Privacy Policy

This page is currently being updated.

Privacy Policy for Ineo Consulting Ltd – 25th May 2018

 

Introduction

 

Here at Ineo, we understand that it’s important to deliver your message in a clear and concise way. That’s why our Privacy Policy is written in a language that makes it easy to understand, with a layout that makes it clear about what affects you. We will only use legalese where it is absolutely necessary – although our Policy is in line with the law.

 

We are committed to protecting and respecting your privacy. That is why we only keep the data we need to, for as long as we need to.

 

Ineo Consulting Ltd is registered in the United Kingdom at Office 2 The Reach, 687-693 London Road, Westcliff-On-Sea, Essex, England, SS0 9PD. Our business registration number is 08924179. We therefore fall within the General Data Protection Regulation (GDPR), which intends to harmonise data protection legislation across the EU. Our Data Protection Officer is Sasha Egan, and any queries can be directed to sasha@ineoconsulting.com.

 

Who We Are and What We Do

 

We are a consultancy business, working predominantly within the recruitment sector. We:

 

  • advise businesses (our clients) on how to work more efficiently and save time and money;
  • tender for new Customer Relationship Manager (CRM) systems;
  • handle system migrations, set ups and configuration;
  • carry out Business Process Reengineering (BPR);
  • carry out data cleansing and advise on data handling;
  • provide training;
  • provide ongoing system support; and
  • develop and manage bespoke software

 

Phew! That’s quite a list. As you can see, our work is diverse and it all involves handling and advising on handling of personal data. This makes us a Data Processor.

 

We also hold data on individuals – our employees and our clients, prospective clients and subscribers. This makes us a Data Controller.

 

Now you have a bit of an overview, let’s take you to the detail. Please click on the links below to take you to the section relevant to you:

 

If you’re a client, please jump to this section.

 

If you’re a prospective client, this link will take you to the correct section.

 

If you’re our employee, please visit here.

 

If you’re one of our subscribers, please choose this link.

 

If you’re a(n) data subject (individual) where your data has been provided to us as a third party from one of our clients, this where you need to be.

 

Our Clients

 

To our wonderful clients reading this, hello, and please let us take this opportunity to say thank you for working with us. We know how important it is to you that we keep your data safe – the data about you and your organisation, and the data you share with us about your clients. So we hope that you find this section useful and that it enables you to understand how we manage the data handling process.

 

Firstly, let’s talk about you. During the course of our relationship, we need to know a few things about you – we need a contact name and email address, correspondence address and phone number for who will be managing the contract on your end. We will likely also have a number of individuals we work with from your business, whose names and contact details will also be shared with us. There may even be personal contact information, and likely corporate financial information too. It’s impossible to list everything here, but the message we want to get across about any data we hold about you is that we will:

 

  • never sell your data;
  • share your data with a third party, except where that is to a third party who are carrying out work on our behalf, for example subcontractors, or where we are required to by law (please see this section for more information on where this may be necessary);
  • retain your data for only as long as is necessary (for our data retention guidelines, please see here);
  • store your data securely (please see this section on how we store data);
  • dispose of your data in a secure manner, for example shredding paper copies and fully deleting your data, such as emptying recycle bins and deleting archived data;
  • only use your data for its intended purpose;
  • only hold data that is relevant for us to conduct our business.

 

There is further information here which gives more information about the GDPR, and your rights within it.

Prospective Clients

 

Thank you for taking the time to read how we will manage the data you provide to us as a prospective client. We hope you’ll jump aboard and become one of our clients, but before you do, and if you sadly don’t, this is how we will handle the data you provide to us.

 

To understand your needs, we need to know a little about your business, and we need to have the contact details of your business representative. This information is then stored securely by us, to enable us to follow up any conversations we may have already had from you, or to market to you any material which you may find useful.

 

In a nutshell, this is what we will do with any data you provide to us, or that is provided to us by a third party about you:

 

  • We will store it securely (please see this section on how we store data);
  • We will not sell it to any third parties;
  • We may share it with relevant third parties – but these will only be where we are legally obliged to so do and with sub-contractors and only in order to carry out our business, for example to email marketing specialists to carry out a campaign on our behalf, or to our accountant in order to carry out credit checks if required;
  • We will store your data in-line with our Data Retention Guidelines;
  • We will dispose of your data securely, within our Data Retention Guidelines or if you ask for us to do so;
  • We will only use your data for its intended purpose;
  • We will only store data that is relevant for us to conduct our business.

 

There is further information here which gives more information about the GDPR, and your rights within it.

Our Employees

 

As one of our incredible employees, you already know how seriously we take data security. This isn’t just restricted to our clients and third parties – this also includes data we hold about you.

 

When you joined us, you will have been asked to provide us with a lot of personal data about you, and about others – such as your next of kin or emergency contact details. We will have asked you to let us know your bank details so we can pay you.

 

We will have also asked you to complete a questionnaire on equalities and diversity. This information is sensitive personal data, and the security of such data is paramount. This is why we want to let you know our working practices, so you can be clear that the data we have about you is only available to those who need to see it, and only stored in an area that is only accessible by those people, and encrypted wherever possible.

 

So, to give you the facts, this is what happens to the data you provide to us:

 

  • Personal data, such as your name, contact details, tax and financial information, is stored in a secure ‘cloud’ drive, such as Google Drive and is only accessible to Sasha Egan, Finance and Operations Manager and John Egan, Managing Director. Access is password controlled.

 

  • Copies may be stored on Local drives, but these are kept secure: drives are password protected, and the drive itself is not removed from our locked Office (which is accessible only to Sasha Egan and John Egan) when not in use.

 

  • Personal data is only shared with our Accountant, in order to set you up on the Payroll and Pension system (if applicable) and where we are Legally Obliged to do so.

 

  • Any paper copies (for example your P45 or signed contract) are stored in a combination locked safe.

 

  • Sensitive personal data, such as our Equalities Monitoring Form, are stored in a secure ‘cloud’ drive, such as Google Drive and is only accessible by Sasha Egan, Finance and Operations Manager. Copies are not stored locally. Any paper copies (for example that provided with your signed contract) are stored in a combination locked safe. This data is not shared with anybody else.

 

  • We will store your data during your employment with us, and for a period after you leave us (please don’t go!). This is outlined in our Document Retention Guidelines. Once this period has passed, we will dispose of it securely.

 

  • We will not sell your data. Ever. We promise.

 

  • We will only hold data about you that we need to hold.

 

  • We will only use your data for its intended purpose.

 

There is further information here which gives more information about the GDPR, and your rights within it.

 

Our Subscribers

 

Hello to our subscribers! Can we just say, it’s great to have you on board? We love the fact you want to be kept up to date on what we have going on, and all of the exciting industry news we have the privilege to share with you.

 

In order to have that privilege, you shared some information about yourself with us. This section within our Privacy Policy is to let you know how we intend to manage that information.

 

Rarely, we may use a third party or third party software in order to contact you, like if we are planning a big mail out. We will only use a third party supplier that is registered within the UK (and therefore covered by GDPR), and use a Non-Disclosure Agreement if required in order to keep your data safe. However here at Ineo, we like to do things ourselves (to ensure it’s done to our exacting standards!), so most of the time you’ll be hearing directly from us. And when we say most of the time, we mean 99%. Not that we are control freaks, or anything!

 

Your data will always be stored securely (please see this section on how we store your data), and we will always give you the right to unsubscribe at any time.

 

We will always limit the data we hold on you to what we need to know – like your name, organisation and email address, and only use it for its intended purpose.

 

We won’t sell it, share it with anyone (unless its as stipulated in this section or if we’re legally obliged – more on that here) or store it for longer than is necessary (our Document Retention Guidelines can be found here).

 

There is further information here which gives more information about the GDPR, and your rights within it.

Individual Data Subjects

 

It can be scary, can’t it, sharing your data? You sign up to a recruitment specialist, giving over all of this information about you (and sometimes they really do need to know your inside leg measurement!) and then you find out they’ve shared it with us. And really, who are we, to know your inside leg measurement anyway?! That’s a great question. If it makes you feel any better, we take a 30”.

 

Ahem, I digress. If you’ve read the section on Who We Are and What We Do, hopefully you’ll know why your data has been shared. And you’ll have known it was possible this could happen, because you’ll have seen the Privacy Policy of the Agency you have instructed to find you your next role. So what do we do with the data the Agency (our client) may have shared with us? Read on…

 

The Agency will most likely have given us access to their systems to carry out a specific task. This could be something like a data cleanse – basically reviewing all of the data stored on their system, clearing out the old stuff they don’t need any more and tidying up what’s left – making sure the right fields are completed with the right information, for example.

 

Before starting this process, we will download all of the data on that system and store it as a back-up, in case something goes wrong. Our clients wouldn’t be happy if we accidentally deleted every single one of their clients would they? And I suppose you wouldn’t either if you’d just applied for your dream job! So this is a bit of safeguarding. We will usually try and store this on our client’s servers. But sometimes, for extra security, or because we need to do some more in-depth work, we will have a copy too.

 

This copy may be stored on Local drives whilst we’re carrying out our work, or stored on a cloud-based system, like Google Drive. Everything we do is password protected, to increase the security of your data.

 

When we are finished, that back-up may be moved to an external hard drive (along with copies of any of the work we have done) and stored in a combination locked safe in line with our Document Retention Guidelines.

 

We would like to confirm to you that, as a third party, we do not/will not:

 

  • personally hold your data for processing by us. Your data will only be stored as stipulated above: we will not use it within our business;
  • share your data with anyone, unless it’s a sub-contractor who is carrying out portions of the work we have been engaged to do with our client; or a new supplier where we are carrying out a data transfer on behalf of our client to a new CRM;
  • sell your data to anybody;
  • store any data on you outside of the system backs ups or within the systems we use to undertake our work, such as spreadsheets (which are stored securely in exactly the same way);
  • store your data individually – the work we undertake is generally processed en-masse;
  • keep your data for longer than necessary.

 

There is further information here which gives more information about the GDPR, and your rights within it.

How We Store, Manage and Dispose of Data

 

Unless we tell you otherwise (within the section relevant to you), we store all of our data via cloud managed storage, using a combination of Google Drive and Onedrive. We like this because it enables us to very clearly restrict the data stored with only relevant people – either by restricting the entire drive, the folder something is stored within, or the document itself. We don’t share passwords – every member of staff or subcontractor has their only login and password, to ensure we run a very tight ship and keep your data secure. When we no longer need it, data is deleted from the cloud, including clearing any archived information.

 

Paper-based documents that we must keep the originals of are stored in a combination lock safe. However wherever possible, we will scan paper copies and shred them; storing the documents instead on the aforementioned cloud.

 

Sometimes we will store something locally for a short period (as stipulated within the section relevant to you), but once it has served its purpose, it is deleted securely from the drive (including emptying the recycle bin).

 

Our office is only accessible to employees and kept locked when not in use.

 

We run data cleansing routines to ensure any outdated data is deleted regularly.

 

If we are supplied with your information by a third party, for example because you have consented to them passing on your information to us in order that we can market to you, we will contact you within 30 days to let you know, and to give you the opportunity for us to delete you from our records.

 

Who We Share Data With and Why

 

We may share data with third parties, such as sub-contractors who we have engaged to complete a piece of work on our behalf. Part of this work may involve having access to certain data. Where appropriate, we will confirm our sub-contractor’s Privacy Policy is fit for purpose and use Non-Disclosure Agreements where necessary before engaging and sharing any data.

 

We also share data with our Accountant and relevant supervisory bodies (such as HMRC) where necessary, in order to undertake our financial obligations.

 

In the event that we sell or Ineo Consulting Ltd is substantially transferred to a third party; personal data will be one of the transferred assets. Don’t worry – we have no plans to do so!

 

Legal Obligations

 

There may be an occasion where we are legally obliged to share or process your data in a different way to what it was intended for. It’s impossible to list every scenario here, but it’s important that you’re aware of the circumstances. For example, we may have a duty to submit a Suspicious Activity Report to the National Crime Agency if we suspect money laundering, or we may receive a court order requesting that we share information on a specific individual. Legal obligations also cover where we need to share data with agencies such as HMRC, like where we need to disclose employee salary information.

 

Document Retention Guidelines

 

We use these guidelines to ensure we run an appropriate data cleansing routine to securely delete and dispose of data we are no longer required to store. It is impossible to list everything here, but as more items appear, this list will be extended. This table gives an overarching view of what is retained, as to record individual lines is excessive within this Policy document. If you require individual detail, please contact Sasha@ineoconsulting.com who will be happy to advise you further.

 

Category Type Duration Comments
Clients Contract / Letter of Engagement
Financial Information such as Purchase Orders, Invoices, Bank Records 6 years We will retain all financial information for this period to ensure completeness of records
Client Back-ups and Working Papers 1 year following completion of work
Contact  and Business Information 3 years following contract termination
Prospective Clients Contact and Business Information For as long as there is a Legitimate Interest*, except where the Prospective Client has asked for data deletion, in which case the request will be actions as soon as possible; within no more than 30 days of the date of the request.
Employees All Records 6 years following relationship termination
Monthly Payroll Records Permanent
Subscribers All Records Until unsubscribed
Data Subjects All information shared by Client 1 Year following completion of work (see Client section)
Business Information Insurance Policies (All) Permanent
Financial Statements Permanent
Trademarks and Copyright Permanent
HMRC and Tax Reports Permanent
Health & Safety Reports (All) Permanent
Legal Information Permanent
Gifts & Hospitality Records 6 years

 

* Legitimate Interest in this case means that we have reason to store your information for marketing purposes in order to benefit your business or organisation (keeping you up to date with industry news, telling you about products and services than can save you and make you money, help you work more effectively etc.) and in order for us to continue running a successful business.

 

Your rights under GDPR

 

You are in control of what we hold about you, and we request that you keep your data accurate and up to date, and that you let us know your preferences whenever you like. The GDPR provides you with the following Rights:

 

To request correction of the personal information that we hold about you.

 

This enables you to have any incomplete or inaccurate information We hold about you corrected.

 

To request erasure of your personal information.

 

This enables you to ask us to delete or remove personal information that we hold about you.

 

To object to processing of your personal information where We are relying on a legitimate interest.

 

This enables you to request that we no longer market to you as a potential client, or share industry news, products and services that we feel may be of benefit to you.

 

 

To request the restriction of processing of your personal information.

 

This enables you to ask us to suspend the processing of personal information about you for a period, for example if you want us to establish its accuracy or the reason for processing it.

 

To request the transfer of your personal information to another party in certain formats, if practicable.

 

To make a complaint to a supervisory body, which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link:  https://ico.org.uk/concerns/

 

How to Unsubscribe, access update and ensure deletion of your data

 

Whenever we market to you, there will always be the option for you to contact us to unsubscribe. Alternatively, please contact us on info@ineoconsulting.com.

 

If you wish to access and/or update any of your data, or to request we delete your data, please contact us on Sasha@ineoconsulting.com.

 

Changes to our privacy notice  

 

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.

 

 

Contact  

 

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to Sasha@ineoconsulting.com.