The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Directive (Directive 95/46/EC).
The General Data Protection Regulation builds on previous legislation but enhances privacy rights for individuals. The GDPR will apply in the UK from 25thMay 2018.
Despite the UK’s intention to leave the European Union in March 2019 the GDPR will still apply in accordance with the Information Commissioner’s Office (ICO) guidance to continue a similar level of regulation post March 2019 together with a new Data Protection Act.
This policy will outline:
The details of the Data Controller and how to contact the Data Protection Officer(DPO)
The types of personal data we collect and how we use it
Our purpose and legal basis for processing your data
How and when we share data
How and when we use your data for marketing purposes
Your rights to request your personal data and how to do so
How you can raise a complaint with the ICO
Who controls my personal data?
The Data Controller is People in Flow Ltd
People in Flow Ltd is a UK registered company 7918905
The registered address is Whiteleaf Business Centre, Little Balmer, Buckingham, Buckinghamshire, MK18 1TF.
The Data Controller’s representative is the Data Protection Officer (DPO)
You can contact the DPO by email firstname.lastname@example.org or call them on 01280 823702
Our purpose and legal basis for processing your data
We provide HR consulting, coaching and training of individuals and organisations more widely.
We collect the personal data of the following types of people:
Clients and prospective clients for our HR consultancy, coaching and training;
Individual contacts of our corporate clients and our suppliers;
Our employees, coaches, trainers, licensees and business connections.
What data will you give to us or will we collect from you?
You provide us with your personal data by filling in forms on www.peopleinflow.co.uk, by corresponding with us by phone, e-mail or otherwise, by subscribing to our services, sharing your details at meetings with us, attending our events, participating in discussion boards or other social media functions on our website or online, by entering a competition, promotion, or survey or by reporting a problem with our site or by voluntarily providing your personal information directly to us at any other time e.g. giving us your business card
The types of personal data we collect may vary according to its purpose, we typically collect information such as: your full name, telephone number, email address, postal address, and Curriculum Vitae. We will also record any other relevant professional or personal information.
Personal Data may also include links to professional sites such as LinkedIn, Twitter, or a corporate website
What are the purposes and legal bases for our processing?
We use information held about you in the following ways:
To carry out our obligations arising from any contracts we intend to enter or have entered between you and us and to provide you with the information, products, and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation
To provide you with information about other goods and services we offer that are like those that you have already purchased, been provided with, or enquired about
Our main legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation, and consent for specific uses of data
We will rely on contract if we are negotiating or have entered into an agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation
We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligation, for example, our statutory obligation as an employer
We will, in some circumstances, rely on consent for uses of your data and you will be asked for your express consent e.g. before sharing your details with a partner or as part of a media request
Our Legitimate Business Interests
To provide HR consulting, coaching, training and any of our other services to individuals, corporate clients and organisations
To manage employee and contractor relationships
To manage our corporate rights and obligations
Should we want or need to rely on consent to lawfully process your data we will request your consent, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this processing at any time
Other uses we will make of your data:
To notify you about changes to our services;
To ensure that content from our site is presented in the most effective manner for you and for your computer
To administer our site and for internal operations, including troubleshooting, security, data analysis, testing, research, statistical and survey purposes
To allow you to participate in interactive features of our service, when you choose to do so
To measure or understand the effectiveness of our advertising that we serve to you and others, and to deliver relevant advertising to you
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process
Who will have access to your data inside and outside of European Economic Area (EEA)?
We will share your personal information with selected third parties including:
Our data processors, licencees, franchisees, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter with them or you
We will not disclose your personal information to third parties except if we sell or buy any business or assets, in which case we may disclose some of your personal data to the prospective seller or buyer of such business or assets for due diligence or substantially all our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets
The lawful basis for the third-party processing will include:
Their own legitimate business interests in processing your personal data, in most cases to fulfil their contractual obligations to us
To fulfil their legal obligations
Will your data be used for marketing?
We will only send you information about our products and services that are relevant to you
We may send the communication in several ways including email, telephone, and post
When you register your details with us we will ask your preferences on receiving marketing communications, you also have the right to change your preferences at any time by phone or email
Where will we store and process your personal data?
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access
How long will we retain your data?
We understand our legal duty to retain accurate data that you are happy for us to retain and only retain personal data for as long as we need it for our legitimate business interests or to satisfy legal, accounting or reporting requirements. Accordingly, we have a data retention policy and run regular data routines to remove data that we no longer have a legitimate business interest in maintaining
We do the following to try to ensure our data is accurate:
We keep in touch with you, so you can let us know of changes to your personal data
We may archive part or all your personal data or retain it on our financial systems. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so
How safe is your data?
Appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
We use electronic safeguards including firewalls, anti-virus and anti-malware software to protect your data
Only authorised staff have access to personal data and are appropriately trained and supported by policies and procedures for handling personal data
What are your rights to your personal data?
You have the right to request copies of any personal data held by us.
To receive a copy of your personal data please send your written request to the Data Controller, Whiteleaf Business Centre, Little Balmer, Buckingham, Buckinghamshire, MK18 1TF.
We will provide you with a hard copy of your personal data held
You will not be charged for your personal data request
Your data will be returned within 40 days of receiving the request
We will require proof of identity
You also have the right to the following:
The right to prevent data being processed for direct marketing
The right to have inaccurate personal data rectified, erased, or destroyed
You have the right to make a complaint to a supervisory body, which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/
When the GDPR comes into force you will have the following additional rights, subject to the GDPR:
The right to object to processing that is likely to cause, or is causing damage or distress.
The right to object to decisions being taken by automatic means.
The right to have inaccurate personal data suppressed, rectified, blocked, erased, or destroyed.
You can enforce these rights by contacting the Data Controller.
What are cookies?
Cookies are files which contain a small amount of information. Cookies are stored on the browser or hard drive of your computer or device.
What type of cookies do we use?
Cookies can be in the form of session cookies or persistent cookies. Session cookies are deleted from your computer or device when you close your web-browser. Persistent cookies will remain stored on your computer or device until deleted or until they reach their expiry date. We use the following cookies:
- Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors to our website and to see how visitors move around when they are using it. This helps us to improve the way our website works, for example, by ensuring that users find what they are looking for easily.
- Functionality cookies. These cookies are used to recognise you when you return to our website. This enables us to personalise our content for you, such as greeting you by name and remembering your preferences. It also allows for live chat support during your browsing experience.
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. These cookies allow you to share and send information to other websites.
What kind of information do we collect by using cookies?
When you visit our website, we may automatically collect the following types of information from you: Your internet protocol (IP) address, your login information, time zone setting, operating system and platform, information about your visits including the URL you came from, your country, the search terms you used in our website, pages you viewed or searched, page response times and download errors.
How do you block cookies?
We may update this policy from time to time. Changes in technology, legislation and authorities’ guidance may require us to inform you of the activities we undertake where it affects your privacy rights. You should check this page occasionally to ensure you are familiar with any changes.