Privacy Policy
GENSEARCH is committed to protecting the privacy of those with whom it interacts, and GENSEARCH recognises the need to respect and protect information that is collected or disclosed to us (called “Personal Information”, explained below). This Privacy Notice is intended to tell you how we use your Personal Information and is in a layered format to give you enough detail to give you the information you need immediately, with the option of following a link if you want to find out more. If you still can’t find the information you need, you can contact GENSEARCH by reference to the details set out in section 1 below.
1. Who are we?
The GENSEARCH is a global senior executive search company operating in the life sciences (“GENSEARCH”).
This website (www.gensearch-consulting.com) is owned and operated by GenSearch Corporate, registered in Paris, France, under RCS Paris 830 855 938, SIRET 83085593800015. The registered office is 2 square de l’avenue du bois, 75116, Paris, France. The Director of this publication is Sebastien STOITZNER, founder and Managing Director of GenSearch.
We provide executive search services in the life sciences arena to clients, (our “Services”). This policy applies to you if you are one of our clients, suppliers, candidates, applicants for a job with GENSEARCH, or a referee in respect of a candidate. For the purposes of this policy:
– Candidates – means an individual who is a candidate or potential candidate for one of our clients.
– Talents – individuals whom we have identified as part of a talent mapping exercise.
– Applicants – an individual who is applying for a job with GENSEARCH. – Clients – any business, firm, organisation, government body, or individual that instructs us to perform any of our services.
– Source and referee – a person who provides us with information or intelligence about a candidate, or who provides a personal or work reference.
– Suppliers – business-to-business contacts in our supplier organisations.
2. What is Personal Information, and which Personal Information do we collect about you?
For the purposes of this Privacy Notice “Personal Information” consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information that identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address), or more than one or more factors specific to your physical, economic, cultural, or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Information, we treat the combined information as Personal Information.
We may collect use, store, and transfer different kinds of Personal Information about you which we have grouped together as follows:
• Identity and Contact Data includes first name, last name and title, address, email address, and telephone number.
• Candidate Data includes CV, professional experience, academic and professional qualifications, reference information, employment history, PA details, interview notes, expenses, psychometric test information, work permit information, and identification information.
• Talent Data includes employer, current role, and other professional details.
• Financial Data includes bank account details.
• Technical Data includes internet protocol (IP) addresses, usage session dates and duration, page views, how you use our website the type of browser used while visiting our website, and the number of users who visit our website.
• Services Data includes information about how you use our services, details of which services you have received from us, our correspondence and communications with you, and information about any complaints or inquiries you make to us.
• Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
We also collect, use, and share aggregated anonymous or pseudonymised data, such as statistical or demographic data, for any purpose. This data could be derived from your Personal Information but is not considered personal data in law as it does not directly or indirectly reveal your identity. For example, we may anonymise your Services Data to analyse which demographic of users are using our services. However, if we combine any of this data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
How is your Personal Information collected?
We use different methods to collect data from and about you.
A. Candidates
• Personal Information that you provide directly. You may give us your Identity and Contact Data, Candidate Data, Financial Data, Marketing, and Communications Data, by consulting us about a role, proceeding with a job application, or by corresponding with us by email, phone, or otherwise.
• Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
– Identity and Contact Data from third parties such as your employer, third-party databases such as LinkedIn, or from your PA.
B. Talent
We collect your Identity and Contact Data and Talent Data from publicly available sources such as LinkedIn and your current employer’s website when we conduct our talent mapping exercises. We conduct talent mapping exercises to help our Clients understand the current market and to find potential candidates for our Clients.
C. Applicants
• Personal Information that you provide directly. You may give us your Identity and Contact Data, Financial Data, by applying for a job with GENSEARCH.
• Third parties or publicly available sources. We may receive Identity and Contact Data from third parties such as your employer, third-party databases, or from your recruiter.
D. Clients and Suppliers
We collect your Identity and Contact Data, Financial Data, and Services Data when we correspond with you about our services, and from publicly available sources such as Companies House.
E. Source and Referee
We will obtain your Identity and Contact Data as well as information regarding your credentials as a source or referee, details of your relationship, and your opinions of Candidates, either directly from you or from publicly available information.
F. Automated Technologies
When you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this Personal Information by using cookies and other similar technologies, and our analytics providers. Please see section 10 below.
4. How do we use your information?
We will only use your Personal Information when the law allows us to do so. Most commonly, we will use your Personal Information in the following circumstances:
• Where we need to perform the contract, we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. The legitimate interests we rely on are set out next to each purpose below.
• Where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your Personal Information, although we will get your explicit consent to process any Special Categories of Data.
Purposes for which we will use your Personal Information
We may use the Personal Information that we collect for the following purposes. For each purpose, we describe the legal bases we rely on to justify such use of your Personal Information.
border-style: dashed solid;
| Category | Purpose/Activity | Type of data | Legal Basis |
|---|---|---|---|
| Candidate | To provide you with our services in order to find you a position with a Client, including processing job applications and corresponding with you and our Clients, including transferring your personal data to Clients. We will only ever provide our Clients with your personal data with your permission. |
– Identity and Contact – Candidate – Financial Services |
– Necessary for our legitimate interests in fulfilling contractual obligations to our Clients and providing candidates in the life sciences arena. – Necessary to take steps at your request prior to entering into a contract, i.e. the contract of employment with a Client. |
| Talent | To conduct mapping or research exercises on behalf of our Clients to enable them to understand the market |
– Identity and Contact – Talent |
Necessary for our legitimate interests in understanding the applicant market in the life sciences arena |
| Applicant | To consider you for a role with us, if you are applying for a job | – Identity and Contact – Applicant Financial |
– Necessary to take steps in order to enter a contract with you – Necessary for our legitimate interests in attracting talent and market opportunities at GenSearch |
| Client | To provide our services to you, or your employer and to manage our relationship with you including in respect of fees and to provide you with updates to our Privacy Notice |
– Identity and Contact – Financial Services |
– Performance of a contract with you (if the services are provided to you directly) – Necessary for our legitimate interests in providing our services to corporate clients (if the services are provided to your employer) |
| Supplier | To carry out our contractual obligations to you, if you are our supplier or subcontractor, including managing our payments to you |
– Identity and Contact – Services – Financial |
Necessary for our legitimate interests in receiving services from our suppliers to ensure our business is run efficiently |
| Source and Referee | To perform our services to our Clients and to enable us to obtain your opinions on a Candidate |
– Identity and Contact – Candidate |
Necessary for our legitimate interest in ensuring our services are professionally and successfully provided to our Clients |
| Client, Candidate, Talent, Source, and Referee | Provide you with marketing information related to our services and activities which you request from us or which we feel may be of interest to you |
– Identity and Contact – Services Technical |
Necessary for our legitimate interests to develop our services and to grow our business |
| Client, Candidate | Analysis purposes – for assessment and analysis of our Clients and Candidate base, to create sales, marketing, and promotional plans, and to seek your thoughts and opinions on the services we provide |
– Identity and Contact – Services |
Necessary for our legitimate interests to study how our clients use our services, to understand our candidate pool, to develop our services, and to inform our marketing strategy |
| All users of our website | For security purposes and to administer our website – to maintain and enhance the website and to ensure that content from it is presented in the most effective manner for you and your computer, and to enhance the user experience; |
– Identity and Contact – Technical |
– Necessary for our legitimate interests in running our business, to ensure the security of our systems, to assist us in the provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or company restructuring exercise – Necessary to comply with a legal obligation |
| All categories | Business purposes – for business monitoring, improving our services, and record keeping including maintaining our accounts, complying with good practice, and for other administrative, operational, and security reasons |
– Identity and Contact – Services Marketing and Communications |
– Necessary for our legitimate interests in running our business efficiently and successfully and in order to keep our records updated – Necessary to comply with a legal obligation |
| All categories | To prevent and detect crime, fraud, or corruption and to meet our legal, regulatory, and ethical responsibilities | – Identity and – Contact Technical Services |
Necessary to comply with our legal obligation |
Please be aware that we are not responsible for the data processing activities of others, such as our Clients.
Marketing communications and our newsletter
We may use your Personal Information to provide you with our newsletter, email notifications, and other communications by email, on the basis that it is in our legitimate interests to use your Personal Information for these purposes in developing our services and growing our business. For further information on this, see the ‘Your Choices’ section of this Privacy Notice.
Combining Personal Information
We may combine the Personal Information that we collect from you to the extent permitted by applicable law. For example, we may combine various different databases that contain your Personal Information to allow us to provide better support services and more personalised content (such as marketing).
Change of purpose
Where we need to use your Personal Information for another reason other than for the purpose for which we collected it, we will only use your Personal Information where that reason is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
5. To whom do we disclose your information?
We will only use your Personal Information for our internal business purposes, some of which are mentioned above. We may disclose your information to the following entities:
I. GenSearch‘ worldwide offices
We may need to transfer your Personal Information to employees based in GenSearch’ offices, in order to provide the services and/or any assistance you request. All employees in GenSearch’ offices are required to follow the privacy practices set forth in this Privacy Notice, or such other privacy notice that they may notify to you.
II. Clients
We may need to disclose your Personal Information to our Clients for whom we provide executive search services. We will not disclose a Candidate’s details to a Client without asking for the Candidate’s permission. If we have identified a Talent through our talent mapping activities, we will only disclose a Talent’s details to a Client in an anonymous form, so that the individual Talent cannot be identified. We will share information only as anticipated in this Privacy Notice and wherever appropriate limit disclosure to information in aggregate and/or anonymous form to avoid or limit identifying you personally.
III. Service Providers
We use third-party service providers to help us to administer certain activities and services on our behalf, such as IT and cloud services and analytical services. We may share Personal Information about you with such third-party service providers solely for the purpose of enabling them to perform services on our behalf, and they will operate only in accordance with our instructions. Here are examples of third-party service providers we use:
-
-
- IT Service Provider and Administration Services – we use Microsoft, Sharepoint, Azure, and OneDrive to provide us with IT and cloud services.
- Analytical Services – we use Google Analytics to monitor site traffic and usage, improve our services, and tailor users’ personal preferences whilst on our site.
-
IV. Anonymous statistics
We prepare and develop anonymous, aggregate or generic data and statistics for various reasons (such as aggregate usage statistics including “page views” on the website and analysing how users use our content). As this data is anonymous (i.e. you cannot be identified from it) we do not consider this information to be Personal Information. As such, we may share it with any third party.
V. Third parties when required by law
We will disclose your Personal Information to comply with applicable law or respond to valid legal processes, including from our regulators, law enforcement, or other government agencies (in which case such agencies or regulators will be acting as controllers as well); to protect the users of the website (e.g. to prevent spam or attempts to defraud them); to operate and maintain the security of the website (e.g. to prevent or stop an attack on our systems or networks); or to protect our rights or property.
VI. Other Parties in Connection with Corporate Transactions
We may disclose your Personal Information to a third party in the event that all or substantially all of our business or assets are or are intended to be sold or otherwise assigned to another entity.
VII. Other Parties At Your Direction
We may share Personal Information about you with third parties when you request such sharing, such as with prospective employers, or to your legal or other professional advisers.
6. What do we do to keep your information secure?
We have put in place appropriate physical and technical measures to safeguard your Personal Information. In addition, we limit access to your Personal Information to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your Personal Information on our instructions, and they are subject to a duty of confidentiality. When we use service providers to assist us in processing your Personal Information, we have written contracts in place with such service providers which means that they cannot do anything with your Personal Information unless we have instructed them to do it.
However, please note that although we take appropriate steps to protect your Personal Information, no website or transmission of data, computer system, or wireless connection is completely secure, and therefore we cannot guarantee the security of your Personal Information.
International Transfer of Data
The Personal Information that we collect from you may be stored and processed in your region, or transferred to, stored at, or otherwise processed outside the European Economic Area (“EEA“), or in any other country where GenSearch or our service providers maintain facilities.
By using the website and/or providing us with your Personal Information, you acknowledge that we will collect, transfer, store, and process your information outside the EEA. We will take all steps reasonably necessary to ensure that your Personal Information is kept secure and treated in accordance with this Privacy Notice and the requirements of applicable law wherever the data is located.
Where we transfer your Personal Information outside the EEA to third parties, we will ensure that appropriate transfer agreements and mechanisms, such as the EU Standard Contractual Clauses, are in place to help ensure that our third-party service providers provide an adequate level of protection to your Personal Information. We will only transfer your Personal Information outside the EEA in accordance with applicable laws or where you have given us your consent to do so.
7. Data Retention – How long we will store/keep your Personal Information
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We retain Candidates’ personal data as long as required in order to provide our services.
When your Personal Information is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law.
In some circumstances, you can ask us to delete your Personal Information (see section 8 below).
8. Accessing your Personal Information and other rights you have
GenSearch will collect, store and process your Personal Information in accordance with your rights under any applicable data protection laws. Under certain circumstances, you have the following rights in relation to your Personal Information:
I. Subject Access – you have the right to request details of the Personal Information which we hold about you and copies of such Personal Information.
II. Right to Withdraw Consent – where you have consented to our processing of your Personal Information, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us using the details provided in section 1.
III. Data Portability – you may, in certain circumstances, request us to port (i.e. transmit) your Personal Information directly to another organisation.
IV. Rectification – we want to ensure that the Personal Information about you that we hold is accurate and up to date. If you think that any information we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate Personal Information about you.
V. Erasure (‘right to be forgotten’) – you have the right to have your Personal Information ‘erased’ in certain specified situations.
VI. Restriction of processing – you have the right in certain specified situations to require us to stop processing your Personal Information.
VII. Object to processing – You have the right to object to specific types of processing of your Personal Information, such as, where we are processing your Personal Information for the purposes of direct marketing.
VIII. Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to a decision being taken solely on the basis of automated processing.
Enforcing your rights
If you wish to enforce any of your rights under applicable data protection laws, then please see section 1 above. We will respond to your request without undue delay and by no later than one month from receipt of any such request unless a longer period is permitted by applicable data protection laws, and we may charge a reasonable fee for dealing with your request which we will notify you. Please note that we will only charge a fee where we are permitted to do so by applicable data protection laws.
Complaints
If you are concerned that we have not complied with your legal rights under applicable data protection laws, you may contact the CNIL which is the Data Protection Authority for France. The authority is established in Paris and is in charge of enforcing GDPR for France, as well as the national law for data protection “Loi Informatique et Libertés”.
9. Third-Party Links
Our website may contain links to other third-party websites that are not operated by GenSearch. These linked sites and applications are not under GenSearch’ control and as such, we are not responsible for the privacy practices or the content of any linked websites and online applications. If you choose to use any third party websites, any Personal Information collected by the third party’s website will be controlled by the Privacy Notice of that third party. We strongly recommend that you take the time to review the privacy policies of any third parties to which you provide Personal Information.
10. Cookies
What are cookies?
We may use cookies on our website. Cookies are small text files that can be read by a web server in the domain that put the cookie on your hard drive. Cookies are assigned to and stored in a user’s internet browser on a temporary (for the duration of the online session only) or persistent basis (cookie stays on the computer after the internet browser or device has been closed). Cookies collect and store information about a user’s preferences, product usage, and content viewed, which allows for us to provide users with an enhanced and customized experience when engaging with the website. For more information on how we use cookies, please see our cookies’ policy https://www.gensearch-consulting.com/cookie-policy/
11. Your Choices (e.g. our newsletter, marketing-related emails or otherwise)
When you request information on or from the website, or otherwise communicate with us, we may use your Personal Information (such as your contact details (e.g. name, address, email address, telephone number)) to send you our newsletter, marketing-related correspondence by email related to our products. When we process your Personal Information for marketing purposes, we do so on the basis that it is in our legitimate interests to use your Personal Information for these purposes.
We may also use your Personal Information to personalise and to target more effectively our marketing communications to ensure, to the extent possible, that any marketing-related correspondence is relevant to you.
We do not share your Personal Information for marketing purposes with third parties.
To opt out of receiving marketing-related correspondence from GenSearch, please click “Unsubscribe” from our newsletter or from any marketing or promotional email you receive from us.
12. Changes to this Privacy Notice
It also is important that you check back often for updates to the Privacy Notice, as we may change this Privacy Notice from time to time. The “Date last updated” legend at the bottom of this page states when the notice was last updated, and any changes will become effective upon our posting of the revised Privacy Notice.
We will provide notice to you if these changes are material and, where required by applicable law, we will seek your consent. We will provide this notice by email or by posting notice of the changes on our website.
Date last updated: March 2023