This notice is intended for individuals with whom we deal in our business, including candidates applying for jobs with us. It is not intended for our employees or sub-contractors. We categorise those individuals (“data subjects”) as follows:
In most circumstances your data will only be processed within the UK or EEA. If for any reason we need to have your data processed elsewhere we will inform you of that, any privacy risks involved and what we have done to minimise those risks. In most circumstances we would also seek your consent for that.
Some of your personal data will be incidentally processed outside the UK or EEA where data privacy
rules are not as strict as within the UK/EEA and where there is therefore a greater risk to its security. We use data storage facilities and email sending services based outside. We ensure that we have GDPR compliant arrangements with them.
You can at any time ask us to tell you what personal data relating to you we hold.
You also have the right to ask us to rectify your data if it is inaccurate, erase it or restrict the processing of it. In some circumstances you can ask us to provide it to you in a format which would allow you to transfer it digitally to another.
Where we have requested and you have given us consent to process your data you may withdraw that consent at any time.
Were our business to be sold, all your data would be transferred to the purchaser so that they could use it in the same way as we do now.
If you are at all concerned about our processing of your data please let us know by contacting our Data Protection Officer Vicki Smith on vicki.smith@smc-comms.com. You may also complain about it to the Office of the Information Commissioner (“ICO”) https://ico.org.uk/make-a-complaint/
Your Data. We process (hold and use) your contact details and the history of your dealings with us.
Purpose. We process your data in order to respond to you and so that we can contact you about matters of mutual interest.
Legitimate Interest. We have a legitimate interest in doing that as you will have indicated that you wish us to do so. We do not need your consent.
Marketing. If we were to use your data in order to send you marketing material about our services we will only do so with your consent. That consent can be withdrawn by you at any time by following the “unsubscribe” link on our communication.
Those with whom we share it. Some of your personal data will be incidentally processed outside the UK or EEA where data privacy rules are not as strict as within the UK/EEA and where there is therefore a greater risk to its security. We use data storage facilities and email sending services based outside. We ensure that we have GDPR compliant arrangements with them.
Retention. Your data will be retained for up to ten years after our last interaction with you unless you ask us to delete it earlier and we are able to do that.
Why we need your data. Without your data we would not have the information necessary to be able to communicate with you.
Where we get it. Most of your data held by us will have come from you. Some may have been obtained from your colleagues and friends.
Purpose. We process your data (contact details and our history of dealing with you) to enable us to contact you in your role within your organisation and in order to record any information that you provide to us. That contact may include sending you a newsletter or marketing material but only if they are relevant to your role. We may also need to use it in order that we can recommend you or the goods and services of your organisation to others.
Legitimate Interest. We have a legitimate interest in using your data for those purposes. We do not need your consent. You can however at any time tell us that you do not wish to us to contact you again at all, or that you do not wish to receive marketing material.
Those with whom we share it. Some of your personal data will be incidentally processed outside the UK or EEA where data privacy rules are not as strict as within the UK/EEA and where there is therefore a greater risk to its security. We use data storage facilities and email sending services based outside. We ensure that we have GDPR compliant arrangements with them. We may also, in connection with a project on which we are working with your organisation, provide it to others working on the same project. We may also provide it to third parties seeking our recommendation of your organisation or someone like you.
Retention. Your contact and other data will only be held for as long as you retain your role in your organisation or, if it was relevant to a project, for so long as we retain the records of that project.
Why we need your data. Your data is needed principally so that we can contact you and otherwise for the purpose set out above.
Where we got it. The usual source of your data is you or your organisation. On occasions we may obtain it from your colleagues, from mutual clients, from others involved in a project or from publicity material published by your organisation or publicly available directories.
Purpose. We process your data (your contact details, career history and other relevant information) to enable us to assess you for a role and contact you.
Legitimate Interest. We have a legitimate interest in using your data for those purposes. We do not need your consent.
Those with whom we share it. Some of your personal data will be incidentally processed outside the UK or EEA where data privacy rules are not as strict as within the UK/EEA and where there is therefore a greater risk to its security. We use data storage facilities and email sending services based outside. We ensure that we have GDPR compliant arrangements with them. We may, if your role would be working with one of our customers provide it to that customer to allow them to assess you and contact you. If we seek references for you, we will supply your name and details of the proposed role to your referees. If we wish to verify your qualifications or suitability, we may provide information sufficient to identify you, things that you have told us about yourself and the proposed role to those that can verify the information you have given us.
Retention. If we decide not to employ you, most personal data about you will be deleted/destroyed six months after that decision is made and we will retain only sufficient data to identify that we have considered you for employment but that your application was unsuccessful. If we think we might want to employ you in future and tell you so, we will retain indefinitely all the data that we have about you. If we employ you, all the data about you will be transferred to your HR file and used and retained in accordance with our policies for employment.
Why we need your data. Without your data we would be unable to assess you, or contact you.
Where we got it. The usual source of your data is you or a recruitment consultant or “job board”. Some data may come from referees or those we use to verify the information that you provide.