We currently collect and process the following information:
If you or your company seek to do business with us, or we with you, we may need to collect personal identifiers, contacts, and characteristics that relate to individuals. We will usually hold your name, role or position held, email address, and telephone number. We may also hold your postal address (which may or may not also be your personal address), and limited information about people who work for you.
Before we enter into a contract with you, we will additionally collect information that any business might collect when conducting due diligence. The information we collect may include:
If you are a limited company - information about your company, and the owners and officers of your company.
If you are a sole trader or partnership – information about your business, and the owners or partners of the business.
References including, in some limited circumstances, personal referees.
Your bank account details.
Information about your accountants.
Information about members of your staff (in so far as that information is salient to the work to be undertaken).
Any additional information you supply to evidence your ability to work with or for us, or to support our due diligence investigations in any other way. We may use external companies or individuals to help us with our due diligence process before we agree to enter into a contract. We may also ask your bank or your accountants or solicitors to provide information to us. Such companies or individuals will have their own Privacy Notices and data protection registrations. They will determine whether they need your agreement to pass the information you give them on to us. Once we receive such information, it will become subject to this Privacy Notice and our own data protection policies and procedures.
If we enter into a contract with you, we may use the information above to assist us in conducting our contractual obligations. We may also collect additional information from you, directly or indirectly, during the contract. It is not possible to list here every item of data that will be collected, but it may include (and not be limited to) any of the following:
Changes to the nature of your company or business, or its owners, officers, partners, or staff
Information related to those changes
Information collected as a direct consequence of the contract (about which we talk more later).
Any additional data collected during the contract will be subject to this Privacy Notice and/or any specific Privacy Notice that relates to the contract.
The nature of this Company’s business means that we sometimes process information, including personal data such as personal identifiers, contacts, and characteristics that relate to individuals, of which the ownership and control rests with an external client. The external client might be a client to which this Company is directly contracted, a client to which this Company is sub-contracted, or a ‘client of a client’, whose data is processed during the normal course of our client’s business.
For the sake of clarity, we confirm here that, in such circumstances, we only process data where there is a written agreement in place. That agreement will address issues such as the appropriate measures to ensure the security of all data, the general law and specific policies and practices under which the data will be processed, what will happen to the data at the end of the contract, and who will have responsibility for ensuring that happens.
The ownership and control of that data will not pass to this Company and will remain with the original owner/controller.
If you apply to work for the Company, we will collect a range of information such as personal identifiers, contacts, and characteristics from you to enable us to assess your application. This information may include (but will not be limited to):
Your name, address, email address, telephone number(s).
Your date of birth, and any other relevant protected characteristics such as disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, or sexual orientation. Please note that such information will only be requested where there is a need to do so, such as for equal opportunities monitoring. Equal opportunities questions can be refused at the point of application.
Information about your education history, and your work history.
Referees.
Any additional information you supply to evidence your ability to work with or for us, or to support our due diligence investigations in any other way.
If we offer, and you accept, a job (whether paid or not), we will collect additional information from you. This information may include (but will not be limited to):
Your next of kin, and their contact information.
Information relevant for health and safety purposes, such as information about your health, or data to assist with the provision of safety or assistive equipment.
Information from your passport or any other documentation provided to evidence your identity and/or right to work.
During your employment, we would continue to collect data relevant to your employment. It is not possible to document that here, but it is likely to add to the types of information outlined above.
If you interact with us in other ways (that is, you are not someone falling within categories 1-3 above), we will usually only hold your contact information. If any other forms of information are collected, they will be subject to a separate, context-specific Privacy Notice, of which you will be given a copy.
We use information to enable us to assess potential contracts, or to carry out the contracts that we enter into, or to enable suppliers to supply us in the course of our business, or to enable the Company to employ staff. The legal basis under the General Data Protection Regulation for processing your information is that of contract, and sometimes of legitimate interest.
If you participate in any research activities where we have legal ownership of the data, the legal basis is likely to be that of consent. In this case, we will make specific agreement(s) with you prior to collecting the data.
We do not use your personal information for marketing purposes.
We do not use any data collected for our own marketing purposes, nor do we sell or otherwise share your data with other organisations, except as set out in this Privacy Notice.
We may need to share your data with third parties as an essential part of assessing, creating, or fulfilling contractual obligations that we have to each other. We only share data that is necessary to achieve the purpose.
If we hold your data prior to entering into a contract that then does not proceed, we will only share your data with any organisations (such as our accountants or solicitors) that assist us in conducting our due diligence investigations.
If we enter into a contract with you, the parties with whom we may share your data include:
Your referees
Referencing agencies
Our insurers
Any other parties to the contract
Tracing agencies
Courts
Our legal and financial representatives
If you supply goods and services to us, we may share your contact information with our clients if that is necessary to fulfil the contract.
We will retain only sufficient information to enable us to evidence our business activity and the basis on which business decisions were made. Such information may be retained for up to six years.
Information obtained to create and manage a contract with you will be retained for the duration of the contract, or as long as is needed to be able to manage the contract and any consequent contractual obligations. Basic information about the contract, and our income and expenditure related to the contract, will be retained for up to 6 years after the end of the contract or the fulfilment of all contractual obligations (whichever is longer).
If reasonably necessary or required to meet legal or regulatory requirements, to resolve disputes, to prevent fraud or abuse, or to enforce our contractual obligations, we may also keep hold of some of your information as required for as long as those risks or obligations remain in force.
Information obtained to create and manage a contract of employment with you will be retained for the duration of your employment, or as long as is needed to be able to manage the contract of employment and any consequent contractual or legal obligations. Basic information about the employment, and our income and expenditure related to the employment, will be retained for up to 6 years after the end of the employment or the fulfilment of all contractual obligations (whichever is longer).
If reasonably necessary or required to meet legal or regulatory requirements, to resolve disputes, to prevent fraud or abuse, or to enforce our contractual obligations, we may also keep hold of some of your information as required for as long as those risks or obligations remain in force.
If we hold information only with your consent, you may withdraw that consent. In the event of your consent being withdrawn, and if it is practicable to do so, all identifiable references to you will be deleted.
If the data that we hold relates to a research project, anonymised data forming part of the wider research will be retained.
We design, build, and run our systems to make sure that your data are as safe as possible at all stages of processing and storage. Our offices and our day-to-day work are based solely in the United Kingdom. All data are stored in the United Kingdom although we do use software and hardware products that may result in some data being stored or processed in accordance with the supplier’s own Privacy Notice. Further information can be supplied as required. Furthermore, using any electronic means to collect and process personal data necessarily involves the transmission of data on an international basis, and this means for instance that data that passes between us electronically may be in transit outside of the United Kingdom. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
We have appropriate security measures in place to prevent your information from being accidentally lost or used or accessed in an unauthorised way. The only people being given access to your personal information are those who have a genuine business need to know it.
We have policies and procedures in place to ensure that those processing your information will do so only in an authorised manner, and all are subject to a duty of confidentiality. If there is a suspected data security breach, we will notify you and any applicable regulator where we are legally required to do so.
We do not knowingly collect or use (process) data relating to children unless this is directly connected with a specific contract. In this case, we will have a separate and specific Privacy Notice in place that relates to that contract. We will provide a copy of that Privacy Notice to all relevant parties in accordance with the data protection regulations and any contractual agreements that are in place at the time.
You have important rights available to you for free. In summary, those rights include:
To be informed about how your personal information is being used.
To access the personal information that we hold about you.
To request that we transfer elements of your data to another service provider.
To ask us to correct any mistakes in your information which we hold.
To request the erasure of personal information concerning you in certain situations.
To receive a copy of the personal information concerning you which you have provided to us.
To stop any direct marketing.
To object to processing of your personal data.
For further information on each of these rights, including the circumstances in which they apply, see the published guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, please:
Email admin@evalogica.co.uk or call us (see contact page).
Give us enough information to identify you.
Give us proof of your identity and address (e.g., a copy of your driving licence or passport and a recent utility or credit card bill).
Give us clear instructions as to which information your request relates.
We respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made many requests. In this case, we will notify you within one month and keep you updated.
Our website may contain links to other websites. This Privacy Notice only applies to our own website and does not cover other sites, which must contain their own Privacy Notices.
If you have any concerns about how we use or manage your personal data, please get in touch by writing to us at PO Box 10677, Southwell, Nottinghamshire, NG24 9PG or emailing us at admin@evalogica.co.uk.
We will acknowledge your complaint and will outline our complaints process to you.
You also have the right to lodge a complaint with a supervisory authority. The supervisory authority in the United Kingdom is the Information Commissioner:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
They may also be contacted via their website (www.ico.org.uk).
This Privacy Notice was last updated on 16 February 2022.
If you require any further information, please contact us.
