Core Five (Consulting) Limited regularly review this policy from time to time, and you may obtain the most recent version from our website www.corefive.co.uk . Last updated 25th May 2018.
Data protection officer
Core Five (Consulting) Limited has appointed an internal data protection officer who is contactable if you have any questions or concerns about our personal data policies or practices. Core Five (Consulting) Limited’s data protection officer’s contact information as follows:
Name: Data Protection Officer
Email: [email protected]
Address: 230 Blackfriars Road, London, SE1 8NW
Information we hold, collect and use
We collect personal information when you express an interest or make use of our services, subscribe to our newsletters or other industry reports, or when seeking or gaining employment. We will have a legal basis for processing your data which will be by consent, through processing a contract, via a legal obligation or through a legitimate interest. We may also process data necessary to protect someone’s life (vital interest) or when executing a public task.
- Social media communications
- Business cards
- Face to face meetings
- Business networking events
Typically, the personal information we hold is:
- Name and job title
- Contact information including email address
- Demographic information such as postcode, preferences and interests
- Other information relevant to employment
- Records of contact with you such as system notes, emails and letters
What we do with the information we gather
We require this information to undertake our services within the construction industry or to provide information that may be of interest to other professionals, and in particular for the following reasons:
- To provide services requested by you
- To recommend services that we believe will be of interest to you
- To provide information on our activities, such as communications and general updates relevant to you
- To carry out our obligations arising from any contracts entered into between you and us
- To notify you about changes to our company information such as websites or services
- To process and respond to specific information you have requested (such as events, newsletters, other publications, e-newsletters and press releases) and enquiries and complaints received from you
- To contextualise comments you have made and analyse the results of online and email consultations and surveys, as part of our ongoing research activities
- To generate anonymous statistics to help us improve the services we offer to you (these statistics will not include information that can identify you as an individual)
- To pre-populate forms on our Website requesting information you have already provided, for your convenience and ease-of-use
- To update our records
- To process payments
- For audit purposes
- To prevent or detect fraud
- To enable third parties to carry out any of the purposes above on our behalf.
Who might we share your information with?
To the extent consistent with applicable law, we may share your information in the following circumstances:
- With our subsidiaries and affiliates
- With affiliated and third-party service providers, such as companies that provide us technical support, data hosting, and other services
- With other parties when required by law or as necessary to provide or protect our services, products, and other offerings. For example, we may need to disclose information with other parties to comply with the law or respond to legal process or a request for cooperation by a government entity or law enforcement; to prevent fraud or verify and enforce compliance with the policies and terms governing our Services; and to protect the rights, property, or safety of us, or any of our respective affiliates, business partners, customers or employees
- If the business is reorganised or sold to another organisation, we may transfer any personal information we hold to that organisation
- When you or your company or organisation consent to or request such sharing.
- When contacting you through personal media which includes LinkedIn, Twitter and Survey Monkey
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you.
We will not transfer your information outside the European Economic Area unless it is unavoidable to allow use to deliver our services. If we do, we take care to ensure the same level of privacy and security as the UK.
Our website, along with our business and internal computer systems, are designed to comply with the General Data Protection Regulation in regards to data protection and user privacy. Data is held on a secure server and computers are password protected. We have information security systems in place and have attained the Cyber Essentials certification (certificate number IASME-A-04448).
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes, by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Email update and electronic communications
If you consent to receive email updates, or we have assessed your legitimate interest, we will send you email communications. We use a third-party provider, MailChimp, to deliver these. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our email updates. We do this to better understand how people interact with our email communications and enabling us to make improvements. For more information, please see MailChimp’s privacy notice. You can withdraw your consent at any time by clicking on the unsubscribe link in any email communication from us. Or you can opt-out by contacting us.
People we work with at client companies
If we are delivering services to your company, we record data that you provide us with so that we can deliver our services efficiently. We only do this if we are directly in touch with you when delivering our services. In some cases, where prior opt-in is not required, we may send communications to you on the basis of legitimate interest – in this case the interest is sharing information, knowledge or to facilitate future communications between us. If we contact you in this manner, we will inform you directly with relevant information and you will have an opportunity to opt out in every communication, e.g. by clicking on an unsubscribe link in an email. You can also always opt-out by contacting us at [email protected]
We hold this information for up to 6 – 12 years subject to the terms of our appointment.
People we interact with while doing business (not client companies)
If we are interacting with you in a professional capacity outside of a client-supplier relationship, we may record your information in order to facilitate future communications between us. In some cases, where prior opt-in is not required, we may send communications to you on the basis of legitimate interest – in this case the interest is sharing information, knowledge or to facilitate future communications between us. If we contact you in this manner, we will inform you directly with relevant information and you will have an opportunity to opt out in every communication, e.g. by clicking on an unsubscribe link in an email. You can also always opt-out by contacting us.
We hold this information for up to 6 12 years either from the last engagement you had with us, or subject to any contract we have entered into.
Job applicants and recruitment
All of the information you provide during the process will only be used for the purpose of progressing your application (the basis for processing here is the legitimate interest of Core Five (Consulting) Limited to select best candidates for the vacancy), or to fulfil legal or regulatory requirements if necessary (here the basis for processing would be a legal obligation). We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us, whether the information is in electronic or physical format. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. If you are successful, you will receive additional data protection information that is specific to employees.
All of the information you provide during the process will be stored until the decision regarding your application has been made. We will also keep this information on file for up to 3 years after the decision has been communicated to you in order to consider you for future vacancies when they become available. You can, however, ask us to delete your information earlier than this by replying to the HR manager or by contacting us at the details below.
Links to other websites
Our website, and social media, may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Managing the information we hold, collect and use
You may choose to restrict the collection or use of your personal information in the following ways:
- Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes;
- If you have previously agreed to us using your personal information to contact you, you may change your mind at any time by writing to or emailing us at [email protected]
- We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you communications which we think you may find interesting, and always compliant with our lawful basis for processing your data.
You have the right to request access to the information we hold about you, this is called a Data Subject Access Request. Such requests from individuals should be made by email to [email protected]. Individuals will be charged £25 per subject access request, and the data controller will aim to provide the relevant data with one month. The data controller will always verify the identity of anyone making a subject access request before disclosing any information.
If you believe that any information we are holding on you is incorrect or incomplete, please email the Data Protection Officer at [email protected] as soon as possible. We will promptly correct any information found to be incorrect.
Data retention periods
We will keep your personal information only as long as necessary to administer our contract services, employment obligations or other regulatory and legal requirements, and will destroy it securely when no longer needed.
We will comply with the ICO’s guidelines for data breaches, and following assessment will report any unlawful data breach to the ICO within 72 hours of the breach coming to our attention, if it is apparent that personal data stored in an identifiable manner has been stolen.