This privacy notice will inform you as to how we look after your personal data when you interact with us directly, you visit our website (regardless of where you visit it from), or any of our promotional web pages.
The Company is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information. We are required under the GDPR to notify you of the information contained in this privacy notice.
This privacy notice applies to all clients or potential clients of the Company.
The Company has appointed a Data Compliance Contact to oversee compliance with this privacy notice. If you have any questions about this privacy notice or about how we handle your personal information, please contact us at firstname.lastname@example.org
Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:
The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.
What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be directly or indirectly identified.
The Company collects, uses and processes a range of personal information about you. This includes (as applicable):
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How do we collect your personal information?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
Your personal information may be stored in the Company’s IT systems, such as our candidate managements system and e-mail system.
As you interact with our website or other web-based company pages, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by Contacting us or utilising the unsubscribe feature in all our electronic communications.
The purposes for which we are processing, or will process, your personal information is to:
Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.
What if you fail to provide personal information?
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please Contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Your personal information may be shared internally within the Company, where access to your personal information is necessary for the performance of their roles and in relation to the purpose for which the data was collected.
The Company will not share your personal information unless required to by law.
How does the Company protect your personal information?
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those who have a business need to know in order to perform their job duties and responsibilities.
Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being clients for tax purposes.
In some circumstances you can ask us to delete your data: see Request erasure below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your rights in connection with your personal information
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
If you wish to exercise any of these rights, please contact our Data Compliance Contact at email@example.comWe may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
In the circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our Data Compliance Contact. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
If you believe that the Company has not complied with your data protection rights,you can submit your complaint in writing at firstname.lastname@example.org If you remain dissatisfied with our actions, you have the right to lodge a complaint with the Supervisory Authority - The Information Commissioner’s Office (ICO) at any time.
Transferring personal information outside the European Economic Area
The Company will not transfer your personal information to countries outside the European Economic Area.
Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.
If you have any questions about this privacy notice or how we handle your personal information, please contact our Data Compliance Contact at email@example.com