Client Privacy Notice
This privacy notice sets out how Ashton People Solutions will collect and use your personal data and your information rights.
Any references to ‘us’, ‘our’ and ‘we’ means Ashton People Solutions.
If you are a job applicant, you can find out how we use your personal data in our Staff Privacy Notice. If you are an employee of Ashton People Solutions, you can find out how we use your data in the same document.
We are committed to taking good care of your personal data and ensuring the highest standards of privacy.
If you have any queries about this notice, do not hesitate to get in touch with us. We’ll be more than happy to help.
An organisation that decides how the personal data it collects and holds is used is called a ‘data controller’.
We call this use of personal data ‘processing’ – this includes the collection, storage, analysis, sharing, retention and disposal of personal data.
When delivering our professional services such as employment law advice, we are the Data Controller of the personal data that you supply to use under your contract or arrangement with us.
Why do we need your personal data?
In order that we can provide you with a high-quality service, deal with your queries, make an assessment on the suitability of our services and to enter a relationship with you, we will need to obtain and use personal data.
If we already hold some of your personal data, for example, if you are already a client, we may not need to collect it again and in such cases, we will make this clear.
What Personal Data Do We Collect?
We collect and use a variety of personal data to run our business and manage our relationship with you. The type and frequency of any personal data collected will always depend on how our website and services are used. If you do not wish to provide us with certain categories of personal data, you may not be able to use our services in their entirety.
|Personal Data provided to us||
We use electronic contact forms and chat facilities across our websites. These forms will prompt users to input basic contact details so we can generate service quotes, provide newsletter updates and respond to enquiries. You may also provide data to us when registering for an event, seminar or vacancy or when corresponding with us by phone, email, letter or social media. It is important that the personal data we hold about you is accurate and current. You should keep us informed if your personal data changes during your relationship with us.
|Personal Data collected by us||
Where you ask us to provide services, we may be required to process additional categories of personal data relating to you or other parties to ensure the provision of informed advice. We may also collect additional data from you as part of our recruitment process, during your employment or when you visit our offices. We may also ask to verify your identity in limited circumstances by providing valid photographic identification.
|Personal Data from other sources||
We may receive information about you and/or your company from specific third parties such as business partners, sub-contractors, advertising networks, analytics providers, hosting providers and search information providers. We may also receive referrals from other clients and contacts.
|Special Categories of Data||
There may be instances where we need to process Special Category Data provided by you or other users of our services during the lifetime of our service. Special category data is a more sensitive type of data which reveals insights about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life, or sexual orientation. We may also process data that relates to criminal and/or civil offences as well as child data in some very limited circumstances, usually in connection with Legal advice or Employee Assistance programs. Sensitive data collection will only take place where it is applicable to the provision of the services that we are contracted to provide. The fundamental rights of the data subjects are always assessed to ensure that the processing is fair, transparent and lawful.
When you visit our website, a record of your device’s IP address is retained which is used anonymously in order to determine website and page visitors. For more information on how we use online identifiers or cookies please visit our cookies policy.
Our legal basis for processing
Before processing any personal data, we ensure that at least one lawful basis under GDPR is met. We will not disclose personal data for any purpose other than what the data was originally collected for; unless there is an overriding legal basis that enables this processing.
We may collect, hold, use and disclose the information collected to compile statistical data and to maintain our database; to develop or improve our website; respond to any queries; notify you of any upcoming marketing, training or other events that we think may be of interest to you; provide you with publications; manage quality control and compliance issues; manage systems administration; provide you or your organisation with advice; notify you about important changes or developments to our services; contact you for your views on our services or to determine the suitability for employment.
We may also process your personal data in the following circumstances:
|To Perform Our Service Under the Contract
We process information in order to support and maintain our existing or potential contractual relationships under the lawful basis ‘performance of a contract’. We may process personal data in order to provide various supporting client services, take payments and to make improvements to our website. The lawful basis which we often rely on to process data for the duration of servicing on your account and for the decision to enter an initial or any subsequent contract is under our ‘legitimate interests’. Ensuring our administrative and IT systems are secure and robust against unauthorised access also falls under this basis.
|For Fraud Prevention||
Due to the products we offer to companies, we also have a ‘legal obligation’ to validate the status of companies we work with which may involve identifying and verifying individual data subjects as part of our ‘legitimate interests’ to safeguard against criminal or fraudulent activities. We also need to ensure that VAT and premium tax is paid.
|To defend legal issues
We have a ‘legitimate interest’ to process data which may assist us in connection with the establishment, exercise or defence of legal claims.
|To Process Sensitive Data||
In some cases, where the processing is deemed high risk or highly sensitive, we may ask for your ‘consent’ before we undertake the processing. For example, when providing information on reasonable adjustments before an interview. Where consent is used as the lawful basis for the processing, you will be entitled to withdraw that consent at any time as well as exercise your data privacy rights.
|When you apply for a vacancy||
You provide several pieces of data to us directly during the recruitment exercise. In some cases, and to facilitate our ‘Legitimate Interests’ we will collect data about you from third parties, such as employment agencies and former employers when gathering references or credit reference agencies. Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins. We have a Legal Obligation to ensure you have a right to work in the UK and make reasonable adjustments for you if you have a disability. The ongoing lawful basis we rely on to process your data will be under our legal obligations or legitimate interests which may include assessments made on salary.
|For Marketing Purposes||
We understand that you may wish to hear from us from time to time about our products or services that we think you’ll find interesting or to keep up to date with the latest developments and news. If you have consented to receiving such communications, we may use the contact details you’ve supplied us to send you marketing information. You can, of course, change your mind at any time and can change your marketing preferences.
We want you to get the most out of your relationship with us, so we use social media and websites to let you know about the products and services we offer that might be of interest to you.
We may also use this method to communicate with you if you contact us through this method.
We may also use social media services to enhance our services, presence and your customer experience.
Your comments, opinions and messages may be used so that we can better understand our customers and improve our services and overall customer offering.
Change in purpose
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Data sharing and international transfers
Personal data will only be disclosed on a confidential basis to external service providers so that they can provide services such as financial, technological or administrative assistance. When we share data with an external third party, these operations are governed by a Data Processing Agreement (DPA) and we perform regular due diligence on any external companies we work with to ensure that high levels of data integrity are maintained.
Any transfers taking place outside the EEA are only permitted with the provision of an Adequacy decision, standard contractual clauses (SCC’s) or any other lawful transfer mechanism. Where necessary, we may need to share data with external organisations such as law enforcement, regulatory bodies, fraud prevention agencies, partners or advisors. Before any data is shared, we ensure that all technical and organisational controls are firmly in place and a data protection impact assessment is undertaken, where applicable, if the sharing or transfer is considered high risk. We do not sell your data to any third parties.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully.
We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Sale or purchase of all or part of our business
If we sell or transfer all or part of our business, we may share or transfer customer records and data as part of the proposed/actual sale or transfer. Before we do this, we will ensure there is adequate protection in place by imposing contractual obligations on the buyer/seller to ensure the security and confidentiality of your data.
Our aim is to keep your personal data only for as long as we need to, in order to manage your relationship with us and comply with legal and regulatory requirements. When determining retention periods, we consider the following:
- The maximum or minimum retention periods identified by the law or regulatory guidance
- Our contractual rights and obligations
- Customer expectations, the nature of your relationship with us, and the type of agreement you have with us
- Current or future operational requirements
- Forensic requirements, for example, the potential need to access data no longer actively used in order to manage or respond to complaints and disputes
- The risks involved in retention, deletion and removal
- The cost of maintaining, storing, archiving and retrieving data
- The capability or restraints of our systems and technology.
What rights do you have in relation to your personal data?
|Request to be informed about how we process your personal data.||You have the right to be informed about the collection and use of your personal data.|
|Request access to your personal data (commonly known as a “data subject access request”).||This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.|
|Request rectification/correction of the personal data that we hold about you.||This enables you to have any incomplete or inaccurate data corrected.|
|Request erasure of your personal data.
|This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object.|
|Object to processing of your personal data.||You can object to us using your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.|
|Request the restriction of processing of your personal data.||This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.|
|Request the transfer of your personal data to another party.
|In certain circumstances, you have the right to ask us to transfer a copy of some of your personal data to you or to a new data controller|
|Right to withdraw your consent||Where we rely on your consent to process any of your personal data, you have a right to withdraw that consent at any time. This will not affect any use we have made of the information before you withdrew your consent.|
|Object to automated decision making /Profiling||In certain circumstances, you have the right to ask for an automated decision to be reviewed by a human.|
|Complain to the Regulator
|You have the right to make a complaint to the Supervisory Authority.|
Ensuring your data is correct
Whilst we make every effort to ensure your data is correct, we kindly request that you help us by reporting any inaccuracies or discrepancies at the earliest opportunity.
It your responsibility to keep us informed of any change of your circumstances including any name changes, alternative contact details or change of address.
Contacting us about your data protection concerns
If you have any concerns about how we collect, use, share or keep your personal data, you think there has been a breach or you have a question or concern about anything in this notice, you can contact us on firstname.lastname@example.org.