect personal data about you from;
- • how and why we use your personal data;
- • how long we keep your personal data for;
- • who we will share your personal data with;
- • the legal basis we have for using your personal data;
- • the effect of not providing the personal data requested;
- • what rights you have in relation to the data we hold on you.
Who does this Private Policy apply to?
We provide executive search services to a range of clients internationally. Further details of our services
can be found on our website at www.nalassociates.com . This policy applies to you whether you are a
candidate for one of our clients, a client or whether you are a source or a referee inspect of a candidate.
For purposes of this policy:
candidate(s) means an individual who is a candidate, applicant, potential candidate or employee of a
client;
client(s) means any, business, firm, organisation, government body or individual that mandates us to
perform any of our services;
a referee is a person who provides a personal or work reference in respect of a candidate and;
a source is a person who provides us with information or intelligence about a candidate.
What personal data do we collect about you?
We collect the information necessary to be able to assess your suitability and eligibility for an
assignment on which we have been instructed. This information may include your CV, contact details,
identification documents, educational records, work history, employment history, references and any other
information that is provided by you throughout the course of an executive search.
We only collect sensitive personal data (such as visa status, nationality, gender and compensation) from
you where you have given your explicit consent.
Where do we collect personal data about you from?
Clients expect that we identify the best individuals to fill roles within their organisations. We therefore
need to research systems, online databases and other information sources and talk to many individuals. In
addition to our clients, such people will include referees and sources to help inform our decision making
process. We process such data in accordance with relevant data protection laws.
The following are the different sources we may collect personal data about you from:
- • From you. This is information you provide directly to us whilst you are searching for a new
opportunity or during an assignment on which we are working.
- • Publicly available sources such as for example LinkedIn and company websites.
- • By reference or word of mouth. You may be recommended to us by persons such as
a friend, a former employer, a former colleague, or even a present employer.
How and why do we use your personal data?
For candidates, we use your personal data to match your skills, experience and education with a role that
we are working on for a client. We will initially collect basic information on you such as contact details,
your current role and work experience to date and then pass this on to our client that is looking to
recruit. If you are selected by our client and therefore proceed to the next stage of the process, we shall
then proceed to collect more information from and about you to include motivation.
We may also collect personal data from third-party databases and other public sources.
For clients, as well as basic contact information we shall also collect information about your role(s) and
requirement(s) and other information provided to us by your organisation.
For sources and referees, we use your information to contact you about a candidate and in order to obtain a
reference for them. We shall also collect information regarding your credentials as a source, details of
your relationship and knowledge of a candidate and your opinions of that individual. We may obtain this
information directly from you or publicly available information.
How long do we keep your personal data for?
We keep your personal data for as long as required to provide our services and in accordance with legal,
tax accounting requirements. Where your personal data is no longer required, we shall securely erase your
information.
NAL Consulting FZE has set a six-year time frame for processing and holding data (beginning May 25th,
2018). If there has been no communication between a data subject and NAL Consulting FZE during this time
frame, then all records associated with that data subject will be deleted from the database. NAL Consulting
FZE plans to review the data retention policy, as well as the six-year retention period for non-communicated
data subjects, one year after GDPR has come into effect (May 25th, 2019). If you would like more information
for specifics, or on the steps we are taking to clean the data we hold, please contact the data protection
office at:
dubai@nalassociates.com
Who do we share your personal data with?
NAL Consulting FZE communicates your personal data to clients who wish to hire for a position that may be
relevant to you. We may also use that personal data to inform you about key trends in the market-place that
can increase your awareness about your industry. We provide our services to organisations around the world
within the Financial Services Industry. Personal data that is classified as non-sensitive is also available
for viewing by any NAL Consulting FZE employee.
We will share information only as outlined within this privacy policy and wherever appropriate, try to
limit disclosure to information in aggregated form, to avoid or limit identifying you personally.
We may also conduct checks on you to verify the information you have provided and where we do this we share
your information with only the data protection team of NAL Consulting FZE.
What legal basis do we have for using your information?
For prospective candidates, referees and clients, our legitimate interest in your information is driven by
the requirement to assess suitability for potential roles, to identify potential candidates, to conduct
research of the markets within which we operate, and to contact clients and referees.
If you are shortlisted as a candidate, then this may involve the processing of more detailed personal data
including sensitive data such as health information. We shall always ask for your consent before undertaking
such processing.
What happens if you do not provide us with the information we request or ask that we stop processing your
information?
If you do not provide the personal data necessary or withdraw your consent for the processing of your
personal data, we may not be able to match you with available job opportunities or provide you with any
relevant market intelligence.
Do we make automated decisions concerning you?
No. However, from time to time we may also carry out personality profiling on candidates with the
candidate’s consent when the client requests that information as part of the interview process.
Do we transfer your data outside the EEA?
We may transfer your personal data to clients in countries outside the EEA. Furthermore the clients to whom
we may provide candidate information to will often be international organisations. The privacy laws that
apply in these countries outside of the EEA may be different from those in your home country. Where we
transfer personal data outside of the EEA, we take steps to safeguard that information.
Keeping information secure
We invest significant resources to protect your personal information, from loss, misuse, unauthorised
access, modification or disclosure. However, no internet-based site can be 100% secure and so we cannot be
held responsible for unauthorised or unintended access that is beyond our control.
What rights do you have in relation to the data we hold on you?
You have legal rights when it comes to protecting your personal data. Further information and advice about
your rights can be obtained from the data protection regulator in your country.
Such rights may well include the following:
The right to be informed
You have the right to be provided with clear and transparent information about how we use your information
and your rights in relation to how we use your information. This is the rationale and objective of our
privacy policy.
The right of access
In certain jurisdictions, you have the right to obtain access to any of your information that we are
processing in accordance with this privacy policy. If you think any of that data is inaccurate you may also
ask us to correct it. You may also have a right in certain circumstances to require us to stop processing
your personal data. Also, you have the right to ask us to transfer your personal data to someone you
nominate for your own purposes.
The right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
The right to erasure
This enables you to request the deletion or removal of your information where there is no compelling reason
for us to continue using it. There are exceptions to the right of erasure.
The right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we
can still store your information but may not use it further. A note will be made on your record to ensure
the restriction is respected in the future.
The right to data portability
You have rights to obtain and reuse your personal data for your own purposes across different services. For
example if you decide to switch to a new provider, this enables you to move, copy or transfer your
information easily between our IT systems and theirs safely and securely without affecting its usability.
The right to object to processing
You have the right to object to certain types of processing including processing for direct marketing (i.e.
if you no longer wish to be contacted with regards to potential opportunities).
The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal data with your
national data protection regulator.
The right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw
your consent at any time (although if you do so it does not mean that anything we have done with your
personal data with your consent up to that point is unlawful). This includes your right to withdraw consent
to us using your personal data for marketing purposes.
We will act on requests and provide a detailed report of your information free of charge and will ask that
you submit these requests by emailing: dubai@nalassociates.com
We act on reasonable requests for information free of charge. We may charge a fee to cover our
administrative costs of providing the information for unreasonable/repeated requests. We will respond within
30 days of the request being sent. If we require longer to process your request we shall let you know.
Do we use ‘cookies’ to collect personal data on you?
We do not use cookies to collect personal data.
Third-party disclosure
We do not sell, trade, or (save as for set out in this policy) otherwise transfer to outside parties your
personally identifiable information.
Third-party links
We do not include or offer third-party products or services on our website.
Keeping information secure
We invest resources to protect your personal data, from loss, misuse, unauthorised access, modification or
disclosure. However, no system can be 100% secure and so we cannot be held responsible for unauthorised or
unintended access that is beyond our reasonable control.
Information about others
If you provide us with information about individuals such as details of a referee or personal contact you
must ensure that they have agreed to this. We would advise you to keep a record of their agreement provide
them with a copy of, or link to, this Policy.
Updates
We keep this policy under regular review and update it from time to time. This policy was last updated in
October 2018. Please review this policy periodically for changes.
How will we contact you?
We may contact you by phone, email or social media. If you prefer a particular contact means over another,
please let us know.
How can you contact us?
If you have any questions about this policy or a complaint about how we have handled your data or would
like to exercise your rights with respect your personal data then please contact our Data Protection Officer
at: dubai@nalassociates.com