1.1 We take privacy and the protection of personal information seriously. This Privacy Notice sets out details about how we gather, use and share personal information and about individual privacy rights. How we use personal information depends upon the context in which it is made available to us.
1.2 Our Data Protection Officer (DPO) provides help and guidance to make sure we apply good practice standards to protecting personal information. Our DPO can be reached by email at email@example.com if you have any questions about how we use personal information.
1.3 This Privacy Notice provides up to date information about how we use personal information and will update any previous information we have published about using personal information. We may make minor updates to this Privacy Notice from time to time, however if we make any material changes to the manner in which we process and use your personal information, we will announce this clearly on our website.
2. ABOUT US
2.1 We are what is known as the "controller" of the personal information which we gather and use. When we say "we" or "us" in this Privacy Notice, we mean Whittle Valve Repairs Limited.
3. WHAT KINDS OF PERSONAL INFORMATION WE USE
3.1 We use a variety of personal information depending on the circumstances under which personal information is made available to us.
3.2 We may use personal information in the following circumstances:
(a) Business Contacts: We hold the names, job titles, employer details and professional contact details for various business contacts, including client contacts, supplier contacts and interested parties.
(b) Job Applicants: Where you apply for a role with us, we will process the personal information you provide to us as part of your application and any interview selection process. This will ordinarily include your name, personal contact details, professional history, education and qualifications and references. We may also collect and use some special categories of personal data about job applicants, such as information about an applicant's racial or ethnic origin and some health information regarding any medical conditions or disabilities.
4. HOW WE GATHER YOUR PERSONAL INFORMATION
4.1 We only use personal information which we have obtained directly for the purposes described in this Privacy Notice.
4.2 Personal Information is gathered in the following ways:
(a) Business Contacts: These may be collected in the course of business-as-usual correspondence with business contacts;
(b) Job Applicants: Personal information will be gathered directly from you or from your third party references.
5. WHY WE USE PERSONAL INFORMATION
5.1 We will use personal information for the following purposes:
(a) Business Contacts: We process the personal information of our business contacts as necessary for the legitimate interests of managing the day-to-day operation of our business, including correspondence, engaging suppliers, and promoting our services to business contacts;
(b) Job Applicants: We process the personal information of job applicants for the legitimate interests of determining whether or not to employ a particular individual for a role in our organisation. Where we decide to employ a job applicant, we process their personal information for the purposes of entering into and performing our employment contract with the applicant. We process racial and ethnic origin and health information of job applicants for the purposes of meeting our legal obligations under employment and similar laws.
6. HOW LONG WE KEEP PERSONAL INFORMATION
6.1 We will never retain personal information for any longer than is necessary for the purposes we need to use it for.
6.2 Generally, in respect of personal information gather in the context of a contract, we will retain personal information for the duration of the contract and a period of up to ten years after the contract has expired or terminated, in case such personal information is required for the exercise or defence of a legal claim during this period.
6.3 We may also retain personal information for as long as required by law or regulation or instruction of a relevant accreditation body.
6.4 Unsuccessful job applicant information is retained for a period of 12 months after the position has been filled.
7. SHARING PERSONAL INFORMATION WITH THIRD PARTIES
7.1 We only share personal information with third parties:
(a) to the extent necessary for fulfilling the purposes outlined in paragraph 5, including where necessary for the provision of services;
(b) where we are under a legal or contractual obligation to do so; or
(c) where is it fair and reasonable for us to do so in the circumstances.
7.2 We may share personal information with the following third parties:
(a) Suppliers: We use a number of different suppliers, including IT suppliers, payment processors and consultants, with whom we share personal information so that these suppliers can process personal information on our behalf. In these circumstances, we take steps required by data protection laws to ensure that these suppliers protect the personal information we share with them;
(b) Accreditation Bodies: We may be required to share personal information with accreditation and regulatory bodies (such as UKAS, IATF, IAQG, amongst others), who monitor are certification and audit services to ensure that we are compliant with their rules and requirements when awarding certifications; and
(c) Government bodies: We may be required by law to share personal information with government bodies and regulators (such as HMRC).
8. PRIVACY RIGHTS
8.1 Individuals are entitled to exercise any of the following privacy rights in respect of our processing of personal information:
(a) Access: Individuals can request access to a copy of their personal information held by us, along with details of what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision-making.
(b) Rectification: Individuals can ask us to change or complete any inaccurate or incomplete personal information held about them.
(c) Erasure: Individuals can ask us to delete their personal information where it is no longer necessary for us to use it, or where we have no legal basis for keeping it.
(d) Restriction: Individuals can ask us to restrict the personal information we use about them where we are not able to erase their personal information or where an individual has objected to our use of their personal information.
(e) Object: Individuals can object to our processing of their personal information.
(f) Portability: Individuals can ask us to provide them or a third party with some of the personal information we hold about them in a structured, commonly used, electronic format so it can be easily transferred.
(g) Withdraw Consent: Generally, we do not require consent to process personal information and so we do not ordinarily ask for consent to process personal information. However, where we do ask for consent to process personal information, individuals have the right to withdraw their consent at any time.
8.2 Please make all requests to exercise privacy rights in writing to firstname.lastname@example.org
8.3 We are required to verify the identity of anyone requesting to exercise their privacy rights and we may ask individuals to provide valid identification documents when making a request to allow us to do this.
8.4 We will not make any charge for responding to any request from an individual exercising their privacy rights, and we will respond to any requests in accordance with our obligations under data protection laws.