Privacy Policy

Who We Are

Hotlist Limited (“we,” “us,” or “our”) offers an innovative integratedsolution for internal recruitment. Designed to support organisations deeplyintegrated with Microsoft technology, Hotlist utilises tools such as Teams,Power BI, and Power Automate to elevate recruitment efficiency, acceleratehiring processes, and improve collaboration across Talent Acquisition, HR,Hiring Managers, and IT departments. This policy outlines the use of Hotlist asa comprehensive recruitment solution, enhancing candidate experience andreinforcing our competitive advantage in the talent market.

  • Name     of Company: Hotlist Limited
  • Company     Number: 15328106
  • Address:     De Montfort House, High Street, Coleshill, Warwickshire, B46 3BP
  • ICO     Registration: ZB759367
  • Website:     www.wearehotlist.com
  • DPO     Contact: info@wearehotlist.com

Introduction

This Privacy Policy sets out the basis on which HotlistLimited collects and processes your Personal Data as a Data Processor, i.e.,where we process Customer Data within the cloud Service we provide to you, as abusiness-to-business Service provider. When accessing Hotlist Services andProducts, the customer will be the Data Controller.

Please read the following carefully to understand our viewsand practices regarding your Personal Data and how we will treat it. Byvisiting www.wearehotlist.com (the “Site”) or using our Services or Products,you are accepting and consenting to the practices described in this PrivacyPolicy.

Please Note:

  • The     Site and Services are not intended for use by children, and we do not     knowingly collect information relating to children.

Definitions and Interpretation

In this Policy, the following terms shall have the followingmeanings:

  • Cookies:     Small files stored on a user’s device that help track preferences and     enhance the website experience.
  • Data     Controller: The entity responsible for determining the purposes and     means of processing personal data.
  • Data     Processor: An entity that processes personal data on behalf of the     Data Controller.
  • Personal     Data: Any information that can identify an individual directly or     indirectly, including names, contact details, and IP addresses.
  • Data     Protection Legislation: All applicable laws and regulations related to     personal data protection, including but not limited to the UK GDPR, EU     GDPR, and relevant US State Privacy Laws.
  • Processing:     Any activity involving the use of personal data, including collection,     storage, analysis, and deletion.

Your Rights

Under the Data Protection Legislation, you have thefollowing rights, which we will always work to uphold:

  • Right to Be Informed: You have the right to be informed about the collection     and use of your personal data, including details of our processing     purposes, retention periods, and who we may share your data with.
  • Right to Access: You may request access to the personal data we hold about     you.
  • Right to Rectification: You have the right to request corrections to any     inaccurate or incomplete data.
  • Right to Erasure: You may request the deletion of your personal data,     subject to legal and contractual requirements.
  • Right to Restrict Processing: You can ask us to limit the processing of your     data under certain conditions.
  • Right to Data Portability: You are entitled to receive your data in a     structured, commonly used format, or have it transferred directly to     another data controller where technically feasible.
  • Right to Object: You may object to certain data processing activities, such     as direct marketing.
  • Rights Related to Automated Decision-Making and Profiling: You can request     human intervention if automated processing significantly impacts you.

For any requests or further information, please contact usat info@wearehotlist.com.

Data Collection and Use

Depending upon your use of Our Site, Services, or Products,we may collect and hold some or all of the personal and non-personal data setout in the table below, using the methods also set out in the table. We do notcollect any ‘special category’ or ‘sensitive’ personal data and/or personaldata relating to children and/or data relating to criminal convictions and/or offences.

Data Type Purpose of Collection Lawful Basis
Contact Information (e.g., name, email, phone number) To communicate with clients and candidates, provide customer support, and manage accounts. Contractual Obligation - to provide requested services.
Professional Information (e.g., CV, employment history) To evaluate candidates for recruitment opportunities and match them to roles. Legitimate Interest - necessary for recruitment activities.
Usage Data (e.g., browsing activity, preferences) To analyse platform usage and improve service delivery and functionality. Legitimate Interest - to enhance and optimise services.
Financial Data (e.g., payment details, transaction history) To manage payments and billing processes. Contractual Obligation - necessary for completing transactions.
Communication Records (e.g., emails, customer support messages) To respond to inquiries, improve services, and resolve issues. Legitimate Interest - for communication and quality assurance.
Marketing Preferences (e.g., newsletter opt-ins) To send promotional materials and updates to consenting users Consent - obtained explicitly for marketing purposes.

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone, and/or post with information, news, and offers on our products and/or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details set out above.

If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.

In some circumstances, where permitted or required by law,we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

Data Processing

This policy outlines the principles of lawful, fair, and transparent processing of personal data in accordance with the General Data Protection Regulation (GDPR). The GDPR mandates that personal data must be processed lawfully, fairly, and transparently, ensuring that the rights of data subjects are protected. Personal data processing is deemed lawful if at least one of the following conditions applies:

  1. Consent:     The data subject has given explicit consent for specific purposes.
  2. Contractual Necessity: Processing is necessary for the performance of a contract     with the data subject or prior steps taken at their request.
  3. Legal Compliance: Necessary for compliance with a legal obligation.
  4. Vital Interests: Essential for protecting the vital interests of the data     subject or another person.
  5. Public Task: Necessary for performing a task in the public interest or     exercising official authority.
  6. Legitimate Interests: Necessary for the legitimate interests of the data     controller or a third party, unless overridden by the fundamental rights     of the data subject.

We do not directly collect, store, or use special category data about you. We do not collect information about criminal convictions and offences either. If this data is captured indirectly, it will be handled according to Data Protection Legislation.

The Company collects personal data from data subjects and third parties solely for specified, explicit, and legitimate purposes. Data subjects are informed of these purposes, and only data necessary for these purposes is collected.

The accuracy of personal data is regularly checked, and steps will be taken to rectify any inaccuracies. The Company will not retain personal data longer than necessary for its intended purposes, and reasonable measures will be taken to erase or dispose of data that is no longer required.

Data Storage and Transfer

Where possible we will only store or transfer your personal data within the UK and the European Economic Area (EEA), which includes all EU member states as well as Norway, Iceland, and Liechtenstein. This ensures that your personal data is fully protected under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), as well as equivalent standards set by law.

We will only transfer your personal data to third countries whose levels of data protection have been deemed 'adequate' by the UK government or the European Commission. For more information regarding adequate data protection standards, please refer to the relevant guidelines from the UK Information Commissioner’s Office (ICO) or the European Commission.

In cases where we transfer your data to a third party based in the United States, your data may be protected under the Trans-Atlantic Data Privacy Framework, which requires that these third parties provide data protection standards comparable to those in Europe. Additional information about these protections can also be found on the websites of the UK ICO and the European Commission.

For further details about the specific data protection mechanisms we utilise when transferring your personal data to a third country,please contact us using the details provided at the beginning of this policy.The security of your personal data is of utmost importance to us, and to safeguard your data, we implement a number of essential measures, including the following:

  • Limiting     access to your personal data to those employees, agents, contractors, and     other third parties with a legitimate need to know and ensuring that they     are subject to duties of confidentiality;
  • Procedures     for dealing with data breaches (the accidental or unlawful destruction,     loss, alteration, unauthorised disclosure of, or access to, your personal     data) including notifying you and/or the Information Commissioner’s Office     where we are legally required to do so.

Data Sharing

We will share your data with third parties only when necessary to provide the services we offer or to comply with legal obligations,subject to the following exceptions:

  • Service Providers: We may share your data with trusted third-party     service providers who assist us in operating our website, conducting our     business, or providing services to you. These third parties are     contractually obligated to keep your information confidential and use it     only for the purposes for which we disclose it to them.
  • Business Transfers: If we sell, transfer, or merge parts of our business     or assets, your personal data may be transferred to a third party. Any new     owner of our business may continue to use your personal data in the same     way(s) that we have used it, as specified in this Privacy Policy.
  • Legal  Requirements: In some limited circumstances, we may be legally     required to share certain personal data, which might include yours, if we     are involved in legal proceedings or complying with legal obligations, a     court order, or the instructions of a government authority.
  • Affiliates: We may share your data with our affiliates, which include any subsidiaries,     joint venture partners, or other companies that we control or that are     under common control with us, for purposes consistent with this Privacy     Policy.
  • Analytics and Advertising: We may use third-party service providers to     monitor and analyse the use of our website and services. These third parties may use cookies and similar technologies to collect and store     information about your interactions with our website.

We ensure that any third parties with whom we share your data are required to keep your personal data secure and to use it only for the purposes we specify.

Controlling Your Personal Data

In addition to your rights under the Data Protection Legislation, set out in this policy, when you submit personal data via Our Site or use our Services and Products, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details).

You may also wish to sign up for one or more of the preference services operating in the UK: The Telephone Preference Service (“theTPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you from receiving unsolicited marketing.

Cookies

Our website is provided by a third-party service provider,and the cookies used on our site are controlled by them. Cookies are small text files that are stored on your device when you visit a website. They help track your preferences and enhance your browsing experience by remembering your settings and login information. Cookies can also be used to collect information about your interactions with the website, such as the pages you visit and the links you click. This information helps us understand how you use our site and improve its functionality. Please note that while we strive to ensure the security and privacy of your data, the third-party service provider managing our cookies is responsible for their control and management.

We display a cookie banner on our website to inform you of cookie use and to allow you to control your preferences. You can use the options in the cookie banner to manage or remove any cookies at any time.