Data Protection Policy (“DPP”)
1. Introduction
2. Data Retention
3. Data Collection
4. Your Rights
5. Data Transfer
6. Data Security
7. Changes to DPP
8. Contact
1. Introduction
Senovo IT Ltd (“We” or “Us” or “Our”) is strongly committed to protecting and respecting your privacy.
Senovo IT Group is a leading IT consulting service provider. It was founded in 2013 and is currently present in 15 countries bringing talent, drive and innovation to national and international projects. We provide business solutions and assistance to IT professionals in finding suitable assignments based on their skills and their level of expertise.
Our Group means our subsidiaries, our holding company and its subsidiaries, our associated companies as defined in section 1159 of the UK Companies Act 2006 (Our Group) such as Senovo IT UK Ltd and Senovo IT SL.
We are registered as a fee payer for the purposes of the Data Protection Act 2018. We ensure that all data you make available to Us is processed with due skill, care and diligence in accordance with the applicable procedures, laws and regulations.
We will collect and use your personal data in order to facilitate the Information Technology services (hereinafter the “Services”) We are providing. The present DPP sets out the essential details on which any personal data We collect from you, or that you provide to Us, will be processed by Us. You hereby provide explicit consent to Us holding and processing any such personal data (including, without limitation, sensitive personal data) for the purposes of the Services.
We will only collect your sensitive personal data if necessary for Our business purposes. We only allow access to your personal data to Our staff and any prospective employers or clients. We may share your personal data to third parties to whom We may choose to sell, transfer or merge all or parts of Our business or Our assets. All transfers will be subject to the present DPP, and the use of your personal data will be the same as set out in this DPP.
2. Data retention
We understand Our legal duty to retain accurate data and only retain personal data for as long as We need it for Our legitimate and essential business interest.
We only store retain your personal data for as long as necessary to fulfil Our business purposes, including satisfying any legal, regulatory, tax, accounting and/or reporting requirements. If We have no contact with you following the expiry of a 7-year period, We will archive and may delete your file.
We do the following to ensure Our data is accurate and up to date:
- prior to making an introduction We check the accuracy of your personal data;
- We keep in touch with you so you can let Us know of changes to your personal data;
- We update Our records accordingly in Our systems periodically.
We segregate Our data so that We keep different types of data for different time periods. The criteria We use to determine the appropriate retention period for personal data includes:
- the nature, amount and sensitivity of the personal data and its perceived accuracy;
- the applicable legal, regulatory, tax, accounting or other requirements;
- the potential risk of harm from unauthorised use or disclosure of your personal data;
- whether an introduction has been arranged for an assignment.
We may archive part or all of your personal data or retain it on Our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that We do not re-enter your personal data on to Our database, unless requested to do so.
For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
3. Data Collection
A) Purpose of processing and legal basis
In connection with the purposes of the Services, We will collect, use and store your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with the Services. This includes for example, contacting you about assignment opportunities, assessing your suitability for those opportunities, updating Our databases, arranging payments to you and developing and managing Our Services and relationship with you and Our clients.
If We have obtained your consent, We may also send you marketing information and news via email and/or text. You can opt-out from receiving these at any time by clicking “unsubscribe” when you receive these communications from Us. Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to Us a result of the Services.
In some cases, We may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws and regulations applicable to Us. We may also use your information during the course of internal audits to demonstrate Our compliance with certain industry standards.
We must have a legal basis to process your personal data. The legal basis We rely upon to offer Our Services to you are:
- Your consent – You have given to Us your explicit consent to collect and use such information;
- Legitimate Interest - We may rely on a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from Us. These may include:
o Managing Our database and keeping IT professionals records up to date;
o Providing the Services to you and Our clients;
o Contacting you to seek your consent where We need it; and
o Giving you information about similar products or services that you have used from Us recently.
- Legal obligations – We may collect, use and store your personal data in order to meet Our legal and regulatory obligations.
- Contract – We may process such information where We need it to perform the contract We are about to enter into or have entered into with you. Our clients may also require this information to deliver the Services.
B) What information do We collect
Information you give to Us or We collect about you
This is information about you that you give Us by filling in forms on our site www.senovo-it.com (Our site), or by corresponding with Us by phone, e-mail or otherwise. It includes information you provide when you register to use Our site, to enter Our database, subscribe to Our Services, attend Our events, participate in discussion boards or other social media functions on Our site, enter a promotion or survey, and when you report a problem with Our site.
We may obtain information about you from other sources such as LinkedIn, corporate websites, job board websites, online CV libraries, your business card, personal recommendations, referrals and external providers. In this case We will inform you, by sending you this privacy notice, within a maximum of 30 days of collecting the data informing you We hold personal data about you, the source of the personal data and whether it came from publicly accessible sources.
The information you give Us or We collect about you may vary depending on what Our relationship is with you. If you are:
- A prospective IT professional the information you give Us or We collect about you may include:
your name, address, private and corporate e-mail address and phone number, financial information, compliance documentation and references verifying your qualifications and experience and your right to work in the Service location, salary information, curriculum vitae (and the information contained in that) and photograph, links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, business Facebook or corporate website.
- A candidate who We have placed the information you give Us or We collect about you may include (as well as the information above):
Date of birth, national insurance number, details of job offers and placements, outcome of criminal record checks and security clearances, financial information (including payroll, bank and tax authorities data).
- An actual or potential client or supplier of Ours:
The information you give Us or We collect about you may include your name, address, corporate e-mail address and phone number.
- A Referee for a candidate:
The information you give Us or We collect about you may include your name, address, e-mail address and phone number and details of your qualifications.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, We may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if We combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, We treat the combined data as personal data which will be used in accordance with this privacy policy.
Sensitive personal data
Sensitive personal data is information which is intensely personal to you and is usually irrelevant to the purposes of our Services (e.g., data relating to race or ethnic origin, political, religious or philosophical beliefs, trade union membership, sexual orientation, or information relating to your health).
Regardless of the basis for your dealings with Us, We request that you do not provide Us with any sensitive personal data unless absolutely necessary. However, to the extent that you do provide Us with any sensitive personal data, such as data which you choose to share with Us in conversation, We shall only use that personal data for the purposes of Our relationship with you or for the provision of our Services. This will be for one or more of the following reasons:
- You have explicitly consented to the processing;
- Where processing is necessary for complying with legal requirements imposed to Us;
- To maintain records of Our dealings to address any later dispute, including but not limited to the establishment, exercise or defence of any legal claims.
Information We collect about you when you visit Our website
With regard to each of your visits to Our site We will automatically collect the following information:
We collect information that your browser sends whenever you visit our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.
This site uses Google Analytics (GA) to track user interaction with Log Data. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. None of this information personally identifies you to Us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant Us access to this. GA makes use of cookies (see below for more about cookies), details of which can be found on Google’s developer guides. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Information We obtain from other sources
We are working closely with third parties including companies within Our Group, business partners, sub-contractors in technical, professional, payment and other services, advertising networks, analytics providers, search information providers, credit reference agencies, professional advisors. We may receive information about you from them for the purposes of the Services.
If you fail to provide information
If you fail to provide information that We require (or where We require your consent to process that information, you refuse or withdraw that consent) We may not be able to provide our services to you (or the effectiveness of those services may be significantly reduced).
Cookies
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
4. Your rights
The GDPR and DPA 2018 provide you with the following rights:
· Right to be informed about the collection and use of their personal data
· Right of access to the personal data held by Us about you. We also encourage you to contact Us to ensure your data is accurate and complete.
· Request correction of the personal information that We hold about you. This enables you to have any incomplete or inaccurate information We hold about you corrected.
· Request erasure of your personal information. This enables you to ask Us to delete or remove personal information where there is no good reason for Us continuing to process it. You have the right to ask Us to delete or remove your personal information where you have exercised your right to withdraw your consent to processing.
· Object to the processing of your personal data where We are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where We are processing your personal data for direct marketing purposes.
· Request the restriction of processing of your personal information. This enables you to ask Us to suspend the processing of personal data about you, for example if you want Us to establish its accuracy or the purpose of processing it.
· Right of data portability. This enables you to receive a copy of the personal data which you have shared with Us in a structured, commonly used and machine-readable format. You also have the right to transfer your personal data to another party in certain formats, if practicable.
· Right to withdraw consent that you have previously given to Us to process your personal data. Please note that if you withdraw your consent to further processing that will not affect any processing done prior to the withdrawal of that consent, or which is done according to another legal basis.
· Right not to be subject to an automated individual decision-making. You have the right to ask Us to review any decisions made about you based solely on an automated processing, including profiling, which produces legal effects concerning you or similarly affects you.
· Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office (“ICO”) and in Spain is the Agencia Española de Protección de Datos (“AEPD”). The ICO and the AEPD can be contacted through these links respectively: https://ico.org.uk/concerns/ and https://aepd.es, although We would encourage you to resolve any issue you have with Us directly by contacting Us before contacting the ICO and/or the AEPD.
If you have any query and/or if you wish to exercise any of your rights set out above at any time, please contact Us at dpo@senovo-it.com
5. Data transfer
We also may transfer the personal data We collect about you to countries outside of the country in which the information originally was collected for the purposes of Our services. Those countries may not have the same data protection laws as the country in which you initially provided your personal data. When We transfer your information to other countries, We will protect that data as described in this DPP and such transfers will be in compliance with the applicable laws and regulations.
The countries to which we may transfer the personal data we collect about you may be within the European Economic Area (hereinafter “EEA”) and/or outside EEA.
When We transfer personal data from within the European Union to countries or international organizations that are based outside the European Union the transfer takes place on the basis of:
Adequacy decision by the European Commission;
- In absence of an adequacy decision other legally permitted grounds (a) legally binding and enforceable instrument between public authorities or bodies; (b) binding corporate rules; (c) standard data protection clauses (formerly called the Model Clauses) adopted by the Commission; (d) agreement between the parties.
6. Data Security
We take every precaution to protect Our users’ information and We have put in place appropriate security measures to prevent your personal data from being accidentally accessed, lost, or disclosed in an unauthorised way.
We limit the access to your personal data to the employees, contractors and other third parties who have a business need to know in order to perform a specific job related to the Services. Those individuals will only process your personal data subject on Our instructions and will be required to maintain the confidentiality of such information.
We use all reasonable efforts to safeguard your personal information. However, please be aware that the transmission of data via email and the Internet is not entirely secure. Therefore, We cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email and/or the Internet.
7. Changes to this DPP
We keep this DPP under regular review. Any modifications or changes We make in the future will be posted on Our site and, where appropriate, notified to you by e-mail. We encourage you to periodically review this DPP to be informed about how We hold and process the information We obtain from you.
8. Contact
If you have any questions and comments concerning your privacy in relation to this DPP, including any requests to exercise your legal rights, all queries should be addressed to dpo@senovo-it.com or by writing to Us at Our postal address Unit 110 Coppergate House, 10 White’s Row, E1 7NJ London.