Privacy Policy
1. Introduction
Patrick Morgan Search Ltd takes its obligations under data protection laws seriously and is committed to ensuring your privacy.
This Privacy Notice sets out information about the types of personal information we collect as part of our business, how we process that information and who we share it with in relation to our services. It also explains the rights you have in relation to that information.
Personal information means any information about a person from which that individual can be identified. Patrick Morgan processes personal information in a number of different situations, set out in the sections below.
We may amend this Privacy Notice at any time and for any reason. The updated version is available at this location, by following the “Privacy” link on our website footer at https://www.p-morgan.com. If you are an employee or staff member at Patrick Morgan, a separate privacy notice is applicable. This will be available on Patrick Morgan’s intranet.
2. About Patrick Morgan
We are a leading Talent Advisory and Intelligence firm serving the Professional Services sector with offices in the United Kingdom and the United States. References to “Patrick Morgan”, “we” or “us” in this Privacy Notice means Patrick Morgan Search Ltd., a UK Private Limited Company with Company No. 09790603.
For the purposes of applicable data protection law, Patrick Morgan is responsible for this Privacy Notice and, to the extent relevant to applicable data protection law, is the controller of your personal information.
3. Patrick Morgan’s Contact Details
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us as follows:
By Post:
London: 59 Berkshire Road, London E9 5NB
New York: 800 Third Avenue, New York, NY 10022
By Email: enquiries@p-morgan.com
By Phone:
London: +44 (0)20 7459 4188
New York: +1 646 846 0163
4. Concerns and Complaints
If you are located in the UK, see below for details of how to express your concerns, make a complaint or exercise your rights.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at the details set out below. We would, however, appreciate the opportunity to address your concerns prior to contacting any data protection authority.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
United Kingdom
Telephone: +44 303 123 1113
Email: casework@ico.org.uk
If you are located in the European Union or European Economic Area, you have the right to make a complaint at any time to your applicable supervisory authority. A list of the applicable supervisory authorities are present here. We would, however, appreciate the chance to deal with your concerns before you approach any data protection authority, so please contact us in the first instance.
If you are a resident of the United States or located in any other region, please email your concerns, complaints or send a note to exercise your rights to us using the details in Section 3 above.
Patrick Morgan will maintain procedures for addressing and responding to all inquiries or complaints. Patrick Morgan shall investigate and respond to all complaints.
5. How we collect Personal Information
We use different methods to collect information from and about you including through:
Information You Provide Directly
Parts of this website include features or services that permit you to enter contact information and other information about you, such as your name, address, and e-mail address.
We will also collect personal information about you in the context of providing services to or receiving services from you or your organisation (such as when you speak to us by phone or by email), receiving your application for a job, if you visit our offices, and/or if you speak to us at an in-person event. Details about the types of personal information and the purposes for which they are collected are set out below in Sections 6 and 7 of this Policy.
If you provide information to us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
Information We Collect Automatically
When you interact with the website, certain information about your use of the website is automatically collected. This information includes your domain name and host for Internet access; the date and time of your access; how you arrived at the website (e.g. if you arrived there via a marketing link); your computer’s IP address and information about its operating system, browser, and host; MAC address and device-identifying information; and the areas and pages you visit on the website. When you have a phone call with us, such phone calls are recorded for training, quality and research purposes.
Information We Collect Indirectly
We will collect personal information about with whom we would like to develop a business relationship or whom we target for business development and marketing activities and communications. We obtain this information from publicly available social media such as LinkedIn or via B2B data platforms.
6. Types of Personal Information collected
| Category of Information | Types of Data Subject |
| Contact information – such as your first name, last name, postal or billing address, email address and telephone numbers. | Customer, potential customer vendor, website visitor, job applicant, office visitor |
| Demographic information – such as your age and gender. | Job applicant, customer |
| Technical information – such as information from accessing our website, your browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices that you use to access our website. | Website visitor |
| Internet or other electronic network activity information – such as your browsing history and information regarding your interactions with and use of our website. | Website visitor |
| Employment Information – such as your job title, organisation, classification of employment (e.g., government), your areas of expertise and experience, and your business interests. | Job applicant, customer, potential customer, vendor |
| Recruitment Information – such as name, title, addresses, telephone numbers, personal email addresses, date of birth, gender, compensation history, current salary, salary expectations, annual leave entitlement, pension and benefits information, current notice period and other employment records from previous roles, start date and location of employment; recruitment information (including copies of right to work documentation, references and other information included in a resume, cover letter or as part of the application process) and visual images and any photographs provided for business purposes. | Job applicant, customer, potential customer |
| Transaction information – such as details about payments to or from you and other details of products and services that you may have purchased or ordered from us or which we have purchased or ordered from you; | Customer, vendor |
| Marketing and communications information – includes your preferences in receiving marketing from us and our third parties and your communication preferences. | Customer, potential customer, website visitor |
| Video footage – CCTV images captured of persons present at Patrick Morgan offices. | Office visitor |
| Aggregated Data – such as statistical or demographic data for any purpose. | Customer, vendor, website visitor |
7. How we use the information we collect
| Purpose | Lawful Basis |
| Data Analysis and Research – to monitor, analyse and research trends so that we can improve our services; | Legitimate Interest – to be able to understand market conditions and provide high quality information and analysis as part of our services to customers. |
| Administration and Security – to administer and protect our business, offices, website and/or our services, including troubleshooting, auditing and monitoring its use, including, detecting, investigating, and preventing activities that may violate our policies or be fraudulent or illegal; | Legitimate interest – To be able to ensure the security of our services, offices and website. |
| Optimisation – to ensure that content from our website and/or services is presented in the most effective manner for you and for your device; | Legitimate Interest – to be able to improve and ensure the effective operation of the website and our services. |
| Marketing – to deliver relevant services content (such as newsletters) and advertisements to you and measure or understand the effectiveness of the advertising we serve to you; | Legitimate Interest – To be able to publicise our activities and assess the relevance and effectiveness of newsletters and other content delivered to you. |
| Registration – to register new customers of our business for use of our services; | Legitimate Interest – to be able to provide services. |
| Payment Processing – to process and manage payments, fees and charges and purchases; | Legitimate Interest – to be able to collect fees for the services we provide. |
| Contract – to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us; | Contract |
| Assessment of employment applications – to assess your candidacy as a potential employee or contractor for Patrick Morgan | Legitimate Interest – to be able to assess the suitability of candidates. |
| Compliance – to comply with legal requirements and protect the safety, property, and rights of Patrick Morgan, website users, and others. | Legal obligation |
We do not make any decisions based solely on automated processing (including profiling) of your personal data which has legal effects concerning you or which significantly affects you.
8. Sharing Personal Information
We disclose your personal information to third-party service providers who provide administrative or professional assistance, storage, security, telecommunications, and other services to us in support of our business, including secure remote working environments and office cloud software.
We ensure that all such suppliers are subject to contractual obligations to protect personal information appropriately, in accordance with data protection law.
9. International Transfers of Personal Information
In order to provide our services, from time to time, we transfer your data (i) outside of the United Kingdom or European Economic Area, such as to our offices in the United States or to a service provider with servers outside those countries. When this happens, we will ensure that the information is protected as described in this Privacy Notice. Please see below for further information about the appropriate safeguards that we implement.
Patrick Morgan ensures that an equivalent degree of protection is implemented by only transferring personal information to countries with adequate data protection regimes or using appropriate safeguards, such as specific contracts approved by the European Commission or UK government (as applicable) which give personal information the same protection it has in the UK or EU (e.g. European Commission: Standard contractual clauses for international transfers and the UK International Data Transfer Agreement or Addendum) or any data transfer mechanism approved by the European Commission or the UK authorities as appropriate, such as the EU-US Data Privacy Framework and the UK Data Bridge.
10. Security of Personal Information
We have put in place and maintain appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed.
Noted below is further information about the security measures we implement.
Third parties will only process your personal information where they have agreed to treat the personal information confidentially and to apply appropriate security measures.
Patrick Morgan employs many different security techniques to protect personal data against loss, misuse, alteration, and unauthorized action, including the use of mobile device management (MDM), and storage of data with well-known providers capable of applying appropriate security measures to personal information.
Patrick Morgan has procedures in place to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where appropriate and required under applicable law.
11. Retention of Personal Information
Patrick Morgan will only retain personal information for as long as it has a legitimate basis for doing so, including for the purposes of satisfying any legal, regulatory, commercial, accounting, or reporting requirements.
To decide on the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Patrick Morgan generally retains client documentation and matter files for as long as there is an ongoing relationship and an appropriate period thereafter, and once Patrick Morgan has no legal or commercial reasons to retain personal information, it will be securely deleted or destroyed.
12. Your Rights
If you are located in the United Kingdom or the European Economic Area or other locations with equivalent data protection regimes, you may have certain rights under applicable data protection laws in relation to your personal information. Please see below for further details.
- a. Request access to your personal information
This right is commonly known as a “data subject access request” and enables you to receive a copy of the personal information we hold on you and to check that we are lawfully processing it.
- b. Request correction of the personal information that we hold about you
This right enables you to have any incomplete or inaccurate information we hold about you corrected. Please keep us informed if your personal information changes during your relationship with us.
- c. Request erasure of your personal information
This right enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process such personal information. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- d. Object to processing of your personal information
Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, you may exercise this right. You may also object if we ever process your personal information for direct marketing purposes.
- e. Request the restriction of processing of your personal information.
This right enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing such personal information.
- f. Request the transfer of your personal information to another party.
This right enables you to request for your data to be transferred to another party in a portable format.
Your rights under other data protection laws may be similar or different to those above. If you ask to exercise these rights from a jurisdiction where you do not have the applicable right, we will consider the request at our discretion.
If you want to exercise any of these rights, please contact us using the details at Section 3. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You will not have to pay a fee to access your personal information or to exercise any of the other rights, unless the request is repetitive, clearly unfounded, or excessive, in which case we reserve the right to charge you a reasonable fee or refuse to comply with the request.