Our Privacy Notice outlines the information we collect about you, how we use, disclose and otherwise manage this information and the choices you have to restrict our usage of this information. For the purposes of this Privacy Notice, “we” and “us” means B&D Roper Ltd. In terms of the data protection regulations we are what is known as a Data Controller.
Please click on the topic below that is of interest to you:
- Why do we collect your personal information?
- Data protection regulations
- Our grounds for processing data
- Retention of personal information
- Keeping your data secure
- Information collected via our website
- Making Contact via our website
- Your Rights
- Policy Changes
Why do we collect your personal information?
We collect personal information to help manage your interactions with us and to deliver the services you ask us to provide:
- To provide the people management services you have contracted from us;
- To communicate with and record information from individuals you have asked us to talk with as part of our services;
- To manage the services we provide to you;
- To charge you for the services you have purchased from us;
- To be able to answer questions you may have now and in the future about the services we have provided to you;
- To meet the statutory and legal obligations we have as an HR advisor;
- To help us run and grow our business.
We also collect information, so we can tell you about our products and services. We will not collect any personal information from you we do not need.
Data protection regulations
The data protection regulations states that personal data (that is information relating to a person that can be individually identified) can only be processed if there is a legal ground to do so. Activities like collecting, storing and using personal information would fall into the statutory definition of processing.
The law provides for six legal grounds, (that is reasons) under which personal information can be processed in a way that is lawful. For the processing to be lawful at least one of the legal grounds must apply.
Our grounds for processing data
We can only fulfil the contract between B&D Roper Ltd and each individual client if we have sufficient information on which to provide expert advice and guidance.
- Where data is obtained from a third party, for example a witness to an investigation, the consent of the witness is obtained and an explanation as to how the data may be used is given. It is normally the case that witnesses to an investigation are under a contractual obligation to their employer to participate in any internal investigation.
We retain and process data in order to comply with our legal obligations, for example those imposed by HMRC, the judicial system or the employment tribunal system.
We retain and process data in order to comply with statutory safeguarding obligations and in particular:
- The Data Protection Act 1998 Schedule 3 and any similar legislation in respect of vulnerable adults.
- Working Together to Safeguard Children 2015.
- Information Sharing: Advice for practitioners providing safeguarding services to children, young people, parents and carers.
- Safeguarding Vulnerable Groups Act 2006.
- The Care Act; Safeguarding Adults 2014.
This list of legislation is not exhaustive.
Retention of personal information
We retain data relating to individuals until the client organisational situation (capability, attendance, disciplinary etc) is satisfactorily resolved. In the case of final written warnings, we retain the data until the warning has expired.
Data relating to individuals, that is witness statements and statements taken from the subject of investigations or the complainant and investigation reports are retained for –
Six months or until any potential employment tribunal process has been completed.
- Six years if the data relates to complaints of bullying and/or harassment or until any County Court or Crown Court process has been completed.
Until the completion of any Police (or similar) investigation has been completed.
Personal data required by HMRC, such as that on invoices, will be retained for 6 years.
Keeping your data secure
We are committed to ensuring that your personal data is held securely.
- Data in digital form is retained electronically on a fully encrypted system, protected by anti-virus software and backed up on a daily basis.
- Hard copy data is held in a locked study area in a secure building that has no public access.
- Other than as required by our legal obligations, data is not shared with a third party.
- Where one of our associates is engaged we will ensure that their data protection policies meet our legal obligations.
Information collected via our website
You can visit our site without telling us who you are or providing us with any personal information. However, we may collect the I.P. (Internet protocol) addresses of all our website visitors and other related information to be used to improve our website. We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.
When you visit our website, you are presented with the option to “opt-in” to accept cookies. Our lawful basis for using cookies is your Consent via opting in.
Making Contact via our website
You may choose to raise a query with us via the contact forms provided on our website. In this case we will collect and store your name and email address. As an alternative method of contact you may click on one of the email addresses on our website. In this case the link will open your own email application and you will not need to save your information on our website.
You can request a copy of the personal information we hold on you at any time. If you believe the information we process on you is incorrect you can request to see this information, and have it corrected or deleted. If we are providing a service to you under contract, then it may not be possible to delete your information. We may also be required to retain some parts of your personal information for legal reasons – such as invoice and payment records. Please make such a request in writing. There will be no charge for reasonable requests for information and we will respond within 30 days. If it will take longer than 30 days to meet your request we will advise you accordingly.
If you wish to raise a request regarding your personal information or to register a complaint on how we have handled your personal data, please contact us at firstname.lastname@example.org.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office at https://ico.org.uk/
This policy was last updated in May 2018.