For the purpose of the DPA and GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to Sandra Berns at our address Centric HR Limited, Hawkesyard Hall, Armitage Lane, Armitage, Staffordshire WS15 1PU.
Data protection principles
In relation to your personal or company data, we will:
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for reasons that we find proper for the course of our dealings with you
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it in a way that ensures it will not be used for anything that you are not aware of or have not consented to, lost or destroyed.
Types of data we process
We hold only the data about you that you provide in your enquiry form, including, your personal details including your name, company address (home if this is where you work or have provided this to us as part of your enquiry), email address, phone numbers.
How we collect your data
We collect data about you in a variety of ways and this will usually start when you provide us with your data to make an enquiry for our services. Personal data that you give to us on our enquiry forms is kept in cloud-based files within the Company’s HR and IT systems.
Information we collect and why we process your data
The law on data protection allows us to process your data for certain reasons only:
- to perform the contract that we are party to
- to carry out legally required duties
- for us to carry out our legitimate interests
- to protect your interests and
- where something is done in the public interest
- where we have obtained your consent.
We will collect personal data on this Website only if it is directly provided to us by you, the user, e.g., your e-mail address, name, home or work address and telephone number, and therefore has been provided by you with your consent. Normally you will only provide such details if you wish to sign up for our free e-newsletter, make an enquiry about our services or are making a purchase from us. All the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on the first three reasons set out above to process your data. For example, we need to collect your personal data to respond to the queries you have raised with us and to enable us to respond to you or to carry out the contract that we have entered with you.
Special categories of data
- Special categories of data are data relating to your Health, sex life, sexual orientation, Race, ethnic origin,
- political opinion, Religion, trade union membership, genetic and biometric data. If you are making a general enquiry, we will not ask you to provide and special category data as we do not need to have this information.
Use of your information
We may hold and process personal data that you provide to us in accordance with the DPA and GDPR. The information that we collect and store relating to you is primarily used to enable us to provide our services to you and to meet our contractual commitments to you. In addition, we may use the information for the following purposes:
- To notify you about any changes to our website, such as improvements or service/product changes, that may affect our service.
- If you are an existing customer, we may contact you with information about goods and services similar to those that were the subject of a previous sale or contractual agreement provided to you.
- Where you have consented to receive such information, to provide information on other parties’ products or services that we feel may be of interest to you.
- Where you have consented to receive our e-newsletters, from time to time to provide that to you.
We work with third party partners who provide our marketing services and we may share your data with them in the interests of providing you with information for the services we offer. This might include marketing materials, fact sheets or other useful information to help you run your business effectively. Our partners are aware of their responsibilities in keeping data safe and their responsibilities to ensure the GDPR principles are adhered to. We will only use your data for these purposes and we will check with you regularly to ensure you still wish for us to hold your data. You can tell us at any time if you would like us to delete the data and we will do so.
Disclosure of your information
We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk. Where you have consented for us to do so, we may provide your data to selected third parties who may contact you about their goods or services that you may be interested in. If you do not want us to use your data for our or third parties’ use, you must inform us of this by writing to us at centric HR Limited, Hawkesyard Hall, Armitage Lane, Rugeley, Staffs WS15 1PU, or sending us an email to firstname.lastname@example.org at any time.
Where we store and transfer your data
As part of the services offered to you, for example through our Website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g., our website server host, or work for us when temporarily outside of the EEA.
We do not ask for special category or sensitive personal data, such as race, religion, or political affiliations, without your explicit consent as we have no requirement for this data.
Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
You have the right to opt out of our processing your personal data for marketing purposes by contacting us at email@example.com.
Security of your data
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access where these are possible.
How long we keep your data for
In line with data protection principles, we only keep your data for as long as we need it for or how long you permit us to have it. Retention periods can vary depending on why we have your data, as set out in our Data Retention Policy.
Third party links
You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them. If you click on one of the links any liabilities from that point will be the responsibility of the third party.
Automated decision making
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. You can read more about this in our subject access request policy which is available from the Data Protection Officer.
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
- the right to restrict the processing of the data. For example, if you believe the data, we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
- the right to portability. You may transfer the data that we hold on you for your own purposes
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
- the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact the Data Protection Officer on firstname.lastname@example.org.
Making a complaint
The supervisory authority in the UK for data protection matters is the Information Commissioner’s Office (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.
Changes to this privacy notice
We may update this policy to reflect changes to the website and customer feedback. Please regularly review this policy to be informed of how we are protecting your personal data.
Version number: January 2021
Review Date: 3 years from publication or sooner if legislation changes.
Person responsible: Data Protection Officer