Privacy Policy

We take the security and privacy of your data very seriously. 99Rated holds personal data about employees and clients for a variety of business purposes. We gain and use information or ‘data’ as part of our business and to manage our relationship with you.

We intend to comply with all our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security.

Information we process because we have a contractual obligation with you.
When you buy a service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us as shown by our terms of engagement letter. In order to carry out our obligations under that contract we must process the information you give us. Data gathered may occasionally include individual and emergency contact details, dates of birth, gender, marital status and family details, information detailed on a CV including educational history, employment history, financial details such as pay and bank details, tax details such as NI number, references, identification documents such as driving licence.

The Principles of GDPR are that data must:

• be processed lawfully, fairly and transparently;
• be collected and processed only for specified, explicit and legitimate purposes;
• be adequate, relevant and limited to what is necessary;
• be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
• not be kept for longer than is necessary for the purposes for which it is processed; and be processed securely and confidentially, protecting against unauthorized / unlawful processing, accidental loss, destruction or damage.

What is personal data?
Personal data relates to information about a living person (a ‘data subject’) who can be identified from that on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person.

This policy applies to all personal data whether it is stored electronically, on paper or on other materials.

This personal data might be provided to us by you, or it could be created by us with information you have provided. It could be provided or created during the recruitment process or during the course of the contract of employment or provision of services or after its termination.

Lawful Basis for processing
We will use your personal data for:

• Performing the contract of employment or provision of services between us;
• Complying with any legal obligation; or
• If it is necessary for our legitimate interests (or for the legitimate interests of someone else)

However, we can only do this if your interests and rights do not override ours (or theirs). You have the right to challenge our legitimate interests and request that we stop this processing.

If you choose not to provide us with certain personal data you should be aware that we may not be able to carry out certain parts of the contract between us. For example it might stop us from complying with certain legal obligations and duties which we have such as to paying the right amounts to HMRC.

We do not send your personal data outside the European Economic Area (EEA). If this changes you will be notified of this and the protections which are in place to protect the security of your data will be explained.

Process through consent
Wherever possible, we aim to obtain your explicit consent to process this information.

Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.

Except where you have consented to use of your information for a specific purpose, we do not use your information in any way that would identify you personally.

We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists. You may withdraw your consent at any time by instructing us at: sandy@people-share.com.

Information we process because we have a legitimate reason.
Sometimes we might share your personal data with contractors, agents and third parties to carry out our obligations under our contract with you for our legitimate interest for example the processing of payroll. We require those companies to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.

Information we process because we have a legal obligation.
We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation. This can include your personal information.

Disclosure to Government and their agencies
We may be required to give information to legal authorities if they request, or if they have the proper authorisation.

Complaining
When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint. If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify anyone.

Retention and Review or update or remove personally identifiable information.
We will only keep data for as long as necessary for the purposes required by us to provide the services you have requested, in accordance with any retention period prescribed by law or to support a claim in court.

• You have the right to information about what personal data we process, how and on what basis.
• You have the right to inform us of rectification of any inaccuracies in your personal data.
• You have the right to be forgotten and request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected.
• You have the right to restrict the processing of personal data whilst it is being is corrected, request deletion or are contesting the lawfulness of our processing.
• You have the right to request portability of data. We will aim to do this within 1 month.
• You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
• You have the right to object if we process your personal data for the purposes of direct marketing. With some exceptions, you have the right not to be subjected to automated decision-making.
• You have the right to be notified of a data security breach concerning your personal data.

Information Technology
We have very secure processes and firewalls in place to ensure your data is completely safe and protected when it reaches us and is installed on our server. The IT Company whose services we use, have installed various Anti-Spam and Advanced Threat Security, DNS and other software processes to ensure that we are securely protected. All sensitive information is password protected and these passwords are changed regularly. Any information held or processed is done through a secure server which again is password protected. All computers and laptops have firewalls installed and are password protected to prevent any dangerous Malware issues.

How to deal with data breaches
We have many procedures in place to minimize and prevent data breaches from taking place. Should a breach of personal data occur (whether in respect of you or someone else) then we would take detailed notes and keep evidence of that breach. If the breach is likely to result in a risk to the Rights and freedoms of individuals, then we must also notify the Information Commissioner’s Office within 72 hours.

Should you have any questions about our data policy please contact privacy@99rated.co.