Who are we?
We collect, store and process personal data that you have provided to us or which we are able to automatically generate from other sources, such as RLDatix. We also use public sources of personal data such as professional registration lists and other publicly available information linked to individuals and their organisation (for example website and IP addresses and any connected social media accounts). We use personal data to enable RLDatix (or its group companies, where applicable) to (i) check your identity and validate that you are entitled to use its products and services; (ii) provide our products and services to you; (iii) identify persons who have expressed an interest in our products and services, and (iv) tailor our communications to you.
We also collect, store and process data relating to your use of our products and services which we may then use for statistical, research, business and product development purposes.
The types of personal data we collect include personal details such as name, date of birth, telephone number, email and address and (depending upon the product or service we are providing) could include information about your employer, qualifications, professional registration, availability for work, work obtained and details of any transactions made via our products and services as well other information you provide to us and any contact that we have with you.
We use various technologies, which may include “cookie” technology, to gather information from our website visitors such as pages visited and how often they are visited, and to enable certain features on this website. “Cookies” are small text files that may be placed on your computer when you visit a website or click on a URL. Cookies may include “single-session cookies” which generally record information during only a single visit to a website and then are erased, and “persistent” cookies, which are generally stored on a computer unless or until they are deleted or are set to expire. You can delete and block cookies if you wish. Find out how to delete cookies here: http://www.whatarecookies.com/delete.asp
We also use Google analytics tools to understand how our website is being used in order to improve user experience as well as Google AdWords tools to provide us with statistics relating to the use of our website and show you advertisements for our products and services which we think may be of interest to you as you browse other websites. User data is all anonymous. You can find out more about Google’s position on privacy as regards its analytics service at http://www.google.co.uk/intl/en/analytics/privacyoverview.html and about ads settings at https://www.google.com/settings/ads.
Monitoring and Sharing of Personal Data
We do not ordinarily share personal data or disclose it to other organisations (other than our group companies), unless the nature of our products and/or services requires us to do that or we are required to do so by law. For example, use of our RLDatix Me app requires the sharing of data with third party employer organisations. We also use the services of marketing companies to help us engage with and communicate with you (see Section 15).
Overseas transfers of Personal Data
Ordinarily we collect, process and store personal data in the UK or within the EEA (usually as part of our operations in Ireland). However, we reserve the right to do so (i) anywhere within the EEA (and, if legally permitted, to continue to do so following any withdrawal of the UK from the EU) and (ii)where personal data has been collected in any of the other countries in which we operate (see Section 21), to do so there.
Similarly, we reserve the right to collect, process and store personal data (i) in any country which has been assessed by the appropriate regulatory authority as providing necessary protection for the rights of data subjects in connection with the processing of their personal data, or (ii) in other countries where we have taken steps to ensure that the transfer of personal data is in line with the UK data protection requirements and will be protected and treated securely. Note that organisations outside of the EEA may be required to provide personal data to foreign authorities.
Retention of Personal Data
We will retain personal data for so long as it is needed for us to provide our products and services to you or to communicate with you as agreed by you. We will also retain personal data for so long as we consider it necessary for the purposes of complying with any of our legal or contractual obligations, including those relating to our statutory and regulatory obligations and our financial, business or tax affairs.
After termination of any service being provided to you we will (if you request us to, in writing) delete your personal data held by us, except for that which we consider is necessary to retain for business or regulatory purposes.
If you or we terminate any service, you agree that we will not be obliged to retain any or all of the personal data and we may delete it from our systems at any time.
Our legal basis for using Personal Data
We use personal data in order to provide you with products, services and information. In entering into any contract with us you have agreed that we may use your personal data to set up and provide the services requested, share your personal data, monitor your use of the services and to communicate with you with regard to such services and associated services.
We may also use personal data in order to comply with our legal obligations and/or where we have a legitimate business interest in doing so. We may also use personal data in other ways but only if you agree to this.
Marketing of Products and Services
We may wish to use personal data to provide you with information from time to time about products and services (including third party products and services) which we think may be of interest to you, where legally permitted or if you have agreed that we may do so. We engage marketing companies to help us do this and we use our and their tools to help us track your engagement with us and monitor our marketing campaigns.
Withdrawal of consent to process Personal Data
If you wish to withdraw your consent to our processing of your personal data, you may do so at any time by writing to us at the address set out in paragraph 2 and, where applicable, terminating your licence to use RLDatix. To withdraw from marketing communications, you may follow the “unsubscribe” process detailed within our communications to you, instead.
Use of non-personal data
We reserve the right to anonymise or pseudonymise all or any data so that it no longer constitutes personal data, in which case we shall be entitled to use and commercially exploit such data for any purpose including but not limited to statistical, research, business and product development purposes. Our rights to do this shall continue both during and after termination or expiry of any contract with you for any service.
How to make a complaint
We always work hard to treat our customers fairly and hope that you will not experience any reason to make a complaint about the way in which we have collected, stored or processed any of your personal data. However, if you do wish to make a complaint please write to us, in the first instance, at the address set out in paragraph 2 and we will endeavour to resolve the matter.
In the United Kingdom, you are also entitled to raise any privacy-related concerns with the independent authority set up to uphold information rights in the public interest, known as the Information Commissioner’s office. You can find details of how to do this at https://ico.org.uk/for-the-public/raising-concerns/.
YOUR STATUTORY RIGHTS
In the UK, you are able to obtain information about your statutory rights as a data subject under the Data Protection Act 1998 from the Information Commissioner’s office at www.ico.org.uk. Your statutory rights will be affected by the coming into force of new legislation, known as the EU General Data Protection Regulation (GDPR) on 25 May 2018. The following is a summary of your rights as a data subject which will apply once the GDPR comes into force. Further detail can be obtained at https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/
Right of access – You have the right to obtain:
confirmation that your data is being processed;
access to your personal data
Right to rectification – You are entitled to have personal data rectified if it is inaccurate or incomplete.
Right to erasure – (sometimes referred to as ‘the right to be forgotten’). The broad principle underpinning this right is to enable you to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.
Right to restrict processing – You are entitled to restrict the processing of personal data if:
You are contesting the accuracy of the personal data (until the accuracy has been verified)
You object to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests) whilst we consider whether RLDatix’s legitimate grounds override your interests
the processing is unlawful but you have opposed erasure and requested restriction instead
If we no longer need the personal data but you require it to establish, exercise or defend a legal claim.
Right to data portability – You are able to obtain and reuse your personal data for your own purposes across different services by being allowed to move, copy or transfer personal data easily from one IT environment to another.
Right to object – You are entitled to object to:
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
direct marketing (including profiling); and
processing for purposes of scientific/historical research and statistics.
Rights relating to automated decision-making and profiling– This right doesn’t apply to all circumstances but, where it does apply, it effectively provides you with safeguards against the risk that a potentially damaging decision is taken solely using or supported by automated means, without human intervention.