Data Privacy Notice for Candidates

Elan UK Limited processes your personal information

(i) to provide you with job placement services,
(ii) for staff administration purposes,
(iii) to maintain its contractual or business relationship with you.
(iv) for accounts & records.
(v) to assess your suitability for a position or task and to provide you with training opportunities,
(vi) for personal improvement, selection and appraisal purposes, and to improve the quality and performance of the services that we provide.
(vii) for the management and defense of legal claims and actions, compliance with court orders and other legal obligations and regulatory requirements.

Elan processes sensitive personal information only if required to comply with legal obligations or with your consent. (Sensitive personal information means information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and health or sex life.)

We may disclose your personal information to our clients, other Elan branches, to subcontractors who perform services on our behalf, and where we are otherwise required to do so, such as by court order. Personal information pertaining to you may be transferred outside the E.U. to locations of Elan entities, our parent and sister companies and to clients relevant to the services that we are providing. Elan has taken steps to ensure that all information transferred receives an adequate level of data protection.

You can access and rectify your personal information, or obtain further information, by emailing us at dataprivacy@elanit.co.uk, or by writing to us at

Elan Computing Ltd

Data Privacy Officer

Legal Department

Dowgate Hill House

14-16 Dowgate Hill

London

EC4R 2SU

Data Privacy Notice for UK Business Partners

Elan UK Limited (Elan) processes personal information about individuals who work for the companies with whom we do business as necessary (i) to establish and maintain a business relationship with the company; (ii) to inform company personnel about additional business opportunities; and (iii) for customary internal Elan purposes, such as finance and accounting functions, legal functions, management functions; and (iv) for the management and defence of legal claims and actions, compliance with court orders and other legal obligations and regulatory requirements.

Elan processes sensitive personal information only if required to meet its legal obligations, or with the individual's consent.

Elan may disclose personal information obtained from our business partners as needed to further the objective of the business relationship. These disclosures may be made to other Elan (or Manpower) entities, and other business partners, and where we are otherwise required to do so, such as by court. Personal information may be transferred to other locations, including to countries that do not have comprehensive privacy laws. In each case, Elan has taken steps to ensure that all information transferred receives an adequate level of data protection.

You can access and rectify your personal information, or obtain further information, by emailing us at dataprivacy@elanit.co.uk or by writing to us at:

Elan Computing Ltd

Data Privacy Officer

Legal Department

Dowgate Hill House

14-16 Dowgate Hill

London

EC4R 2SU

Data Protection Policy for UK Suppliers

1. Definitions

The following definitions apply for the purposes of this Policy:

"Agreement" means any agreement entered into between Elan and the Supplier regarding the supply temporary or permanent resources to Elan or a third party;
"Elan" means Elan Computing Limited of Elan House, 5-11 Fetter Lane, London EC4A 1QX;
"Personal Information" shall mean any and all information relating to an identified or identifiable individual (an identifiable individual is one who can be identified directly or indirectly, in particular by reference to an identification number or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity);
"Processing of Personal Information" (or "Processing") shall mean all operations which are performed upon Personal Information, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking or dispersed erasure or destruction;
"Services" shall mean any and all services where the Supplier provides Personal Information to Elan (including without limitation as part of recruitment services provided by the Supplier); and
"Supplier" shall mean any third party (including without limitation a third party recruitment agency) that supplies candidates or contractors to Elan for temporary or permanent placement with another third party.

2. Supplier Representations and Warranties

2.1 The Supplier represents and warrants that all Personal Information disclosed to Elan has been collected and Processed fairly and lawfully and in compliance with applicable data protection laws, information security laws, privacy laws, tort laws and other laws that directly or indirectly regulate the Processing and fair use of Personal Information (the "Law).
2.2 The Supplier understands that Personal Information may be transferred outside the country of collection and stored in Elan's global information systems and the Supplier agrees to such transfers. Elan's Global Privacy Policy shall apply to the Processing of Personal Information in such global information systems.
2.3 The Supplier understands and agrees that Personal Information may, within Elan's normal course of business and under the terms of its Global Privacy Policy, be disclosed (i) to Elan vendors, (ii) to Elan's business partners as required for the agreed Services; (iii) to public authorities including but not limited to courts and law enforcement agencies and (iv) to third parties as required in the context of the sale of a part or the entirety of Elan's business or in the context of a merger or an acquisition.
2.4 The Supplier represents and warrants that it has full legal authority to disclose Personal Information to Elan.

3. Processing of Supplier Contact Information

Elan processes Personal Information of employees, candidates and contractors of the Supplier as required to provide services to its clients and customers and as needed to establish and maintain a business relationship. Such Personal Information may be disclosed to Elan entities, companies of the Elan group, or other third parties (such as our candidates and data possessors), in the normal course of business. Elan Processes sensitive Personal Information only if required to meet its legal obligations, with the consent of the Supplier's employees, candidates or contractors, or if otherwise permitted or required by law. Personal Information pertaining to the Supplier's employees, candidates or contractors may be transferred outside of the country of collection, including to countries that do not have comprehensive privacy laws. In each case, Elan has taken steps to ensure that all Personal Information transferred receives an adequate level of data protection. Elan retains Personal Information only for such time as is necessary for the purpose(s) for which it was collected. The Supplier shall provide adequate notice about Elan's information practices to the Supplier's employees, candidates or contractors if Elan processes Personal Information of such employees, candidates or contractors required to have access to Elan's information systems or that is needed for the execution of the Agreement. The Supplier's employees, candidates and contractors who have questions about the Processing of their Personal Information may contact Elan at the following address www.elanit.com or email dataprivacy@elanit.co.uk.

4. Indemnification

Notwithstanding anything to the contrary in the Agreement, the Supplier will fully reimburse Elan, its affiliates, subsidiaries and their respective officers, directors, employees and agents for:

(a) all fines or penalties imposed on Elan by a court or governmental agency in connection with a violation of applicable privacy laws, information security laws, data protection laws, tort laws, or other laws that directly or indirectly regulate the processing and fair use of Personal Information caused by the Supplier's breach of the terms of this Policy;
(b) all third party damages incurred by Elan resulting from, arising from, or related to any claim by any third party caused by the Supplier's breach of the terms of this Policy;
(c) all costs, liabilities, losses or expenses incurred by Elan to remedy its violation of Law (such as, but not limited to implementation of additional security measures), to defend claims referred to under (a) and (b) above or to satisfy a legal requirement caused by the Supplier's breach of the terms of this Policy; and
(d) all costs, liabilities, losses or expenses incurred by Elan for any breach in the Supplier's security that involves Personal Information.

5. Further information

You can access and rectify your personal information, or obtain further information, by emailing us at dataprivacy@elanit.co.uk or by writing to us at:

Elan Computing Ltd

Data Privacy Officer

Legal Department

Dowgate Hill House

14-16 Dowgate Hill

London

EC4R 2SU

Data Protection Policy for UK Clients

1. Purpose.

This Data Protection Policy (the "Policy") stipulates confidentiality, security and privacy requirements with respect to Personal Information processed by Elan Computing Limited whose registered office is at 5-11 Fetter Lane London EC4A 1QX ("Elan") and the Client on each other's behalf, pursuant to any service agreement from time to time in place between the parties (the "Service Agreement").

2. Definitions.

For the purposes of this Policy:

(a) "Client" means the company or legal entity to which Elan provides Services under a Service Agreement and "Global Client" shall be construed as a Client to which Elan provides Services in more than one country;
(b) "Personal Information" shall mean any and all information relating to an identified or identifiable individual (an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identification number or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity). Personal Information can be in any media or format, including computerized or electronic records as well as paper-based files;
(c) "Processing of Personal Information" (or "Processing") shall mean any operation or set of operations which is performed upon Personal Information, as described in the Data Protection Act 1998, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking or dispersed erasure or destruction;
(d) "Processing Purposes" shall mean only for relevant, appropriate, and customary business purposes, such as: (1) recruitment and placement; (2) administration of compensation and benefit programs; (3) performance management and training; (4) advancement planning; (5) workforce and risk management; (6) workplace management; (7) outplacement services (8) client and government reporting (9) other legal and expected business-related purposes; and (10) other specific purposes that Elan may define from time to time; and
(e) "Services" shall mean any and all services that require Elan and Client to exchange Personal Information.

3. Privacy obligations.

(a) Each party agrees that it shall Process Personal Information from the other party only on behalf of the other party, for the Processing Purposes defined in Section 2 (d), and in accordance with such party's instructions pursuant to the Service Agreement and this Policy;
(b) Each party shall be responsible for and shall comply with all applicable Privacy, Data Protection and Information Security Laws and regulations that apply from time to time to such Personal Information;
(c) Each party shall keep Personal Information confidential;
(d) Each party shall refrain from selling Personal Information;
(e) Each party ensures that employees who have a need to access Personal Information are informed as to the privacy and security requirements and are held by legally binding confidentiality obligations;
(f) Each party shall reasonably secure Personal Information. Parties agree to take reasonable administrative, physical and technical measures to protect the Personal Information;
(g) Each party agrees that it shall immediately inform the other party, in writing:
(i) if it cannot comply with this Policy. If this occurs, both parties shall use reasonable efforts to remedy the non-compliance;
(ii) of any request for access to the other party's Personal Information received from any government official (including, but not limited to, a court, a data protection agency or law enforcement agency); and
(iii) of any accidental or unauthorized disclosure, loss or access to Personal Information;
(h) Parties shall reasonably co-operate with each other in responding to enquiries, complaints, and claims relating to the Processing of Personal Information from any court or governmental official (including but not limited to any data protection agency or law enforcement agency), third parties, or individuals;
(i) Parties shall only disclose Personal Information to a third party under the conditions set forth in Section 3(a) of this Policy and Parties shall require such third parties to provide for the same level of data protection as set forth in this Policy by legally binding means;
(j) Parties agree to provide adequate notice about the Processing of Personal Information pertaining to the other party's employees and contractors required to administer due access of such individuals to their information systems;
(k) Upon termination of the Service Agreement, parties will return all Personal Information or any copy thereof owned by each respective Party unless agreed otherwise.

4. Processing of client contact information.

Where each party Processes Personal Information of employees, candidates and contractors of the other Party they shall do so only as required to provide the Services and as needed to establish and maintain a business relationship. Each party understands and agrees that such Personal Information may be disclosed to affiliated entities of each party, or other third parties (such as our candidates and data processors), in the normal course of business. Parties may Process sensitive Personal Information only if required to meet their legal obligations, with the consent of the employees, candidates or contractors of the other Party, or if otherwise permitted or required by law. Personal Information pertaining to employees, candidates or contractors of the other Party may be transferred outside the country of collection, including to countries that do not have comprehensive privacy laws. Each party has taken steps to ensure that such Personal Information pertaining to employees, candidates or contractors of the other Party transferred receives an adequate level of data protection. Parties agree to retain such Personal Information only for such time as is necessary for the purpose(s) for which it was collected.

5. International transfer of personal information.

(a) Parties understand and agree that they may only import or access Personal Information from the EEA, Switzerland, Hong Kong, Canada, Japan, Argentina, New Zealand, Australia, Canada, the Isle of Man, Guernsey, or other jurisdictions that have laws in place that restrict the international transfer of Personal Information ("Protected Jurisdictions"), if Parties are located in Protected Jurisdictions or if Parties have taken relevant, appropriate and effective measures ensuring an adequate level of data protection under the relevant data protection laws or otherwise permitting the international transfer of Personal Information;

(b) In the absence of any such relevant, appropriate and effective measures, or if the measures taken by Parties are geographically or materially inapt, Parties agree to execute and comply with the terms and conditions of:

(i) the Model Clauses set forth in Commission Decision (2002/16/EC) of 27 December 2001 if the recipient party of Personal Information qualifies as a data processor as defined in EU Directive 1995/46, and to take all required action to effectively implement the requirements set forth by such Clauses; or
(ii) the Model Clauses set forth in Commission Decision C(2004)5271 of 7 January 2005 if the recipient party of Personal Information qualifies as a data controller as defined in EU Directive 1995/46, and to take all required action to effectively implement the requirements set forth by such Clauses.

6. Compliance with laws.

Each party shall stay informed of the legal and regulatory requirements for its Processing of Personal Information to which it or the Personal Information is subject. In addition to being limited to satisfaction of the Services, each party agrees that its Processing shall comply with all applicable privacy, data protection or information security laws and regulations to which it or the Personal Information is subject.

7. Indemnification.

Notwithstanding anything to the contrary in the Service Agreement, parties will fully reimburse each other, their affiliates, subsidiaries and their respective officers, directors, employees and agents for:

(a) all fines or penalties imposed on parties by a court or governmental agency in connection with a violation of applicable privacy laws, information security laws, data protection laws, tort laws or other laws that directly or indirectly regulate the processing and fair use of Personal Information ( "Law") caused by the other party's breach of this Policy;
(b) all third party damages incurred by parties resulting from, arising from, or related to any claim by any third party caused by the other party's breach of this Policy;
(c) all costs, liabilities, losses, or expenses incurred by parties to remedy their violation of Law (such as, but not limited to implementation of additional security measures), to defend claims referred to under (a) and (b) of this Clause 7 or to satisfy a legal requirement caused by the other party's breach of this Policy; and
(d) all costs, liabilities, losses or expenses incurred by parties for any breach in the other party's security that involves Personal Information except to the extent that the breach was caused or contributed to by the party who is seeking to rely on this indemnity.

8. Further information

You can access and rectify your personal information, or obtain further information, by emailing us at dataprivacy@elanit.co.uk or by writing to us at:

Elan Computing Ltd

Data Privacy Officer

Legal Department

Dowgate Hill House

14-16 Dowgate Hill

London

EC4R 2SU

Data Protection Policy for Irish Clients

1. Purpose.

This Data Protection Policy (the "Policy") stipulates confidentiality, security and privacy requirements with respect to Personal Information processed by Elan Recruitment Limited t/a Elan IT Resource whose registered office is at 1 Castlewood Avenue, Rathmines, Dublin 6 ("Elan") and the Client on each other's behalf, pursuant to any service agreement from time to time in place between the parties (the "Service Agreement").

2. Definitions. For the purposes of this Policy:

(a) "Client" means the company or legal entity to which Elan provides Services under a Service Agreement and "Global Client" shall be construed as a Client to which Elan provides Services in more than one country;
(b) "Personal Information" shall mean any and all information relating to an identified or identifiable individual (an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identification number or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity). Personal Information can be in any media or format, including computerized or electronic records as well as paper-based files;
(c) "Processing of Personal Information" (or "Processing") shall mean any operation or set of operations which is performed upon Personal Information, as described in the Data Protection Act 1988 (as amended by the Data Protection (Amendment) Act 2003), whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking or dispersed erasure or destruction;
(d) "Processing Purposes" shall mean only for relevant, appropriate, and customary business purposes, such as: (1) recruitment and placement; (2) administration of compensation and benefit programs; (3) performance management and training; (4) advancement planning; (5) workforce and risk management; (6) workplace management; (7) outplacement services; (8) client and government reporting; (9) other legal and expected business-related purposes; and (10) other specific purposes that Elan may define from time to time; and
(e) "Services" shall mean any and all services performed under or in connection with a Service Agreement that require Elan and Client to exchange Personal Information.

3. Privacy obligations.

(a) Each party agrees that it shall Process Personal Information from the other party only on behalf of the other party, for the Processing Purposes defined in Section 2 (d), or for the purposes expressed in the Service Agreement (or otherwise agreed in writing by the parties).

(b) Each party shall be responsible for and shall comply with all applicable Privacy, Data Protection and Information Security Laws and regulations that apply from time to time to such Personal Information.

(d) Each party shall refrain from selling Personal Information.

(e) Each party ensures that employees who have a need to access Personal Information are informed as to the privacy and security requirements and are held by legally binding confidentiality obligations.

(f) Each party shall reasonably secure Personal Information. Parties agree to take reasonable administrative, physical and technical measures to protect the Personal Information.

(g) Each party agrees that it shall immediately inform the other party, in writing:

(i) if it cannot comply with this Policy. If this occurs, both parties shall use reasonable efforts to remedy the non-compliance;
(ii) of any request for access to the other party's Personal Information received from any government official (including, but not limited to, a court, a data protection agency or law enforcement agency); and
(iii) of any accidental or unauthorized disclosure, loss or access to Personal Information.

(h) Parties shall reasonably co-operate with each other in responding to enquiries, complaints, and claims relating to the Processing of Personal Information from any court or governmental official (including but not limited to any data protection agency or law enforcement agency), third parties, or individuals.

(i) Parties shall only disclose Personal Information to a third party under the conditions set forth in Section 3(a) of this Policy and Parties shall require such third parties to provide for the same level of data protection as set forth in this Policy by legally binding means.

(j) Parties agree to provide adequate notice about the Processing of Personal Information pertaining to the other party's employees and contractors required to administer due access of such individuals to their information systems.

(k) Upon termination of the Service Agreement, parties will return all Personal Information or any copy thereof owned by each respective Party unless agreed otherwise.

4. Processing of client contact information.

Where each party Processes Personal Information of employees, candidates and contractors of the other Party they shall do so only as required to provide the Services and as needed to establish and maintain a business relationship. Each party understands and agrees that such Personal Information may be disclosed to affiliated entities of each party, or other third parties (such as our candidates and data processors), in the normal course of business. Parties may Process sensitive Personal Information only if required to meet their legal obligations, with the consent of the employees, candidates or contractors of the other party, or if otherwise permitted or required by law. Personal Information pertaining to employees, candidates or contractors of the other party may be transferred outside the country of collection, including to countries that do not have comprehensive privacy laws. Each party has taken steps to ensure that such Personal Information pertaining to employees, candidates or contractors of the other party transferred receives an adequate level of data protection. Parties agree to retain such Personal Information only for such time as is necessary for the purpose(s) for which it was collected.

5. International transfer of personal information.

(a) Parties understand and agree that they may only import or access Personal Information from the EEA, Switzerland, Hong Kong, Canada, Japan, Argentina, New Zealand, Australia, Canada, the Isle of Man, Guernsey, or other jurisdictions that have laws in place that restrict the international transfer of Personal Information ("Protected Jurisdictions"), if parties are located in Protected Jurisdictions or if parties have taken relevant, appropriate and effective measures ensuring an adequate level of data protection under the relevant data protection laws or otherwise permitting the international transfer of Personal Information.

(b) In the absence of any such relevant, appropriate and effective measures, or if the measures taken by parties are geographically or materially inapt, parties agree to execute and comply with the terms and conditions of:

(i) the Model Clauses set forth in Commission Decision (2002/16/EC) of 27 December 2001 if the recipient party of Personal Information qualifies as a data processor as defined in EU Directive 1995/46, and to take all required action to effectively implement the requirements set forth by such Clauses; or
(ii) the Model Clauses set forth in Commission Decision C(2004)5271 of 7 January 2005 if the recipient party of Personal Information qualifies as a data controller as defined in EU Directive 1995/46, and to take all required action to effectively implement the requirements set forth by such Clauses.

6. Compliance with laws.

7. Indemnification.

(1) all fines or penalties imposed on parties by a court or governmental agency in connection with a violation of applicable privacy laws, information security laws, data protection laws, tort laws or other laws that directly or indirectly regulate the processing and fair use of Personal Information ("Law") caused by the other party's breach of this Policy;
(2) all third party damages incurred by parties resulting from, arising from, or related to any claim by any third party caused by the other party's breach of this Policy;
(3) all costs, liabilities, losses, or expenses incurred by parties to remedy their violation of Law (such as, but not limited to implementation of additional security measures), to defend claims referred to under (1) and (2) above or to satisfy a legal requirement caused by the other party's breach of this Policy; and
(4) all costs, liabilities, losses or expenses incurred by parties for any breach in the other party's security that involves Personal Information except to the extent that the breach was caused or contributed to by the party who is seeking to rely on this indemnity.

8. Further information

You can access and rectify your personal information, or obtain further information, by emailing us at dataprivacy@elanit.co.uk or by writing to us at:

Elan Computing Ltd

Data Privacy Officer

Legal Department

Dowgate Hill House

14-16 Dowgate Hill

London

EC4R 2SU

Data Protection Policy for Irish Suppliers

1. Definitions

The following definitions apply for the purposes of this Policy:

"Agreement" means any agreement entered into between Elan and the Supplier regarding the supply temporary or permanent resources to Elan or a third party;
"Elan" means Elan Recruitment Limited t/a Elan IT Resource of 1 Castlewood Avenue, Rathmines Dublin 6;
"Personal Information" shall mean any and all information relating to an identified or identifiable individual (an identifiable individual is one who can be identified directly or indirectly, in particular by reference to an identification number or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity);
"Processing of Personal Information" (or "Processing") shall mean all operations which are performed upon Personal Information, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking or dispersed erasure or destruction;
"Services" shall mean any and all services where the Supplier provides Personal Information to Elan (including without limitation as part of recruitment services provided by the Supplier); and
"Supplier" shall mean any third party (including without limitation a third party recruitment agency) that supplies candidates or contractors to Elan for temporary or permanent placement with another third party.

2. Supplier Representations and Warranties

2.1 The Supplier represents and warrants that all Personal Information disclosed to Elan has been collected and Processed fairly and lawfully and in compliance with applicable data protection laws, information security laws, privacy laws, tort laws and other laws that directly or indirectly regulate the Processing and fair use of Personal Information (the "Law).
2.2 The Supplier understands that Personal Information may be transferred outside the country of collection and stored in Elan's global information systems and the Supplier agrees to such transfers. Elan's Global Privacy Policy shall apply to the Processing of Personal Information in such global information systems.
2.3 The Supplier understands and agrees that Personal Information may, within Elan's normal course of business and under the terms of its Global Privacy Policy, be disclosed (i) to Elan vendors, (ii) to Elan's business partners as required for the agreed Services; (iii) to public authorities including but not limited to courts and law enforcement agencies and (iv) to third parties as required in the context of the sale of a part or the entirety of Elan's business or in the context of a merger or an acquisition.
2.4 The Supplier represents and warrants that it has full legal authority to disclose Personal Information to Elan.

3. Processing of Supplier Contact Information

4. Indemnification

Notwithstanding anything to the contrary in the Agreement, the Supplier will fully reimburse Elan, its affiliates, subsidiaries and their respective officers, directors, employees and agents for:

(a) all fines or penalties imposed on Elan by a court or governmental agency in connection with a violation of applicable privacy laws, information security laws, data protection laws, tort laws, or other laws that directly or indirectly regulate the processing and fair use of Personal Information caused by the Supplier's breach of the terms of this Policy;
(b) all third party damages incurred by Elan resulting from, arising from, or related to any claim by any third party caused by the Supplier's breach of the terms of this Policy;
(c) all costs, liabilities, losses or expenses incurred by Elan to remedy its violation of Law (such as, but not limited to implementation of additional security measures), to defend claims referred to under (a) and (b) above or to satisfy a legal requirement caused by the Supplier's breach of the terms of this Policy; and
(d) all costs, liabilities, losses or expenses incurred by Elan for any breach in the Supplier's security that involves Personal Information.

5. Further information

You can access and rectify your personal information, or obtain further information, by emailing us at dataprivacy@elanit.co.uk or by writing to us at:

Elan Computing Ltd

Data Privacy Officer

Legal Department

Dowgate Hill House

14-16 Dowgate Hill

London

EC4R 2SU