The Company gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and law. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data. This personal information may be held by the Company on paper or in electronic format.
Your personal information is processed to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this notice. If you do not want the company to process your personal data, please do not share any with us.
The Company has appointed a [data protection officer, DPO] to oversee compliance of this privacy notice. If you have any questions about this privacy notice or about how we handle your personal information, please contact Keith Buckley (DPO) or Carrie Liles – Data Compliance Coordinator (DCC) at the New Mills office on (+44) 01663 747 061.
What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed. There are also “special categories” of personal information, including personal information on criminal convictions and offences, which requires a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data. The company will not collect sensitive personal data about you without your explicit consent.
Information you give us
You may give us information about you by filling in forms on our sites or by corresponding with us by phone, email, in writing or otherwise. This includes but is not limited to (where applicable);
- your contact details provided by you, including your name, address, telephone number and e- mail address both personal and/or business
- information obtained through completion of online forms
- information obtained from questionnaires, contracts, service level agreements or other forms of correspondence
- automated interactions
- marketing and communications data including your preferences in receiving marketing from us and your communication preferences.
- any other personal information provided by you through your communications with us
- business related photographs/videos for promotional use on our website/social media accounts
- payment information, card details or banking details
- professional memberships/accreditations/approvals information
How do we collect your personal information?
The Company may collect personal information about you in a variety of ways. It is collected during the engagement/recruitment process, either directly from you or sometimes from a third party such as an agency or via our website. Some personal data may be collected about you from the forms and surveys you complete, from records of our correspondence and phone calls, emails and details of your visits to our website, including but not limited to personally identifying information like Internet Protocol (IP) addresses. We may also collect additional personal information throughout the period of your relationship with us. This may be collected during your business related activities. Whilst some of the personal information you provide to us is mandatory and/or is a statutory or contractual requirement, some of it you may be asked to provide to us on a voluntary basis. We will inform you whether you are required to provide certain personal information to us or if you have a choice in this. Your personal information may be stored in different places, including in within the company’s IT systems, e-mail system and cloud-based storage systems
Why and how do we use your personal information?
We will only use your personal information when the law allows us to. These are known as the lawful basis for processing.
- Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
- Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
We will use your personal information in one or more of the following circumstances, this includes but is not limited to (where applicable):
- where we need to do so to perform the service contract, casual worker agreement, consultancy agreement or contract for services we have entered into with you
- enable us to maintain accurate and up-to-date records and contact details
- where we need to comply with a legal obligation
- where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests
- to promote ours services, training courses and any work related activities
- ensure compliance with your statutory and contractual rights
- enable us to establish, exercise or defend possible legal claims
- to meet industry specific approvals/regulatory requirements
- to investigate/conduct incident investigations
- we may also occasionally use your personal information where we need to protect your vital interests (or someone else’s vital interests).
We need all the types of personal information listed under “What types of personal information do we collect about you?” primarily to enable us to perform our contract with you and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: performing or exercising our obligations or rights under the direct relationship that exists between the Company and you as agents, contractors, suppliers, customers, students or other third party; performing effective internal administration and ensuring the smooth running of the business; ensuring the security and effective operation of our systems and network and protecting our confidential information. We believe that you have a reasonable expectation, as our agents, contractors, suppliers, customers, student or other third party, that we will process your personal information. Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.
What if you fail to provide personal information?
If you fail to provide certain personal information when requested or required, we may not be able to perform the contract we have entered in to with you, or we may be prevented from complying with our legal or approval/regulatory obligations. You may also be unable to exercise your statutory or contractual rights.
Who has access to your personal information?
Your personal information may be shared internally within the Company or within our group of companies, including with members of the HR/finance department, IT support and senior/account managers. Personal data may be processed by other companies within our group as some services may be provided by a different company within the group for example the payment of invoices.
The Company may also share your personal information externally: we will only process personal data with third parties if necessary for the performance of our agreement or contract with you, to comply with a legal obligation and if necessary for our legitimate interests. We will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under data protection laws.
Examples include database management, web analytics, delivering packages, sending postal mail/emails, processing credit card payments or banking transactions and seeking legal or financial advice. Third party service providers may for instance include IT companies, credit card processors, financial and other professional advisors. Any third-party provider who provides data processing services to us will have access only to such personal information as it needs to perform its specific functions, and only for the purpose of performing these functions. We will also ensure that any third- party service provider processes your personal information as required by applicable data protection laws and that they adopt adequate technical and organizational security measures. The legal basis for the processing of limited personal data with third parties is for the performance of a contract between us and/or for our legitimate interests, namely the proper administration of our business, delivering our good/services to you.
The Company may also share your personal information with other third parties in the context of a potential sale or restructuring of some or all of its business. In those circumstances, your personal information will be subject to confidentiality undertakings. The legal basis for this processing data in this way is for our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may also need to share your personal information with a regulator to gain industry approvals or to otherwise comply with the law or industry requirements. The legal basis for this processing is our legitimate interest, namely to ensure compliance with industry requirement in order for us to perform our contract with you and to deliver the goods/services to you.
How does the Company protect your personal information?
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors, students and other third parties who have a business need to know in order to perform their job duties and responsibilities.
Where your personal information is shared, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our privacy notice and we do not allow them to use your personal information for their own purposes.
The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office within 72 hours (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
For how long does the Company keep your personal information?
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements. The Company will generally hold your personal information for the duration of your professional relationship or engagement.
In relation to retention, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Overall, this means that we will keep the personal data that we hold for a minimal period, so that we do not continue to retain for a longer period what is strictly necessary.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable. In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.
In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our data protection officer or data compliance coordinator. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
Your rights in connection with your personal information
It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your contact details, during your working relationship with the Company so that our records can be updated. The Company cannot be held responsible for any errors in your personal information in this regard unless you have notified the Company of the relevant change.
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
- right to be informed
- request access to your personal information
- request rectification of your personal
- request the erasure of your personal information
- restrict the processing of your personal information
- data portability
- object to the processing of your personal information
- rights in relation to automated decision making and profiling
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
You can ask us to stop sending you marketing messages at any time by contacting us.
We will not sell/rent/disclosure your personal data to third parties for marketing purposes.
Transferring personal information outside the European Economic Area
Occasionally we may need to process your personal data with countries outside the European Economic Area (EEA). These countries’ data protection laws do not always offer the same level of protection for personal data as offered in the EEA.
Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws. EU data protection laws allow these Company to freely transfer Personal Data to such countries. We will inform you if your individuals’ personal data is being transferred outside the EEA. We will establish the legal basis justifying the processing and seek the individuals explicit consent where necessary.
Automated decision making
We do not envisage that any decisions will be taken about you based solely on automated decision making, including profiling. However, we will notify you in writing if this position changes. You also have the right not to be subject to the effects of automated processing or profiling and have the right to object and at any time.
Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will publish the updated privacy notice on our website if/when we make significant updates or amendments, please check our website regularly.
Our website uses Google Analytics, a service which transmits website traffic data to Google servers. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google to help us understand website traffic and web page usage.
We do not guarantee that any email sent to us will be received by us or that the contents will remain private during transmission. If you are concerned about this, please consider other means of communication. You are responsible for ensuring any electronic message or information you send to us is free from any virus or that may harm our systems in any way.
Third-party website links
Our websites may include links to third-party websites and plug-ins. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. Please read the Privacy Notice/Policy/Statements of all third-party website that you visit.
If you have any questions about this privacy notice or how we handle your personal information, or to exercise your rights, please contact Carrie Liles – Data Compliance Coordinator as follows: firstname.lastname@example.org (+44) 01663 747 061