This Privacy Notice is intended to help you understand what data we may collect about you, how we use it and why. It also details your rights as a ‘data subject’ and our data security policy. Please take the time to read this carefully. This privacy notice is regularly reviewed and updated. The last update was made on 12th April 2021.
Information we collect
Job applicants – where you approach us looking for employment opportunities, and where you consent in writing, we will keep your contact details and communication in order to contact you in the future about employment opportunities.
Email newsletter subscribers – where you have registered to receive our email newsletters, we collect, store, process and profile the data you provide in order to send email communications to you. We also track responses to emails (e.g. opens and clicks) in order to improve the content we send and to understand what is relevant to you. You can manage your preferences and withdraw consent at any time using the dashboard provided by our email provider. We provide a link to manage preferences and to unsubscribe in every email sent.
Business contacts – we collect, store, process and profile the personal data you provide when you give it to us physically, verbally or in writing. We only process your data within the context of our business operations with you.
Research participants – The information we collect will be limited to that which you freely give during the research process and that which we will receive from our client in order to contact you. Where the research is conducted by interview, the interview will be recorded. We will share the information you give us only with our client and the third parties that we use to undertake our service operations e.g. automated audio transcription services, survey software, analysis software and analysis consultants. Information will be collected for the purpose of the provision of the service to our client and the purposes of continuing to develop and improve our services and, where appropriate, for further academic research and scientific publication.
The personal data we collect will be appropriate and not excessive and is likely to include your name, job title, company name, company email address, company postal address and company phone numbers. We will never sell or rent your personal data to third parties. We will share your data only with the third-party providers that we use to undertake our business operations and solely for that purpose e.g. our email provider (to send and track emails) and accounting provider (to send payment invoices). Any third party we use to conduct our business operations will be checked for their compliance with the GDPR and other relevant data protection laws before we use their service.
In addition, we may also disclose your personal data where we are required to do so by applicable law, by order of a court, by a governmental body or by a law enforcement agency. We may also disclose your personal data in the context of investigating or reporting any issue arising in connection with activity by you or content supplied or purporting to be supplied by you, to you or on your behalf that we reasonably believe could be unlawful or otherwise in breach of our terms of service.
Our lawful bases for processing personal data
The lawful bases (as identified by the ICO Lawful Basis Assessment) on which we process personal data are:
- Website visitors – data processing is necessary for our legitimate interests in improving our website experience.
- Job applicants – data processing is necessary for our legitimate interests in providing job opportunities to people who express interest in working for us.
- Email newsletter subscribers – the data subject has given clear consent to the processing of their personal data for one or more specific purposes.
- Business contacts:
- data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- data processing is necessary for our legitimate interest to communicate our services to those who we think would benefit from them. We will process contact data in order to do this and will only do so where it can be reasonably expected by the recipient.
- Research participants
- data processing is necessary for our legitimate interests in providing a service to our clients, the data subject has also given clear and informed consent for us to process their data for the purposes specified.
Your data rights
We will store and process your personal data for as long as it is relevant and appropriate to do so for the purpose with which we obtained it.
You have the right to object to data processing. You have the right to access, rectify or erase the personal data we hold about you at any time. You can do so by communicating that in writing to us and we will comply within 30 days of receipt. To ensure security and privacy, any request for access needs to be received in writing from the email address that corresponds to that held on file for the individual data subject.
If you want us to delete all data we hold about you, we will do so where there is no legal or legitimate requirement for us to keep it.
You have the right to make a complaint about how we have processed your data and you can do so to the ICO.
All files are stored in password-protected cloud storage and devices, with two-factor authentication required to access. We utilise mobile management of devices, so that should any company device be lost or stolen the data held on that device can be wiped remotely.
All our staff are trained in Data Protection best practice. All devices and systems have the latest available security software and updates are installed as soon as they are available. Our business premises are securely locked at all times. Any paper records containing personal or confidential data are shredded before disposal.
In the case of a personal data breach, we will notify the ICO if the breach is likely to result in damage to a person’s reputation, financial loss, loss of confidentiality, or a major financial or social disadvantage.
If the breach is likely to result in a high risk to the rights and freedoms of individuals we will also contact the affected individuals without undue delay.
Our Data Protection Officer is Sophie Morris, Director, who can be contacted at firstname.lastname@example.org.