BROOKGATE ("Brookgate Ltd and all Group Companies") PRIVACY POLICY
Size: px
Start display at page:

Download "BROOKGATE ("Brookgate Ltd and all Group Companies") PRIVACY POLICY"

Transcription

1 BROOKGATE ("Brkgate Ltd and all Grup Cmpanies") PRIVACY POLICY INTRODUCTION This Privacy Plicy explains what we d with yur persnal data. It describes hw we cllect, use and prcess yur persnal data, and hw, in ding s, we cmply with ur legal bligatins t yu. Yur privacy is imprtant t us, and we are cmmitted t prtecting and safeguarding yur data privacy rights. This Privacy Plicy applies t the persnal data f Website Users, Custmers, Suppliers, and ther peple whse persnal data Brkgate may prcess, such as the emergency cntacts and dependents f ur Staff. If yu are a member f Brkgate Staff, yu shuld refer t the Brkgate Staff Privacy Plicy which is available n the Brkgate S Drive. Fr the purpse f applicable data prtectin legislatin (including but nt limited t the General Data Prtectin Regulatin (Regulatin (EU) 2016/679) (the "GDPR")), the cmpany respnsible fr yur persnal data ("Brkgate" r "us") is Brkgate Ltd and all Grup Cmpanies, Tw Statin Place, Cambridge CB1 2FP. It is imprtant t pint ut that we may amend this Privacy Plicy frm time t time. Please visit this page if yu want t stay up t date. If yu are dissatisfied with any aspect f ur Privacy Plicy, yu may have legal rights. We have described these as well where relevant. WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT? The infrmatin described belw is in additin t any persnal data we are required by law t prcess in any given situatin. CUSTOMER DATA: We will cllect cntact details r the details f individual cntacts at yur rganisatin (such as names, telephne numbers, jb title and r pstal addresses) in rder t ensure ur relatinship runs smthly. We will als cllect date f birth, payment details, tax residence infrmatin, cpies f pht identificatins such as yur driving licence and/r passprt/identity card, infrmatin abut natinality/citizenship/place f birth, yur natinal identificatin number and identity verificatin dcuments in rder t cmply with ur legal and regulatry bligatins. We als hld infrmatin relating t yur nline engagement with material published by Brkgate, which we use t ensure that ur marketing cmmunicatins t yu are relevant, timely and in accrdance with yur marketing preferences. Where relevant, we may als hld extra infrmatin that smene in yur rganisatin has chsen t tell us r that yu have chsen t tell a Brkgate Staff member. In certain circumstances, calls with yu may be recrded, depending n the applicable lcal laws and requirements. If we need any additinal persnal data fr any reasn, we will let yu knw. T the extent that yu access ur website, we will als cllect certain data frm yu. If yu wuld like mre infrmatin abut this, please click here. SUPPLIER DATA: We will cllect yur cntact details r the details f individual cntacts at yur rganisatin (such as names, telephne numbers, jb title and r pstal addresses) in rder t ensure ur relatinship runs smthly. We will als cllect bank details, s that we can pay yu. We may als hld extra infrmatin that smene in yur rganisatin has chsen t tell us. T the extent that yu access ur website we will als cllect certain data frm yu. If yu wuld like mre infrmatin abut this, please click here. JOB APPLICANT DATA: Please see the Staff Privacy Plicy fr further details. T the extent that yu access ur website we will als cllect certain data frm yu. If yu wuld like mre infrmatin abut this, please click here. 1

2 PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES AND EMERGENCY CONTACTS: T ask fr a reference, we need the referee's cntact details (such as name, address and telephne number). We will als need these details if a Jb Applicant r a member f ur Staff has put yu dwn as their emergency cntact s that we can cntact yu in the event f an accident r an emergency. We will cllect yur date f birth, pstal address and ptentially sme health infrmatin if a member f ur Staff has put yu dwn as a dependent fr a benefit cnnected with their emplyment r if a member f ur Staff exercises certain emplyment rights. We may als be prvided with infrmatin abut yur sexual rientatin if a member f ur Staff identifies yu as a spuse r partner when putting yu dwn as a dependent r next f kin. T the extent that yu access ur website we will als cllect certain data frm yu. If yu wuld like mre infrmatin abut this, please click here. WEBSITE USERS: We cllect a limited amunt f data frm ur Website Users which we use t help us t imprve yur experience when using ur website and t help us manage the services we prvide. This includes infrmatin such as hw yu use ur website, the frequency with which yu access ur website, yur brwser type, the lcatin yu view ur website frm, the language yu chse t view it in and the times that ur website is mst ppular. If yu cntact us via the website, we will cllect any infrmatin that yu prvide t us, fr example yur name and cntact details. If yu wuld like t find ut mre infrmatin abut what data we cllect abut yu when yu visit ur website, please click here. HOW DO WE COLLECT YOUR PERSONAL DATA? CUSTOMER DATA We cllect Custmer persnal data in three ways: 1. Persnal data that we receive directly frm yu; 2. Persnal data that we receive frm ther surces; and 3. Persnal data that we cllect autmatically. Persnal data that we receive directly frm yu We will receive data directly frm yu in tw ways: Where yu cntact us practively, usually by phne r ; and/r Where we cntact yu, whether by phne r r any ther frm f cmmunicatin. Persnal data we receive frm ther surces Where apprpriate and in accrdance with any lcal laws and requirements, we may seek mre infrmatin abut yu r yur clleagues frm ther surces generally by way f due diligence r ther market intelligence including: Frm third party market research and by analysing nline and ffline media (which we may d urselves, r emply ther rganisatins t d fr us); Frm delegate lists at relevant events; and Frm ther limited surces and third parties, t the extent that they prvide us with yur details in accrdance with any regulatry requirements. Persnal data we cllect autmatically T the extent that yu access ur website r read r click n an frm us, where apprpriate and in accrdance with any lcal laws and requirements, we may als cllect yur data autmatically r thrugh yu prviding it t us. Fr mre infrmatin please click here. 2

3 SUPPLIER DATA We cllect Supplier persnal data in three ways: 1. Persnal data that we receive directly frm yu; 2. Persnal data that we receive frm ther surces; and 3. Persnal data that we cllect autmatically. Persnal data that we receive directly frm yu We will receive data directly frm yu in tw ways: Where yu cntact us practively, usually by phne r ; and/r Where we cntact yu, either by phne r r any ther frm f cmmunicatin. Persnal data we receive frm ther surces Where apprpriate and in accrdance with any lcal laws and requirements, we may seek mre infrmatin abut yu r yur rganisatin frm ther surces generally by way f due diligence r ther market intelligence including: Frm third party market research and by analysing nline and ffline media (which we may d urselves, r emply ther rganisatins t d fr us); and Frm ther limited surces and third parties. Persnal data we cllect autmatically T the extent that yu access ur website r read r click n an frm us, where apprpriate and in accrdance with any lcal laws and requirements, we may als cllect yur data autmatically r thrugh yu prviding it t us. Fr mre infrmatin please click here. WEBSITE USERS: When yu visit ur website there is certain infrmatin that we may autmatically cllect, whether r nt yu decide t use ur services. This includes yur IP address, the date and the times and frequency with which yu access the website and the way yu brwse its cntent. We will als cllect data frm yu when yu cntact us via ur website, fr example when yu submit a query. We cllect yur data autmatically via ckies, in line with ckie settings in yur brwser. If yu are als a Custmer f Brkgate, we may use data frm yur use f ur websites t enhance ther aspects f ur cmmunicatins with r service t yu. If yu wuld like t find ut mre abut ckies, including hw we use them and what chices are available t yu, please click here. HOW DO WE USE YOUR PERSONAL DATA? Having btained data abut yu, we then put it t gd use. CUSTOMER DATA: We use Custmer infrmatin fr: Trading Activities; Marketing Activities; and T help us t establish, exercise r defend legal claims. Here are sme mre details abut each: Trading Activities Belw are the varius ways in which we use yur data in rder t ensure the smth running f ur agreements and dealings with yu: Prcessing yur data in rder t carry ut anti-mney laundering and "Knw Yur Custmer" checks in accrdance with ur legal and regulatry bligatins; String yur details (and updating them when necessary) n ur database, s that we can cntact yu in relatin t ur relevant activities; and 3

4 Keeping recrds f ur cnversatins and meetings, s that we can prvide targeted services t yu and in rder t cmply with ur legal and regulatry bligatins. We may use yur persnal data fr these purpses if we deem this t be necessary fr ur legitimate interests. If yu wuld like t knw mre abut what this means, please click here. If yu are nt happy abut this, in certain circumstances yu have the right t bject and can find ut mre abut hw and when t d this here. Marketing Activities We may prcess yur data fr the purpse f targeting yu with apprpriate marketing campaigns. Subject t any applicable lcal laws and requirements, we will nly send yu marketing infrmatin when yu have cnsented t receive direct marketing infrmatin frm us. If yu are nt happy abut this, yu have the right t pt ut f receiving marketing materials frm us and can find ut mre abut hw t d s here. T help us t establish, exercise r defend legal claims In mre unusual circumstances, we may use yur persnal data t help us t establish, exercise r defend legal claims. SUPPLIER DATA: We will nly use yur infrmatin: T stre (and update when necessary) yur details n ur database, s that we can cntact yu in relatin t ur agreements r ur dealings with yu; T ffer services t yu r t btain supprt and services frm yu; T perfrm certain legal and regulatry bligatins, such as carrying ut anti-mney laundering and "Knw Yur Custmer" checks; Facilitating ur payrll and invicing prcesses T help us t target apprpriate marketing campaigns and In mre unusual circumstances, t help us t establish, exercise r defend legal claims. We may use yur persnal data fr these purpses if we deem this t be necessary fr ur legitimate interests. If yu want t knw mre abut what this means, please click here. We will nt, as a matter f curse, seek yur cnsent when sending marketing messages t a crprate pstal r address. If yu are nt happy abut this, in certain circumstances yu have the right t bject and can find ut mre abut hw t d s here. PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES, EMERGENCY CONTACTS AND DEPENDENTS: We will nly use the infrmatin abut yu fr the fllwing purpses: If a Jb Applicant r Staff member put yu dwn n ur frm as an emergency cntact, we will cntact yu in the case f an accident r emergency affecting them; r If yu were put dwn by a Jb Applicant as a referee, we will cntact yu in rder t take up a reference; r If yu were put dwn by a Staff member as a next f kin r dependent, we will stre yur persnal data t ensure the persnnel recrds f the Staff member are crrect and disclse yur infrmatin t the relevant benefits prvider. We may use yur persnal data fr these purpses if we deem this t be necessary fr ur legitimate interests. If yu wuld like t find ut mre abut what this means, please click here. 4

5 If yu are nt happy abut this, yu have the right t bject and can find ut mre abut hw t d s here. WEBSITE USERS: We use yur data t help us t imprve yur experience f using ur website, fr example by analysing yur recent search criteria t help us t present infrmatin t yu that we think yu will be interested in. If yu wuld like t find ut mre abut ckies, including hw we use them and what chices are available t yu, please click here. WHO DO WE SHARE YOUR PERSONAL DATA WITH? Where apprpriate and in accrdance with lcal laws and requirements, we may share yur persnal data, in varius ways and fr varius reasns, with the fllwing categries f peple: Any f ur grup cmpanies; Individuals and rganisatins wh hld infrmatin related t a Jb Applicant's reference r applicatin t wrk with us, such as current r prspective emplyers, educatrs and examining bdies and emplyment and recruitment agencies; Prspective emplyers (fr example, when prviding references); Tax, audit, regulatry bdies r ther authrities, when we believe in gd faith that the law r ther regulatin requires us t share this data (fr example, because f a request by a tax authrity, in cnnectin with any anticipated litigatin r in cmpliance with ur legal and regulatry bligatins); Third party service prviders (including Suppliers) wh perfrm functins n ur behalf (including benefit prviders such as pensin prviders, private medical insurance, dental insurance and childcare prviders, external cnsultants, business assciates and prfessinal advisers such as lawyers, auditrs and accuntants, transprt and distributin suppliers, technical supprt functins and IT cnsultants carrying ut testing and develpment wrk n ur business technlgy systems); Third party utsurced IT and dcument strage prviders where we have an apprpriate prcessing agreement (r similar prtectins) in place; Marketing technlgy platfrms and suppliers; In the case f Jb Applicants and their referees, we may share yur persnal data with third parties wh we have retained t prvide services such as reference, qualificatin and criminal cnvictins checks, t the extent that these checks are apprpriate and in accrdance with lcal laws; and If Brkgate merges with r is acquired by anther business r cmpany in the future, we may share yur persnal data with the new wners f the business r cmpany (and prvide yu with ntice f this disclsure). HOW DO WE SAFEGUARD YOUR PERSONAL DATA? We are cmmitted t taking all reasnable and apprpriate steps t prtect the persnal infrmatin that we hld frm misuse, lss, r unauthrised access. We d this by having in place a range f apprpriate technical and rganisatinal measures. These include measures t deal with any suspected data breach. If yu suspect any misuse r lss f r unauthrised access t yur persnal data please let us knw immediately by cntacting us at amanda.smith@brkgate.eu HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR? We will rdinarily prcess yur data thrughut the curse f ur interactins and will then generally retain it fr an apprpriate amunt f time after we have parted ways, depending n lcal law requirements and ur legitimate business and risk-management needs. The perids f time fr which we retain yur data will vary depending n the type f data in questin and any verarching legal, regulatry r risk-management requirements t retain it 5

6 fr certain minimum perids. We may, fr example, be required t retain certain data fr the purpses f tax reprting r respnding t tax queries. In ther instances, there may be sme ther legal, regulatry r risk-management requirements t retain data, including where certain data might be relevant t any ptential litigatin (bearing in mind relevant limitatin perids). In determining the apprpriate retentin perid fr varius types f persnal data, in additin t ensuring that we cmply with ur legal, regulatry and risk-management bligatins, we cnsider the amunt, nature, and sensitivity f the persnal data, the ptential risk f harm frm unauthrised use r disclsure f yur persnal data, the purpses fr which we need t prcess yur persnal data and whether we can achieve thse purpses thrugh ther means, and the applicable legal requirements. HOW CAN YOU ACCESS, AMEND OR TAKE BACK THE PERSONAL DATA THAT YOU HAVE GIVEN TO US? One f the GDPR's main bjectives is t prtect and clarify the rights f EU citizens and individuals in the EU with regards t data privacy. This means that yu retain varius rights in respect f yur data, even nce yu have given it t us. These are described in mre detail belw. T get in tuch abut these rights, please cntact us at amanda.smith@brgktae.eu. We will seek t deal with yur request withut undue delay, and in any event within ne mnth (subject t any extensins t which we are lawfully entitled). Please nte that we may keep a recrd f yur cmmunicatins t help us reslve any issues which yu raise. Right t bject: this right enables yu t bject t us prcessing yur persnal data where we d s fr ne f the fllwing fur reasns: (i) ur legitimate interests; (ii) t enable us t perfrm a task in the public interest r exercise fficial authrity; (iii) t send yu direct marketing materials; and (iv) fr scientific, histrical, research, r statistical purpses. The "legitimate interests" and "direct marketing" categries abve are the nes mst likely t apply. If yur bjectin relates t us prcessing yur persnal data because we deem it necessary fr ur legitimate interests, we must act n yur bjectin by ceasing the activity in questin unless: we can shw that we have cmpelling legitimate grunds fr prcessing which verrides yur interests; r we are prcessing yur data fr the establishment, exercise r defence f a legal claim. If yur bjectin relates t direct marketing, we must act n yur bjectin by ceasing this activity. Right t withdraw cnsent: Where we have btained yur cnsent t prcess yur persnal data fr certain activities, yu may withdraw this cnsent at any time and we will cease t carry ut the particular activity that yu previusly cnsented t unless we cnsider that there is an alternative reasn t justify ur cntinued prcessing f yur data fr this purpse in which case we will infrm yu f this cnditin. Data Subject Access Requests (DSAR): Yu may ask us t cnfirm what infrmatin we hld abut yu at any time, and request us t mdify, update r Delete such infrmatin. We may ask yu t verify yur identity and fr mre infrmatin abut yur request. If we prvide yu with access t the infrmatin we hld abut yu, we will nt charge yu fr this unless yur request is "manifestly unfunded r excessive". If yu request further cpies f this infrmatin frm us, we may charge yu a reasnable administrative cst where legally permissible. Where we are legally permitted t d s, we may refuse yur request. If we refuse yur request we will always tell yu the reasns fr ding s. Right t erasure: Yu have the right t request that we erase yur persnal data in certain circumstances. Nrmally, the infrmatin must meet ne f the fllwing criteria: 6

7 the data are n lnger necessary fr the purpse fr which we riginally cllected and/r prcessed them; where previusly given, yu have withdrawn yur cnsent t us prcessing yur data, and there is n ther valid reasn fr us t cntinue prcessing; the data has been prcessed unlawfully (i.e. in a manner which des nt cmply with the GDPR); it is necessary fr the data t be erased in rder fr us t cmply with ur legal bligatins as a data cntrller; r if we prcess the data because we believe it necessary t d s fr ur legitimate interests, yu bject t the prcessing and we are unable t demnstrate verriding legitimate grunds fr ur cntinued prcessing. We wuld nly be entitled t refuse t cmply with yur request fr erasure fr ne f the fllwing reasns: t exercise the right f freedm f expressin and infrmatin; t cmply with legal bligatins r fr the perfrmance f a public interest task r exercise f fficial authrity; fr public health reasns in the public interest; fr archival, research r statistical purpses; r t exercise r defend a legal claim. When cmplying with a valid request fr the erasure f data we will take all reasnably practicable steps t Delete the relevant data. Right t restrict prcessing: Yu have the right t request that we restrict ur prcessing f yur persnal data in certain circumstances. This means that we can nly cntinue t stre yur data and will nt be able t carry ut any further prcessing activities with it until either: (i) ne f the circumstances listed belw is reslved; (ii) yu cnsent; r (iii) further prcessing is necessary fr either the establishment, exercise r defence f legal claims, the prtectin f the rights f anther individual, r reasns f imprtant EU r Member State public interest. The circumstances in which yu are entitled t request that we restrict the prcessing f yur persnal data are: where yu dispute the accuracy f the persnal data that we are prcessing abut yu. In this case, ur prcessing f yur persnal data will be restricted fr the perid during which the accuracy f the data is verified; where yu bject t ur prcessing f yur persnal data fr ur legitimate interests. Here, yu can request that the data be restricted while we verify ur grunds fr prcessing yur persnal data; where ur prcessing f yur data is unlawful, but yu wuld prefer us t restrict ur prcessing f it rather than erasing it; and where we have n further need t prcess yur persnal data but yu require the data t establish, exercise, r defend legal claims. If we have shared yur persnal data with third parties, we will ntify them abut the restricted prcessing unless this is impssible r invlves disprprtinate effrt. We will, f curse, ntify yu befre lifting any restrictin n prcessing yur persnal data. Right t rectificatin: Yu als have the right t request that we rectify any inaccurate r incmplete persnal data that we hld abut yu. If we have shared this persnal data with third parties, we will ntify them abut the rectificatin unless this is impssible r invlves disprprtinate effrt. Where apprpriate, we will als tell yu which third parties we have disclsed the inaccurate r incmplete persnal data t. Where we think that it is reasnable fr us nt t cmply with yur request, we will explain ur reasns fr this decisin. 7

8 Right f data prtability: If yu wish, yu have the right t transfer yur persnal data between data cntrllers. In effect, this means that yu are able t transfer yur Brkgate accunt details t anther nline platfrm. T allw yu t d s, we will prvide yu with yur data in a cmmnly used machine-readable frmat that is passwrd-prtected s that yu can transfer the data t anther nline platfrm. Alternatively, we may directly transfer the data fr yu. This right f data prtability applies t: (i) persnal data that we prcess autmatically (i.e. withut any human interventin); (ii) persnal data prvided by yu; and (iii) persnal data that we prcess based n yur cnsent r in rder t fulfil a cntract. Right t ldge a cmplaint with a supervisry authrity: Yu als have the right t ldge a cmplaint with the Infrmatin Cmmissiner. The relevant cntact details are: Phne: casewrk@ic.rg.uk Live chat Pst: Infrmatin Cmmissiner's Office Wycliffe Huse Water Lane Wilmslw Cheshire SK9 5AF If yu wuld like t exercise any f these rights, r withdraw yur cnsent t the prcessing f yur persnal data (where cnsent is ur legal basis fr prcessing yur persnal data), please cntact amanda.smith@brkgate.eu. Please nte that we may keep a recrd f yur cmmunicatins t help us reslve any issues which yu raise. It is imprtant that the persnal infrmatin we hld abut yu is accurate and current. Please keep us infrmed if yur persnal infrmatin changes during the perid fr which we hld yur data. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA ON THE BROOKGATE WEBSITE? Brkgate is respnsible fr prcessing yur persnal data. It is lcated at Tw Statin Place, Cambridge CB1 2FP. If yu have any cmments r suggestins cncerning this Privacy Plicy please cntact amanda.smith@brkgate.eu. We take privacy seriusly and will get back t yu as sn as pssible. HOW DO WE STORE AND TRANSFER YOUR DATA INTERNATIONALLY? In rder t prvide yu with the best service and t carry ut the purpses described in this Privacy Plicy, yur data may be transferred: t third parties (such as regulatry authrities, advisers r ther Suppliers t the Brkgate business); t verseas Custmers; t Custmers within yur cuntry wh may, in turn, transfer yur data internatinally; t a clud-based strage prvider; and t ther third parties, as referred t here. We want t make sure that yur data are stred and transferred in a way which is secure. We will therefre nly transfer data utside f the Eurpean Ecnmic Area r EEA (i.e. the Member States f the Eurpean Unin, tgether with Nrway, Iceland and Liechtenstein) where it is cmpliant with data prtectin legislatin and the means f transfer prvides adequate safeguards in relatin t yur data, fr example: 8

9 by way f data transfer agreement, incrprating the current standard cntractual clauses adpted by the Eurpean Cmmissin fr the transfer f persnal data by data cntrllers in the EEA t data cntrllers and prcessrs in jurisdictins withut adequate data prtectin laws; r by signing up t the EU-U.S. Privacy Shield Framewrk fr the transfer f persnal data frm entities in the EU t entities in the United States f America r any equivalent agreement in respect f ther jurisdictins; r transferring yur data t a cuntry where there has been a finding f adequacy by the Eurpean Cmmissin in respect f that cuntry's levels f data prtectin via its legislatin; r where it is necessary fr the cnclusin r perfrmance f a cntract between urselves and a third party and the transfer is in yur interests fr the purpses f that cntract (fr example, if we need t transfer data utside the EEA in rder t meet ur bligatins under that cntract if yu are a Custmer f urs); r where yu have cnsented t the data transfer. T ensure that yur persnal infrmatin receives an adequate level f prtectin, we have put in place apprpriate prcedures with the third parties we share yur persnal data with t ensure that yur persnal infrmatin is treated by thse third parties in a way that is cnsistent with and which respects the law n data prtectin. COOKIES POLICY What's a ckie? A "ckie" is a piece f infrmatin that is stred n yur cmputer's hard drive and which recrds yur navigatin f a website s that, when yu revisit that website, it can present tailred ptins based n the infrmatin stred abut yur last visit. Ckies can als be used t analyse traffic and fr advertising and marketing purpses. Ckies are used by nearly all websites and d nt harm yur system. If yu want t check r change what types f ckies yu accept, this can usually be altered within yur brwser settings. Hw d we use ckies? We use ckies t d tw things: T track yur use f ur website. This enables us t understand hw yu use the site and track any patterns that emerge individually r frm larger grups. This helps us t develp and imprve ur website and services in respnse t what ur visitrs want and need. T help us advertise jbs, prducts r services t yu that we think yu will be interested in. Hpefully this means less time fr yu trawling thrugh endless pages and will get yu t the infrmatin yu want mre quickly. Ckies are either: Sessin ckies: these are nly stred n yur cmputer during yur web sessin and are autmatically deleted when yu clse yur brwser they usually stre an annymus sessin ID allwing yu t brwse a website withut having t lg in t each page but they d nt cllect any infrmatin frm yur cmputer; r Persistent ckies: a persistent ckie is stred as a file n yur cmputer and it remains there when yu clse yur web brwser. The ckie can be read by the website that created it when yu visit that website again. We use persistent ckies fr Ggle Analytics and fr persnalisatin (see belw). Ckies can als be categrised as fllws: Strictly necessary ckies: These ckies are essential t enable yu t use the site effectively, such as when applying fr a jb, and therefre cannt be turned ff. 9

10 Withut these ckies, the services available t yu n ur site cannt be prvided. These ckies d nt gather infrmatin abut yu that culd be used fr marketing r remembering where yu have been n the internet. Perfrmance ckies: These ckies enable us t mnitr and imprve the perfrmance f ur site. Fr example, they allw us t cunt visits, identify traffic surces and see which parts f the site are mst ppular. Functinality ckies: These ckies allw ur website t remember chices yu make (such as yur user name, language r the regin yu are in) and prvide enhanced features. Fr instance, we may be able t prvide yu with news r updates relevant t the services yu use. These ckies can als be used t remember changes yu have made t text size, fnt and ther parts f web pages that yu can custmise. They may als be used t prvide services yu have requested such as viewing a vide r cmmenting n a blg. The infrmatin these ckies cllect is usually annymised. Persnalisatin ckies: These ckies help us t advertise details f ptential services that we think may be f interest. These ckies are persistent (fr as lng as yu are registered with us) and mean that when yu lg in r return t the website, yu may see advertising fr services that are similar t services that yu have previusly brwsed. The table at Annex 1 lists the ckies we use in yur jurisdictin, why we use them and what types f ckies they are. OUR LEGAL BASES FOR PROCESSING YOUR DATA LEGITIMATE INTERESTS Article 6(1)(f) f the GDPR says that we can prcess yur data where it "is necessary fr the purpses f the legitimate interests pursued by [us] r by a third party, except where such interests are verridden by the interests r fundamental rights r freedms f [yu] which require prtectin f persnal data." Yu have the right t bject t us prcessing yur persnal data n this basis. If yu wuld like t knw mre abut hw t d s, please click here. CUSTOMER DATA: T ensure that we prvide yu with the best service pssible, we use and stre yur persnal data and/r the persnal data f individual cntacts at yur rganisatin as well as keeping recrds f ur cnversatins and meetings. We want t prvide yu with relevant infrmatin and articles t read which we believe yu may be interested in. We therefre think it's reasnable fr us t prcess yur data t make sure that we send yu the mst apprpriate cntent. We think this is reasnable we deem these uses f yur persnal data t be necessary fr ur legitimate interests in rder t carry ut ur business activities. We have t make sure ur business runs smthly, s that we can carry n prviding services. We therefre als need t use yur data fr ur internal administrative activities, such as invicing where relevant. We have ur wn bligatins under the law, which is a legitimate interest f urs t insist n meeting. If we believe in gd faith that it is necessary, we may therefre share yur data in cnnectin with crime detectin r tax cllectin. 10

11 CONSENT SUPPLIER DATA: We use and stre the persnal data f individuals within yur rganisatin in rder t facilitate the receipt f services frm yu as ne f ur Suppliers. Where yu are a sle trader, we als hld yur financial details, s that we can pay yu fr yur services. We deem all such activities t be necessary within the range f ur legitimate interests as a recipient f yur services. PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES AND EMERGENCY CONTACTS: If yu have been put dwn by a Jb Applicant r a member f Brkgate Staff as ne f their referees, we use yur persnal data in rder t cntact yu fr a reference. This is necessary fr ur legitimate interests as an rganisatin t ensure we appint the best applicants t jin Brkgate. If a Staff member has given us yur details as an emergency cntact, we will use these details t cntact yu in the case f an accident r emergency. We have a legitimate interest t stre this data and use it in apprpriate circumstances n behalf f ur Staff. If a Staff member has given us yur details as a dependent r a next f kin, we will use yur persnal data as apprpriate fr the purpse f benefits (e.g. death in service, private medical insurance r childcare funding) r emplyment rights (e.g. maternity r paternity leave r a flexible wrking request). We have a legitimate interest t stre this data and use it in apprpriate circumstances n behalf f ur Staff. In certain circumstances, we are required t btain yur cnsent t the prcessing f yur persnal data in relatin t certain activities. Depending n exactly what we are ding with yur infrmatin, this cnsent will be pt-in cnsent r sft pt-in cnsent. Article 4(11) f the GDPR states that (pt-in) cnsent is "any freely given, specific, infrmed and unambiguus indicatin f the data subject's wishes by which he r she, by a statement r by a clear affirmative actin, signifies agreement t the prcessing f persnal data relating t him r her." In plain language, this means that: yu have t give us yur cnsent freely, withut us putting yu under any type f pressure; yu have t knw what yu are cnsenting t s we'll make sure we give yu enugh infrmatin; yu shuld have cntrl ver which prcessing activities yu cnsent t and which yu d nt. and yu need t take psitive and affirmative actin in giving us yur cnsent we're likely t prvide a tick bx fr yu t check s that this requirement is met in a clear and unambiguus fashin. We will keep recrds f the cnsents that yu have given in this way. In sme cases, we will be able t rely n sft pt-in cnsent. We are allwed t market prducts r services t yu which are related t the services we prvide as lng as yu d nt actively pt-ut frm these cmmunicatins. As we have mentined, yu have the right t withdraw yur cnsent t these activities. Yu can d s at any time, and details f hw t d s can be fund here. LEGAL OBLIGATIONS We als have legal and regulatry bligatins that we need t cmply with. Article (6)(1)(c) f the GDPR states that we can prcess yur persnal data where this prcessing "is necessary fr cmpliance with a legal bligatin t which [we] are subject". 11

12 If we believe in gd faith that it is necessary, we may share yur data in cnnectin with crime detectin r tax cllectin. We als may share yur data with regulatry agencies r ther relevant bdies in rder t cmply with ur regulatry bligatins. We will keep recrds f yur persnal data (including persnal data cntained in cmmunicatins and calls) in accrdance with ur legal and regulatry bligatins. ESTABLISHING, EXERCISING OR DEFENDING LEGAL CLAIMS Smetimes it may be necessary fr us t prcess persnal data and, where apprpriate and in accrdance with lcal laws and requirements, sensitive persnal data, in cnnectin with exercising r defending legal claims. Article 9(2)(f) f the GDPR allws this where the prcessing "is necessary fr the establishment, exercise r defence f legal claims r whenever curts are acting in their judicial capacity". This may arise fr example where we need t take legal advice in relatin t legal prceedings r are required by law t preserve r disclse certain infrmatin as part f the legal prcess. 12

13 ANNEX 1 COOKIES LIST Ckie Name Purpse f the ckie Data cllected Hw this data is shared Duratin f ckie Ckie prvider Privacy Plicy DYNSRV Used fr lad balancing t manage server traffic demand This data cntains n persnally identifiable infrmatin Nt Shared Sessin Ckie (erased when the user clses the web brser) privacy-plicy Exp_csrf_tken Expressin Engine security tken This data cntains n persnally identifiable infrmatin Nt Shared 1 hur privacy Exp_last_activity Expressin Engine member data tracking This data cntains n persnally identifiable infrmatin Nt Shared 1 year privacy Exp_last_visit Expressin Engine member data tracking This data cntains n persnally identifiable infrmatin Nt Shared 1 year privacy Exp_tracker Expressin Engine member data tracking This data cntains n persnally identifiable infrmatin Nt Shared Sessin Ckie (erased when the user clses the web brser) privacy 13

14 Ckie Name Purpse f the ckie Data cllected Hw this data is shared Duratin f ckie Ckie prvider Privacy Plicy 14

15 GLOSSARY Custmers this categry cvers individual and crprate purchasers f Brkgate s gds r services, any ultimate beneficial wners r trust beneficiaries, any fficers r representatives f any crprate entity r intermediaries, directrs, members, sharehlders and ther beneficial wners f crprate entities. Delete it is virtually impssible t guarantee the permanent and irretrievable deletin f electrnic data. In additin, smetimes we may be bliged by law r regulatin, r need fr risk-management reasns, t retain the ability t access certain elements f persnal data. Hwever, nce persnal data reaches the end f its nminal retentin perid, r where we receive a valid request t erase it, we will put in place specific peratinal and systems measures t ensure that the data is "put beynd use". By this we mean that while the data will still technically exist n an archive system, we will ensure that it cannt be accessed by any f ur peratinal systems, prcesses r Staff. Only a very (and we mean exceptinally) small number f senir Staff, in very (and, again, we mean exceptinally) limited and carefully prescribed situatins, will be able t restre yur persnal data s that it can be viewed fr thse legitimate purpses. Once we are clear that all relevant legally mandated retentin perids have expired (which, fr present purpses, we expect t be the perid f seven years), we will g the additinal final step f undertaking a "hard delete", whereby nt even that very limited number f senir Staff wuld be able t restre yur persnal data. General Data Prtectin Regulatin (GDPR) a Eurpean Unin statutry instrument which aims t harmnise Eurpean data prtectin laws. It has an effective date f 25 May 2018, and any references t it shuld be cnstrued accrdingly t include any natinal legislatin implementing it. Jb Applicants includes applicants fr all rles advertised r prmted by Brkgate, including permanent, part-time and temprary psitins with Brkgate as well as peple wh have supplied a speculative CV t Brkgate nt in relatin t a specific jb. Other peple whse persnal data Brkgate may prcess these may include Brkgate Staff emergency cntacts and next f kin, referees and dependents fr the purpse f benefits (e.g. private medical insurance r childcare funding). It als includes referees prvided by Jb Applicants. Staff includes current and frmer emplyees and interns engaged directly in the business f Brkgate (r wh have accepted an ffer t be engaged) as well as ther wrkers currently r previusly engaged in the business f prviding services t Brkgate (even thugh they are nt classed as emplyees). Independent cntractrs and cnsultants perfrming services fr Brkgate fall within the definitin f a 'Supplier' fr the purpses f this Privacy Plicy. Suppliers refers t partnerships, cmpanies (including sle traders), third party service prviders (including administratrs and distributrs), and atypical wrkers such as independent cntractrs and freelance wrkers, wh prvide services t Brkgate. Fr the purpses f this Privacy Plicy, regulatry agencies and external bdies will be treated as Suppliers. Website Users any individual wh accesses the Brkgate website. 15

Similar documents
2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback