Like most businesses, we hold and process a wide range of information, some of which relates to individuals who carries out services for us. This Privacy Notice explains the type of information we process, why we are processing it and how that processing may affect you as a user of the services provided by IPSEM Squared Recruitment, a part of IPSEM Squared HK Limited (herein referred to as “IPSEM Squared”, “we”, “us”).
The notice focuses on users of the IPSEM Squared Recruitment website (IPSEM Squared Recruit). It also covers information on former users of the site.
This Privacy Notice is set out in this document (the Core Notice) and Annex 1- Supplementary Information. We have also provided the local information, which makes clear any differences in your particular jurisdiction. This can be found in Annex 2.
In the Supplementary Information, we explain what we mean by “personal data”, “processing”, “special personal data” and other terms used in the notice.
In brief, this notice explains:
We process data for the purposes of our business including management, administrative, and legal purposes. The Supplementary Information provides more specific information on these purposes, on the type of data that may be processed and on the grounds on which we process data. See Legal grounds for processing personal data and Further information on the data we process and our purposes.
Some of the personal data that we process about you comes from you. For example, you tell us your contact and previous work details.
Other personal data about you is generated in the course of your work, for example, from IPSEM Squared’s staff members.
Your personal data will be seen by IPSEM Squared’s staff members, in particular, managers and HR. We will where necessary and as set out in this privacy notice also pass your data outside the organisation, for example when dealing with companies who are seeking candidates.
Further information on this is provided in the Supplementary Information. See Where the data comes from and Who gets to see your data?
We do not keep your personal data for any specific period but will not keep it for longer than is necessary for our purposes. In general, we will keep your personal data for the duration of your engagement with IPSEM Squared and for a period afterwards.
See Retaining your personal data – more information in the Supplementary Information.
We will where necessary and as set out in this privacy notice transfer your personal data outside Hong Kong to any Group Company (defined below) and processors in other jurisdictions in which we are established. For the purpose of this privacy notice, “Group” means IPSEM Squared and any holding company or subsidiary of IPSEM Squared from time to time and any subsidiary of any holding company of IPSEM Squared. “Holding company” and “subsidiary” shall have the meanings given to them in the Hong Kong Companies Ordinance. “Group Company” shall mean any company within the Group.
Further information on these transfers and the measures taken to safeguard your data are set out in the Supplementary Information under Transfers of personal data outside Hong Kong – more information.
A list of data recipients who receive material amounts of personal data and are located outside of the Hong Kong is set out in Annex 3- Extra-Hong Kong Third Party Processors.
You have a right to make a subject access request to receive information about the data that we process about you. Further information on this and on other rights is in the Supplementary Information under Access to your personal data and other rights. We also explain how to make a complaint about our processing of your data.
In processing your personal data, we act as a data controller. Our contact details are set out in Annex 2.
Please note that generally the data controller of your personal data will be your engaging entity (i.e. IPSEM Squared) but also entities within the Group with which we share data for business administration purposes.
This notice forms part of your engagement agreement and creates contractual rights or obligations. It may be amended by us at any time.
“Personal data” is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.
Data “processed automatically” includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device. It covers data derived from equipment such as access passes within a building, data on use of vehicles and sound and image data such as CCTV or photographs.
"Processing" means doing anything with the data. For example, it includes collecting it, holding it, disclosing it and deleting it.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by UK and EU privacy law to be “special personal data”.
There are various grounds on which we can rely when processing your personal data. In some contexts, more than one ground applies. We have summarised these grounds as Contract, Legal obligation, Legitimate Interests and Consent and outline what those terms mean in the following table.
Term |
Ground for processing |
Explanation |
Contract |
Processing necessary for performance of a contract (i.e., your usage agreement with IPSEM Squared) with you or to take steps at your request to enter a contract |
This covers carrying out our contracted duties and exercising our contractual rights. |
Legal obligation |
Processing necessary to comply with our legal obligations |
Ensuring we perform our legal and regulatory obligations. |
Legitimate Interests |
Processing necessary for our or a third party’s legitimate interests |
We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data. Your data will not be processed on this |
Consent |
You have given specific consent to processing your data |
In general, processing of your data in connection with your engagement is not conditional on your consent. But there may be occasions where we do specific things such as getting a criminal record check for a role which is regulated and rely on your consent to our doing so. |
If we process special personal data about you (for example (but without limitation), storing your health records to assist us in ensuring that we provide you with a healthy and safe workplace or processing personal data relating to diversity monitoring), as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing special personal data applies. In outline, these include:
The Core Notice outlines the purposes for which we process your personal data. More specific information on these, examples of the data and the grounds on which we process data are in the table below.
The examples in the table cannot, of course, be exhaustive. For example, although the table does not mention data relating to criminal offences, if we were to find out that someone working for us was suspected of committing a criminal offence, we will process that information if necessary for our purposes. If necessary we will also require criminal background checks for certain roles – for example those working in financial roles or working with minors.
Purpose |
Examples of personal data that may be processed |
Grounds for processing |
Recruitment |
Standard data related to your identity (e.g. your name, address, email address, ID information and documents, telephone numbers, place of birth, nationality, contact details, summary of skillset, professional experience and education (including university degrees, academic records, professional licenses, memberships and certifications, awards and achievements, and current and previous engagement details), financial information (including current service salary information) language Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to work. Information such as your salary and expenses. If necessary, we will also process information concerning your health, any disability and in connection with any adjustments to working arrangements. |
Contract Legal obligation Legitimate interests |
Physical and system security |
Records of your use of our systems. |
Legal obligation Legitimate interests |
Improving efficiency of IT and business systems and device use |
Records of your use of IT and business systems provided by IPSEM Squared. For example, we may collect information on the number of minutes and amount of activity while using IPSEM Squared web-based services. We will where necessary and as set out in this privacy notice also contract with third parties to provide our services. Such applications will process your personal data. Their own privacy notices will make clear precisely what information will be collected. We may be provided with information on the usage of such applications, for example for the purpose of troubleshooting or assessing overall usage and whether to continue to provide them. |
Legitimate interest |
Providing information to third parties in connection with transactions that we contemplate or carry out |
Information on your contract and other data that may be required by a party to a transaction such as a prospective purchaser, seller or outsourcer. |
Legitimate interests |
Monitoring of diversity and equal opportunities |
Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age as part of diversity monitoring initiatives. Such data will aggregated and used for equality of opportunity monitoring purposes. Please note we may share aggregated and anonymized diversity statistics with regulators if formally required / requested. |
Legitimate interests |
Monitoring and investigating suspicions of misconduct, compliance with policies and rules – both generally and specifically |
We expect you to comply with our policies and rules and may monitor our systems to check compliance. We will where necessary and as set out in this privacy notice check system and other data to look into those concerns (e.g., log in records and records of usage). In appropriate cases if we have suspicions of serious wrong-doing, we may make targeted records (e.g. video or sound) in connection with an investigation. |
Legitimate interests |
Disputes and legal proceedings |
Any information relevant or potentially relevant to a dispute or legal proceeding affecting us. |
Legitimate interests Legal obligation |
Maintaining appropriate business records during and after your engagement with us |
Information relating to your usage of IPSEM Squared services which are relevant to such records. |
Contract |
When you start engagement with us, the initial data about you that we process is likely to come from you: for example, contact details. We will where necessary and as set out in this privacy notice also require references and information to carry out background checks. In the course of engagement, you may be required to provide us with information for other purposes. If you do not provide information that you are required by statute or contract to give us, you may lose access to our services. If you have concerns about this in a particular context, you should speak to HR.
In the course of your work, we may receive personal data relating to you from others.
Where necessary and as set out in this privacy notice, your personal data will be disclosed to IPSEM Squared’s staff members, including HR and administrators for administrative and management purposes as mentioned in this document. We will where necessary and as set out in this privacy notice also disclose this to other companies of the Group.
We will only disclose or transfer your personal data outside the Group if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you.
We will disclose or transfer your data if it is necessary for our legitimate interests as an organisation or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy). Where necessary, we will also disclose your personal data if you consent, where we are required to do so by law and in connection with criminal or regulatory investigations.
Specific circumstances in which your personal data may be disclosed/transferred include:
Although there is no specific period for which we will keep your personal data, we will not keep it for longer than is necessary for our purposes. In general, we will keep your personal data for the duration of your engagement with IPSEM Squared and for a period afterwards. In considering how long to keep it, we will take into account its relevance to our business and your engagement either as a record or in the event of a legal claim.
If your data is only useful for a short period we will delete it.
In connection with our business and for administrative, management and legal purposes, we will where necessary and as set out in this privacy notice transfer your personal data outside Hong Kong to any Group Companies and on occasion other jurisdictions in which we are established. We will ensure that any transfer is lawful and that there are appropriate security arrangements.
In relation to intra-group transfers, the Group Companies have entered into an intra-group data sharing agreement ensuring appropriate and suitable safeguards with IPSEM Squared’s controllers/processors outside Hong Kong. These are in standard terms approved by the European Commission. If you wish to see details of these safeguards, please ask our Information Security Officer.
A list of data recipients who receive material amounts of personal data and are located outside of Hong Kong is set out in Annex 3- Extra-Hong Kong Third Party Processors.
We try to be as open as we reasonably can about personal data that we process. If you would like specific information, just ask us.
You also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information on it, including:
If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted. If you have provided us with data about yourself (for example your address or bank details), you have the right to be given the data in a machine-readable format for transmitting to another data controller. This only applies if the ground for processing is Consent or Contract.
If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.
If you have complaints relating to our processing of your personal data, you should raise these with the Information Security Officer in the first instance. You may also raise complaints with your statutory regulator. For contact and other details ask the Information Security Officer.
This notice forms part of your engagement agreement and creates contractual rights or obligations. It may be amended by us at any time.
If you are engaged or otherwise in Hong Kong the following additional information applies. The statutory regulator is the Office of the Privacy Commissioner for Personal Data.
Data controller |
Address |
IPSEM Squared HK Limited |
Room 2401, 24/F Dominion Centre 43-59 Queen's Road East Wanchai, Hong Kong |
Information Security Officer |
Company |
E-mail address |
Sharon Nalani |
IPSEM Square Operational Services. SDN. BHD. |
Please note that this Privacy Notice, along with other related IPSEM Squared policies and/or protocols, shall form IPSEM Squared’s policy for processing special data as required by the UK Data Protection Act 2018 (Schedule 1 Part IV).
As indicated above, we may transfer your personal data outside Hong Kong.
Recipients |
Country |
Keen Steps Inc. |
USA, Ireland |
IPSEM Squared Operational Services. SDN. BHD. |
Malaysia |
Shearn Delamore & Co. (Lawyers) |
Malaysia |