We will comply with all relevant data protection laws (including the GDPR). This requires that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
The kind of information we collect and hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified, whether directly or indirectly. It does not include data where an individual cannot be identified (anonymous data).
We collect personal data across the business – including full name, postal address, email address, mobile / home telephone numbers, date of birth and CV’s. Bank details and National Insurance details will also be required.
This personal data is collected through the contact form on our website (/) and documentation provided to us by clients, suppliers, employees and prospective employees.
This personal data is shared with external organisations who support our business operation. These organisations include:
- Honest Employment Law Practice (HELP) – provide HR support. Employee name & address is shared with them.
- The Counting House – bookkeeping service. Employee name, address, NI number, tax code and date of birth is shared to administer payroll and pensions.
- XERO – bookkeeping software. Contains information on any customer or supplier – typically will include company name, purchaser details and contact details.
- Signable – provider of our online order forms / Terms & Conditions.
- NEST Pensions – provider has employee name, address and NI number.
Personal data is stored on our Corporate G-suite account. Access to personal data on this is permission-based. All personal data is retained within the EU.
Please see our Cookie Notice for details of how cookies are used.
How we will use information about you
We will only use your personal information in the ways the law allows. Most commonly, we will use your personal information in the following circumstances:
- Where you have provided your data in a landing page form fill. We will use legitimate interest to contact you off the back of this submission.
- Where processing is required for the performance of a contract either party have entered – in this respect, where you have engaged with us and paid for our service.
- Where processing is necessary for compliance with a legal obligation – such as retaining records for HMRC purposes, or to prove your right to work and your ability to fulfil a job brief.
Situations in which we will use your personal information
We need all the categories of information detailed above primarily to allow us to contact you following your enquiry on one of our landing pages.
If you are a client or supplier, then we will need to process your data in line with our legal obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.
- Administration of a contract we have entered with you and providing our products and services to you.
- Business management and planning, including accounting and auditing. In these instances, we will share your personal data with our accountants.
- Planning for the termination of our contracting relationship.
- Dealing with legal disputes involving you, or any disputes that may arise under the contract that we have with you or the way in which we provide our products and services to you.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- We will retain details of candidates for up to 1 month after interview. We will gain written permission to keep for up to 6 months if deemed necessary.
- Data on sales prospects will be kept for up to 2 years after collection.
- For HMRC purposes, we will retain any records of invoices or other financial records for a 7-year period.
Rights of access, correction, erasure & restriction
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
- Subject Access Request – this enables you to receive a copy of the personal information we hold about you. To action this request, please email the data protection contact email@example.com.We require a suitable form of identification and under normal circumstances, we will supply this to you within one calendar month of your request and identification being received. No fee is usually payable; however, we may apply an appropriate fee if the request is deemed to be excessive, or repetitive.
- Request Correction – this enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request Erasure – this enables you to delete or remove personal information when there is no good reason for us to continue processing it.
- Object to Processing – in certain circumstances, you have the right to request we suspend the processing of your data. Please contact us if you require more information on this.
- Request the Transfer – you have the right to request the transfer of your personal data to a third party. Please contact us if you require more information on this.
- Right to Withdraw Consent – where we rely on consent to process your data, you have the right to withdraw this at any time, without giving reason. To withdraw your consent, please contact the data protection officer. Once received, we will not process your data for the reasons you have agreed to, unless we have another legal basis for doing so.
- Right to complain – you have the right to complain at any time to the Information Commissioners’ Office (ICO) regarding data protection issues – https://ico.org.uk