1 Contact details
2 Types of Personal Data we collect
We currently collect and process the following information:
- Any personal details you provide (such as name, address, date of birth, nationality, gender, e-mail address, business or personal address, phone number, education/employment history, interests, National Insurance number, or bank details) when working with Webalytix (employees and customers), applying for a job, visiting Webalytix premises or online, or making an enquiry about our services.
- Employment references – given/received, employee appraisal information, renumeration (pay/bonus), and pensions information.
- Identification data, for example passport/driving license and right to work checks
- Profile information, this includes username and passwords, IP addresses of devices and preferences
- CCTV security recordings
- Information that is publicly available
- Data collated from participation in surveys, promotions or competitions
- Information you provide to us by email, letter, telephone, social media, via our websites or in person
- Data collected to verify a Subject Access Request
- Customer/client payment details required for processing payments for work completed by Webalytix
- Personal details you choose to give when corresponding with us by phone, email, online or in person
- Information about your permissions, consents and preferences (e.g. website users stats, cookie data, clickstream data, browsing history, communications, responses and opt-outs to direct marketing).
- Third-party data covering personal data such as names, addresses, ages, dates of birth, emails, telephone numbers, transactional data, lifestyle, interests, financial, property and demographic data.
4 How we get your personal data and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- To provide you with services you have requested.
- To provide you a good Site experience.
- To verify your identity
- To provide you an interview or employment
- To submit an enquiry, job application, brief or order, subject access request or complaint.
We also receive personal information indirectly, from the following sources:
- Publicly available data
- Third party data providers
- Job sites such as CVL or LinkedIn
- Client and commercial partner’s customer data
We use this information in the following ways:
- To operate our business, provide your requested services and process payments for these services.
- To verify your identity and deal with your enquiry, job application, offer of employment, project brief, order, or complaint.
- In the performance of a contract as your employer, so that we meet our legal employer obligations and the requirements of employment law.
- To fulfil our legal obligation for business accounting, payroll, and tax purposes.
- To provide you with information about our services and any changes to those services. Any marketing email that you receive from us will allow you to unsubscribe to further email promotions.
- To contact you in connection with research and use any information you choose to submit in response.
- To administer our Site and ensure that our Site is presented in an effective manner for your device.
- For internal business/technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep our Site secure.
- On an aggregate basis, to understand how individuals collectively use the features of our Site.
- For profiling and analysis purposes, developing products & services, marketing, research, & updating and correcting databases.
- To provide the third party and publicly available data to reputable organisations, to use it for insight, sales & marketing activity to promote offers from charities, utilities, retail, travel, leisure, insurance, finance, real estate, telecoms, home improvements, health, automotive, legal, media services or local and national government. The data may be used to send relevant marketing, personalise content or advertising or enhance products and services or other communications using profiling analysis.
- For the purpose of identity verification, credit and risk management, revenue collection, database verification and enhancement. We may also supply your data to the above sectors via agencies/brokers.
- To protect against fraud, identity theft, and other unlawful activity and establish or exercise any legal rights or claims.
We may share this information with other marketing agencies or businesses.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting email@example.com
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We need it to perform a public task.
(e) We have a legitimate interest.
5 Disclosure of your personal data
We may share your personal data with third parties in the following situations:
- We may disclose your personal data to our employees and agents to the extent necessary to provide you with the services you have requested.
- We may disclose your personal data when completing an employment reference that you have requested.
- We may make your personal data available to selected third parties who act on our behalf to support our operations (for example card processing or payment services (see the section below headed ‘Payment Information’) and credit reference agencies to protect against possible fraud, subject to appropriate contractual protections in accordance with applicable law.
- We may share your personal data with selected third parties for insight, analysis, research and marketing purposes. The data we share is third party consented data and/or publicly available data.
- Our IT suppliers and contractors (e.g. data hosting providers or delivery partners) who may need to have access to your personal data to provide IT support and enable us to provide products and services, subject to appropriate contractual protections in accordance with applicable law.
- If we sell or transfer all, or any portion, of our business or our company assets to any third party, personal data held by us from you may be one of the transferred assets.
- To protect us or contractors against loss or damage (including without limitation, exchanging information with the police, courts or law enforcement organisations).
- To the extent necessary to establish, exercise or defend legal rights or claims, or for the purposes of investigating actual or suspected unlawful activity.
Before we share your data with third parties, we will complete due diligence of the company and ensure the necessary written agreements are in place to ensure the data is processed in line with the latest data protection regulation to safeguard the data.
6 How we store your personal information
We take the security of our clients’ data very seriously and we use appropriate measures to protect all personal information collected in a secure, controlled environment consistent with GDPR legislation. The personal data that we collect from you is stored on UK based servers. The transmission of personal information is completed through secure encrypted data transfer systems.
7 Data Retention
The retention timescales are set out in our data retention policy. In summary we keep the data for the time periods detailed below, after which we will then delete the data:
- Client data projects – 2 years after working with the client
- Customer/prospect enquiries – 2 years from date of last correspondence
- Recruitment data – 1 year from date of application
- Personnel, pension, salary and sick pay – 6 years after employment ceases/date of redundancy
- Right to work checks – 2 years after employment ceases/date of redundancy
- Income tax and NI records and correspondence with HMRC – 3 years
- National minimum wage records – 3 years after the end of the pay reference period
- Statutory Maternity/Paternity/Shared Pay/Leave – 3 years from the end of the tax year they relate to
- Medical records – 40 years from the date of last entry
- Third party data – delete in line with agreed contractual agreements
- Subject Access requests – delete after 1 year following completion of request
8 Your Data Protection Rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at firstname.lastname@example.org if you wish to make a request.
10 How to complain or contact us
You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk