Privacy Policy

This privacy policy explains how we collect and use any personal data we collect when you access our services (including our website) in accordance with the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’).

Data Protection Principles

Personal data must be processed in accordance with six ‘Data Protection Principles.’ It must:

  • be processed fairly, lawfully and transparently;
  • be collected and processed only for specified, explicit and legitimate purposes;
  • be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
  • be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
  • not be kept for longer than is necessary for the purposes for which it is processed; and
  • be processed securely.

We are accountable for these principles and must be able to show that we are compliant.

What personal data do we collect?

Our reasons for collecting personal information from you may be to: (i) help us deliver our services; (ii) improve, develop and market new services; (iii) carry out requests made by you on our website or in relation to our services; (iv) investigate or settle enquiries or disputes; (v) comply with any applicable law, court order, other judicial process, or the requirements of a regulator; (vi) enforce our agreements with you; (vii) protect the rights, property or safety of us or third parties, including our other clients and users of our website or our services; (viii) provide support for the provision of our services; (ix) recruitment purposes; and (x) use as otherwise required or permitted by law.

We collect personal data when:

  • you visit our website;
  • you subscribe to our newsletters or receive our publications;
  • you apply for employment with us;
  • you attend one of our seminars;
  • we are instructed to provide our services;
  • we engage in business dealings.

Specifically, we hold the following types of data:

  • personal details such as name, address, phone numbers, job title, email addresses etc of our clients’ workers and other contacts;
  • data provided to us or requested by us for the purposes of providing our services to ensure our clients receive appropriate advice and support including: personal details such as name, address, phone numbers, job title, email addresses, job description, salary, disciplinary and grievance records, annual leave records, criminal convictions, sickness, family related leave, appraisal, performance information, and other records supplied to us by our clients for the delivery of our services in relation to employment legislation.
  • data provided to us or requested by us for the purposes of providing our services to ensure our clients receive appropriate advice and support including data relating to: gender, marital status, sexual orientation, sex life, race, religion, ethnic origin, trade union membership, political opinion, health, disability, and other medical information.

How will we use personal data?

All employees who handle personal data are trained in ensuring data is processed in line with GDPR and the 2018 Act.

We hold personal data within our computer systems (for example, the systems that we use to provide our advice service and case management systems) and/or in paper files.

When you visit our website, a record of your visit is made. That data is used completely anonymously, in order to determine the number of people who visit our website and the most frequently used sections of the site. This enables us to continually update and refine the site. If you use any forms on the website to send an email to us, a record will also be made of your email address and your telephone number.

We may collect, hold, use and disclose the information collected as is necessary in the performance of our services to you or for complying with a legal obligation; or as part of our legitimate interests in marketing our services to existing clients and interested parties to grow our business.

We may therefore collect, hold, use and disclose the information collected to compile statistical data and to: maintain our database; develop/improve our website; respond to any email enquiries; notify you of any upcoming marketing, training or other events; provide you with publications; manage quality control; manage systems administration; attend to compliance issues; provide you or your organisation with advice; determine suitability for employment; and for other marketing purposes.

We may use the following third-party service provider to process and store your data:

Mailchimp (The Rocket Science Group, LLC), which we use to manage email marketing subscriber lists and send emails. Their privacy policy is found here.

We will not use or disclose personal data for any other purpose which is not related to the above purposes without your consent, unless otherwise authorised, required or permitted under the laws of England and Wales.

We do not operate any automated decision-making systems.

If you no longer wish to receive information about our services, please send an email to (info@eliaction.com) advising that you do not wish to receive further information.

Will we disclose your data?

We may disclose personal data where it has been supplied to us for the purposes of providing advice (or other related services) on a confidential basis to external service providers so that they can provide services such as specialist legal advice, or financial or administrative services in connection with the operation of our business and the delivery of our service to you and to any person (where necessary) in connection with their services, such as law enforcement, regulatory authorities, partners or advisors.

We require external service providers to keep personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.

Where necessary to deliver our services we will transfer personal information to countries outside the European Economic Area (“EEA”). Not all countries provide the same level of protection in relation to personal information as within the EEA. Where necessary to make such transfers, we will comply with our legal and regulatory obligations in relation to the personal information. This will include having a lawful basis for transferring personal information and putting appropriate safeguards in place to ensure an adequate level of protection for the personal information.

Where your data is processed by Mailchimp (The Rocket Science Group, LLC) information may be transferred to, stored, or processed in the United States. Please refer to their privacy policy here.

How long will we retain personal data?

Personal data must not be kept for longer than is necessary for the purposes for which it is processed.

Where you have provided consent for the processing of data you have the right to withdraw this consent which must be in writing. Where consent has been withdrawn, the data will be disposed of as described below.

Personal data supplied to us by our clients for the delivery of our services in relation to employment legislation will be kept for at least for the duration of the contract with us, plus up to 7 years from the date that contract with us terminates.

Once data is no longer needed and/or consent has been withdrawn, we will arrange for the data to be disposed of. This may be by:

  • deletion/removal of data from our databases, online systems, email or other electronic systems; and/or
  • destroying the data through shredding or similar method.

Access to your information and other rights

Under the GDPR and the 2018 Act you have a number of rights with regard to your personal data.

Please contact us at info@eliaction.com should you require more detail/wish to exercise your rights.

  • The right to information about what personal data we process, how and on what basis as set out in this privacy policy.
  • The right to access your own personal data by way of a subject access request. Identification will be requested for security.
  • The right to correct any inaccuracies in your personal data.
  • The right to request that we erase your personal data, however this would only be where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected.
  • The right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
  • The right to object if we process your personal data for the purposes of direct marketing.
  • The right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
  • With some exceptions, the right not to be subjected to automated decision-making.
  • In most situations, the right to be notified of a significant data security breach concerning your personal data.
  • In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later.
  • We want to make sure that your personal information is accurate and up to date. Please contact us to correct or remove information you think is inaccurate or out of date.

Complaints

You have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.

Identification will also be requested for security.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org.

Our website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of our website and compile reports for us on activity on the website. Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

Other websites

Our website may contain links to other sites. When you link to other websites you should read their own privacy policy.

How to contact us

Please review our website regularly as our privacy policy may change from time to time. If you have any questions about our privacy policy or information we hold about you please contact:

The Directors, 4 Pocketts Yard, High Street, Cookham, Berkshire SL6 9SL
Tel: 01494 817193