Privacy Policy

Last updated: 23 October 2024

Rare Recruitment Ltd ("we") are committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us (either directly or via a third party), will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By visiting our websites listed here:

• rarerecruitment.co.uk,
• targetoxbridge.co.uk,
• contextualrecruitment.co.uk,
• contextualrecruitment.com,
• discusslaw.co.uk,
• candidats.io,
• candidx.io,
• invessed.careers,
• vantageapp.io and,
• hemisphereapp.io (law, finance, education and general versions) (“Sites”)

signing up to our products, or by otherwise providing personal data to us (either directly or indirectly), you acknowledge and agree to the practices described in this policy.

For the purpose of the EU General Data Protection Regulation (“GDPR”), the data controller is Rare Recruitment Ltd of 8 Blackstock Mews, Islington, London, N4 2BT.

Any changes we may make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.

If you are in Australia, we adhere to the obligations of the Privacy Act (1988) (Cth) with respect to the collection, storage, use, transfer and disclosure of personal information that we receive from you.

Personal data we may collect from you

“Personal data”, or personal information, means any information that enables us to identify you, directly or indirectly when combined with other information we hold. It includes “pseudonymised personal data” where identifying information such as name and address has been replaced with a pseudonym. It does not include “anonymous data” where the identity has been permanently removed so that it is no longer possible to identify an individual. We may collect and process the following kinds of personal data about you:

Information you give to us

• You may give us personal data about you by filling in forms on our Sites, for example, the Vantage form on vantageapp.io or at rare.app.candidx.io/, by requesting a demo of our products or services, or by corresponding with us by phone, e-mail or in person during a meeting with us. This includes personal data you provide when you register to use our Sites, products or services, and when you report a problem with the same.
• The personal data you give us may include your name, address, e-mail address, phone number, photograph, gender and social mobility, qualifications and examination grades, work experience and extracurricular activities, job applications and the outcome of those applications.
• You may also give us special categories of personal data, including details of your gender, race or ethnicity, health data and date of birth.

Information you give to us when you sign up to Vantage

• When you sign up to Vantage, we will ask you to provide certain personal data, including name, contact details, education history and education attainment. You will also be asked a series of questions about your socio-economic background (e.g. whether you have lived in care, whether you received free school meals, etc.). We use this information to help assess whether you overachieved academically in light of your surrounding personal circumstances by comparing your results with national statistics.
• Vantage accounts are tiered:
  • Vantage Passport - This is a basic Vantage account which will store your data and allow you to apply to multiple potential employers (“partner firms”) using Rare’s Applicant Tracking System, Candid ATS (“Candid ATS”), without having to input the same data multiple times. Your data is not published, and no other firms get access to your data unless you apply for a role with a specific partner firm that uses Candid ATS. A list of partner firms and links to their privacy policies can be found here.
  • Vantage Connect – A Vantage Connect account allows you to connect with employers using Vantage (“Vantage partner firms”) and hear directly about opportunities. Your profile, including your personal data and contextual data, is published on Vantage and is available to search by Vantage partner firms.
• Once you have created a Vantage account, we may contact you regarding your complete or partially complete Vantage profile or ongoing applications.
• By completing your Vantage Connect profile, you acknowledge that the information you have provided, including personal data, and your contextual data, will be shared with Vantage partner firms, who may contact you directly regarding employment opportunities. A list of the Vantage partner firms who will have access to your information, and a link to their privacy policies, can be found here:
• 5 Stone Buildings
• Ashurst
• Baker McKenzie
• BDP
• Bird & Bird
• Burges Salmon
• Clifford Chance
• Cooley
• Cripps
• Eversheds Sutherland
• Freshfields
• Harbottle & Lewis
• Hausfeld
• Henderson Chambers
• Herbert Smith Freehills
• Hogan Lovells
• Katten
• Latham & Watkins
• Lewis Silkin
• Linklaters
• Macfarlanes
• Pinsent Masons
• Prime
• RPC
• Slaughter and May
• Taylor Wessing
• Travers Smith
• Weil, Gotshal & Manges
• Willkie Farr & Gallagher

Vantage partner firms will have access to any special categories of personal data that you have chosen to share, provided you gave your explicit consent when creating your Vantage profile. This may include data relating to your gender, ethnicity, sexual orientation, and any health information you voluntarily provide. Vantage partner firms use this data in line with their own privacy policies as part of their recruitment process. We rely on your explicit consent to share special categories of personal data with Vantage partner firms, which can be withdrawn at any time by updating your profile settings.

You can access, amend or delete your own personal data, or your entire Vantage account, at any time by logging in to your account and navigating to the Account Preferences section.

Rare may process your personal data provided when creating your Vantage profile for further research purposes (e.g. to identify trends such as the number of people who have lived in care who achieve AAA in their A levels). Please note that Vantage does not involve automated individual decision-making (making a decision solely by automated means without any human involvement). Vantage collects specific data which allows a human recruiter to better evaluate the outperformance of an individual.

Information you give to us when you sign up to Hemisphere

• When you sign up to Hemisphere, you will be provided with an invitation code to create your account using your email address and a password. Your answers to any questions from the training will be deleted after you have completed the training, or after 30 days of account creation, unless you have provided explicit consent for us to store them.
• We retain the following information:
• Email address;
• Invitation code;
• Account creation date;
• Whether you have completed the training;
• Training completion date; and
• How much time was spent on the training.
• We do not retain your answers to any questions from the training, unless you have provided explicit consent for us to do so.
• We will only send you emails related to your training. You can choose to unsubscribe from these emails if you wish.
• We will not share your information with any third parties.

Information we collect about you

• With regard to each of your visits to our Sites we may automatically collect the following information:
  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version and platform; and
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Sites (including date and time); page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Information we receive from third parties

• We may receive personal data about you from employers and potential employers who you apply to with our help, who provide us with feedback and decision outcomes relating to your performance during the recruitment process, during internships and/or work placements.

Information we receive from third parties when you apply for a position directly with that third party

• Many employers in the UK use Rare’s Contextual Recruitment System (CRS) in the context of their application processes. This means that when you apply for a position with some employers you will be asked a series of questions about your socio-economic background (e.g. whether you have lived in care, whether you received free school meals etc).
• Your answers to these questions are then passed to Rare (only with your consent) but will exclude identifying data such as your name, phone number, postal address, email address or date of birth unless otherwise stated on your application form.
• The personal data you give us may include your age 14-16, 16-18 and university qualifications and examination grades, your home postcode at age 16, free school meals eligibility, whether you worked during school and university, whether you were first in your family to go to university, refugee/asylum seeker status, whether you spent time in care and parent/carer status .
• This pseudonymised information is used to help assess whether you overachieved academically in light of your surrounding personal circumstances by comparing your results with national statistics. The results of Rare’s data processing are then passed back to the employer who can link the result to your individual application and further assess your application. If you consent to it when you apply for a position directly with a third party which uses CRS, the data which Rare receives from employers may also be used by Rare for further research purposes (e.g. to identify trends such as the number of people who have lived in care who achieve AAA in their A levels). Please note that the CRS does not involve automated individual decision-making (making a decision solely by automated means without any human involvement). The CRS collects specific data which allows a human recruiter to better evaluate the outperformance of an individual.

Do we use cookies?

Google Analytics uses cookies to collect information about how visitors use our Sites. We use the information to compile reports and to help us improve the Sites. The cookies collect information in an anonymous form, including the number of visitors to the Sites, where visitors have come to the Sites from and the pages they have visited.

To opt out of being tracked by Google Analytics please visit: /tools.google.com/dlpage/gaoptout.

View our Cookie Policy here.

LinkedIn Insight Tag

We use The LinkedIn Insight Tag on our site, which is a cookie that tracks key metrics such as conversions or email sign-ups tied to LinkedIn users who saw our site on the platform and later visited our site. The Tag enables the collection of data including the URL, referrer, IP address, device and browser characteristics, and timestamp of your visit. The IP addresses are truncated or hashed (when used for reaching members across devices), and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymised data is then deleted within 180 days. LinkedIn does not share the personal data of members with us; they only provide reports and alerts (which do not identify members) about our website audience and ad performance.

You can deactivate LinkedIn Insight conversion tracking and interest-based personalised advertising by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Further information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

How we use your personal data?

We will only use your personal data for purposes described in this policy and when the law allows us to do so.

We process your personal data for the following purposes as is necessary for the performance of a contract between you and us, or to answer questions or take steps at your request prior to entering into a contract:

• to carry out our obligations arising from any agreements between you and us and to provide you with the information and services that you request from us;
• to send you information about suitable job opportunities
• to allow employers to send you information about suitable job opportunities; and
• to notify your school, sixth form college or university that you have applied to a programme, and the outcome of that application, if the opportunity was promoted to you by your school, sixth form college or university.

We process your personal data for the following purposes as necessary for certain legitimate interests, or where you have given your informed consent (or explicit consent for special categories data) to such processing as required by applicable law (such consent can be withdrawn at any time):

• to provide your personal data to our clients (universities and their associated colleges, employers and Vantage partner firms) to whom you are applying or have registered for career events and with whom you have permitted us to share your personal data;
• to send you information and newsletters;
• to notify you about changes to our service;
• to conduct periodic campaigns, satisfaction or market research surveys, as well as to analyse the results; and
• to offer our services to you in a personalised way.

We process your personal data for the following purposes as necessary in our legitimate business interests, (provided such interests are not overridden by your interests or fundamental rights):

• to perform those research activities described above (only fully anonymised data will be used for research purposes);
• to resolve any disputes, if you lawfully exercise your rights or if you wish to dispute any part of our service offering;
• to ensure the security of your data and our business, preventing or detecting fraud or abuses of our services, for example, by requesting verification information in order to reset your account password (if applicable);
• to develop and improve our Sites, products and services, for example, by reviewing the use of our Sites by users;
• to administer our Sites and for internal business administration and operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
• to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.

Do we disclose your personal data?

We may disclose your personal data to third parties:

• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
• If Rare Recruitment Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Rare Recruitment Ltd, our customers, or others.
• So that we can use third party software to contact you via text or email.
• As described elsewhere in this policy.

We use some sub-contractors in the software development part of our business. We use service providers who provide penetration testing services, front end software development, quality assurance application programme interface development and systems administration.

Quality and security

We require all our sub-contractors to sign contracts which include restrictive covenants, detailed clauses on client confidentiality, and data protection compliance.

We require our sub-contractors to use secure communication for all their work with Rare.

Work devices are encrypted, password protected or both.

We require all our sub-contractors to receive information security training and to provide satisfactory references to us.

Storage of your personal data

All information you provide to us is stored on a secure AWS server located in the British Isles. The backup server is located in Ireland.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. See the section below on data security for further details.

How long we store your personal data

We will only retain your personal data, in a form which permits us to identify you, for as long as necessary to fulfil the purposes we collected it for. We will retain and use your personal data as necessary to satisfy any legal, accounting or reporting requirements, to resolve disputes or to enforce our agreements and rights. In line with this privacy policy, we will either securely delete or anonymize your personal data so that it cannot be linked back to you. Generally, we store personal data in a form that can identify an individual for up to 10 years following collection unless it is required to fulfil any legal or contractual obligation, is required to continue our provision of service to you as an individual, or is required for the establishment, exercise or defence of legal claims.

Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Your rights

In accordance with the General Data Protection Regulation (GDPR), in certain circumstances you have the following rights:

Request access to your personal data. You may have the right to request access to any personal data we hold about you as well as related information, including the purposes for processing the personal data, the recipients or categories of recipients with whom the personal data has been shared, where possible, the period for which the personal data will be stored, the source of the personal data, and the existence of any automated decision making.

• Request correction of your personal data. You may have the right to obtain without undue delay the rectification of any inaccurate personal data we hold about you.
• Request erasure of your personal data. You may have the right to request that personal data held about you is deleted.
• Request restriction of processing your personal data. You may have the right to prevent or restrict the processing of your personal data.
• Request transfer of your personal data. You may have the right to request the transfer of personal data directly to a third party where this is technically feasible.

To exercise any of these rights, in the first instance please contact info@rarerecruitment.co.uk.

If you have any questions in relation to this policy, please contact info@rarerecruitment.co.uk.

Accreditation

Rare Recruitment Limited is an ISO27001:2013 certified company, Certificate Number: 214857.

Rare Recruitment Limited is a Cyber Essentials Plus accredited company, Certificate Number: CEP-CSL-0105-01. We have also been issued with the IASME Governance Standard, Certificate Number: SA003194.