Our Principles Around Privacy
Our approach to privacy and data protection is built around four key principles. They are at the heart of everything we do relating to personal data.
- Transparency: We take a human approach to how we process personal data by being open, honest and transparent
- Enablement: We enable connections and efficient use of personal data to empower productivity and growth
- Security: We take every step to secure the personal data entrusted to us
- Stewardship: We accept the responsibility that comes with processing personal data.
Definitions of Personal Data
Sensitive Personal Data
|Personal data includes information about a living individual where it can be connected to a name, home address, date of birth, National ID, passport or tax number (e.g. payroll record).
|Sensitive personal data relates to a person’s physical, physiological, genetic, biometric, mental, economic, cultural or social identity; also, anything that reveals political opinions, racial or ethnic origin, religious beliefs, trade union membership, sexual orientation and health status.|
|Within the context of the Primonovo business, we only use personal data when one or more of the following apply:
|Within the context of the Primonovo business, we only use sensitive personal data when one or more of the following apply:
Our default approach to the use of sensitive personal data is for there to be explicit consent from the data subject(s). In the event of any doubt, use of sensitive personal data is carefully reviewed.
How We Collect Your Data
When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:
Information you provide to us directly: When you visit or use some parts of our websites and/or services we might ask you to provide personal data to us. For example, we ask for your contact information when you send us an e-mail from our website, join us on social media, take part in training and events, contact us with questions or request support. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.
Information we collect automatically: We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see).
Information we get from third parties: The majority of information we collect, we collect directly from you. Where we collect personal data, we’ll only process it:
- to perform a contract with you, or
- where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
- in accordance with a legal obligation, or
- where we have your consent.
If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you.
Consent: We don’t currently collect any data by consent as all purposes are lawful based on explicit need. For example, we consider the collection of psychometric data, feedback on courses and contact details of course delegates as being in the legitimate interests of the employer or a third party and therefore do not require consent for these activities.
How We Use Your Data
First and foremost, we use your personal data to provide you with any services you’ve requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:
To communicate with you. This may include:
- providing you with information you’ve requested from us (like training or education materials) or information we are required to send to you
- marketing communications (about Primonovo or another product or service we think you might be interested in) in accordance with your marketing preferences
- asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
We process and store personal data in the following areas:
Sales, Business Development and Commercial Contacts
- Contact details of clients with whom we have commercial relationships
- Contact details of organisations and individuals with whom we communicate and included in our marketing and business development activities
This data is held in Primonovo and not passed on to any third party.
- Contact information on people who take part in our training programmes, assessment centres and feature in any other client projects
- Results of assessments and tests related to people who take part in our training programmes and assessment centres and other client projects
- Other personal information which may be collected, analysed and held as part of a defined client project under any of our service lines
This data is only shared with the client who has commissioned the work and the individual to whom it is related.
- Personal data related to the employment contract including address and identity, right to work, medical reports relevant to employment, pay, benefits, banking and taxation
This data is held in Primonovo and shared as appropriate with our Accountancy service provider (which includes outsourced payroll and taxation services) and in response to legitimate enquires from public authorities (e.g. tax, immigration).
- Personal data related to the Associate Contract including address and identity, right to work, medical reports relevant to operating as an Associate, banking and taxation
This data is held in Primonovo and shared as appropriate with our Accountancy service provider (which includes taxation services) and in response to legitimate enquires from public authorities (e.g. tax, immigration).
How We Share Your Data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- third party service providers and partners who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on the website or services, or to market or promote our goods and services to you
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
- an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
- other people where we have your consent.
International Data Transfers
When we share data, it may be transferred to, and processed in, countries other than the country you live in. These countries may have laws different to what you are used to. Rest assured, where we disclose personal data to a third party in another country, we will ensure it is treated properly and in line with the standards expected by the GDPR.
If you have any concerns please contact us using the details set out in the Contact Us section below.
How Long We Retain Your Data
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
Data Protection Impact Assessments
We undertake an Impact Assessment for each client project that we deliver and we will advise you if we consider there to be any issues arising from that client project in relation to the treatment of personal data. If you wish to be informed of the Impact Assessment, its outcome or have any concerns then please contact us immediately.
Third Party Suppliers
Third party suppliers to Primonovo such as IT, Accountancy and specialist service providers are required to have appropriate Data Protection Policies and Practices, which are evaluated when arrangements are set up and reference to those Policies and Practices is included as appropriate in contractual documents.
Subject Access Requests
Subject Access requests will be responded to within one month. If a Subject Access request is considered to be manifestly unfounded or excessive, it will be refused and the reason explained in writing within one month. In such a case the person making the request will have the right to complain to the supervisory authority and to a judicial remedy.
Primonovo employment contracts and associate agreements contain privacy notices.
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – send your request to firstname.lastname@example.org.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data.
You can exercise these rights at any time by sending an email to email@example.com.
If you’re not happy with how we are processing your personal data, please let us know by sending an email to firstname.lastname@example.org within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
How to Contact Us
We’re always keen to hear from you. If you’re curious about what personal data we hold about you or you have a question or feedback for us on this notice, our websites or services, please get in touch. Our email is email@example.com.
We prefer to communicate with you by email to ensure you’re put in contact with the right person, in the right location, and in accordance with any regulatory time frames.
A named Director has designated responsibility for compliance with data protection legislation. The designated Director is Alison Mackay, Primonovo Limited, Pophole Farmhouse, Hillbrow Road, Liss, Hampshire GU33 7LQ.
What Are Cookies
For more general information on cookies see the Wikipedia article on HTTP Cookies…
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.
The Cookies We Set
Third Party Cookies
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. However if you are still looking for more information then you can contact us through one of our preferred contact methods.