Comply GDPR Ltd provides support, resources and training services to clients within the executive search and recruitment sectors who require guidance in complying with the GDPR and other data protection obligations. We also provide operational consulting services to help SME clients improve and evolve their business.
What does this Policy cover?
We at ComplyGDPR take your personal data seriously. This policy:
- sets out the types of personal data that we collect about you
- explains how and why we collect and use your personal data
- explains how long we keep your personal data for
- explains when, why and with who we will share your personal data;
- sets out the legal basis we have for using your personal data;
- explains the effect of refusing to provide the personal data requested;
- explains the different rights and choices you have when it comes to your personal data; and
- explains how we may contact you and how you can contact us.
What personal data do we collect about you?
We collect the information necessary to be able to communicate with you in connection with your general enquiry, or in connection with offering or delivering our services.
This information may include your contact details (name, email address, telephone numbers), professional information (job title, roles, work location) and correspondence.
For trainees put forward by our clients to participate in our training, we would usually collect your name, company and email address.
We never collect sensitive personal data about you.
Where do we collect personal data about you from?
We collect personal data:
- Directly from you. This is information you provide when you request information on our services in relation to the GDPR and how we can help you.
- From your employer when they put you forward to participate in our training services.
- Through publicly available sources, e.g. LinkedIn.
- By reference or word of mouth. For example, you might be introduced by a present or former colleague or employer.
How and why we use your personal data?
We use your personal data to respond to your requests for information about or related to our services; to inform you about new service offerings; to engage or or support you as a client; or to provide training services.
How long do we keep your personal data for?
We keep your information for as long as necessary for the relevant purpose. For example, if we have a contract with you this would be for 6.5 years after expiry in order to assist us with any contractual claims.
We use a number of criteria for determining the data retention period, including obligations under law; our need to defend or bring contractual claims within the statutory limitation period; and consideration of the original purpose we collected it for.
Who do we share your personal data with?
Data may be shared in the following circumstances:
- With professional advisors;
- In the event of a sale of the company or its assets;
- With suppliers, such as our CRM database provider or online training platform provider, but only subject to robust contractual protections.
What legal basis do we have for using your information?
For sales, client services and general enquires, it is necessary for our legitimate interests in order to be able to respond to your request, or to discuss our services.
For trainees, it it necessary for our legitimate interests in order to provide the training services to you or your employer.
For clients, we may also rely on our processing being necessary to perform a contract for you, for example in contacting you.
What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal data, we may not be able to respond fully to your enquiry or request, or provide the relevant services to you.
Do we make automated decisions concerning you?
No, we do not carry out this type of processing activity.
We may use Mailchimp to deliver our client newsletter and some other email alerts or communications. Mailchimp applies a unique identifier (known as a web beacon) to each email sent in order to recognise whether recipients have opened an email or clicked certain links. The identifier records email address, IP address, date and time for these interactions. This data is used to create reports about how an email campaign has performed.
Do we transfer your data outside the EEA?
We may sometimes transfer your personal data to countries outside the UK and European Economic Area (EEA), for example if we are using a supplier based elsewhere. You can find the list of European member states by clicking this link. The privacy law in countries outsider the EEA may be different from those in your home country. At present, we transfer personal data outside the EEA to our online training platform provider in the US.
Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we always have security measures and approved European model clauses or other adequate safeguards in place to protect your personal data. Please contact us if you would like more details about our safeguards for data transfers.
What rights do you have in relation to the data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country. In the UK, this is the Information Commissioner.
|Rights||What does this mean?|
|1. The right to be informed||You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy. If you have any additional questions, for example regarding transfers and locations of data or our legitimate interests basis, do please get in touch.|
This is so you’re aware and can check that we’re using your information in accordance with data protection law.
|3. The right to rectification||You are entitled to have your information corrected if it’s inaccurate or incomplete.|
|4. The right to erasure||This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.|
|5. The right to restrict processing||You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.|
|6. The right to data portability||You have rights to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature, but if you have any questions you can contact us.|
|7. The right to object to processing||You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on our legitimate interests for processing.|
|8. The right to lodge a complaint||You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.|
|9. The right to withdraw consent||If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.|
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
How will we contact you?
We may contact you by phone, email or social media. If you prefer a particular contact means over another please just let us know.
How can you contact us?
If you are unhappy with how we have handled your information, or have further questions on the processing of your personal data, please contact us by email at email@example.com or by post at our registered office: Comply GDPR Ltd, 11 Atte Lane, Warfield, Bracknell RG42 2QG.