This Privacy Notice was last updated January 2023.
This statement sets out how NES Fircroft Group Limited and its subsidiaries (“NES Fircroft”, “we”, “us”, “our”) process your Personal Data in accordance with data protection laws.
This Privacy Notice will provide you with detailed information on how NES Fircroft process Personal Data and why, and shall also provide you with details of:
- The rights you have in relation to your information, and how you can exercise those rights;
- The appropriate measures applied to safeguard your Personal Data;
- The types of Personal Data we collect about you, and how we collect and use it;
- The legal grounds for how we use your data; and
- The criteria used to determine how long your data is kept for.
This Privacy Notice applies to NES Fircroft Group of companies, across our global operations.
NES Group Limited is the registered Data Controller for all companies in the NES Fircroft group. For the purpose of data protection laws and processing activities, NES Group Limited is registered with the Information Commissioners Office (ICO) in the UK as Data Controller on behalf of the group businesses.
Data Protection Laws
NES Fircroft complies with data protection laws globally, with the minimum standard applied being that found within the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). The Regulation enhances privacy rights for individuals and provides a strict framework within which commercial organisations can legally operate.
GDPR applies to processing of Personal Data carried out by organisations operating within the European Union (EU), and those organisations outside the EU that offer services to individuals from the EU. For this reason, and to satisfy global data protection laws, GDPR obligations are applied to NES Fircroft’s global operations.
California Privacy Notice
The State of California requires specific privacy requirements and accordingly, in addition to the GDPR minimum standards, we comply with the State of California’s additional requirements for California residents pursuant to the California Consumer Protection Act.
California residents can learn more about their unique privacy rights here.
For the purpose of this Privacy Notice the following definitions shall apply:
It is useful to understand what constitutes personal data for the purposes of this notice:
Personal Data means any form of data which relates to a living individual who can be identified from it directly or indirectly. Also referred to as Personally Identifiable Information (PII), or Personal Information (PI), personal data includes data recorded on computers, databases or on paper, expressions of opinion about the individual and indications of intentions towards them. This individual is known as the ‘data subject’.
WHO WE ARE & WHAT WE DO
NES Fircroft is the world’s leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Infrastructure, Life Sciences, Mining and Chemicals sectors worldwide. We offer a full range of staffing solutions covering over 80 offices in 45 countries we supply global talent delivered by local experts.
As part of our global services, NES Fircroft process a variety of information relating to data subjects in order to provide an effective and efficient service. We are committed to maintaining the highest standard of ethics and integrity in the conduct of our business including ensuring the ethos of Respect & Control whilst processing an individual’s Personal Data.
NES Fircroft’s processing of Personal Data is conducted for the purpose of promoting, providing, evaluating, and reporting on the following services:
Read more about NES Fircroft.
INFORMATION NES FIRCROFT COLLECTS
In order for us to undertake our business in a manner that not only meets your expectations but applies controlled, satisfactory, and compliant services to all interested parties, there is a need to process accurate Personal Data. The type of data collected and level of detail is dependent on the services and relationship you have with us.
The Personal Data collected by NES Fircroft concerns the following categories of data subjects in relation to our core services and assignment support services:
- External Providers;
- Website Users; and
- Other Contacts.
The Personal Data used by NES Fircroft during the course of our services includes, but may not be limited to identification, nationality, and eligibility to work status, date of birth, education, job role, employment history, skills and preferences, payroll information, financial data such as social security numbers, tax and benefit data, and full contact details.
Personal Data also includes next of kin or relatives details that may be processed for the purpose of insurance, medical insurance cover or emergency contact reasons.
Special Categories of Data
In accordance with any specialist assignments, or as defined by local laws, data of a sensitive personal nature may be processed by NES Fircroft or their authorised External Providers. In such instances, and where it is legally required, where you have entered into a contract with NES Fircroft or where you have expressed interest in a particular role that requires it, the Sensitive Data processed may incorporate information relating to your:
- Physical or mental health conditions, including medical reports or results of any assessments such as drug and alcohol screening;
- Vaccination status (including COVID-19 vaccination status and evidence) relating to the location, role or project;
- Racial or ethnic origin;
- Results of criminal record checks; and
- Financial background checks.
Circumstances for processing such information is to comply with employment rights and obligations, such as to calculate entitlement to annual leave or in order to make reasonable adjustments for Candidates (particularly Temporary Workers).
We are committed to ensuring that all personnel are treated with dignity and respect and that our recruitment practices are aligned with our approach to equal opportunities. In addition to the sensitive data defined above, processed for the legal and/or contractual purposes, we will in some instances collect information about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs, and/or social-economic background.
Where appropriate and in accordance with local laws and requirements, we process diversity information, on an anonymised basis, to evaluate our commitment to equality and diversity across our global workforce. We may also disclose this data, where contractually or legally required (appropriately anonymised) to government bodies, auditors or Clients (including to their internal or external auditors), or where Clients request such information to enable them to comply with their own obligations.
In all instances, processing of Sensitive Data is undertaken under strict conditions and in accordance with local laws. Notification of such processing will be made to you and, if required, your formal consent obtained.
Vaccination data will be used to identify if you can be placed in a role for legal or client specific requirements as well as statistical awareness whilst on assignment. Vaccination data (including your individual vaccine status and evidence) may be shared with the client to contribute the health, safety, and wellbeing of the collective workforce or if required for legal and/or client requirem=ents for a particular role.
NES Fircroft process your Personal Data to provide our services, maintain our records, and meet our obligations as a staffing solutions partner. In addition, data from you or generated during the course of our relationship is also used for the purpose of reporting, monitoring and evaluation of services, as permitted by applicable law.
Whilst NES Fircroft will not be seeking explicit consent from you for processing your data, we will not process any Personal Data for any other purpose than defined by this Privacy Notice and, in line with the conditions defined by the GDPR, we shall ensure the conditions for processing fall into one of more of the following categories:
- Contract Performance;
- Legal Obligation;
- Vital Interest;
- Public Interest; and more specifically,
- Legitimate Interest.
For specific information relating to how NES Fircroft use Personal Data, refer to the separate sections below.
In line with our legal obligations and to ensure we meet our duty of care from a safety or security perspective, our company reporting may be linked to individuals. This type of reporting is carried out under strict conditions to prevent unauthorised access and ensure Personal Data is only accessed by authorised NES Fircroft individuals and External Providers.
Reporting functions used by us include:
- Event Registers maintained for purposes such as incidents, near misses or hazards;
- Compliance Reporting linked to contract performance or expected business conduct; and
- Evaluation of services such as customer or employee surveys.
Newsletters & Bulletins
For customers who receive the NES Fircroft Newsletters or Safety & Compliance Bulletins as part of their assignment, our systems will track read rates, preferred topics and delivery receipts. This type of monitoring allows NES Fircroft to offer you information that is of interest and benefit to you, provide you with safety related information relevant to your assignment and to sustain the security and quality of emails.
Outside of legal obligations, NES Fircroft do not currently undertake practices that result in final decisions purely based on automated processing of data; all such decisions, finalised outcomes or performance results are subject to human interaction and conclusion.
Diversity & Inclusion Monitoring
Diversity & Inclusion data used to evaluate our commitment to equality and diversity across our global workforce is collected on a voluntary basis. This data is retained centrally for analytical purposes and is detached from any application or work seeking services and will not form part of any recruitment and/or selection process. Refer to the ‘Sensitive Data’ section for other type of sensitive data processed by NES Fircroft.
If changes occur to any processing activities conducted by NES Fircroft using your Personal Data, this Privacy Notice will be updated accordingly.
See section for ‘Changes to this Privacy Notice’ for more details.
We understand that a career move is an important considered decision for you and therefore it is essential to ensure that the right information is captured, at the right time, to offer you introductions to the right job opportunities.
The type of data and methods of collection varies for Candidates and really depends upon whether you are seeking permanent employment, contract services or if you are applying for a role working directly with us. No matter what you are looking for, your Personal Data will be processed by us in a respected manner with appropriate security measures applied.
Information you give to us.
As a candidate of NES Fircroft, you have the opportunity to provide information in various ways and in different formats to suit your needs and preferences. Typically, this would involve you submitting your CV or Personal Data to us by way of:
- Registration through the NES Fircroft website;
- Applying for a role through NES Fircroft’s website or other site that utilises our job advertising partner;
- Contacting us through our website;
- Submitting a CV or application direct to an NES representative; or
- Submitting compliance criteria as part of our on-boarding process.
Data collected by the above means includes your Personal Data and, where present on CVs or included to a Candidates online profile, may include other types of data.
In summary, the level of detail you provide or is present on your CV when submitted by one of the above methods is classified as being given freely for the purpose of identifying suitable positions on a contract or permanent basis with NES Fircroft. Data will be retained within the respective system and made available within NES Fircroft for recruitment purposes.
By submitting your data to NES for this purpose, you acknowledge the methods in which NES Fircroft process your data in accordance with this Privacy Notice.
Information from other sources
Along with submission of Personal Data directly, NES Fircroft collect and use data obtained from other sources available to us in our capacity as a staffing business.
These sources may include:
- Clients or Candidates as part of a referral or placement scheme;
- Search of online job boards such as Linked-In or other industry job sites; and from
- External Providers undertaking screening, background checks or insurance services.
Candidate Recruitment Services
NES Fircroft may use your Personal Data to contact you to discuss a potential role and to promote your skills and expertise in line with your requirements. We may also use it to help confirm your suitability for the role, for example by confirming your eligibility to work status, obtaining references, or checking qualifications that are specific to the position you are interested in.
A record of discussions and details of your CV will be retained on our global database.
Your CV details will be shared with our clients as part of our search and selection process, or where you have applied for an internal position directly with NES Fircroft, shared with the local hiring manager. CVs are formatted before submission to ensure no Sensitive Data is contained and that Personal Data is kept to a minimum, so the CV is focused on your skills and expertise.
If you are unsuccessful, we will keep your application on file along with some limited Personal Data (such as contact details, work preferences and CV details) and may contact you with regards to future vacancies.
If you are successful in securing a position with us you will enter into the On-Boarding stages which involve processing activities relating to NES Fircroft’s assignment support services.
At this point, if you have not already done so, you may be asked to formally register through our website registration portal and also submit or validate further information about yourself, your skills, and employment history.Subject to local laws and where required to fulfil your contractual obligations, you may also be asked to confirm nationality along with other Personal Data.
On-Boarding New Candidates
On-Boarding involves ensuring NES Fircroft, the Client and you, are compliant in terms of local laws, HSSE needs or Client onsite rules and requirements. It is important that the transition to your chosen role is undertaken smoothly with all associated documentation validated in a timely and effective manner.
This means that additional information will be requested from you.
Some of this may be Personal Data and some may lead to the processing of Sensitive Data - the type and nature all depends upon the legal obligations and Client stipulated requirements of the role you have accepted.
In summary, the Personal Data that NES Fircroft processes and reasons for processing when a Candidate is on-boarded will encompass:
- Employment or academic history including certification or results from background and reference checks for the purpose of candidate screening, CV validation and compliance to role or industry standards.
- Financial details for the purpose of processing payments for contract services.
- Health / Medical statusincluding results from medicals, drug and alcohol testing or medical declarations, including declarations on your vaccination status and evidence of vaccination for the purpose of medical and/or insurance cover, or to comply with on-site HSSE rules, relevant laws, duty of care obligations, client requirements or other industry rules.
- Nationality, identification, and personal preferences for the purpose of on-boarding Candidates, visa applications and/or eligibility to work status. This type of data is also processed to comply with equality and diversity laws, or where a specialist role with one of our clients requires that such conditions are declared.
- Background screening including financial checks, criminal record checks, drug & alcohol screening, vaccinations, or fingerprint roll, for the purpose of compliance to relevant laws, HSSE rules, Client or industry standards and NES Fircroft’s duty of care obligations.
- Travel profiles for the purpose of on-boarding Candidates, rotation and/or hotel arrangements where applicable to your assignment; includes profiles linked to travel preparations and/or preferences, and any special conditions linked to assignment or health/vaccination status for travel purposes.
- Dependant data for the purpose of providing accurate insurance provision to you and (where applicable) your family, and for use in the event of an emergency situation. This type of data may include Personal Data relating to your partner and/or dependents *.
- Other Personal Data for the purpose of communications, arranging assignment support services with internal or external parties and to clarify terms associated with your assignment contract or permanent placement.
* Data relating to person(s) under the age of 16 is processed under special and strictly controlled circumstances and shall only be processed by submission and declaration from you. This data relates to name, date of birth and nationality, and shall only apply for the purpose of specialist insurance, medical or relocations.
Working with a talent pool of global Candidates it is important that NES Fircroft fully understand your requirements and proficiently match these with the right Candidate in terms of specification and expertise. To allow this, the relationship between you, your organisation and NES Fircroft needs to be strong and the understanding of the overall objective clear.
This is why retaining up to date Client contact information is important for both continued business and future developments.
Information you give to us
The level of information NES Fircroft holds on Client contacts is limited in terms of Personal Data and is usually made available through one of the following ways:
- Provided by your organisation when entering into contract with NES Fircroft;
- Submitted to NES Fircroft when seeking staffing solutions or at special events or campaigns; or
- Available to NES Fircroft through previous placement as a Candidate.
Information from other sources
Along with submission of Personal Data directly, we may collect and use data obtained from other sources available to us. These sources could include:
- Clients or Candidates as part of a referral or placement scheme;
- Employment Referee details;
- Supplied by Candidates on your projects and site locations;
- Researched from publicly available newsletters, publications or similar media; and
- Obtained as a business development lead or potential Client from online job boards such as Linked-In or other industry job sites.
The Personal Data held about you, as a client contact of NES Fircroft would typically cover your contact details (business location and email details, name, and position) and communications made with us during the course of our relationship.
All other information does not amount to personal or Sensitive Data; NES Fircroft nevertheless processes such information in line with our core values and always in a confidential manner.
Client Staffing Solutions
We will use your data to contact you to discuss potential business, your organisations staffing needs and to establish the type of Candidates suitable for you to fulfil your requirements.
If you are designated as the Account Manager in relation to services provided by NES Fircroft, your contact details will be used for the purpose of:
- Entering into and agreeing contractual terms;
Arranging Assignment Support Services for Candidates placed with your organisation;
- Invoicing for the contractually agreed services; and
- Performing our contractual obligations.
More specifically, your contact data processed by NES Fircroft during the course of our relationship is used for the purpose of Communications, including but not limited to:
- Financial transactions; used for processing invoices and associated orders.
- Provision of services as set out in the contract between us, marketing emails outlining available services and evaluating these services from your perspective.
- Commercial and Legal reasons associated with the business relationship such as contractual requirements, legal aspects arising from the services provided to you, and as confirmation of assignment start and end periods.
- System notes containing a record of discussions and/or agreements between you and NES Fircroft will be retained centrally on our global database.
Where NES Fircroft have obtained your data from other sources, such as a recruitment job site or Linked-In, your contact details will be retained for the purpose of providing staffing solutions as a potential lead or Client.Processing is undertaken by the means and purposes defined above.
If you don’t want NES Fircroft to contact you for this purpose please let us know. Contact the NES Fircroft Data Protection Advisory Team or see the ‘Your Rights & Choices’ section for alternative options.
As a direct staff Employee of NES Fircroft, you’ll be a part of global company that, despite spanning several continents, is close-knit and supportive. The start of your career with NES Fircroft involves us getting to know you and you getting to know the business, this includes sharing information to allow us to operate our business effectively and ensure that our relationship gets off to a good start.
A majority of the Personal Data NES Fircroft need from you will be present on your CV; however as a business we would want to expand on this to ensure we meet our statutory obligations and will offer you the opportunity to validate this data through our internal systems.
Further information collected from you may include:
- Contact information for communication purposes, legal, employment and business references.Next of kin contact information for the purpose of emergency.
- Nationality, identification and personal preferences for the purpose of engagement, confirming eligibility status and where applicable for the purpose of managing travel and/or hotel arrangements, visa applications and any relocations.
In some instances your data will be processed to comply with local laws relating to equality and diversity requirements in a specific jurisdiction.
- Employment or Academic history including certification or results from background and reference checks for the purpose of CV or competency validation, compliance to a specific role or industry standards.
- Financial details for the purpose of processing payments, expenses, benefits and/or pension arrangements and to meet our legal obligations in relation to the employment contract.
- Health / Medical status including results from medicals and health declarations in line with your position, your working location within NES Fircroft and our duty of care obligations.
- Dependant data for the purpose of providing accurate insurance provision to you and where applicable your family, to process any applicable or chosen benefits and to comply with legal requirements.This type of data may include Personal Data relating to your partner and/or dependents *.
* Data relating to person(s) under the age of 16 is processed under special and strictly controlled circumstances and only by submission and declaration from you.This data relates to name, date of birth and nationality for the purpose of specialist insurance, medical or relocations.
Should you not provide the required data, we may be unable, in some circumstances, to comply with our legal or employer obligations and we will tell you about the implications of that decision.
Other Processing Activities
During the course of your employment with NES Fircroft your Personal Data and data generated about your time with us may be used for commercial, legal or performance reasons.
Amongst the reasons identified above this may include:
- Attendance tracking involving holiday leave, sickness absence or other out of office absences such as home working and external office visits.Data generated in this manner is used for legal purposes associated with your absences or may be used towards an evaluation on your overall performance.
- Training & Competency records are maintained about you to maintain Skills & Competency levels associated with your role, and where pertinent, to record activity relating to legal compliance associated with business conduct.
- Health status & incidents are recorded centrally in line with local laws and NES Fircroft’s commitment to your safety and wellbeing during employment.Reporting is undertaken against this data for the same purpose and records may extend to include systems notes and doctors records.In event of incidents your Personal Data (name and address) may be shared to comply with local HSE laws.
- Performance appraisals will be carried out with you as an employee of NES Fircroft with records maintained on performance, success areas and future development.
- Transactional data relating to financial activities such as payments, deductions or benefits, and reporting linked to payments to ensure financial legal obligations are achieved.
- Photographs of a physical or digital format as submitted by you or taken during a social or business environment.
- Travel arrangements and profiles linked to your business travel preferences.
Special Categories of Data
Where there is a need to process any Sensitive Data about you (including vaccination status and evidence in relation to COVID-19 or otherwise), we shall ensure this is undertaken under strict conditions and in accordance with local laws; further, notification of processing will be made to you and if required, in line with local laws, your formal consent obtained.
NES Fircroft may also, where directed by local laws or in line with our duty of care obligations, collect information on your vaccination status. Again, this data is processed under strict controls and will be used to identify statistical awareness to contribute the health, safety, and wellbeing of the workforce.
Diversity & Inclusion Monitoring
Diversity & Inclusion data is used to evaluate our commitment to equality and diversity across our global workforce is collected on a voluntary basis. This data is retained centrally for analytical purposes and is detached from any application or work seeking services and will not form part of any recruitment and/or selection process.
Refer to the ‘Sensitive Data’ section for other type of sensitive data processed by NES Fircroft.
Performance Criteria & Monitoring
Internal systems are used across the business to allow monitoring and measurement associated with key performance indicators or performance values for management reporting. These are linked to your role and responsibilities or agreed within your annual appraisal. This type of monitoring may be used to evaluate:
- Pay rises or promotions;
- Business Conduct;
- Training & Development needs;
- Business performance;
- Disciplinary, dismissals or complaints; or
- Legal obligations such as tax or benefit returns.
Where system calculations are used for monitoring and performance purposes, no final decision is taken that may result in a detrimental decision based on the system results; rather the relevant Manager (or their nominee) reviews details as applicable for discussion.
Systems & Devices
As an Employee of NES Fircroft you will be equipped with a suitable level of process equipment for business purposes, including email, network drives and in some instances a mobile device. Monitoring usage is undertaken in line with business policy and laws relating to security of information, cybersecurity and expected conduct behaviours.
Stockholder (Beneficial Ownership)
This group of individuals relate to anyone who has debt and/or equity instruments pertaining to NES Fircroft and would arise from current or former Employees of the business.
If you are a stockholder, we will not collect any additional data from you other than details relating to the debt and/or equity involved which are linked to your Personal Data and next of kin details where appropriate.
In terms of stockholder data, details shall only be processed as part of any required transactional activity and if required to allow us to contact you to establish any entitlements.
NES Fircroft aim to establish mutually beneficial relationships with our External Providers and would therefore expect them and their representatives to be committed to the highest level of ethical standards and conduct throughout their organisation, and to process any Personal Data in line with legal and contractual requirements.
The Personal Data collected and used by NES Fircroft relating to External Providers is generally associated with the background screening and the requirements of our contractual relationship.
Information Collected About You
The level of information NES Fircroft holds on you as an External Provider representative is limited and can be made available to us through one of the following ways:
- Submitted from you personally during the course of your business marketing strategy for services and/or products;
- Provided by you or your organisation when entering into a contract for services;
- Submitted to NES Fircroft in our search for a preferred supplier or business partner;
- Referred to NES Fircroft by a third party as part of a referral or assignment;
- Obtained from a public source during our search for an External Provider including credit or financial checks; or
- Through our business and ethic due-diligence process, conducted to ensure compliance to legal or commercial obligations, and ethical standards.
The Personal Data involved is typically your contact name associated with your corporate details.Such data is used to enable an effective business relationship between all parties and would therefore cover the data types and processing activities linked to:
- Communications - encompassing your name along with corporate details of contact number and email address, and your professional position within the organisation.
- Financial transactions used for processing invoices and associated orders and ensuring payment for services and/or products is made in a timely manner.
- Commercial and Legal information for reasons associated with our business relationship such as contractual requirements, legal aspects arising from the services and/or products provided by your organisation, and as confirmation of the services entered into or products required.
- Declarations of compliance retained as part of our supplier due-diligence process and expected business conduct standards.
Your name, as the business representative for your organisation, may also be linked to evaluations, HSE or data protection impact assessments, and other types of performance or assessment criteria used to manage our relationship and delivery of services and/or products.
Whilst providing services to NES Fircroft and its client’s, your business details may be shared with our client organisation in line with legal requirements associated with services, data processing, and HSE standards.
Your data may be collected by NES Fircroft when you visit our website; the information collected is about your computer including where your IP address is available from, operating system and browser type, for system administration and to report aggregate information to our advertisers or to agencies or employers.This is statistical data about our users' browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our website usage and efficiency and to deliver a more personalised service to you.
In summary these are:
- Performance cookies: Used to collect information about how the website is used.These Cookies do not collect data on the individual visitor.
- Functionality cookies: Used to customise your visit and provide you with access to the services you select.These Cookies do not track your browsing activity on other websites.
- Advertising & Remarketing cookies: Used to collect anonymous data about interests and demographics of users to the website and improve experiences overall.These Cookies do not identify you or give NES access to your computer or mobile device.
You can update your preferences direct on our website. To find out more about cookies and how to manage or delete them, visit https://gdpr.eu/cookies/
NES Fircroft is a global organisation with a network of offices in numerous locations all over the world; this global presence provides you with a multitude of benefits, from ensuring we can meet your expectations in terms of offering global talent to meet your project needs, to having a global awareness of mobilisation and visa management services for our Candidates.
This global presence allows us to service you more efficiently and effectively no matter what your needs.As you can imagine, a global business providing global opportunities to Candidates and Clients, means we have a central database with each NES Fircroft office around the world having access to the information.Any Personal Data provided to us will be stored within our global database systems and used for the purpose of providing our core services and/or assignment support services.
Only authorised NES Fircroft employees have access to the Personal Data within our global database systems, with access permissions applied based on role and purpose.To find out more about NES Fircroft’s global presence click here.
Sharing Your Data
As part of our service provision, information is shared with External Providers for the purpose of performing our contractual commitments to you, including but not limited to payments, insurances, emergencies, travel arrangements or for other commercial or legal obligations relating to the contract performance.
If you have requested us to help you find a position with one of our Clients, we may pass your Personal Data to our Client(s) in order to provide you with that service; this may be in a form of a NES Fircroft formatted CV or resume, or a profile highlighting skills and competencies associated with the position. We will attempt to contact you first to understand your interest and availability and get your agreement. If we have been unable to reach you we may, where we consider it to be the type of role you have advised us that you are seeking and is in your best interests, still pass on your information.
If you do not want us to send your information to any of our Clients without your prior specific permission (even when we are unable to contact you and we believe that it serves your best interests) you should contact NES Fircroft’s Data Protection Advisory Team.
In the event you enter into a contract with us or one of our Clients, we may pass your Personal Data to our Client or External Provider so they can provide services relating to your contract, or for NES Fircroft staff Employees, in relation to our obligations as an employer.
Other circumstances in which NES Fircroft would share your Personal Data, are in relation to the services provided by:
- Insurance brokers;
- Emergency service providers;
- Audit, Legal & Financial partners;
- Compliance and Screening Specialists;
- Medical and Health specialists;
- Approved travel partners; and
- Payroll providers.
NES Fircroft only uses External Providers that meet our high expectations in terms of service and ethical standards including confidentiality and information security, and for the purposes of processing Personal Data, NES Fircroft retains control as the appointed Data Controller.
It will be evident from the information provided as part of your contract with NES Fircroft what services from External Providers we may utilise.
Disclosing Data for Other Reasons
In certain circumstances Personal Data may be disclosed to assist in the prevention and detection of crime and for law enforcement purposes without the consent of the individual concerned. Under these circumstances NES Fircroft will use reasonable endeavours to check the request is legitimate before disclosing requested data and in all cases shall first seek authorisation through NES Fircroft’s Data Protection Advisory Team and/or relevant Directors of the business.
If NES Fircroft is involved in any transactional process regarding its ownership your Personal Data may be disclosed subject to strict confidentiality obligations and anonymisation where possible.
We may transfer your personal data to a third party as part of a sale of business assets or as part of any business restructuring or reorganisation, however we will always take steps to ensure that your privacy and rights continue to be protected.
As a global business, NES Fircroft has locations across the world and relationships with global Client groups including those in countries outside of the European Economic Area (“EEA”).
For purposes defined in the privacy notice, including applicable regulatory, statutory, or contractual purposes, we may be required to share your personal data with these other business entities, with third parties or clients outside the EEA. This includes data accessible by NES Fircroft entities stored on our database/systems.
Countries outside of the EEA may not have data protection laws which are as stringent as those in the EU and in other countries which are part of the EEA, however NES Fircroft has controls in place designed to protect your Personal Data and privacy when information is transferred to other countries by means of access and/or use for provision of services.
These controls include:
- Ensuring that data processing agreements are in place;
- Stipulating security of data and transfer practices as part of the services;
- Implementation of relevant data protection laws and obligations;
- Data protection agreements in line with EU Model Clauses;
- Central management of IT infrastructure and user application;
- Due-diligence protocol linked to service provision; and
- Audit and review protocol linked to business processes.
Should you have any specific queries about these controls and the protection of your Personal Data, please contact the Data Protection Advisory Team.
Third Party Transfers
We will only share your Personal Data to third parties where there is a legitimate or legal ground to do so associated with our services, or associated with the relationship you have with us as defined in this Privacy Notice.
Where you have previously engaged with NES Fircroft, such as providing your details for the purpose of our services, or have entered into a contract with us, NES Fircroft may contact you.This will be to make you aware of other opportunities available to you across our global business or our global talent pool.These instances are referred to as a ‘soft opt-in’ option where we adopt the understanding that you are happy to receive contact from us unless or until you specifically state otherwise.
NES Fircroft may use your Personal Data to contact you via post, phone and/or email.There are various reasons why we may contact you in relation to your relationship with us and the services you have shown interest in.
Our marketing contact may be undertaken for legitimate reasons relating, but not limited to:
- The services we provide;
- In relation to your employment or contract offer with NES Fircroft;
- Communication of newsletters, industry news or safety bulletins on local environmental issues;
- In relation to local events, holidays or festivals; and
- To understand your perceptions of our services from a business or legal aspect.
Of course, you are in control.
If you visit or register through our website, you will be asked to confirm your preferences relating to job alerts, Cookies and to gain information about our services.Likewise, if you have not previously engaged with NES Fircroft about our services, it is important that you review what choices you have and if, and how, you want to be contacted by us.
If you don’t want to receive marketing contact from NES Fircroft you can let us know at any time.
Please see the ‘Your Rights & Choices’ section for options or use the unsubscribe options available to you.
Your Personal Data is important to you and important to NES Fircroft; in fact, it is vital to the success of our business relationship.We shall therefore ensure that when processing information on your behalf your Personal Data is treated with respect, and that appropriate technical and security measures are applied to maintain the confidentiality, integrity and availability of data held on our systems, within data centres controlled by us, and as part of our service provision to you.
As part of our primary responsibilities and fundamental to best business practice, we adopt the principles of an information security management system, such as ISO27001, to comply with all applicable laws, regulations and contractual obligations, and cyber security protocol associated with our IT infrastructure.
You can access NES Fircroft's Security Statement here.
We will only retain your Personal Data for as long as we need to in line with our legitimate interests and will take the necessary actions to keep this information up to date and accurate to the best of our knowledge and ability. Accordingly, our data management practices encompass retention of Personal Data, storage requirements and accuracy.
Keeping Your Data Accurate
NES Fircroft will keep in touch with you regularly, providing an opportunity to update our central records and, where necessary any Personal Data we have about you.Additionally, we have the following facilities available to you so you can manage your data:
- Our website has the facility for you to manage your data by creating your own profile and providing up to date information;
- Our consultancy teams will keep in touch with you so you can let us know of changes*;
- We will provide contact points to allow you to let us know of changes to your Personal Data*; and
- As part of our on-boarding processes, we will check your details are correct.
* Changes to Personal Data held by NES Fircroft is subject to a verification process to ensure authenticity and security is maintained.
How long we keep your information
Personal data will only be kept for as long as NES Fircroft has a genuine business need for it or are required to keep it by law, whichever is longer.
Any documents we hold which contain Personal Data about you are retained in line with our document management practices, with controls and security applied on access and location
We segregate data depending upon the purpose of processing and the type of data processed, as this will determine the retention periods.The criteria we use to determine the retention period includes:
- The nature of the Personal Data;
- Our legal obligations;
- Purpose of your engagement with NES Fircroft;
- Whether a contract has been performed and/or cannot be performed anymore;
- Whether you have exercised your right to erasure;
- Whether your data is no longer considered to be up to date; and
- In line with our staffing expertise and knowledge of the industry by country, sector and job role.
Personal data we no longer need to keep is archived, destroyed or deleted securely.
Transactional data relating to our services and contractual obligations will be retained for an extended period in line with legal or business requirements.
NES Fircroft respect the information that you share with us and understands it is your right to know how this data is processed and exercise your right to ask us to stop processing it.
Under GDPR and subject to certain conditions, individuals have the following rights relating to Personal Data:
- The Right to Rectification;
- The Right to Access;
- The Right to Erasure;
- The Right to Restrict Processing;
- The Right to Object; and
- The Right to Data Portability.
- You can exercise your right to accept or prevent processing for marketing purposes by unsubscribing to any materials received.
- You can also exercise your rights associated with data processing at any time by contacting the Data Protection Advisory team.
- California consumers should refer to NES Fircroft’s California Privacy Notice.
Subject Access Requests
Individuals can request details about the Personal Data processed by NES Fircroft by submitting a ‘Subject Access Request’ to our Data Protection Advisory Team, who will then make provisions for you to complete the necessary application. Once the application is received and relevant identities and data points are verified, we will work to provide you the requested information or provide access to your Personal Data within the defined timescales.
Further information and advice about your rights can be obtained from the data protection Regulator in your Country.
Right to Erasure
Individuals can request deletion of their personal data from NES Fircroft internal systems, by contacting our Data Protection Advisory Team or by completing an on-line Right to Erasure request. Our Data Protection Advisory team will then verify details and make provisions to process your request internally. We would acknowledge with a confirmation once completed.
To access the on-line Right to Erasure request form, click HERE.
If you want to understand more about your Rights under GDPR, visit the ICO website.
NES Fircroft have a dedicated team in place to answer any queries you may have relating to how we use your Personal Data. This Data Protection Advisory Team, work on behalf of NES Group Limited and oversee compliance and governance of our data protection obligations.If you do require any additional information, have any queries relating to this Privacy Notice or wish to make a complaint please contact the Data Protection Advisory Team by:
NES Group Limited are registered as a Data Controller with the Information Commissioners Office; with Station House, UK being the primary location for any data processing activities, cross-border processing controls and for central registration as the Data Controller for the NES Fircroft group businesses.
For this reason, the Information Commissioners Office (ICO) is appointed as the Lead Supervisory Authority for NES Fircroft, across all businesses and subsidiaries.
NES Group Limited’s registration details are available for public view on the ICO’s website.
If you wish to make a complaint you can do this by contacting the NES Fircroft Data Protection Advisory Team (here).
You have the right to lodge a complaint with a supervisory authority. You can contact the Information Commissions Officer (ICO) as the Lead Supervisory Authority for NES Fircroft, at any time directly, or contact the Data Protection Regulator of your habitual residence.
ICO Helpline: 0303 123 1113 (UK) or +44 1625 545 700.
CALIFORNIA PRIVACY NOTICE
INDIVIDUAL RIGHTS UNDER CALIFORNIA LAW: CALIFORNIA CONSUMER PRIVACY ACT OF 2018 (CCPA)
Effective Date: 1 November 2020
Consistent with the CCPA, subjects of certain business-to-business communications acting solely in their capacity as representatives of another business, are not considered “Consumers” for purposes of this California Privacy Notice or the rights described herein. Publicly available information is also not treated as PI under the CCPA, so this notice is not intended to apply to that data and your Consumer privacy rights do not apply to that data.
Consistent with the CCPA, individuals working directly for NES Fircroft or its associated companies as a ‘staff’ member of the business and individuals that are prospective staff of NES Fircroft or its associated companies (“Employees”), are not considered “Consumers” for purposes of the CCPA rights described herein. The collection, use, disclosure, and sharing of PI of Employees by NES Fircroft is for performing services and operations related to Employees’ potential employment and/or employment by NES.
a) Collection and Sharing of PI
Based on our data practices through the Effective Date, we give you notice that we collect the following types of PI about California Consumers and Employees and use and share it as set forth below.
The chart above reflects that categories of PI required by the CCPA. There may be additional information that we collect that meets the CCPA’s definition of PI but is not reflected by a category, in which case we will treat it as PI as required by the CCPA, but will not include it when we are required to describe our practices by category of PI.
As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information, and may elect not to treat publicly available information as PI. We have no obligation to re-identify information or keep it longer than we need it to respond to your requests.
We may sell PI (as the term “sell” is defined by the CCPA). As part of NES Fircroft’s service provision and to help our Clients evaluate the suitability of Candidates for a Client’s role, NES Fircroft creates profiles of Candidates whose qualifications match a Client’s requirements. Candidate profiles are shared with executives, hiring managers, and recruiters, for the purposes of providing staffing solutions, recruitment and assignment support services (“Recruiting Purposes”). Sharing for Recruiting Purposes may be deemed a sale under the CCPA. For more information on how to exercise your do not sell rights, see the “Do Not Sell” subsection of the California Privacy Rights section of this California Privacy Notice below. Note, exercising your do not sell rights with regard to Recruiting Purposes will terminate NES’s sharing of your PI with recruiters, executives, and hiring managers.
b) Sources of PI
We may collect your PI directly from you, Clients, employment references, online job boards, External Providers undertaking screening, background checks, or insurance services, our affiliates, or other individuals and businesses.
c) Use of PI
Generally, we collect, retain, use, and share your PI to provide you services and as otherwise related to the operation of our business. For more detail on our disclosures and sale of PI, see the “Collection and Sharing of PI” section above.
We may collect, use, and share the PI we collect for one or more of the following business purposes:
- Processing Interactions and Transactions;
- Managing Interactions and Transactions;
- Performing Services;
- Research and Development;
- Quality Assurance;
- and Debugging.
Subject to restrictions and obligations of the CCPA, our vendors may also use your PI for some or all of the above listed business purposes. Our vendors may themselves engage services providers or subcontractors to enable them to perform services for us, which sub-processing is, for purposes of certainty, an Other Business Purpose for which we are providing you notice.
As stated above, we may collect and use your PI for sharing PI in a manner that is deemed a sale under the CCPA. For more information on how to exercise your do not sell rights, see the “Do Not Sell” subsection of the California Privacy Rights section of this California Privacy Notice below.
d) California Privacy Rights
The CCPA is a new law and there remain differing interpretations of it and the regulations that implement it. Accordingly, we may from time-to-time update information in our notices regarding our data practices and your rights, modify our methods for you to make and for us to respond to your requests, and/or supplement our response(s) to your requests, as we continue to develop our compliance program to reflect the evolution of the law and our understanding of how it relates to our data practices.
We provide California Consumers the privacy rights described in this section. You have the right to exercise these rights via an authorized agent who meets the agency requirements of the CCPA and related regulations. As permitted by the CCPA, any request you submit to us is subject to an identification and residency verification process (“Verifiable Consumer Request”). We will not fulfil your CCPA request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI.
To make a request, contact us and respond to any follow up inquires we may make.
Some PI we maintain about Consumers is not sufficiently associated with enough PI about the Consumer for us to be able to verify that it is a particular Consumer’s PI when a Consumer request that requires verification pursuant to the CCPA’s verification standards is made (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA we do not include that PI in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose .
We will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose and otherwise use and to respond to your California Consumer privacy rights requests. In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest that you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest or not. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
Consistent with the CCPA and our interest in the security of your PI, we will not deliver to you your social security number, driver’s license number or other government-issued id number, an account password, security questions or answers, or unique biometric data in response to a CCPA request; however, you may be able to access some of this information yourself through your account if you have an active account with us.
Your California Consumer privacy rights are as follows:
i.The Right to Know:
You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
- The categories of PI we have collected about you.
- The categories of sources from which we collected your PI.
- The business or commercial purposes for our collecting or selling your PI.
- The categories of third parties to whom we have shared your PI.
- A list of the categories of PI disclosed for a business purpose in the prior 12 months and, for each, the categories of recipients, or that no disclosure occurred.
- A list of the categories of PI sold about you in the prior 12 months and, for each, the categories of recipients, or that no sale occurred.
To make a request, contact the Data Protection Advisory team and respond to any follow up inquiries we may make.
In order for us to look into your request, we first need to verify your identity, meaning that we need to make sure that you are the consumer we may have collected personal information about or a person who has been duly authorized to make the request on behalf of the consumer. We are required to verify a consumer’s request to know categories of PI to a reasonable degree of certainty, which may include matching at least two data points provided by the consumer with data points maintained by us, which we have determined to be reliable for the purpose of verifying the consumer. If you fail to do so we will be unable to verify you sufficiently to honor your request. The information you send for us to verify your identity will be used for this purpose only.
For your specific pieces of information, as required by the CCPA, we will apply the heightened verification standards set forth in subsection (ii) below. Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
b)Specific Pieces :
You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining.
To make a request, contact the Data Protection Advisory team and respond to any follow up inquiries we may make.
In order for us to look into your request, we first need to verify your identity, meaning that we need to make sure that you are the consumer we may have collected personal information about or a person who has been duly authorized to make the request on behalf of the consumer. We are required to verify a consumer’s request to know specific pieces of PI to a reasonably high degree of certainty, which may include matching at least three data points provided by the consumer with data points maintained by us, which we have determined to be reliable for the purpose of verifying the consumer together with a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request. If you fail to provide the data points we will be unable to verify you sufficiently to honor your request. The information you send for us to verify your identity will be used for this purpose only.
Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
ii.Do Not Sell:
You have the right to direct us to not sell your PI. For more information on how to exercise your do not sell rights, click here, as stated above, exercising your do not sell rights with regard to Recruiting Purposes will terminate NES’s sharing of your PI with recruiters, executives, and hiring managers.
IP Addresses & Cookies
There may be cookies and other tracking technologies associated with our online services that may provide data, which may be treated as PI under the CCPA, to other parties that may use it for their own purposes, which in turn may provide that data to other parties for their own purposes. While there is not yet a consensus, we do not believe that data practices of third-party cookies and tracking devices associated with our online services constitute a sale of PI by us and therefore we do not currently treat these activities as a “sale.” Currently, a do not sale request to us will not affect these third-party activities. However, you can exercise control over browser-based cookies by adjusting the settings on your browser, and mobile devices may offer ad and data limitation choices. In addition, third party tools may enable you to search for and opt-out of some of these trackers, such as the Ghostery browser plug-in available at https://www.ghostery.com/.
You can also learn more about how to exercise certain choices regarding cookies and interest-based advertising at:
We do not represent that these third-party tools, programs or statements are complete or accurate. Clearing cookies or changing settings may affect your choices and you may have to opt-out separately via each browser and other device you use. Cookie-enabled opt-outs signals may no longer be effective if you delete, block or clear cookies. We are not responsible for the completeness, accuracy or effectiveness of any third-party notices or choices.
Some browsers have signals that may be characterized as do not track signals, but we do not understand them to operate in that manner or to indicate a do not sell expression by you so we currently do not recognize these as a do not sell request. Further, there is not currently a consensus as to how various user-enabled privacy or “do not track” signals or settings should be treated or what they mean, so we will not look for or respond to any that are not expressly listed here as programs in which we participate or otherwise accept, which may change as programs evolve. We understand that various parties are developing do not sell signals and we may recognize certain such signals if we conclude such a program is appropriate.
We do not knowingly sell the PI of Consumers under 16.
We may disclose your PI for the following purposes, which are not a sale: (i) if you direct us to share PI; (ii) to comply with your requests under the CCPA; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.
Except to the extent we have a basis for retention under CCPA, you may request that we delete your PI that we have collected directly from you and are maintaining. Our retention rights include, without limitation, to complete transactions and service you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement.
Note also that we are not required to delete your PI that we did not collect directly from you.
To make a request, contact the Data Protection Advisory team and respond to any follow up inquiries we may make.
In order for us to look into your request, we first need to verify your identity, meaning that we need to make sure that you are the consumer we may have collected personal information about or a person who has been duly authorized to make the request on behalf of the consumer. We are required to verify a consumer’s request to delete to a reasonable degree of certainty, which may include matching at least two data points provided by the consumer with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three data points provided by the consumer with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the consumer posted by unauthorized deletion. If you fail to provide the data points we will be unable to verify you sufficiently to honor your request. The information you send for us to verify your identity will be used for this purpose only.
iv.Non-Discrimination and Financial Incentive Programs:
NES will not discriminate against you because you exercise your CCPA rights.
If a Consumer chooses to submit a request through an authorized agent, we require the Consumer to:
- Provide the authorized agent signed permission by the Consumer to submit a request, a copy of which must be provided to us;
- Verify their own identity directly with us;
- Directly confirm with us that they provided the authorized agent permission to submit the request.
If the authorized agent has a power of attorney issued under California Probate Code sections 4000 to 4465, then the written agreement is not necessary. Pursuant to Probate Code Sections 4121 and 4122, a power of attorney is only valid if it is notarized or witnessed by two adults other than the attorney-in-fact. Where witnesses are used rather than a notary, we require verification of the witnesses’ identities, and verification that they in fact witnessed the appointment. The power of attorney must be sufficiently broad, or specific, to establish agency to make a CCPA request. We are entitled to reject any request submitted through a power of attorney if the attorney-in-fact cannot reasonably verify the validity of the power of attorney.
If the authorized agent is not authorized by a power of attorney, we require an agent that is an entity be registered with the Secretary of State to conduct business in California. We are entitled to verify the legitimacy of an agency appointment, such as through a representation under the penalty of perjury with two verified witnesses. We are entitled to require a natural person acting on behalf of an entity agent to attest under penalty of perjury with two verified witnesses that (1) they are authorized to act on behalf of the entity and the consumer; (2) they are who they claim to be; and (3) everything they have submitted is valid and accurate. We are entitled to require the same of an individual acting as an agent, except for the qualification that they be registered with the Secretary of State to do business in California.
In the absence of any of the general conditions detailed above, we are entitled to reject any request submitted through an agent. In addition, the agent is subject to the verification standards applicable to the type of request(s) made.
vi.Limitation of Rights:
Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your CCPA rights. In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.
e)Additional California Notices
In addition to CCPA rights, certain Californians are entitled to certain other notices, including:
The NES Fircroft website is not intended or targeted to minors (individuals under the age of eighteen (18)). We do not intentionally or knowingly collect PI from minors. If you are a registered user of NES Fircroft and a minor in California, you may ask to remove you PI content on the NES Fircroft site by contacting the following:
b)California Shine the Light Disclosure
We provide California residents with the option to opt-in or opt-out of sharing of “personal information” as defined by California’s “Shine the Light” law with third parties, other than our affiliates, for such third parties own direct marketing purposes. Sharing for Recruiting Purposes may be deemed a disclosure to third parties for their own direct marketing purposes under the Shine the Light law. Accordingly, if you opt-out we will not share your personal information for Recruiting Purposes. If you want NES Fircroft to continue to share your personal information for Recruiting Purposes, do not opt-out. If you are a California resident, you may exercise this opt-out and/or request certain information about our compliance with the Shine the Light law by contacting the following:
Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, we are not required to respond to requests made by means other than through the provided, telephone number, e-mail address or mail address.
c)Tracking and Targeting
When you visit our online services, we and third parties may use tracking technologies to collect usage information based on your device for a variety of purposes, including serving you advertising, based on your having visited our services or your activities across time and third-party locations. Some browsers may enable you to turn on or off a so-called “Do Not Track” signal. Because there is no industry consensus on what these signals should mean and how they should operate, we do not look for or respond to “Do Not Track” signals.
INDIVIDUAL RIGHTS UNDER NEVADA LAW:
We do not believe we “sell” “covered information” of Nevada “consumers” as those terms are defined by Chapter 603A of the Nevada Revised Statutes, and until such time as we change this policy by updating this Privacy Notice, and provide a method to opt-out of sale under the Nevada Revised Statutes, we will treat covered information collected under this Privacy Notice as subject to a do not sell request as relates to the Nevada Revised Statutes.
CHANGES TO THIS PRIVACY NOTICE
Any changes we make to our Privacy Notice or the defined processing activities will be posted to our website.You are encouraged to visit our website frequently to see any updates or changes.
This Privacy Notice was last updated January 2023.