Data controller: KeystoneHR Consultancy Ltd (KeystoneHR)
Contact: Jo Kangurs (firstname.lastname@example.org)
As part of the provision of HR consultancy advice and training, KeystoneHRcollects and processes personal data relating to employers and employees and is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations under GDPR. This policy applies to information we collect about:
- Visitors to our website
- People who do business with us or register for our service
- Professional contacts and suppliers of services to us or our clients.
What personal data do we collect?
When you do business with us, become a client of ours or subscribe to our blogsand newsletters we collect some or all of the following personal information from you:
- Your name, title, postal address and contact details, including email address and telephone number
- any information relevant to the matter, upon which we are being asked to provide guidance and support or training as part of our agreement with you. This may sometimes include particularly sensitive personal data, for example, data relating to health conditions, disability or protected characteristics as defined in the Equal Opportunities Act 2010.
When you do business with us as a service provider we collect some or all of the following personal information from you:
- your name, title ad business contact information including addresses, telephone numbers and email addresses
- details relating to the performance of the contract between us, including financial information and bank details for payment.
Why do we process your personal data? We gather this information from you as our client to allow us to:
- Provide the services required [Performance of the Contract]
- Improve the quality of those services [Performance of the Contract]
- Keep you updated as to information which you may find of interest [Legitimate interest]
- Maintain our records for administrative purposes [Legitimate interest]
- Comply with our statutory or regulatory obligations [Statutory obligation]
From time to time we may also wish to provide you with information about our services we think may be of interest to you. Any marketing and service information sent to you will contact an opt out ‘unsubscribe’ option that you can select at any time to be removed from our mailing list.
When you visit our website
Like most website operators, we may collect non personally identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, IP address, and the date ad time of each visitor. The purpose of collecting this information is to better understand how you use our website. We may use software tools to measure and collect session information , and use his information to understand your needs and provide you with a better service.
Who has access to your personal data?
We will not share your personal data unless:
- We are required by law for example with HM Revenue and Customs and other authorities based in the UK.
- We have a legitimate reason to share with professional advisers for example with accountants, insurers or our IT provider in the proper performance of their contract with us.
- We have your express consent, for example to take additional advice from suppliers of employment law services or to act on your behalf in line with our agreement to deliver the services you require.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law and only process your personal data for the specified purposes and in accordance with instructions and their duty of confidentiality.We will not transfer your data outside of the European Economic Areas (EEA)unless there are specific circumstances where this is the performance of our contract with you. In such cases if the information provided may be transferred to countries that do not have similar protections in place regarding your data and restrictions on its use as set out in this policy, we will take steps to ensure adequate protections are in place to ensure the security of your information in such circumstances. By submitting your information, you consent to these transfers for the purposes specified above.
For how long do we keep data?
We will keep the personal data during any ongoing agreement with you and for 7 years thereafter for the legal and legitimate reasons of retaining identify, contact, business and financial records of work undertaken by us and incase of any query or claim.
How do we protect personal data?
We take the security of your data seriously and have put in place reasonable technological and security procedures in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by KeystoneHR in the proper performance of our duties. This includes:
- Enabled firewalls and virus protection
- Data encryption
- Password protection systems
- The anonymisation of personal data as appropriate
Our security and privacy policies are regularly reviewed.
Under the General Data Protection Regulation (‘GDPR’) and the Data Protection Act 2018 (the ‘2018 Act’) you have a number of rights with regard to your personal data:You have the right:
- to access and obtain a copy of the information we hold on your on request. We will aim to respond within one month, unless the request is particularly complex in which case it may take longer and we will keep you informed in this regard. If the request is unfounded or excessive we may reuse to comply with the request or if additional copies are required, we may make a reasonable charge.
- to require us to change incorrect or incomplete data; We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided to us changes, for example if you change your email or postal address, please let us know the correct details as soon as possible.
- to require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- to object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact email@example.comIf you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.
By submitting your information, you consent to the use of that information as set out in this policy.