This policy relates to all websites owned by Ten-Percent.co.uk Limited.
(a) What information is being collected?
Please note that the type of information we collect and hold about you will depend on whether or not you are a registered user.
If you register with the our jobfinder service, you will be asked to submit personal information. This will include your name, surname, post code and email address. For other online services, we may require further personal details. We gather this information to allow us to assist you in the manner described on the pages we request the information from. If you use our CV services or other pay services, we will collect information from you to prepare your order and to process your payment.
Whether you are a registered user or not, our webserver collects certain information such as:
(a) IP addresses;
(b) host names;
(c) domain name;
(d) the time and date information is requested;
(e) the browser version and platform when information is requested;
(f) a record of which pages have been requested.
We use this information to produce aggregate visitor statistics in relation to which pages are being accessed. We may also use it to monitor usage patterns on this website in order to improve navigation and design features to help you get information more easily. These statistics will not include information that can be used to identify any individual.
(b) How is personal information being used?
If you are a registered candidate, we may share your personal information with third parties, namely law firms or companies employing lawyers. This is only with your specific consent each time we propose to forward your details to third parties. Further information about this can be found on our registration pages, and subsequent correspondence to you post-registration.
(c) To whom is personal information being disclosed?
We will not disclose any of your personally identifiable information to any third party without your prior permission or except as required to do so by law.
(d) How is personal information stored and protected?
Keeping your personal details private is very important to us. On our website there are certain areas where you can transmit credit card or debit card details in order to purchase a product or service. Such details are transmitted in an encrypted manner via a Secure Socket Layer (SSL). This service is provided by Paypal.
Despite our best efforts, unfortunately no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot warrant the security of any information you transmit to us from our online products or services, and you do so at your own risk. Once we receive your transmission, we make our best efforts to ensure its security on our systems.
(f) IP addresses
Each time you use the internet, an IP address is assigned to your computer via your Internet Service Provider. This number may either be the same or different each time. Each time your computer requests information from our website, we log your IP address on our server. We may use this information in order to gather information about website traffic.
(g) Updating your details
Should you wish to update or change any of the details that we hold about you you may do so via the website or by contacting us or sending us an email at email@example.com
(h) Your consent
NB: We use third-party advertising companies (Google) to serve ads when you visit parts of our website. These companies may use information (not including your name, address, email address or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and would like to know your options in relation to not having this information used by these companies, please contact us.
Data Protection, Personal Data and GDPR Policy
Ten-Percent.co.uk Limited (the “Company”) takes its responsibilities with regard to the management of the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) very seriously. This document provides the policy framework through which effective management of Data Protection matters can be achieved.
- Scope of the Policy
The purpose of this policy is to ensure that the Company and the Company’s staff and sub-contractors comply with the provisions of the Data Protection Act 2018 (and 1998 of course) when processing personal data. Any serious infringement of the Act will be treated seriously by the Company and may be considered a breach of contract or under disciplinary procedures. The Company expects all of its staff and contractors to follow the ethical behaviours set out in the Nolan Principles, even though we are not a public institution. Those are: selflessness, integrity, objectivity, accountability, openness, honesty and leadership. These Principles are incorporated into this policy.
This policy applies regardless of where the data is held, ie if it is held on personally-owned equipment or outside Company property.
The Company is required to adhere to the eight principles of data protection as laid down by the Act. In accordance with those principles personal data shall be:
- Processed fairly and lawfully
- Processed for specified purposes only
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept longer than necessary
- Processed in accordance with data subjects’ rights
- Processed and held securely
- Not transferred outside the countries of the European Economic Area without adequate protection.
[a] Company responsibilities
As the Data Controller the Company is responsible for establishing policies and procedures in order to comply with the requirements of the Data Protection Act 2018.
[b] Governance Officer responsibilities
The Governance Officer holds responsibility for:
- the Company’s Data Protection notification. Details of the Company’s notification are published on the Information Commissioner’s website. Anyone who is, or intends, processing personal data for purposes not included in the notification should seek advice from the Governance Officer;
- drawing up guidance, giving advice and promoting compliance with this policy in such a way as to ensure the easy, appropriate and timely retrieval of information;
- the appropriate compliance with subject access rights and ensuring that data is released in accordance with subject access legislation under the Data Protection Act 2018;
- ensuring that any data protection breaches are resolved, catalogued and reported appropriately in a swift manner and in line with guidance from the Information Commissioner’s Office;
- investigating and responding to complaints regarding data protection including requests to cease processing personal data.
[c] Staff responsibilities
Staff members who process personal data about clients, staff, applicants, contractors or any other individual must comply with the requirements of this policy.
Staff members must ensure that:
- all personal data is kept securely;
- no personal data is disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised third party;
- personal data is kept in accordance with the Company’s retention schedule;
- any queries regarding data protection, including subject access requests and complaints, are promptly directed to the Governance Officer;
- any data protection breaches are swiftly brought to the attention of the Governance Officer and that they support the Governance Officer in resolving breaches;
- where there is uncertainty around a Data Protection matter advice is sought from the Governance Officer.
Staff who are unsure about who are authorised third parties to whom they can legitimately disclose personal data should seek advice from the Governance Officer.
[d] Third-Party Data Processors
Where external companies are used to process personal data on behalf of the Company, responsibility for the security and appropriate use of that data remains with the Company.
Where a third-party data processor is used:
- a data processor must be chosen which provides sufficient guarantees about its security measures to protect the processing of personal data;
- reasonable steps must be taken that such security measures are in place;
- a written contract establishing what personal data will be processed and for what purpose must be set out;
- a data processing agreement, available from the Governance Officer, must be signed by both parties.
For further guidance about the use of third-party data processors please contact the Governance Officer.
The Company is responsible for the use made of personal data by anyone working on its behalf. Managers who employ contractors must ensure that they are appropriately vetted for the data they will be processing. In addition managers should ensure that:
- any personal data collected or processed in the course of work undertaken for the Company is kept securely and confidentially;
- all personal data is returned to the Company on completion of the work, including any copies that may have been made. Alternatively that the data is securely destroyed and the Company receives notification in this regard from the contractor;
- the Company receives prior notification of any disclosure of personal data to any other organisation or any person who is not a direct employee of the contractor;
- any personal data made available by the Company, or collected in the course of the work, is neither stored nor processed outside the UK unless written consent to do so has been received from the Company;
- all practical and reasonable steps are taken to ensure that contractors do not have access to any personal data beyond what is essential for the work to be carried out properly.
- Subject Access Requests
The Company is required to permit individuals to access their own personal data held by the Company via a subject access request. Any individual wishing to exercise this right should do so in writing (by email is fine) to the Company, contacting Jonathan Fagan, MD – (click our contact page). You can also telephone to discuss your personal data access request by calling 01824 780937.
The Company aims to comply with requests for access to personal information as quickly as possible, but will ensure that information is provided within the one month limit set out in the GDPR and Data Protection Act 2018.
Individuals will not be entitled to access information to which any of the exemptions in the Act applies. However, only those specific pieces of information to which the exemption applies will be withheld and determining the application of exemptions will be made by the Governance Officer.
- Data Protection breaches
Where a Data Protection breach occurs, or is suspected, it should reported immediately to one of the directors of Ten-Percent.co.uk Limited. The report should include full and accurate details of the incident including who is reporting the incident and what classification of data is involved.
Queries regarding this policy or the Data Protection Act at large should be directed to one of the directors of Ten-Percent.co.uk Limited.