Privacy Notice – last updated 24 May 2018
About us and our privacy notice
We are Inclusive Employers Limited, company registration number is 07337659 and our registered address is 19 Short Street, London, SE1 8LJ, UK. We are registered with the Information Commissioners Office (ICO) as data controllers. Our registration number is ZA077729.
This notice is to inform you about how we use any personal information we collect from you and how we comply with the Data Protection Act 1998, the Privacy and Electronic Communications Regulations 2003, and the EU’s General Data Protection Regulations (GDPR) which come into force from 25 May 2018.
You have the right to complain to the ICO if you think there is a problem with the way we are handling your data. We would appreciate though if you contact us first so we have an opportunity to address the situation with you. You can contact us at email@example.com or via the contact information on our website.
What information do we collect?
The personal date we collect can be summarised as follows:
- Identity related – for example name and job title
- Contact details – for example email, address for billing, telephone number
- Financial details – such as credit card details. We do not collect this directly but use Paypal to process credit card payments.
- Transaction information – relating to purchases you make
- Usage data – including relating to your visits to our website
- Marketing and communications preferences
We don’t collect or process sensitive personal information such as race, sexual orientation, health etc as defined by the ICO. Nor do we provide services for or knowingly collect data relating to children under the age of 16.
How we use the information we collect
We collect information from you to:
- deal with sales enquiries and process orders you make for services or goods
- carry out any obligations we have with regards to transactions or contracts we have entered into with you
- keep you updated about us for example where you have subscribed to one of our newsletters or campaigns
We will only use your personal data where there is lawful basis namely:
- Comply with a legal or regulatory obligation
- Performance of a contract
- Legitimate interest
- With your consent
More information on this is available on the Information Commissioners website www.ico.org.uk .
Where we are sending you direct marketing communications we will do so by consent and you have a right to withdraw consent at any time by contacting us. There is an option to do so as well in our marketing communications.
We do not share or sell your information to any third parties for marketing purposes. We may need to share information with third parties who process information for us such as software providers for example Mailchimp who provide us with direct marketing software to deliver our newsletters (see the data sharing section further on).
How long we keep information for
We will keep your personal data for as long as necessary to fulfil the purposes for which it was collected.
Mailing list data is held indefinitely until you unsubscribe;
User logins to our website are reviewed annually eg if a company decides not to renew their annual membership then the member logins will be cancelled and deleted;
Authorised user logins created by purchasers are kept indefinitely to enable users to use data to make future purchases
Data relating to customers employees and prospects' employees for customer relationship management purposes is kept indefinitely unless it becomes known it is no longer relevant eg they have left the company.
Data which has become anonymised may be kept indefinitely for research and statistical purposes.
We ensure that appropriate security measures are used which aim to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and in accordance with relevant legislation.
If there is any suspected personal data breach, we will notify you and any applicable regulator of a breach where we are legally required to do so.
We may need to share personal data with third parties for business purposes. These include:
- UK based IT support services
- UK based Professional advisors including bankers, accountants and insurers
- HMRC, and UK based regulatory authorities such as ICO
- Police and crime agencies
- CRM and project management software platforms who hold and manage customer data
- Email marketing platforms such as Mailchimp who maintain our mailing lists and distribute our bulk mailings
- Survey software platforms such as SurveyMonkey for customer feedback and research for product and service innovation
- Analytics such as Google Analytics which assist us with customer insight for developing our services such as our websites
- Third parties are required to treat your data in a safe and secure way and in accordance with the law. They will only use it in accordance with our instructions and will respect the security of it.
- We use cloud-based systems and service providers such as email servers, hosted databases and software applications. These are based in different countries and can be outside of the European Economic Area. We will always ensure safeguards are in place to protect security of data in accordance with the UK/European Commission requirements as detailed in the GDPR or other regulations from time to time.
- Access to your information - you are able to request a copy of the personal data we hold (‘subject access request’).
- Request a correction - we want your information to at all times be accurate and up to date and so you can request correction of information we hold by providing verified new data for example a new phone number or change of name.
- Request deletion – you can request deletion and we will comply as far as our legal obligations allow. Deletion of data is likely to mean we are no longer be able to provide a service to you unless data is re-provided.
- Object to processing – you can object to us processing your data where we have a legitimate interest to do so and it impacts upon your fundamental rights and freedoms. You can also object where we are processing your data for direct marketing purposes. We will need to consider whether we have compelling legitimate grounds for processing your data that may override your rights and freedoms.
- Request restriction of processing – in certain circumstances you can ask us to suspend processing of personal data. For example while you check if it is accurate; where it is unlawful for us to process it but you don’t want it deleted; where you want us to keep it but not process it; where you have asked us to delete it but we need to check if we have an overriding legitimate ground/s to process it.
- Data portability – you can request to receive your data or transfer it to a third party. This will be in a structured, commonly used, machine-readable format.
- Withdraw your consent – if we rely on consent to process your data. This will impact our ability to provide the service for which the data is consented.
To exercise any of these rights, please contact us using the contact details below.
There is no fee to access your data or exercise these rights but we may charge a reasonable fee if your request appears to us unfounded, excessive or repetitive, or we may choose not to comply with your request if this is the case. We may require you to fill in a form.
We may need to contact you to verify your right of access and your identity. We aim to respond to all legitimate requests within 30 days. It may take longer if complicated or there is a high volume. We will keep you informed if it will take longer than 30 days.
More details of your rights can be found on the Information Commissioners Office website www.ico.org.uk
To exercise the rights listed above or if you have any questions regarding this privacy notice or you want to change your marketing preferences you can contact us in the first instance at firstname.lastname@example.org.
Alternatively write to:
The Data Protection Compliance Manager
Inclusive Employers Limited
19 Short Street