Cognatio Solutions Ltd (‘The Company’ / ‘we’ / ‘us’) is committed to protecting and respecting your privacy.
The Company is registered with Companies House in the United Kingdom with registration number 10227185, the registered address is 1 Bromley Lane, Chislehurst, Kent, England, BR7 6LH.
In this policy the following terms have the following meanings:
‘company’ means Cognatio Solutions Limited.
‘consent’ means any freely given, specific, informed and unambiguous indication of an individual’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘data controller’ means an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘data processor’ means an individual or organisation which processes personal data on behalf of the data controller;
‘personal data’* means any information relating to an individual who can be identified, such as by a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data;
‘processing’ means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to an individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable individual;
‘sensitive personal data’* means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health, an individual’s sex life or sexual orientation and an individual’s criminal convictions;
* For the purposes of this policy we use the term ‘personal data’ to include ‘sensitive personal data’ except where we specifically need to refer to sensitive personal data.
‘Supervisory authority’ means an independent public authority which is responsible for monitoring the application of data protection. In the UK the supervisory authority is the Information Commissioner’s Office (ICO).
Cognatio Solutions Ltd is the data controller for the purposes of data protection.
What we collect
The Company collects information from our users at several different points on our website. We are the sole owner of the information collected on this site. The Company processes personal data in relation to its own staff, work-seekers and individual client contacts and is a data controller for the purposes of the Data Protection Laws. We will not sell, share, or rent this information to others.
If you register with us, you will be required to provide personal data. The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.
How we use your data
We only process the minimal amount of personal data that is necessary for the relevant purpose(s). The relevant purposes include:
- work finding solutions for candidates;
- fulfilment of contracts between you and us or us and clients;
- to send your information to clients to apply for and assess your suitability for roles;
- from time to time we may use the information you provide to notify you of potential roles or notify you of our new services or offers;
- to third parties we have contracted with, to provide services that you or a client have requested, including reference and qualification checking and background checking services. Before we pass your details to any third parties we will ask for your explicit consent verbally or in writing. The contracts we have with suppliers continue to protect your rights;
- Internal staff administration, including recruitment, contractual obligations, training and payroll;
- Advertising, marketing and public relations;
- Accounts and records;
- Administration and processing of clients’ personal data for the purposes of supplying/introducing work-seekers;
We only store your personal data for as long as it is necessary or required by law.
We are committed to ensuring that your information is secure. To protect your personal data from unauthorised access we have put in place policies and procedures as well as physical and electronic safeguards.
When registering with our website (or any other) you should use a strong, secure password and try not to use the same password anywhere else. A strong password includes a mixture of uppercase letters, lower case letters, numbers and punctuation. You are solely responsible for the security and proper use of the password, which should be kept confidential at all times and not disclosed to anyone. We never have access to your passwords.
Legal bases for processing
The Company will only process personal data where it has a legal basis for doing so. Where the Company does not have a legal reason for processing personal data any processing will be a breach of the Data Protection Laws.
The Company will review the personal data it holds on a regular basis to ensure it is being lawfully processed and it is accurate, relevant and up to date.
Before transferring personal data to any third party (such as past, current or prospective employers, suppliers, customers and clients, intermediaries such as umbrella companies, persons making an enquiry or complaint and any other third party (such as software solutions providers and back office support)), the Company will establish that it has a legal reason for making the transfer and all your rights remain protected.
Our legal basis for processing personal data is as follows:
- for the purposes of our legitimate interests or those of a third party;
- for the performance of a contract to which you are party to or to take steps to enter into a contract;
- for compliance with a legal obligation to which we are subject. This includes for the purposes of detecting crime, the collection of taxes or duties, and to comply with any applicable law;
- where you give your consent to the processing of your personal data for specific purposes. If we rely on your consent we will request either verbally, by email or an online process and record the response on our systems. Where consent is our legal basis for processing you may withdraw consent at any time. Please refer to the Your Rights section of this Policy for details of how to contact us should you wish to withdraw consent.
We may not be able to enter into a contract with you if certain information is not provided to us. If you refuse to provide the necessary information we have the right to refuse to enter into that contract.
Where is your data held?
Your data is held and processed by our staff entirely in the United Kingdom. As part of the provision of our services, the information you have provided to us may be transferred to the European Economic Area (‘EEA’) or outside the EEA. This will only happen if one of our clients or service providers is located outside of the United Kingdom.
If we transfer your information to the EEA in this way your data continues to be protected by the provisions of the GDPR. If we transfer your information outside of the EEA in this way, we will take the appropriate steps to ensure that your privacy rights continue to be protected. In addition, if you use our services while you are outside the EEA, your information may be transferred outside the EEA to provide you with those services.
Third Party Processors
The third-party processors that we use are Colleague Software, our payroll provider and Google Analytics they comply with relevant legislation to process personal data on our behalf. For the avoidance of doubt, our third-party Data Processors and the Group each have their own, independently determined privacy policies, notices and procedures for the personal data they hold and are each a data controller (and not joint data controllers).
- Our payroll provider processes our timesheets and expenses for payment and billing. Our agreement with them ensures that they abide by the data protection legislation as a processor of our data.
- Colleague Software provides a CRM system to manage our data. Our agreement with them ensures they process our data as instructed and abide by all relevant data protection legislation.
You have the right to be informed about the personal data the Company processes on you;
Marketing: You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
Subject Access Requests: You may request access to the information we hold about you at any time. We may ask you to verify your identity and for more information about your request. We will seek to act on your request in the timescale required by applicable data protection laws.
Rectification: We will use reasonable endeavours to ensure that your personal data is maintained and up to date. However, you are under a duty to inform us of any and all changes to your personal data to ensure that it is up to date and we will update or delete your personal data accordingly.
Erasure: You have the right to ask us to erase your data. If you ask us to erase your data, we will ask if you want to be removed entirely from our database or kept on a list of individuals who do not want to be contacted. If we have a legal basis for holding your data other than consent we may need to keep some or all of your personal data for a certain period, e.g. if you have worked for us we will need to keep accounting and financial records regarding your payments as required by accounting practices and legislation. Where we are legally permitted to do so, we may refuse your request and will give you reasons for doing so.
Data Portability: You have the right to receive your personal data which you have provided to the Company in a structured, commonly used and machine-readable format, where the processing is based on your consent or a contract.
Withdraw Consent: Where we process your data on the basis of consent you have provided to us, you have the right to withdraw your consent at any time and have such data deleted. Where we are legally permitted to do so, we may refuse your request and will give you reasons for doing so.
Profiling: You have the right not to be subjected to automated decision making and profiling.
If you wish to exercise any of these rights or raise a complaint on how we have handled your personal data, you can contact us on email@example.com or write to the Directors of the Group at our registered address.
If you are not satisfied with our response or any of our data processing activities, you can complain to the Information Commissioners Office. The latest contact details can be located on their website (https://ico.org.uk).
Policy Published 19th May 2018.