top of page
Winter Oak Logo
Winter Oak Logo
  • Winter Oak Talent

Privacy Policy

A legal disclaimer

DATA PROTECTION AND CONFIDENTIALITY

As a company providing recruitment services, Winter Oak Talent is committed to protecting the personal data of clients and candidates in line with the relevant legislation (“Data Protection Law”).  The relevant legislation includes the General Data Protection Regulation (EU 2016/679) and the UK Data Protection Act 2018, as well as other potentially supporting legislation.

 

Winter Oak Talent Limited ("we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, share, and protect personal information in connection with our recruitment services, including recruiting candidates across the United States. We operate as a data controller under the UK General Data Protection Regulation (UK GDPR) and comply with applicable UK and US data protection laws.

 

WHY THIS POLICY IS IMPORTANT

This policy is intended to provide information about how we will use (or “process”) personal data about individuals including our current, past and prospective clients, candidates and other third parties as well as visitors to our website. 

This information is provided in accordance with the rights of individuals under Data Protection Law to understand how their data is used.

This Privacy Notice applies alongside any other information Winter Oak Talent may provide about a particular use of personal data, for example when collecting data. 

 

RESPONSIBILTY FOR DATA PROTECTION

Winter Oak Talent must process personal data to provide recruitment services to its clients and candidates.  Ryan Winter is appointed as Data Protection Manager (DPM) to oversee its compliance with the data protection law and to deal with all requests and enquiries concerning Winter Oak Talent use of your personal data (see section on Your Rights below). 

Winter Oak Talent be contacted by:

  • E-mail:                  ryan@winteroaktalent.com

  • Telephone:            +1 (617) 843-2901

  • Post USA      100 Cambridge St, 14th Floor, Boston, MA, 02114

  • Post UK:                The Boathouse, Millbrook, Guildford, GU1 3XJ

 

 

 

WHY THE WINTER OAK TALENT NEEDS TO USE PERSONAL DATA

 

To carry out its ordinary duties to clients and candidates Winter Oak Talent may need to process a wide range of personal data about current, past and prospective clients and candidates as part of its daily operation.

Winter Oak Talent will need to carry out some of this activity to fulfil legal rights, duties or obligations – including those under a contract with its clients.

Other uses of personal data will be made in accordance with Winter Oak Talent legitimate interests, provided that these are not outweighed by the impact on individuals.

Winter Oak Talent expects that the following uses may fall within the category of its “legitimate interests”:

  • The provision of recruitment services.

  • Maintaining relationships with clients, candidates and the business community.

  • For the purposes of management planning.

  • For security purposes

  • Where otherwise reasonably necessary for Winter Oak Talent purposes, including to obtain appropriate professional advice and insurance.

 

TYPES OF PERSONAL DATA OBTAINED BY THE WINTER OAK TALENT

This will include by way of example:

  • Names, addresses, telephone numbers, e-mail addresses and other contact details.

  • Visa, passport and other right to work identity information

  • Job education history  

  • Candidates’ CVs/Resume’s and working history.

  • Candidates’ experience, training and qualifications.

  • Bank details and other financial information.

  • Passwords. 

  • Information contained in references and pre-employment checks from third parties

 

Sensitive Personal Data (SPD)

 

Sensitive personal data (e.g., race, ethnicity, health information) is rarely required for our recruitment services. If you provide such data, it will only be processed in the following circumstances:

·        You have explicitly consented to its use.

·        It is necessary to fulfill legal obligations under employment or workplace safety laws.

·        To maintain records for legal claims or disputes.

 

It is requested that you avoid sharing sensitive data unless necessary.

 

 

HOW WINTER OAK TALENT COLLECTS DATA

 

Generally, Winter Oak Talent receives personal data from the individual directly in the ordinary course of interaction or communication (such as verbally, by e-mail or by written documents).

However, in some cases personal data may be supplied by third parties such as:

 

  • Direct interactions (e.g., submitting your CV, completing forms, or contacting us).

  • Automated technologies (e.g., cookies and analytics tools on our website).

  • Third parties, such as job boards, professional networks (e.g., LinkedIn), or referees.

  • Publicly available sources, where permitted by law.

  • Former employer

 

 

 

DATA COLLECTED THROUGH THE WINTER OAK TALENT WEBSITE

Winter Oak Talent may collect the following information from visitors to its website:

  • IP addresses and information about the location of the visitor

  • the way that a visitor uses the website, including the pages viewed, dates, times and duration

  • data to show where visitors navigated to or from our website and searches made on our website.

This data is used to enable Winter Oak Talent to:

  • run the website ensuring that it works properly

  • improve the information on the website

  • maintain the websites security

 

We comply with the UK Privacy and Electronic Communications Regulations (PECR) for the use of cookies. Our website uses essential cookies to ensure functionality and non-essential cookies (e.g., analytics cookies) to improve user experience. You can manage your cookie preferences through our website’s cookie consent tool or by adjusting your browser settings.

 

 

Cookies are a piece of data which a website sends to a user’s computer. It is stored on the user’s computer and can be used to collect information on their site usage.  Winter Oak Talent uses cookies to identify how many users visit each page of its website so that it can improve the websites value to its visitors.  Winter Oak Talent does not use cookies in any way which would allow it to identify visitors to its website.  If you want to block cookies then you can do so through your web browser or through other software but in doing so you may find that you will be unable to visit some or all of Winter Oak Talent website.

 

WHO HAS ACCESS TO PERSONAL DATA AND WHO WINTER OAK TALENT  SHARES IT WITH

 

To enable Winter Oak Talent to provide its recruitment services it will be required to share candidates’ personal data with prospective employers. 

Occasionally, Winter Oak Talent will also need to share personal information with third parties, such as professional advisers (lawyers, insurers, IT Support and accountants), outsourced payment suppliers, background screening providers, or relevant authorities.

Apart from this, for the most part, personal data collected or accessed by Winter Oak Talent will remain within the company and will be processed by appropriate individuals only in accordance with access protocols (ie. on a “need to know” basis).  Winter Oak Talent will, where appropriate, ensure that their personnel access or Process Personal Data only for the purpose of performing services to clients and candidates in accordance with instructions given by the clients or candidates to Winter Oak Talent from time to time. 

In accordance with Data Protection Law, some of Winter Oak Talent processing activity is carried out on its behalf by third parties, such as cloud services and storage providers. 

Whenever personal data is stored with a third party it is always subject to undertakings from such third parties that personal data will be kept securely and only in accordance with Winter Oak Talent specific direction and of course in compliance with the Data Protection Law.

When sharing data with US-based employers, we ensure compliance with UK GDPR and US laws by using Standard Contractual Clauses (SCCs) approved by the ICO and obtaining your consent where required.

 

HOW LONG WINTER OAK TALENT KEEPS PERSONAL DATA

 

Winter Oak Talent will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason.  

If you have any specific queries about how this policy is applied or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the DPM. 

 Personal data will generally be retained for no longer than six (6) years after our last interaction with you. Longer retention may apply where:

·        Required by legal or contractual obligations.

·        Necessary to maintain records of unique qualifications or specialist skillset

 

 

 

 

SECURITY

 

Winter Oak Talent has implemented and shall maintain appropriate technical and organizational security measures, processes and controls to safeguard all Personal Data processed by them against unauthorized and unlawful processing and accidental loss, disclosure or destruction. 

 

 

 

YOUR RIGHTS

 

Individuals have various rights under Data Protection Law to access and understand personal data about them held by Winter Oak Talent, and in some cases ask for it to be erased or amended or for Winter Oak Talent to stop processing it, but subject to certain exemptions and limitations.

Any individual wishing to access or amend their personal data or wishing it to be transferred to another person or organization, should put their request in writing to the DPM. 

Winter Oak Talent will endeavor to respond to any such written requests as soon as is reasonably practicable and in any event within the statutory time-limits, which is one month in the case of requests for access to information.  Winter Oak Talent will be better able to respond quickly to smaller, targeted requests for information.  If the request is manifestly excessive or similar to previous requests, Winter Oak Talent may ask you to reconsider or charge a proportionate fee, but only where Data Protection Law allows it.  Winter Oak Talent shall also provide its customers with such assistance as the customer reasonably requests in order to comply with its obligations and to fulfil a data subject’s rights. 

You should be aware that certain data is exempt from the right of access.  This may include information which identifies other individuals, or information which is subject to legal professional privilege. 

 

You have the following rights concerning your personal data:

·        Access: Request a copy of the data we hold about you.

·        Correction: Request that we rectify inaccurate or incomplete data.

·        Deletion: Request that we delete your data under certain conditions.

·        Restriction: Request limitations on our processing of your data.

·        Data Transfers: Request transfer of your data to another provider where applicable.

·        Object: Challenge the use of your data for legitimate interests or direct marketing.

·        Consent Withdrawal: Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so.

 

 

For residents of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to opt-out of the sale of personal data and non-discrimination for exercising your rights. To exercise these rights, contact our Data Protection Manager.

 

Under the CCPA/CPRA, ‘selling’ or ‘sharing’ personal data may include disclosing candidate information (e.g., CVs, qualifications) to prospective employers for recruitment purposes. If you are a California resident, you have the right to opt out of the sale or sharing of your personal data. To exercise this right, please contact our Data Protection Manager. We will not discriminate against you for exercising your CCPA/CPRA rights.

 

There may be circumstances where we require you to provide data which is necessary in order for us to meet statutory or contractual obligations or perform our Recruitment Services. If you do not wish to provide us with information we request, then please notify the DPM. However, please be aware that as a result we may be unable to provide you or the party who you represent with a Recruitment Service or continue to engage with you. In some cases, it may result in a breach of the contract we have with you or a third party you represent.

 

CONSENT

 

Where Winter Oak Talent is relying on consent to process personal data, any person may withdraw this consent at any time.  Please be aware however that Winter Oak Talent may have another lawful reason to process the personal data in question even without your consent.  That reason will usually have been asserted under this Data Protection and Confidentiality provision or may otherwise exist under some form of contract or agreement with the individual (for example: an employment contract).

 

DATA ACCURACY AND SECURITY

 

Winter Oak Talent will endeavor to ensure that all personal data held in relation to an individual is as up to date and accurate as possible.  Individuals must please notify the DPM of any changes to information held about them.

An individual has the right to request that any inaccurate or out-of-date information about them is erased or corrected (subject to certain exemptions and limitations under Act): please see above.

Winter Oak Talent will take appropriate technical and organizational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to company systems.  All staff will be made aware of this policy and their duties under Data Protection Law and receive relevant training.

 

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of sensitive data.

  • Secure storage and access controls.

  • Regular security assessments and staff training.

Despite our efforts, no system is completely secure. If a data breach occurs, we will notify affected individuals and the ICO within 72 hours, as required by law.

 

For US residents, we will also comply with applicable state breach notification laws, which may require us to notify state authorities or provide additional information about the breach. We will inform affected individuals promptly in accordance with these laws.

 

 

QUERIES AND COMPLAINTS

 

Any comments or queries on this policy should be directed to the DPM.

If an individual believes that Winter Oak Talent has not complied with this policy or acted otherwise than in accordance with Data Protection Law, they should notify the DPM.  An individual can also make a referral to or lodge a complaint with the Information Commissioner’s Office (“ICO”), although the ICO recommends that steps are taken to resolve the matter with the Winter Oak Talent Data Controller or Processor before involving the regulator.

 

 

EQUALITY

We commit to do the following:

  • Eliminate discrimination on the basis of race, ethnicity, gender identity, sexual orientation, age, religion, disability, or any other protected characteristic

  • Promote diversity within our own workforce and the candidates we place

  • Continuously improve our practices through training and feedback

 

INTERNATIONAL DATA TRANSFERS

 

As a UK company recruiting in the US, we may transfer personal data outside the UK. We ensure such transfers comply with UK GDPR and applicable US laws by:

  • Transferring data only to countries with adequate data protection laws or to organizations with appropriate safeguards.

  • Using standard contractual clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO) and the European Commission, respectively, and obtaining your consent where required.

 

COMPLIANCE WITH EU GDPR

As a UK-based company with operations in the United States, Winter Oak Talent Limited may process personal data of individuals located in the European Union (EU) in the course of providing recruitment services. Where we process personal data of EU residents, we comply with the EU General Data Protection Regulation (EU 2016/679) in addition to the UK GDPR and applicable US data protection laws.

 

UPDATES TO THIS POLICY


We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website or contacting you directly (e.g., via email) where required by law. The updated policy will include the effective date.

 

 

Version 1.0 September 2025

bottom of page