At som3 we may collect personal data from our interested parties for legitimate business reasons. At times we may act as data controller e.g. when processing internal staff contracts and at others data processor e.g. when fulfilling customer requirements. We will not use this data for any other reason than that it was collected for and we will not keep it for longer than we need it as set out below.
We may contact you from time to time or send you information in connection with our business, but we respect and protect your privacy by the use of information security controls. This statement confirms our approach to personal data and how we will comply with the GDPR and the Data Protection Act 2018.
Information we may collect from you
Information you give us:
You may provide personal information to us by filling in forms on our web site, corresponding with us by phone, e-mail or post, or by signing contracts with us. This may include your name, address, e-mail address, phone number and other details relevant to you specifically.
Information we may receive about you.
Third party companies that have a contractual relationship with you may provide your personal contact information to allow us to deliver services involving you on their behalf.
Information we collect about you.
When you visit our web site or portals we may automatically collect the following information:
(i) technical information, including the IP address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
(ii) information about your visit, including the URL clickstream to, through and from our site; products and services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information and methods used to browse away from the page.
What we use the information for
Information you give to us
We will use this information:
(i) to respond to any enquiries you make regarding our services or requests made to supply you with marketing literature
(ii) to carry out our contractual obligations on contracts between us and to provide you with the information and services that you request from us
(iii) to carry out our regulatory obligations;
(iv) to provide you with information about our other existing and new services
(v) to notify you about changes to our service; and
(vi) to ensure that content from our web site is presented in the most effective manner for you and for your computer.
Information we collect about you.
We will use this information:
(i) to administer our web site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(ii) to improve our web site to ensure that content is presented in the most effective manner for you and for your computer;
(iii) as part of our efforts to keep our web site safe and secure;
(iv) to make suggestions and recommendations to you and other users of our web site about services that may interest you or them.
Disclosure of your information
We may share your information with selected third parties including:
(a) Employees and partners to deal with accounts and services provided by us;
(b) If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
(c) Analytics and search engine providers that assist us in the improvement and optimisation of our web site;
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of som3 or our users. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work on our behalf. Such staff maybe engaged in, amongst other things, the provision of services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement and relevant UK legislation.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our web site; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to ensure its protection.
How long we retain your personal information
This Privacy Statement provides the governance of internal & external personal data records held and processed by som3 on its systems and networks, and takes into consideration legal requirements and best practice approach. Paper records are also included. For ease of management it is the Company’s policy that when personal data is gathered that unless there is a statutory or legal basis to delete it earlier/retain it for longer, it will be held securely and deleted after 6yrs plus current year following the end of its use e.g. deleting employee records 7 years after an employee’s employment ceases or deleting customer records 7 years after a customer relationship ends. This does not preclude the deletion of personal data earlier where legal retention is not required based on business decisions or an opt-out request has been received (where applicable). Retention of data within the scope of this Privacy Statement enables us to service any contract and maintain our legal records.
- A variety of methods may be used to delete personal data including manual deletion (scheduled via automated reminders), system scripts, recycling/shredding/disposal of paper documents and disposal of old/faulty company devices
- The Company’s Directors will instruct process owners annually to review the personal data they are responsible for and to delete/dispose of it in line with this policy.
- It is expected that external suppliers will have their own data retention policies and will apply these to personal data held by them.
- Where personal data is held by suppliers and third parties, where relevant they will be notified of the requirement to delete it
- Where the Company is aware that an employee has personal user credentials for third party systems and portals, it shall remove where possible or request removal of these user profiles when the employee leaves the Company
- Collective data sets which include personal data of many people e.g. lists of names, roles & salaries collected for statistical analysis may be retained after employees leave
- Where non-sensitive personal data is captured on an incidental basis on records and reports e.g. an email where an employee’s email address is captured on the email’s distribution list, these records will not be deleted as they are considered incidental. The definition of incidental is when records note where people have done something for the business as part of a process or service rather than being a record about them.
- The reason incidental records are not deleted is because the amount of effort to track down and delete them would be a disproportionate to the risk to the individual of retaining them and due to system limitations. This does not apply to emails specifically about a person or containing sensitive personal data
- All electronic archives and back-ups within the business are overwritten within the 6 years + current year due to the re-use of media. Paper records e.g. Finance records are subject to this Privacy Statement and are manually deleted/destroyed within 6 years + current year.
- All Employees are urged to save all work and works in progress on the Company network rather than on their desktop for security reasons and to ensure personal data is not put at risk. It is noted however that hard disk drives on Company desktops and laptops are encrypted
Where you have opted to receive communications from us outside of a business contract, your personal information will be retained for 6 years from the date you opted in; at which point we will re-contact you to reconfirm permissions. You will be able to unsubscribe at any point you choose by clicking the subscription link at the foot of any of our emails or by emailing firstname.lastname@example.org
You have the right to select how we use your personal data for marketing purposes. You can exercise this right by checking certain boxes on the forms we use to collect your data. You can exercise your right to change your preferences or opt-out completely at any time by contacting us at email@example.com or by unsubscribing through any online content we send you.
Our web site may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The General Data Protection Regulation gives you the right to access information held about you at any time and to view, modify, alter or withdraw it if required in permissible circumstances. Your right of access can be exercised in accordance with the GDPR by emailing firstname.lastname@example.org including:
The type of data subject request
- Information access
- Objection to processing
- Objection to automated decision-making and profiling (currently not applicable)
- Restriction of processing
- Data portability
- Data rectification
- Data erasure
- Last name
- First name
- Maiden or former names
- Current address
- Daytime phone number
- Mobile phone number
Changes to our privacy statement
Any changes we make to this privacy statement will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this privacy statement.
Any questions or suggested editions to this privacy statement are welcomed. Please send them to email@example.com or addressed to som3 Recruitment Ltd, Cranford House, 1 Knutsford Business Park, Cranford Road, Knutsford, Cheshire WA16 8ZR