Data Protection and Processing Policy (Oct 8 2019 rev)

Purpose

The purpose of this policy is to outline the Company’s policy regarding the processing, protecting and maintaining of data, both of ACrew4U Limited employee’s and Client information.

We will hold and process personal data in accordance with the Data Protection Act, the General Data Protection Regulation (Regulation (EU) 2016/679) and any other applicable laws and regulations relating to the processing of personal data and privacy, including any applicable guidance and codes of practice issued by the Information Commissioner’s Office or any other relevant supervisory authority.

The purpose of which is to protect the rights and privacy of individuals, and to ensure that data about them are not processed without their knowledge.

Scope

The Act and subsequently this policy applies to electronic and paper records held in structured filing systems containing personal data. It also covers data held on all clients, employees and contractors of the Company.

For the purposes of this policy we are primarily concerned with personal data, which could fall under the Data Protection Act (DPA), the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and commercially sensitive data, which may not have legal repercussions under the DPA and GDPR but could have commercial consequences.

Description of processing

The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.

Reasons/purposes for processing information

We process personal information to enable us to provide a service to our clients; manage and support our employees, maintain our own accounts and records and to advertise and promote our services.

We never share information with third parties for marketing purposes.

Type/classes of information processed

We process information relevant to the above reasons/purposes. This may include:

  • personal details
  • family details
  • education and employment details
  • financial details
  • sales and marketing
  • goods and services

We also process sensitive classes of information that may include:

  • trade union membership

Website contact forms

When you complete one of the contact forms on our website, we will ask you for a number of pieces of personal information, such as your name, email address and other contact details. This is obviously required for us to respond to your request.

If you do not use or submit an online form on the website, no data will be collected in that regard.

Account logins

For some website functionality, we will need to create for you a user account that allows you to login to the site to ensure that only authorised individuals can access your data and that functionality. Examples include when you make an online purchase via the site, or when you have a role in administering or contributing towards the website content or updating your supplier or client account data. The purpose of these user accounts is to protect your personal data behind login security, and to protect the integrity of our site and the servers that run it.

Data collected will generally involve your name and email address (which doubles as username) as a minimum, but may include your postal address if it is required for online purchases.

If you do not register for an online account then no such data will be collected in this regard.

Technical data (such as ‘IP address’)

When you visit our website, our systems will log a record of your visit in our server logs, and typically this record will include the technical ‘IP’ address that is associated with your device and the browser type and version that you are using.

Such server logs are extremely common practice, and are used to monitor technical resources, monitor high-level server activity, and importantly to detect and prevent malicious or fraudulent activity on our systems. This data can also be used, if required, to diagnose reports of technical issues. The storage of IP addresses, allow us to identify patterns of behaviour (such as repeated malicious attempts to access a system).

IP addresses, in and of themselves, do not allow us in any way to identify you as an individual, especially given that it is very common for IP addresses to be dynamically allocated by your service provider, and will therefore often routinely change.

Furthermore, we do not and will not use the content of server access logs to attempt to determine an identifiable individual. We therefore do not consider that data held within server logs falls within the scope of ‘personal data’, and accordingly we do not seek your consent to collect it.

Cookies & ‘similar technologies’

We have included cookies, web beacons and similar technologies into one section because they all perform similar functions even if, from a technical perspective, they work slightly differently.

All of these technologies allow us to better understand how users are using our website and other related services. They can also be an essential part of providing certain online functionality. They are all essentially small data files placed on your computer (or other device) that allow us to tell when you have visited a particular page, or performed a particular action (such as clicking a particular button) on our website.

These technologies are used by most websites as they provide useful insight into how the services are being used, as well as improving speed, performance and security, and enabling us to improve our personalisation of your experience.

Cookies

These are small text files placed in the memory of your browser or device when you visit a website. Cookies allow a website to recognize a particular device or browser. There are several types of cookies:

Session cookies expire at the end of your browser session and allow us to link your actions during that particular browser session.

Persistent cookies are stored on your device in between browser sessions, allowing us to remember your preferences or actions across multiple sites.

First-party cookies are set by the site you are visiting.

Third-party cookies are set by a third party site separate from the site you are visiting.

There are a number of ways that you can influence how cookies are used on your particular device. Most commercial browsers (such as Chrome, Safari, Edge, Internet Explorer, Firefox etc) allow you to set preferences for whether to allow or block website cookies.

They will also provide tools that allow you to remove any cookies that have already been set. Using the ‘Help’ functionality of your browser, or an internet search, will help you to understand how to use these features for your particular browser.

Web beacons

Small graphic images (also known as “pixel tags” or “clear GIFs”) that may be included on our sites and services that typically work in conjunction with cookies to identify our users and user behaviour.

Website Analytics

We use Google Analytics to better understand what people look at on our website.

When people visit our site, information about their visit (such as which pages they look at, how long they spend on the site and so on) is sent in an anonymous form to Google Analytics (which is controlled by Google).

The data contains information about anyone who uses our website from your computer, and there is no way to identify individuals from the data.

We ensure that no personally identifiable information is ever contained within the data sent to our analytics providers, and we also perform a process which partially obscures your IP address information.

As analytics information is not personal data, we do not specifically ask for your prior consent.

Who the information is processed about

We process personal information about:

  • clients
  • prospective clients
  • suppliers and service providers
  • complainants
  • enquirers
  • professional advisers, consultants
  • employees

Who the information may be shared with

We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA), the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with

  • the person whose personal data we are processing
  • current, past or prospective employers
  • suppliers and services providers
  • business associates and professional advisers
  • financial organisations
  • credit reference agencies
  • debt collection and tracing agencies
  • educators and examining bodies
  • employment and recruitment agencies
  • central government

Crewing, Consulting and advisory services

Information is processed for Crewing, Consultancy and advisory services that are offered. For this reason the information processed may include name, contact details, family details, financial details, and the goods and services provided. This information may be about customers and clients. Where necessary this information is shared with the data subject themselves, business associates and other professional advisers, current, past or prospective employers and service providers.

CCTV for crime prevention

CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.

Transfers

It may sometimes be necessary to transfer personal information overseas. When this is needed any transfers made will be in full compliance with all aspects of the data protection act.

Sales and Marketing

We conduct all research into prospective clients from publicly available sources such as company websites or social media profiles.

We do not buy lists from third parties or transfer them to third parties.

We also maintain a database of clients and collaborators on a project where there is a customer relationship or details have been captured in the course of a negotiation for a sale or service, as we work on a repeat basis with many clients, and often the first client enquiry is not that which results in us working with a client.

Our marketing is targeted to particular profiles of people that have in the past been clients of the firm so under data protection legislation, we may believe we can demonstrate that we have a legitimate interest in using data for some marketing purposes.

For all segments of our database we have completed a Legitimate Interest Audit (LIA)

You always have a choice as to if you wish to not receive some or all marketing or sales related correspondence.

The Company and all staff are committed to fully complying with the principles set out in the Data Protection Acts.

Accordingly, all data will be:

  • fairly and lawfully processed;
  • processed for limited purposes and not in any manner incompatible with those purposes;
  • adequate, relevant and not excessive;
  • accurate;
  • not kept for longer than is necessary;
  • processed in line with the data subject’s rights;
  • secure; and
  • not transferred to countries without adequate protection.

Your Rights

Your personal data is protected by legal rights, which may include your right to:

object to our processing of your personal data;
request that your personal data is erased or corrected;
request access to your personal data.

For more information or to exercise your data protection rights please contact us in writing or email

NB – If you wish to request access to your personal data we are required to ask you to supply proof of your identity.

Our data protection contact email

Is [email protected]

You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.  For more information please visit: www.ico.org.uk