We take your privacy seriously and want you to understand how we handle personal data and support your rights over it. This policy describes how we collect, use and manage personal data, including where we share it, how we maintain confidentiality and how you can exercise your rights over it.
We review this notice on an annual basis or when there are changes in how we process personal data. It was last updated on 19 October 2018.
Our registered address is 14 Bank Chambers 25 Jermyn Street, London, England, SW1Y 6HR; company number 10475146. We act as a ‘Data Controller’ for personal data – when we refer to personal data, we mean information that can or has the potential to identify an individual.
If you have any questions about this policy or our privacy practices, send an email to firstname.lastname@example.org or write to us at our registered address.
How do we collect personal data?
We obtain personal data in electronic or paper form you when you:
- want to work for us – details you provide to us, this is typically name, contact details and work history
- work for us – details include name, data of birth, contact details, National Insurance Number and IT related information related to your access to our systems
- are a client – name and contact details, and details relating to deals
- are a potential client – name and contact details
- provide us with goods or services – name, contact details and bank account
- use our websites – IP address, browser and other details of the devices you use
How is personal data used?
|USE:||LAWFUL BASIS FOR PROCESSING:|
|Recruit staff and Consultants||Necessary for the performance of contract, or prior to entering into a contract; to fulfil legal or regulatory requirements, obligations in the fields of employment and Consent|
|Manage and pay staff||Fulfil a Contract, Consent, Employment law and Legitimate Interest to a) improve workforce management and how it is deployed, inform the development of recruitment and retention policies and allow better financial modelling and b) keep basic details of ex-members of staff to answer questions after they leave|
|Issue invoices to Clients||Fulfil a Contract and Legitimate Interest to answer questions about what was done after you are no longer a Client|
|To win new work||Legitimate Interest to respond to requests for information about our services and follow up on meetings|
|Pay Supplier Invoices, including Consultants||Fulfil a Contract and Legitimate Interest to answer questions about what was done after you are no longer a Supplier|
|Manage our website||Legitimate Interest to administer our sites and for internal operations, including troubleshooting, data analysis, testing, research of the most visited parts of the sites, statistical and survey purposes|
We retain personal information for as long as we reasonably require it for legal and business purposes.
Sharing of information
We share and allow access to personal data where there is a justified business reason, or there is a legal obligation or duty to do this, e.g. with the police, for fraud protection or to enforce or apply our contractual terms (we process personal data in these circumstances on the basis on Legitimate Interest for preventing crime or suspected criminal activity, or enforcing our terms).
- To manage our Business – our Accountant, Legal advisers and Insurer, Xero platform and Microsoft (we use Office365)
- To make payments – our bank
- To manage our IT – our outsourced IT support company
- To collect debts – third party debt collectors
Our security measures
We have physical, technical and administrative controls in place to protect personal data from unauthorised access, use and disclosure. We evaluate these safeguards on a regular basis to minimise risks from new security threats as they become known.
We use carefully selected partners to provide us with services including the support of IT and computer systems. Our contractual terms with these suppliers include confidentiality clauses to respect the privacy of any personal data they may need to access to perform their duties.
Individuals have the following rights over their personal data:
- to receive a copy, and information about its use
- to have it corrected
- to have it erased when we have no lawful basis to continue processing it
- to restrict its use
- data portability – to receive a copy of information you have provided to us in electronic format (where processing is done under Consent or Performance of a Contract)
- to object to its use (where processing is done under Legitimate Interest)
- to object to automated decision-making and profiling
Please use the contact details at the top of this notice if you want to exercise any of your rights. We consider each request in accordance with all applicable data protection laws and regulations and may ask you to provide proof of your identity before taking any actions.
We aim to meet the highest standards when collecting and using personal data and take any complaints we receive about this very seriously. You have the right to make a complaint about the way we have processed your personal data with the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns. But we would like the opportunity to respond to any issues before you do this.