Privacy Policy

Definitions:

• “Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
• “Special categories of personal data” refers to the various categories of personal data identified by UK GDPR as requiring special treatment. Such categories include racial / ethnic origin, sexual orientation, political opinions, biometric / genetic data, criminal records, religious beliefs, and physical and mental health.
• “EEA” refers to the European Economic Area which includes the 27 countries of the European Union plus Iceland, Liechtenstein and Norway.

1. Introduction

Conduct Culture Ltd is committed to protecting your privacy and maintaining the security of any personal information received from you. We strictly adhere to the requirements of the applicable data protection laws, including the General Data Protection Regulation and the UK Data Protection Act 2018, as well as our data privacy policies.

Purpose

The purpose of this statement is to explain to you what personal information Conduct Culture Ltd (“Conduct Culture”, “we”, “us” or “our”) collect, how we may use it and will look after it, as well as tell you about your privacy rights in relation to the processing of your personal data.

Changes to the Privacy Statement and your duty to inform us of changes

This privacy statement will be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws. Any updates will be posted on this page so that you are aware of the information we collect and how we always use it. Continued use of the Website and communication with us will constitute your agreement to any such changes. It is important that the personal data we hold about you is accurate and current. Please therefore keep us informed if your personal data changes (or if you wish to verify or remove your personal details) during your relationship with us by contacting us at info@conductculture.co.uk.

2. Scope

The Data we collect about you and how we collect it

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer the following types of personal data:

• Identity data: including first name, last name, marital status, title, date of birth and gender;
• Contact data: including residential address, email address and telephone number;
• Technical data: including IP address used to connect your computer or mobile device to the internet, browser type and version, operating system and platform and other technologies on the devices you use to access this Website.

We use different methods to collect personal data from you, including through:

• Direct interactions. For example, when we interact with you for business purposes or contact you with business related information that we consider may be of interest to you. Also, if you make an enquiry or submit a job application you will be asked to provide certain information including name, email address and telephone number.
• Automated technologies or interactions. When you interact with our Website, we may automatically collect information about your equipment, browsing action and patterns. This information is collected through cookies. A cookie is an element of data that our Website sends to your browser which is then stored on your system. You can set your browser to prevent this happening. Any information collected in this way can be used to identify you unless you change your browser settings.

We do not collect any ‘special categories of personal data’ without your express consent, and then only in accordance with data privacy laws.

3. Interested Parties

• ICO – Standards and requirements, technical support, Date Breach reporting,
• Employees – Data subjects, data processors, awareness, adherence, reporting.
• Consultants – Data subjects, data sub-processors, awareness, adherence, reporting
• Clients – Data subjects, data processors,

4. Related Policies and Procedures

• Clear Desk Policy
• Data Protection Policy
• Data Retention Policy
• Information Security Policy

5. Policy requirements

How we use your Personal Data

We only use your personal data where required for specific purposes. Most commonly, we will use your personal data in the following circumstances:

• To contact you with business related information that we consider may be of interest to you;
• Where it is necessary for our legitimate interests (e.g. as an employer, conducting our business in an efficient and compliant manner and the overall promotion of our business) and your interests and fundamental rights do not override those interests; and
• Where we need to comply with a legal or regulatory obligation

Unless we consider we have a legitimate business reason for contacting you, we will only contact you with your consent, and you have the right to withdraw your consent at any time.

We do not sell, rent or exchange your personal information with any third party for commercial reasons.

Data Security

We have put in place a range of appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach, should one occur.

International Transfers

We may from time to time wish to transfer personal data to third parties supporting the operation of our business which may involve transferring data outside the European Economic Area (EEA).

Prior to making any such transfer of personal data, we will take the necessary steps to ensure that a similar degree of protection is afforded to your personal data in accordance with the applicable data privacy laws.

Your legal rights

Under certain circumstances, by law, you have the following rights in relation to your personal data:

• Request access to your personal data (commonly known as “data subject access request”): this enables you to receive a copy of your personal data and to check that we are lawfully processing it;
• Request a rectification to your personal data: this entitles you to have any incomplete or inaccurate personal data corrected;
• Request the erasure of your personal data (often referred to as the “right to be forgotten”): this entitles you to request your personal data be deleted where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (below);
• Object to the processing of your personal data: this entitles you to request that we no longer process your personal data;
• Request the restriction of the processing of your personal data: this entitles you to request that we suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interest but we need to hold some of it for the purpose of legal proceedings;
• Request transfer of your personal data: this entitles you to receive a copy of your personal data, or request we transmit such personal data to another party; and
• Withdraw your consent at any time: where we are relying on consent to process your personal data you may withdraw this consent at any time by contacting us at info@conductculture.co.uk

Contact us

Please do not hesitate to contact us, using the details below, if you:

• have any questions about privacy (including this policy)
• wish to exercise your rights in relation to your personal data rights
• wish to make a complaint about our use of your data

Email address: info@conductculture.co.uk

Postal address: Conduct Culture Ltd, Paramount House, 1 Delta Way, Egham, Surrey. TW20 8RX

Telephone number: 020 8138 5520

If, despite our commitment and efforts to safeguard your personal data, you have any concerns or complaints about our privacy activities, you can contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). Our ICO reference number is A8693858.

We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO, so please contact us in the first instance.

6. Key Responsibilities

All employees of Conduct Culture and anyone working on its behalf, have a responsibility to report all nonconformities and events in a timely manner to one of the Directors who will take responsibility for investigating the incident.

The Directors will also inform the Company Insurers and liaise with the respective regulators as necessary.

7.Reporting

Reporting in respect of this policy is covered under the Data Security Policy, Information Security Policy, and Non-conformities Record.

8.Record Keeping

Data Retention

We maintain a specific data retention policy to ensure that we only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those through other means, and the applicable legal requirements.

9.Communication and training

This policy is communicated on the Conduct Culture website and is included in the firmwide Data Protection training.

1. Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden