Useful Simple Ltd is committed to ensuring that your privacy and your personal data is protected. We care about how your personal data is used and will only collect and use personal data in the ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
What is Personal Data?
“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. “Special categories of personal data” refers to data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).
What are my rights?
Under the General Data Protection Regulation (GDPR), you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
- The right to access the personal data we hold about you. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us directly, or we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
What personal data do we collect?
Visitors to our websites
When someone visits:
We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.
The only Cookies used on our website are to enhance user experience. Cookies help us provide you with a better website. Information about your preferences is stored on our web hosting provider Linode. The Cookies used do not give us access to your computer or any information about you.
Please note that any links or embedded materials which lead you to another website means that you are no longer protected by our Privacy Notice.
All the information you provide during the recruitment process will only be used for progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide with any third party or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. If you are unsuccessful, then your information will be deleted from our electronic records after 6 months and any hard copies destroyed. If you are successful, then the information that you provided during the application process will be kept for 7 years. This information will be kept on our secure Human Resources database and in secure cabinets which can only be accessed by staff members dedicated to this function.
We do not use any form of automated decision-making process.
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it.
All employees are given our Data Protection Policy on their first day and asked to sign a consent form for the use of their personal data. This policy provides details of the information that we collect, how it is processed and with whom it is shared. It also provides details of our data retention policy.
In the performance of our contract with you, it is necessary to use Data Processors. This allows us to run an efficient payroll process, for example, or to provide you with the benefits to which you are entitled. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it.
Clients and business contacts
We keep a database of our current contacts, people that we have done business with, and potential clients. This information is held on our CRM (Customer relationship management) system which is hosted by Really Simple Systems (RSS). Our interaction with RSS is governed by a third-party contract which ensures that your data is kept in a secure GDPR compliant environment. We do not use any contact details for mass marketing purposes and only keep details for as long as there is a legitimate reason for doing so. In any case, every two years, we carry out a data cleansing exercise to make sure that we do not hold any unnecessary data.
This Privacy Notice is part of a company-wide Data Protection Policy which outlines the physical, electronic, procedural and managerial processes which we have put in place to protect your data and to align ourselves with the GDPR. We are also proved to have achieved Cyber Essentials certification.
We only store your personal details in the UK.
If your personal data needs to be transferred, for the performance of a contract, then we will enter into a third-party agreement if the country that it is being transferred to is outside the European Union.
Where we transfer your personal data within the European Economic Area, your personal data will be fully protected under the GDPR or to equivalent standards by law.
We keep our Data Protection Policy and Privacy Notice under regular review. This policy was last updated on 22 May 2018.
Ed McCann, Senior Director, Useful Simple Limited
Data Controller: USL
Data Protection Officer: Tom Hull