Privacy Policy

  1. Scope of this privacy policy
    • The privacy of your personal data is extremely important to us and this privacy policy sets out important information about how Levin Ltd trading as Storm2 (“Storm2”, we” or “us“) collects, handles and uses your personal data; personal data is any information from which you can be identified. We’re committed to protecting the privacy and security of your personal data.
    • In this privacy policy, “processing” means the collection, recording, storage, use, disclosure and generally any other uses, form of operations or dealings with your personal data.
    • This Notice was last updated on 31st October 2022
  2. about us
    • Storm2 is a specialist recruitment company in the financial technology sector.
    • In order for us to operate as a recruitment consultancy, Storm2 must process personal data and when doing so, Storm2 will be a “controller” of your personal data; this means we are responsible for the processing of your personal data. We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with all data protection laws in the United Kingdom, including the UK GDPR and the Data Protection Act 2018 (“Data Protection Laws“).
  3. whose personal data do we use?
    • The personal data that we collect, use and process and the purposes for doing so will depend on your relationship with us. We obtain and process personal data relating to: (i) candidates who we provide recruitment and/or related career intermediary services to (ii) clients; and (iii) individuals applying to work at Storm2.
    • Please click on the relevant heading below (which correlates to your relationship with Storm2) to learn more about how we use your personal data.
    • Candidates who we provide recruitment and/or related career intermediary services to

This section will apply to those candidates who we provide recruitment and/or related intermediary services to.

  • What personal data do we collect and use?
    • general information such as your name and contact details including phone number and email address;
    • professional details such as your job title, information about your job role, industry, current employer and employment history;
    • your CV or cover letter and information contained in applications;
    • any other information which you have shared with us through general correspondence such as emails or messages on LinkedIn; and
    • marketing preferences.

We do not collect any of your special category data; this is any information relating to your health or medical records, criminal records or convictions, sexual orientation, racial or ethnic origin, political or philosophical opinions or affiliations, religious or philosophical beliefs or affiliations or trade union membership or genetic or biometric data.

  • How do we obtain your personal data?

We obtain your personal data in a number of different ways:

  • directly from you; such as via our website where you submit an application or sign up for marketing emails or during any form of communication such as face to face, written and phone correspondence or correspondence on LinkedIn;
  • through search platforms;
  • from third parties such as RocketReach who we use to find your most recent contact details; or
  • from our corporate clients.
  • For what purpose do we use your personal data and with whom is it shared?

We only process personal data for the purposes described in this Notice. Data Protection Laws require companies to have a “lawful basis” to collect and use personal data. For Storm2 these will be:

  • it is necessary for legitimate business interests pursued by us or a third party and your interests and fundamental rights do not override those interests. In each case we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interest;
  • in limited circumstances, where you have given consent.

We will process your personal data for the following purposes and in reliance of the listed lawful bases:

Purpose for processing your personal data Lawful basis

To provide recruitment and/or career intermediary services. This shall include:

 

·        assessing your qualifications against relevant vacancies that we feel may be appropriate for you;

·        speaking to corporate clients who have vacancies for jobs in which you are interested; and

·        referring you to corporate clients.

 

·        Legitimate interests (to provide our services as a recruitment consultant)

Applying for jobs on your behalf.

 

·        We have your consent
For general correspondence purposes

·        Legitimate interests (to provide our services as a recruitment consultant and keep you updated about prospective jobs)

 

To create testimonials of our services

·        We have your consent

 

For marketing purposes

·        We have your consent

 

·        Legitimate interests (to send you information and industry developments you have requested)

 

General business management, record keeping, operations and planning, including accounting and auditing. ·        Legitimate interests (business administration and operations)

 

  • Who do we share your personal data with

When we share your personal data, we do so in accordance with Data Protection Laws and our internal security standards.  Below are the parties with whom we may share personal data and why:

  • Within the Levin Group: We may share your personal data with other companies within the Levin group based in Australia, Germany, the Netherlands, Singapore and the USA where we have satellite offices.

 

Your personal data may be shared within our trading divisions and satellite offices as part of our day to day business activities and regular reporting activities on company performance.

 

  • With our corporate clients: We will share your personal data with our corporate clients for whom we are recruiting and we need to share your personal data with to put you forward for a job.

 

  • Our third party service providers: We will share personal data with third party service providers such as providers/vendors and agents (including their subcontractors) such as IT suppliers, document management providers, software providers and information security providers.
    • Clients

This section will apply to individuals with whom we liaise at a corporate client.

  • What personal data do we collect and use?
    • general information such as your name and contact details including phone number and email address; and
    • professional details such as your job title and information about your job role.

We do not collect any of your special category data; this is any information relating to your health or medical records, criminal records or convictions, sexual orientation, racial or ethnic origin, political or philosophical opinions or affiliations, religious or philosophical beliefs or affiliations or trade union membership or genetic or biometric data.

  • How do we obtain your personal data?

We obtain your personal data directly from you.

For what purpose do we use your personal data and with whom is it shared?

We only process personal data for the purposes described in this Notice. Data Protection Laws require companies to have a “lawful basis” to collect and use personal data. For Storm2 these will be:

  • it is necessary for legitimate business interests pursued by us or a third party and your interests and fundamental rights do not override those interests. In each case we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interest.

We will process your personal data for the following purposes and in reliance of the listed lawful bases:

Purpose for processing your personal data Lawful basis

To liaise with you about placement of a candidate/referral of a candidate for a role in your organisation

 

·        Legitimate interests (to provide our services as a recruitment consultant)
For general correspondence purposes and to create relationships

·        Legitimate interests (to provide our services as a recruitment consultant and keep you updated about prospective candidates)

 

For marketing purposes

·        Legitimate interests (to send you information about our recruitment consultancy services)

 

 

  • Who do we share your personal data with

When we share your personal data, we do so in accordance with Data Protection Laws and our internal security standards.  Below are the parties with whom we may share personal data and why:

  • Within the Levin Group: We may share your personal data with other companies within the Levin group based in Australia, Germany, the Netherlands, Singapore and the USA where we have satellite offices.

 

Your personal data may be shared within our trading divisions and satellite offices as part of our day to day business activities and regular reporting activities on company performance.

 

  • With prospective candidates applying for a job at your organisation.

 

  • Our third party service providers: We will share personal data with third party service providers such as providers/vendors and agents (including their subcontractors) such as IT suppliers, document management providers, software providers and information security providers.
    • Individuals applying to work at Storm2

This section will apply to individuals when they are applying to work at Storm2. If you become an employee, you will be provided with a separate employee privacy notice which outlines how we collect and use your personal data during and after your working relationship with us.

  • What personal data do we collect and use?
    • Personal details such as your name, address, date of birth, country of residence and contact details including phone number and email address;
    • Identity documents such as copies of passports (this information is only collected when we offer you a job); and
    • Information relevant to the recruitment process such as your job title, information about your job role, your CV or cover letter and any other information which you have shared with us as part of the recruitment process and any notes taken from an interview with you.

We do not collect any of your special category data; this is any information relating to your health or medical records, criminal records or convictions, sexual orientation, racial or ethnic origin, political or philosophical opinions or affiliations, religious or philosophical beliefs or affiliations or trade union membership or genetic or biometric data.

  • How do we obtain your personal data?

We obtain your personal data in a number of different ways:

  • directly from you when you apply to work at Storm2 or during any form of communications such as face to face, written and phone correspondence or interviews;
  • from correspondence with you on LinkedIn; or
  • from recruitment agencies.

For what purpose do we use your personal data and with whom is it shared?

We only process personal data for the purposes described in this Notice. Data Protection Laws require companies to have a “lawful basis” to collect and use personal data. For Storm2 these will be:

  • it is necessary in order to take steps to enter into a contract with you;
  • it is necessary for legitimate business interests pursued by us or a third party and your interests and fundamental rights do not override those interests. In each case we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interest.

We will process your personal data for the following purposes and in reliance of the listed lawful bases:

Purpose for processing your personal data Lawful basis

For the purposes of the recruitment process including:

·        considering your suitability for the role;

·        conducting interviews;

·        determining the terms on which you would work for us;

·        conducting right to work checks (when we make you an offer);

·        record-keeping purposes; and

·        general correspondence with you.

 

·        Performance of contract

·        Legitimate interests (for recruitment and record-keeping and management)

 

General business management, record keeping, operations and planning. Legitimate interests (business administration and operations)

 

  • Who do we share your personal data with

When we share your personal data, we do so in accordance with Data Protection Laws and our internal security standards.

  • Within the Levin Group: We may share your personal data with other companies within the Levin group based in Australia, Germany, the Netherlands, Singapore and the USA where we have satellite offices.

 

Your personal data may be shared within our trading divisions and satellite offices as part of our day to day business activities and regular reporting activities on company performance.

 

  • Our third party service providers: We will share personal data with third party service providers such as providers/vendors and agents (including their subcontractors) such as IT suppliers, document management providers, software providers and information security providers.
  1. how do we protect your personal data when sending it outside UK and/or europe?
    • In some circumstances, we may need to transfer your personal data to a country or territory outside the UK and/or the European Economic Area (which means all the European Union (EU) countries plus Norway, Iceland and Liechtenstein, together “EEA“).
    • When we do so, we will ensure that such transfers are appropriately safeguarded and in compliance with Data Protection Laws. This may mean that we enter into the UK’s International Data Transfer Agreement with service providers –a set of contractual wording which has been issued by the UK’s data protection regulator.
    • A summary of our regular data transfers are set out below:
Country/jurisdiction to where we transfer personal data Purpose for the transfer Safeguard used to protect your personal data
Australia This is an intra-group transfer ie a transfer to a company within the Levin group for servicing, account management, administrative purposes and client relationship/marketing purposes. UK’s International Data Transfer Agreement
Singapore This is an intra-group transfer ie a transfer to a company within the Levin group for servicing, account management, administrative purposes and client relationship/marketing purposes. UK’s International Data Transfer Agreement
United States of America This is an intra-group transfer ie a transfer to a company within the Levin group for servicing, account management, administrative purposes and client relationship/marketing purposes. UK’s International Data Transfer Agreement

 

  1. what marketing activities do we carry out?
    • We may from time to time provide you with information about our services or information about any relevant industry developments which we think will be of interest to you or which you have asked us to provide you with. This may be sent by email or we may contact you by phone.
    • Please note that you can opt out of receiving any marketing communications at any time. An “unsubscribe” link appears in all our marketing emails. To unsubscribe from emails sent by us, simply click on the link at any time. Alternatively, you can contact us to update your preferences using the contact details in the “Contacting Us” section below (see section ‎10).
  2. automated processing

We do not carry out any automated decision-making. If this changes, we will let you know.

  1. your rights
    • Under some data protection laws, you have the right to make certain requests of us in relation to the personal data that we hold about you. If you wish to exercise these rights at any time please contact us using the details set out in the “Contacting us” section (see section ‎10).
    • Please note that not all of your data subject rights will be absolute; this means that there may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with legal requirements). However, if we cannot comply with your request, we will tell you the reason, and we will always respond to any request you make. In some locations, not all rights will be available. We have set out a summary of relevant rights available to you under the locations in which we operate.
    • There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restrict processing and the right to withdraw consent) will mean we can no longer provide you with our services. We will inform you of these consequences when you exercise your right.
    • Your rights under data protection laws are:
      • the right to access your personal data:
        • you are entitled to a copy of the personal data we hold about you and certain details of how we use it; and
        • we will usually provide you with your personal data in writing, unless you request otherwise, or where you have made the request using electronic means, in which case the information will, where possible, be provided to you by electronic means;
      • the right to rectification: we take reasonable steps to ensure that your personal data that we hold is accurate and complete, however, you can ask us to amend or update the personal data if you do not believe that this is so or if your details change;
      • the right to erasure: you have the right to ask us to erase your personal data in certain circumstances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right, will, however, need to be balanced against other factors, for example, we may have legal obligations which mean we cannot comply with your request;
      • the right to restrict processing: in certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccurate;
      • the right to data portability: you have the right, under certain circumstances, to ask that we transfer personal data that you have provided to us to another third party of your choice;
      • the right to object to marketing: you can ask us to stop sending you marketing messages at any time. You can exercise this right by either clicking on the “unsubscribe” link which is contained in any email that we send to you or you can use the details set out in the “Contacting us” section to contact us (see section ‎10). Please note that exercise of this right does not extend to service related communications which, where necessary, we will continue to send;
      • the right to object to processing: where we process your personal data based on our legitimate business interests (indicated in this privacy policy), you can object to our processing. We will consider your objection and determine whether or not our legitimate business interests prejudice your privacy rights;
      • the right to withdraw consent: we may ask for your consent for certain uses of your personal data – we have indicated in this privacy policy where we need your consent. You have the right to withdraw your consent at any time;
      • rights relating to automated decision-making: we do not carry out any automated decision making. If this changes in the future, we will let you know; and
      • to the right to lodge a complaint with the Information Commissioner’s Office: you can find out more information at the Information Commissioner’s Office website: https://ico.org.uk/. Please note that lodging a complaint will not affect any other legal rights or remedies that you have.
  1. how we protect your personal data
    • We have put in place:
      • appropriate security measures, policies and procedures to prevent your personal data from being accidentally lost, used, interfered with or accessed in an unauthorised manner, altered or disclosed; and
      • procedures to address any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.
    • We review our security measures periodically. We also ensure that our employees receive appropriate data security training.
  2. how long do we keep your personal data?
    • We will only keep your personal data for as long as is necessary to fulfil the relevant purposes as set out in this privacy policy and more widely to comply with our legal obligations.
    • The exact time period will depend on your relationship with us and the type of personal data we hold; for example for individuals applying to work at Storm2:
      • We will retain your personal data for a period of 12 months after we have communicated to you our decision about whether to appoint you to a role. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal data in accordance with our data retention policy. Where you are successful, your data will be processed in accordance with the Employee Privacy Notice (which will be provided as part of your induction).
      • You will be asked if you also wish to consent to us retaining your personal data on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that. If you consent to this, we will retain your information for a period of 12 months, after which we will securely destroy your personal data in accordance with our data retention policy unless you confirm your consent to this data being retained for a further period.
  1. contacting us

If you have any queries about how we handle your personal data, the contents of this privacy policy, your data protection rights under applicable data protection laws, how to update your records or how to obtain a copy of the personal data that we hold about you, please email us at privacy@storm2.com or write to us at: 66 Prescot St, London, England, E1 8NN.

  1. updates to this privacy policy

We may change or update parts of this Notice from time to time in order to maintain compliance with applicable Data Protection Laws and any changes to other laws or following an update to our internal practices. We will publish the updated version of the privacy policy and you can check our website https://storm2.com/privacy-policy/ periodically to view it.