Skip to content

Privacy Policy

Updated: October 2024

Data Privacy Notice

At Right Management, data protection is important to us, and we place great care in the responsible, transparent and safe handling of data. This privacy notice provides a framework of understanding about the personal data collected by Right Management Limited and our compliance to data privacy law, including the provisions of the European Union’s General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

This privacy notice applies to:

  1. 1. Our candidates and recipients of our career services;
  2. Representatives of our business partners, clients, vendors and suppliers;
  3. Users of our Sites, including www.right.com; the Next platform (ManpowerGroup’s Powersuite™ for Career Transition) and associated platforms, and our social media channels; “Right Management UK” on Twitter and LinkedIn and associated platforms.

It does not apply to Right Management employees or associates.

In this notice we will describe the types of personal data and information we collect, how we use it, how long we process and store it, how we protect it, with whom we share it, to whom we transfer it and the rights that you can exercise regarding our use of your personal data. We also describe how you can contact us to further enquire about our privacy practices or to exercise your rights. Specifically, this notice covers the following topics:

  • Who we are
  • Your Rights
  • When we process your data
  • Information We Collect
  • How We Use the Information We Collect
  • Legitimate Interests
  • Artificial Intelligence / Machine Learning
  • How We Protect Personal Information
  • How long We Process and Store the Data
  • Information We Share
  • Data Transfers
  • Updates to Our Privacy Notice
  • How to Contact Us

Who we are

The Data Controller is Right Management Limited (“we”, “our”, “us”), with its registered office at 50 Bank Street, Canary Wharf, London, E14 5NS, United Kingdom. Right Management Limited is a wholly owned subsidiary of ManpowerGroup Global Inc.

Your Rights as a Data Subject

Where permitted by applicable law, a data subject can exercise under Articles 15 to 22 of the EU GDPR, the following specific rights:

a. Right of access: You have the right to access your personal data in order to verify your personal data is processed in accordance with the law.

b. Right to rectification: You have the right to request the rectification of any inaccurate or incomplete data held about you, in order to protect the accuracy of such information and to adapt it to the data processing.

c. Right to erasure: Otherwise known as ‘The Right to be Forgotten’; you have the right to request that we no longer process your personal data and erase all information about you. Please be aware that this is not an absolute right and there may be legal or regulatory reasons why data cannot be erased at the time of the request.

d. Right to restriction of processing: You have the right to request we restrict the processing of your data.

e. Right to data portability: You have the right to request data portability, meaning that you can receive your personal data in a structured and commonly used format, or that you can request the transfer of your data to another Data Controller.

f. Right to object: At any time and without having to justify your decision, you have the right to object to the processing of your data for direct marketing purposes. Please note: if you withdraw your consent, the previous processing of data that we have done with your consent will remain lawful.

g. Right not to be subject of automated individual decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, if such profiling produces a legal effect or similarly significantly affects you. Right Management do not use processes in which automated decision-making (including profiling) takes place.
h. Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in your habitual residence, , place of work or place of the alleged data privacy infringement. The supervisory authority in the UK is the Information Commissioners’ Office (ICO). More information can be found at https://ico.org.uk/

Whenever the processing is based on consent, as under art.7 of the GDPR, while you may withdraw your consent at any time, there may be circumstances where we will still need to process your data for legal or official reasons. We will inform you if this is the case. Where this is the case, we will restrict the data to only what is necessary for the purpose of meeting those specific requirements.

If you wish to exercise any of your rights in relation to data privacy, please refer to the “How to Contact Us” section below.

We process your data from the moment you:

  • Visit our Sites, including our social media channels outlined above;
  • Apply for/engage in career counselling / a workshop / assessment / event;
  • Enter your details on the career management portal ‘Next’;
  • Message us via our website, our social media channels or any right.com email address;
  • Otherwise use our services.

Information We Collect

We may collect a selection of personal data, including, but not limited to (as permitted under local law):

  • Personal identifiers (like full name and employee number)
  • Contact information (like personal email address, personal telephone number, home address or nearest town/city, work address, work email, work telephone number);
  • Other referral details, which may include, the organisation that referred you to our services, your job title, the type and status of the service you are eligible for, office location, department, contract termination date;
  • Other information you may provide to us during the course of career guidance or assessment, or in surveys, including, but not limited to, CV details, salary expectations, new employment details, assessment responses, feedback;
  • Information you provide us through the "Contact Us" feature on our Sites, or through any email sent to a right.com address;
  • Details you provide us when you complete any web form or download a white paper on Rightmanagement.co.uk;
  • Username and password when you register on our Sites;
  • Your usage of our site and services;
  • User IP address;
  • Your browser locale preferences for example your language and time zone;
  • Cookie data collected via essential cookies and cookie data collected via any non-essential cookies (to the extent that you consent to such non-essential cookies), consistent with our Cookie Notice
  • Identification information you may be asked to provide, should you wish to exercise specific data rights. 

How We Use the Information We Collect

Right Management UK collects and uses the data gathered for the following purposes (as permitted under local law):

  • To provide you with the services;
  • For more information on how we use the information collected on our Next Platform, please review the privacy notices available on each respective site footer or upon your registration to the services. If you participate in an assessment, we use the personal data you provide to help you determine potential career or development opportunities. This information is only shared with your current or future employer with your explicit consent. We use suppliers outside the EU for some of the personality and occupational assessments. Please skip to the Data Transfers section below for confirmation on how this transfer is GDPR compliant;
  • In order to support Candidates in their career transition or development, we store personal data such as CVs and notes from guidance sessions. This information helps us guide you in making the right career choices or in finding another job;
  • If you contact us, for example by e-mail, social media or by telephone, we can ask for your contact details in order to handle your query or concern and to approach you later with additional information. Your data is only accessible to those within the organization who are dealing with the handling of your query or concern;
  • The use of data is required for client reporting purposes; however, this is grouped so that individual outcomes are anonymised;
  • We use various IT resources and productivity tools, such as e-mail, to communicate with each other and with you. We keep a history of this for as long as is needed for follow-up, accountability and security. For a portion of the services, we may use suppliers outside the EU. Please skip to the Data Transfers section below for confirmation on how this transfer is GDPR compliant;
  • To comply with and enforce all applicable legal requirements, relevant industry standards, contractual obligations and our policies, the use of personal data is essential;
  • To identify, protect against, and attempt to prevent fraud and other unlawful activity, claims and other liabilities;
  • To generate invoices and process payment for services provided;
  • We use personal data for the effective operation, evaluating and improving our business (including developing, enhancing, analysing and improving our services; managing our communications; performing data analytics; and performing accounting, auditing and other internal functions;
  • If you are a candidate or a participant in our services, we may use your data to communicate with you about, and administer participation in, events, programs, surveys, and market research in an effort to continually improve the service we offer and;
  • If you are a business partner, including one of our clients, vendors or other third party, we may use your data to communicate with you about events, offers, surveys and market research in an effort to continually improve our business and the services we offer;
  • In order to optimise your user experience and to better tailor our offer to you. 
All processing will be carried out based on adequate legal grounds which may fall into a number of categories, including:
  1. Explicit consent from you, where required by applicable law e.g., when you tick a box to receive specific content. For certain processing we ask for your permission/consent in advance. If you do not give permission and/or object to the processing, this may have consequences for the service we provide to you;
  2. Statutory or contractual requirement compliance;
  3. Legitimate interest of the Data Controller. Please see our section on Legitimate Interests below to learn more about these interests and when we may process information in this way. 

Artificial Intelligence / Machine Learning

Job Search

Right Management offers candidates a Job Search services provided on the Next platform. The Next platform applies AI and ML technology to identify, extract and structure information coming from the text of the CV/resume you upload and use to create your job search profile. A limited set of CVs/Resumes are used to train and evaluate the AI parsing algorithms annually, to ensure a service offering that is accurate and free from bias.

The search and match component uses the structured data from the job profile you have created to perform queries, create search queries, and rank results. The search and match component is not AI powered and is not trained on user behaviour or other signals for machine ‘self-learning’. The search and match component is a transparent normalized search engine that does not learn from user interactions or other user data. The only ML algorithms used in the search and match offering are for the purpose of effective parsing and making the search facility more robust and relevant for users.

No automated decisions are made via the Job Search function that produce any legal or similarly significant effects on you. The job search function is just one of the numerous ways you can approach the job market to search for opportunities. To find out more on how the Next Platform will process your personal data please refer to: https://next.right.com/#/privacy-policy

Skills Portal

Our Skills Portal is powered by AI, with several AI features to enhance the way we deploy and manage learning programs. The Skills Portal uses algorithms to analyze the content we add to the platform, enabling us to automate the actions we would otherwise perform manually in providing you learning content.

The algorithms also help you, as a learner, find courses and content relevant to your needs and interests, without time intensive searching, by recommending courses and content personalized to you. The algorithms determine your potential interests based on (1) your Skills Portal activity history and (2) similarities between available courses and content.

The principal source of information for the recommendation system is the cumulative sequence of interactions that each user has had with the various learning materials in the learning platform. More specifically, we consider the following interactions in our recommendation system:

  • For formal courses, the completion of courses
  • For informal content, the views and rating of the content and any sharing of the content

This means we may also recommend content viewed by other users that have a history of interactions particularly similar to yours.

When a user history is empty or minimal, which is normal for new users in the platform, or for those users who rarely interact with any content, the recommendation system may not produce suggestions for that user. As you take more and more opportunities to learn within the platform, you will start seeing more personalized suggestions and tailored content. Over time, the more the Skills Portal learning platform is used, the more specific and personalized the recommendations will become.

The AI algorithms within the Skills Portal never make fully automated decisions that produce any legal or similarly significant effects on you. The Skills Portal is an optional feature on the Next platform to support you in your development.

Legitimate Interest

We may process personal data for certain legitimate business purposes, which includes some, or all, of the following:

  • Where the process enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our clients, candidates and associates;
  • To identify and prevent fraud;
  • To enhance security of our network and information systems;
  • To better understand how people interact with our websites;
  • For direct marketing purposes;
  • To determine the effectiveness of marketing and/or advertising campaigns.

Whenever we process data for these purposes, we will ensure that we keep your rights in high regard and take account of these rights. You have the right to object to such processing (more details in section Your Rights as a Data Subject, above). Please bear in mind that if you exercise your right to object, this may affect our ability to carry out and deliver services to you for your benefit.

How we Protect Personal Information

We maintain technical and organisational measures designed to protect the personal data we collect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. Such measures ensure an appropriate level of security taking account, on one hand, the technical state of the art and, on the other hand, the sensitive nature of Personal Data and the evaluation of potential risks. To ensure the appropriate security and confidentiality of personal data, we apply to the following non-exhaustive list of measures:

Encryption of data at rest and in transit using industry standard encryption algorithms with appropriate key lengths;

Strong user authentication and access controls;

Network monitoring solutions with events logging;

  • Hardened network infrastructure;
  • Measures for ensuring physical security of locations at which personal data are processed;
  • Business continuity and disaster recovery plans with periodic testing;
  • Periodic vulnerability and penetration testing;
  • Certification/assurance of processes and products;
  • Continuous employee privacy and security training and awareness program;
  • Measures for ensuring data minimisation, purpose limitation, retention, data quality and accountability.

How long we Process and Store Data

We process the personal data we collect for the purposes defined in this notice and for a period only as long as is necessary for the purposes we collected it. Different laws and contractual obligations may also require us to process different data for different periods of time.

Subject to applicable law, we will retain your personal data as required by the company to meet our business and compliance obligations, for example, to comply with our tax and accounting obligations.

We store your personal data, in a way that allows identification, for no longer than is necessary, based on the purposes for which it was collected. We determine the period of time by taking into account:

  • The necessity to store the personal data collected in order to offer services established with the user;
  • To enable us to respond to any queries or concerns about the service provided;
  • The existence of specific legal or contractual obligations that make the processing and related storage necessary for specific periods of time; 
  • In order to safeguard a legitimate interest of the Data Controller, as described in the purposes.

Information We Share

We do not disclose personal data that we collect about you, except as described in this privacy notice or in separate notices provided in connection with particular activities. We may share personal data with vendors who perform services on our behalf based on our instructions. When we use the services of other parties to process data on our behalf, we ensure due diligence takes place to ensure they are GDPR compliant and, where necessary, that processing agreements are in place with these parties, so that they too handle your personal data carefully. We never sell your data to third parties. In addition, we may disclose personal data about you on the following basis:

  1. If we are required to do so by law or legal process;
  2. To law enforcement authorities or other government officials based on a lawful disclosure request; and
  3. When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.

We also reserve the right to transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation).

If we disclose data to our US parent company and/or affiliated ManpowerGroup companies, we will ensure that there are appropriate safeguards for the protection of your data.

Data Transfers

We will transfer personal data to countries outside of the UK. Those countries may not have the same data protection laws as the country in which the data was provided. When we transfer your information to other countries, we will protect that data as described in this Privacy Notice and such transfers will be in compliance with applicable law.

The countries to which we may transfer the personal data we collect about you may be:

  • Within the UK, EEA or Switzerland
  • Outside the UK, EEA or Switzerland

When we transfer personal data from within the UK to countries or international organisations that are based outside the EEA, UK or Switzerland, the transfer takes place on the basis of:

  1. An adequacy decision;
  2. A legally binding and enforceable instrument between public authorities or bodies;
  3. Binding corporate rules;
  4. Standard Contractual Clauses adopted by the European Commission and/or the UK International Data Transfer Agreement, as applicable.

Data Privacy Framework

ManpowerGroup (including ManpowerGroup Global Inc. and Right Management Inc.) complies with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the US Department of Commerce. ManpowerGroup has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-US DPF. ManpowerGroup has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this privacy policy and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

ManpowerGroup is responsible for the processing of personal data it receives, under the EU-US DPF, the UK Extension to the EU-US DPF, and Swiss-US DPF and subsequently transfers to a third party acting as an agent on its behalf. ManpowerGroup complies with the EU-US DPF Principles and the Swiss-US DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over ManpowerGroup’s compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF. In certain situations, ManpowerGroup may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, ManpowerGroup commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

In the context of the employment relationship, in compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, ManpowerGroup commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF.

For complaints regarding EU-US DPF, the UK Extension to the EU-US DPF, and Swiss-US DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Updates to Our Privacy Notice

This privacy notice (including any addenda) may be updated periodically to reflect changes in our privacy practices and legal updates. For significant changes, we will notify you by posting a prominent notice on our Sites indicating at the top of each Notice when it was most recently updated.

How To Contact Us

To exercise any of your data privacy rights, please contact us via our Data Privacy Request Form.

If you have any questions/comments about this privacy notice, or you think you have identified a data privacy related concern, please email us at: GDPR@right.com or write to us at: The Compliance & Risk Manager, Right Management UK, 50 Bank Street, Canary Wharf, London E14 5NS, United Kingdom.

Ready to chat?

Let's start with a conversation about
what's on your mind.