GDPR PRIVACY NOTICE (external)
The Company gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and law. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data. This personal information may be held by the Company on paper or in electronic format.
Your personal information is processed to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this notice. If you do not want the company to process your personal data, please do not share any with us.
The Company has appointed a [data protection officer, DPO] to oversee compliance of this privacy notice. If you have any questions about this privacy notice or about how we handle your personal information, please contact Keith Buckley (DPO) Or Carrie Liles – Data Compliance Coordinator (DCC) at the New Mills office on (+44) 01663 747 061.
What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed. There are also “special categories” of personal information, including personal information on criminal convictions and offences, which requires a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data. The company will not collect sensitive personal data about you.
Information you give us.
You may give us information about you by filling in forms on our sites or by corresponding with us by phone, email, in writing or otherwise. This includes but is not limited to (where applicable);
- your contact details provided by you, including your name, address, telephone number and e-mail address both personal and/or business
- information obtained through completion of online forms
- information obtained from questionnaires, contracts, service level agreements or other forms of correspondence
- automated interactions
- marketing and communications data including your preferences in receiving marketing from us and our third parties and your communication preferences.
- any other personal information provided by you through your communications with us
- business related photographs/videos for promotional use on our website/social media accounts
- payment information, card details or banking details
- professional memberships/accreditations/approvals
How do we collect your personal information?
The Company may collect personal information about you in a variety of ways. It is collected during the engagement/recruitment process, either directly from you or sometimes from a third party such as an agency or via our website. Some personal data may be collected about you from the forms and surveys you complete, from records of our correspondence and phone calls, emails and details of your visits to our website, including but not limited to personally identifying information like Internet Protocol (IP) addresses.
We may also collect personal information from other external third parties when relevant. We will also collect additional personal information throughout the period of your relationship with us. This may be collected in the course of your business related activities. Whilst some of the personal information you provide to us is mandatory and/or is a statutory or contractual requirement, some of it you may be asked to provide to us on a voluntary basis. We will inform you whether you are required to provide certain personal information to us or if you have a choice in this. Your personal information may be stored in different places, including in within the company’s IT systems, e-mail system, marketing software and cloud-based storage systems
Why and how do we use your personal information?
We will only use your personal information when the law allows us to. These are known as the lawful basis for processing.
- Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
- Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
We will use your personal information in one or more of the following circumstances, this includes but is not limited to (where applicable):
- where we need to do so to perform the service contract, casual worker agreement, consultancy agreement or contract for services we have entered into with you
- enable us to maintain accurate and up-to-date records and contact details
- administer the contract we have entered into with you
- where we need to comply with a legal obligation
- where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests
- to promote ours services, training courses and any work related activities
- ensure compliance with your statutory and contractual rights
- enable us to establish, exercise or defend possible legal claims
- ensure adherence to company rules, policies and procedures
- to meet industry specific approvals/regulators
- to investigate/conduct incident investigations
- we may also occasionally use your personal information where we need to protect your vital interests (or someone else’s vital interests).
We need all the types of personal information listed under “What types of personal information do we collect about you?” primarily to enable us to perform our contract with you and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: performing or exercising our obligations or rights under the direct relationship that exists between the Company and you as agents, contractors, suppliers, customers, students and other third party; performing effective internal administration and ensuring the smooth running of the business; ensuring the security and effective operation of our systems and network; protecting our confidential information. We believe that you have a reasonable expectation, as our agents, contractors, suppliers, customers, students and other third party, that we will process your personal information as the sharing and processing of personal data is essential to perform our obligations with you, deliver our products and services and maybe essential to meet industry specific health and safety requirements. Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.
What if you fail to provide personal information?
If you fail to provide certain personal information when requested or required, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal or approvals obligations. You may also be unable to exercise your statutory or contractual rights.
Change of purpose
We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your personal information for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.
Who has access to your personal information?
Your personal information may be shared internally within the Company, including with members of the HR/finance department, IT support and senior/account managers.
The Company may also share your personal information with third-party service providers (and their designated agents), this includes but is not limited to (where applicable):
- recruitment providers
- IT service providers
- training service providers
- sales and marketing service providers
The Company may also share your personal information with other third parties in the context of a potential sale or restructuring of some or all of its business. In those circumstances, your personal information will be subject to confidentiality undertakings.
We may also need to share your personal information with a regulator/industry approval or to otherwise comply with the law or industry requirements. We may share your personal information with third parties where it is necessary to administer the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).
How does the Company protect your personal information?
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors, students and other third parties who have a business need to know in order to perform their job duties and responsibilities.
Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our privacy notice and we do not allow them to use your personal information for their own purposes. The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office within 72 hours (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
For how long does the Company keep your personal information?
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting, marketing or accounting requirements. The Company will generally hold your personal information for the duration of your professional relationship or engagement.
In relation to retention, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Overall, this means that we will keep the personal data that we hold for a minimal period, so that we do not continue to retain for a longer period what is strictly necessary.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable. In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.
In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our data protection officer or data compliance coordinator. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
Your rights in connection with your personal information
It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your home/business address, during your working relationship with the Company so that our records can be updated. The Company cannot be held responsible for any errors in your personal information in this regard unless you have notified the Company of the relevant change.
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
- right to be informed
- request access to your personal information
- request rectification of your personal
- request the erasure of your personal information
- restrict the processing of your personal information
- data portability
- object to the processing of your personal information
- rights in relation to automated decision making and profiling
If you wish to exercise any of these rights, please contact our data protection officer Keith Buckley and our data compliance coordinator – Carrie Liles (New Mills Office (+44) 01663 747 061). We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it. If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
You can ask us or third parties to stop sending you marketing messages at any time by contacting us at any time.
The company get your express opt-in consent before we share your personal data with any third- party marketing purposes.
Transferring personal information outside the European Economic Area
We do not store your data outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). If we do store data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR
Automated decision making
Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you based solely on automated decision making, including profiling. However, we will notify you in writing if this position changes. You also have the right not to be subject to the effects of automated processing or profiling and have the right to object and at any time.
Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.
Our website uses Google Analytics, a service which transmits website traffic data to Google servers. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google to help us understand website traffic and web page usage.
We do not guarantee that any email sent to us will be received by us or that the contents will remain private during transmission. If you are concerned about this, please consider other means of communication. You are responsible for ensuring any electronic message or information you send to us is free from any virus or that may harm our systems in any way.
Third-party website links
Our websites may include links to third-party websites and plug-ins. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. Please read the Privacy Notice/Policy/Statements of all third-party website that you visit.
If you have any questions about this privacy notice or how we handle your personal information, please contact Carrie Liles – data compliance coordinator as follows: firstname.lastname@example.org (+44) 01663 747 061