Data Protection, Privacy and Cookies
Updated 22nd May 2018
We, Pennine HR, are committed to protecting and respecting your privacy. This policy, together with any other documents referred to within, sets out the basis on which we will process any personal data that we collect from you, or that you provide to us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (Act) / EU General Data Protection Regulation 2016 (GDPR), the data controller is Pennine HR Ltd, Lockwood House, Brewery Drive, Huddersfield, West Yorkshire, HD4 6EN.
1. Individuals whose data we collect and process
1.1 We collect and process data from visitors to our website at penninehr.co.uk.
2. Information we process about Individuals
We may collect and process the following data about our Individuals:
2.1 Information that you provide by filling in forms on our site. This includes information provided at the time of registering to use our site, subscribing to our services or requesting further services or information. We may also ask you for information when you report any problems with our site;
2.2 If you contact us, we may keep a record of that correspondence;
2.3 We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
2.4 Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access;
2.5 The information we collect will primarily be associated with your business connection with us, e.g. Company, Position, Location, Industry type and contact information;
2.6 Our work with clients necessitates the processing of personal information relating to their employees (past and present), job applicants etc. The safeguards surrounding this data is covered in our contract and service level agreements with the companies concerned; and
2.7 Any information incidental to that listed above.
3. Retention & Deletion
Pennine HR retains your information while you remain an active customer, unless you ask us to delete your information. If you stop being an active customer we will retain your information unless you request that your details be deleted; however we will only contact you if we believe the information we intend to send to you could be of ‘legitimate interest’ to you.
If you have requested information from us, we will retain your information until you request to be removed / deleted. Subject to the exceptions described below, Pennine HR deletes or anonymises your information upon request.
Subject to applicable law, Pennine HR may retain information after account deletion:
3.1 If there is an unresolved issue relating to your account, such as an outstanding invoice on your account.
3.2 Pennine HR may also retain certain information if necessary for its legitimate business interests, such as fraud prevention.
3.3 If we are required to by applicable law; and/or in aggregated and/or anonymised form.
4. IP addresses, cookies and similar technologies
4.1 We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration purposes. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. This information will be deleted after 3 months.
4.2 We may obtain information about your general internet usage by using technology such as “cookies”, which store information on the hard drive of your computer. This type of technology helps us to improve our site and to deliver a better and more personalised service for Public Users and our customers. They enable us:
4.2.1 understand visitor numbers;
4.2.2 to store information about a Public User’s preferences, and so allow us to customise our site according to a Public User’s interests and offer them goods or services in which we believe they will be interested;
4.2.3 to speed up your searches; and
4.2.4 to recognise you when you return to our site.
4.3 To find out more about cookies, including how to control and disable them, please visit https://www.allaboutcookies.org.
4.4 You may refuse to accept some technologies such as cookies by activating settings on your browser which allows you to refuse the setting of technologies such as cookies. If you refuse all cookies you may be unable to access certain parts of our site. If you do not activate these settings on your browser then you will be taken to have consented to the use of these technologies.
4.5 We use Google Analytics and other monitoring software on our site. These types of technologies also allow the proprietor of the technology e.g. Google to also access your information, we have no control over how your information is processed by third parties such as Google. Please read the privacy packages of the provider to understand how your information may be used by these third parties.
4.6 3rd party services that we use on our site that may set cookies include:
Google Tag Manager
5. Where we store Individual’s personal data
Physical files and information is secured under lock and key in the Pennine HR’s office. Digital files are secured on password protected devices and within secure cloud environments such as Office 365 and the BreatheHR system, behind a managed firewall which also includes malware and virus protection.
6. Security and Control of Data
6.1 All information you provide to us via the website is stored on secure servers.
6.2 Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features in order to reduce the risk of unauthorised access.
7. How we use your information
7.1 We use information held about you in the following ways:
7.1.1 to ensure that content from our site is presented in the most effective manner for you and for your computer;
7.1.2 to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
7.1.3 to carry out our obligations arising from any contracts entered into between you and us;
7.1.4 to allow you to participate in interactive features of our service, when you choose to do so;
7.1.5 to notify you about changes to our service;
7.1.6 to generate personal profile reports about you which we use to help to tailor our site, and our interactions with you to suit your preferences.
7.2 If you are an existing Customer (or have been a customer in the past 24 months) we will only contact you with information about services similar to those which were the subject of a previous sale to you.
7.3 We do not disclose personal information about individuals to advertisers or sell your information to any other organisation for marketing purposes.
8. Sharing your information
8.1 We may disclose your personal information to third parties if:
8.1.1 we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
8.1.2 Pennine HR or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
8.1.3 we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect the rights, property, or safety of Pennine HR, our customers, or others.
8.1.4 it is necessary to the supply of our service to you.
8.2 You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
9. Links to other sites
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
10. Accessing your Information
10.1 The Act gives you the right to access information held about you. You can find out if we hold any personal information about you by making a “data subject access request” under GDPR 2016. If we do hold information about you we will:
10.1.1 give you a description of it;
10.1.2 tell you why we are holding it;
10.1.3 tell you who it could be disclosed to; and
10.1.4 let you have a copy.
10.2 Any formal subject access request should be made in writing to the address below. This will be provided FOC. However we may charge a reasonable fee for repetitive, unfounded, or excessive requests or additional copies.
11. How can you Update or Change your Information?
11.1 If at any time you wish to change your information, you can contact us, providing the updated information.
11.2 If you wish to opt-out of email notifications and communications you can contact us and we will ensure you do not receive any more communications.
12. Data Subject Rights
12.1 Right to Rectification – the right to request the controller rectify inaccurate personal data.
12.2 Right to Object – the right to object to processing based on either public interests or legitimate interests. Processing must stop, unless the controller demonstrates compelling grounds for continuing the processing or that the processing is necessary in connection with the controller’s legal rights.
12.3 Right to Object to Direct Marketing
12.4 Right to be Forgotten – the right to have the controller erase personal data without undue delay. Contingent on the occurrence of one of the following:
12.4.1 The data is no longer necessary;
12.4.2 The data subject withdraws consent (and consent is the legal basis for processing);
12.4.3 Controller has no overriding grounds for continuing processing against the objectification;
12.4.4 Processing was unlawful;
12.4.5 Erasure is necessary with EU or national law.
12.5 Right to Restrict Processing – the right to have the controller restrict processing if:
12.5.1 The accuracy of the data is contested;
12.5.2 Processing is unlawful;
12.5.3 The controller no longer needs the data for its original purpose, but needs it for legal purposes;
12.5.4 Erasure is pending.
12.6 Right of Data Portability – the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller. This will either be in .xls or .csv format.