PEEPS HR LTD PRIVACY POLICY

Last Updated – 30 April 2019

Peeps HR Ltd understands that your privacy is important and that you care about how your personal data is used and shared online. We respect the privacy of everyone who visits our website and uses our online services.

We are committed to respecting, securing and protecting your privacy and data. We are also transparent about what we collect from you and how we use it. Should we ask you to provide certain information by which you can be identified when using this website or online communications, then you can be assured that it will only be used in accordance with this privacy policy.

This policy, which covers use of our website, services and data storage, provides you with information about what personal data we collect, how we use your data, how we ensure your privacy is maintained, and your legal rights relating to your personal data.

Peeps HR Ltd may change this policy from time to time by updating this page. You should check this page regularly to ensure that you are happy with any changes.

Who We Are

We are Peeps HR Ltd. For the purposes of UK data protection laws, we are the data controller in respect of some of the personal data you share with us. Our registered office is 3, Arrow Court Adams Way, Springfield Business Park, Alcester B49 6PU.

You can contact us by:

  • Telephone – 02477 671630
  • Email – enquiries@peepshr.co.uk
  • Post – Data Protection Officer, Peeps HR Ltd, 3, Arrow Court Adams Way, Springfield Business Park, Alcester B49 6PU

For some personal data we hold about you, we may only be the processor of that data. The relevant data controller is likely to be your employer, potential employer, customer or supplier. Where we process your data in our capacity as a processor on behalf of a third party controller, you should refer to that party’s privacy notice for information about how your data might be used. You can ask us if you aren’t sure on what basis we hold your data.

Data Protection Principles

When processing your information, we must comply with the six enforceable principles of good practice. These provide that your personal information must be:

  • processed lawfully, fairly and in a transparent manner,
  • processed for specified, explicit and legitimate purposes,
  • adequate, relevant and limited to what is necessary,
  • accurate and kept up-to-date,
  • kept for no longer than is necessary, and
  • processed in a manner that ensures appropriate security.
  • make an enquiry through our website,
  • interact with us at a business or networking event, or give us your business card,
  • enter into an agreement with us for the supply of services or otherwise ask us to provide you or your company with services, including the provision of a quotation,
  • enter a competition, promotion or survey organised by us, or otherwise provide us with feedback,
  • subscribe to our services or publications, or otherwise request marketing material to be sent to you, or
  • correspond with us by phone, email, letters or otherwise.
  • your employer
  • credit reference agencies
  • analytics providers (such as Google),
  • advertising networks,
  • your company website
  • your press releases and any marketing or PR material published by you or by a third party on your behalf,
  • search information providers
  • providers of technical, payment and delivery services,
  • Companies House, DueDil, LinkedIn and the electoral register.
  • you have given us consent,
  • we need to perform a contract we are about to enter into, or have entered into, with you,
  • where it is necessary for our or a third party’s legitimate interests, and your interests and rights do not override those interests, or
  • where we need to comply with a legal or regulatory obligation.

What we collect

We may collect the following information:

  • Identity data, such as your name, company details and job title,
  • Contact data including your email address, telephone number and business address (including alternative billing address if appropriate)
  • Profile data, such as your username, password, purchases or orders made by you, your preferences and interests, calendar information, feedback and survey responses
  • Usage data, including information about how you use our website, products and services
  • Marketing data, such as your preference in receiving marketing from us and our third parties, your communications preferences and other information relevant to customer surveys and/or offers
  • Financial data, such as bank account and payment card details, purchase order numbers, VAT number and company turnover
  • Transaction data, including details about payments to and from you, and other details of products and services you purchase from us.
  • Technical Data, including IP addresses, your log-in data, browser type and version, time-zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website,

‘Special Category’ data

Information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal convictions, sex life or sexual orientation, or certain types of genetic or biometric data is known as ‘special category’ data.

During the course of dealing with you, we do not expect to collect any ‘special category’ data about you.

How we collect your personal information

We may obtain personal information by directly interacting with you, such as if you:

We may obtain personal information via automated technology when you interact with our website by using cookies, server logs and other similar technologies.

We may also collect personal information about you from third parties or publicly-available sources, such as:

What we do with the information we gather

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept.

Purposes for which we will use your personal information

We may use your personal information for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:

Purposes for which we will use the information you give to us

Legal basis

To register you as a new client

It will be necessary for the performance of the contract between you and us

To process your instructions and, if accepted, to carry out our obligations under any contracts entered into between you and us and to provide you with the information and services that you request from us (including managing payments, fees and charges)

It will be necessary for the performance of the contract between you and us

Where you are acting as a representative of a company or organisation, then to register that company or organisation as a new customer

It will be necessary for our legitimate interests, namely with a view to performing the terms of the contract between us and your company or organisation

To process your company’s instructions and, if accepted, to carry out our obligations under any contracts entered into between us and your company or organisation, and to provide your company or organisation with the information and goods/services that are requested from us (including managing payments, fees and charges)

It will be necessary for our legitimate interests, namely with a view to performing the terms of the contract between us and your company or organisation

If you are an employee of a company we provide services to, you should refer to your employer’s privacy notice for details of what information might be shared and how it may be used.

To obtain further information about you, any company or organisation you represent, and the matter that is the subject of any agreement between us and you, or between us and your company or organisation

It will be necessary for our legitimate interests, namely with a view to performing the terms of the contract to which we are party

To collect and recover money owed to us

It will be necessary for our legitimate interests, namely to ensure we receive payment for products that you have (or your company or organisation has) ordered from us

To notify you about changes to our terms of service or this privacy policy, or any changes to our services

It will be necessary for our legitimate interests, namely to ensure you are aware of our current terms and conditions and to ensure you are aware of the latest updates to the products and services we provide, or may provide, to you.

To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to allow you to participate in interactive features of our service, when you choose to do so, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them

It will be necessary for our legitimate interests to ensure you receive the best experience possible when accessing and using our website and software products. We will comply with our cookie policy when processing this information

To enable you to participate in a prize draw, competition or complete a survey

It will be necessary for our legitimate interests, namely to study how customers use our products, to develop them and help grow our business

To provide you with information about special offers and other services we offer that are similar to those that you have already received from us

Where you have previously received marketing communications from us, then it will be necessary for our legitimate interests, namely to ensure you continue to receive communications that you have previously agreed to receive

In all other cases, we will only do this if you give us your consent

We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

What if you cannot or will not provide us with your personal information

If you are our client, it is a contractual requirement for you to provide us with certain information, namely your name, address, email address and payment information. If you do not provide us with that information, we will be unable to accept and process your instructions and deliver the service to you.

Disclosure of your information

We may share your personal information with the parties set out below:

  • providers of IT and system administration services to our business, including Mailchimp, DocSafe and other online cloud providers,
  • providers of payroll administration and financial services to our business, including Xero Accounting, GoCardless and PayPal
  • our professional advisers (including solicitors, bankers, auditors and insurers),
  • HM Revenue & Customs, the Information Commissioner’s Office, regulators and other authorities who require reporting of processing activities in certain circumstances,
  • training providers, external events organisers, and health and safety advisors,
  • providers of occupational health assessments and psychometric assessments,
  • providers of email marketing, web based project management applications and customer engagement platforms to our business, including Mailchimp,
  • analytics and search engine providers that assist us in the improvement and optimisation of our website, and
  • third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this policy.
  • Credit Cards. We do not store any credit card details.
  • Building entry controls. Access to our offices is secured and access is limited to those strictly necessary.
  • Methods of disposal. Paper documents are disposed of by shredding in a manner that ensures confidentiality.
  • Firewalls and encryption. We use industry standard firewall protection and encryption technology.
  • Equipment. Our internal policies require that individual monitors do not show confidential information to passers-by and that users lock or log-off from their computer when it is unattended.
  • Password Protection. We employ password protection to protect sensitive data.
  • Training. We ensure our employees are trained in the importance of data security.
  • Overseas transfers. Whenever we transfer your personal information outside the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring that we apply appropriate safeguards (either by transferring data only to recipients in the European Union, to recipients in countries approved by the European Commission, to recipients that are party to the EU-US Privacy Shield, or by using specific contracts approved by the European Commission).

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

We may disclose your personal information to third parties:

  • in the event that we enter into negotiations to sell, merge with or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
  • if PeepsHR or substantially all of its assets are acquired by a third party, in which case personal data held by us about our clients will be one of the transferred assets; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract between you or us, or to protect the rights, property or safety of PeepsHR, our clients or others.

Where we store your personal information

All information you provide to us is held on secure storage in the United Kingdom.

We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:

If you are concerned about the levels of data security in any of those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

How long we will store your information

The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows:

Legal basis

Length of time

Where we use/store your data because it is necessary for the performance of the contract between you and us

We will use/store your data for as long as it is necessary for the performance of the contract between you and us

Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject

We will use/store your data for as long as it is necessary for us to comply with our legal obligations

Where we use/store your data because it is necessary for our legitimate business interests

We will use/store your data for as long as it is necessary for our legitimate business interests, or such earlier time as you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data is more important than your interests, rights and freedoms, then we will be allowed to continue to use/store your data for as long as it is necessary for our legitimate business interests

Where we use/store your data because you have given us your specific, informed and unambiguous consent

We will use/store your data until you ask us to stop

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your Rights

You have a number of rights with regard to your personal data, which this policy and our use of your data has been designed to uphold:

  • Right to be informed – you have the right to be informed about our collection and use of your personal data.
  • Right of access – you have the right to request a copy of the information that we hold about you, free of charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information. You can do this by contacting us using the above details.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – you can ask for the data we hold about you to be erased from our records. Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
  • Right to restriction of processing –you have a right to restrict our processing where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
  • Right to object – you have the right to object to us using/storing your information for direct marketing purposes. You also have the right to object to us using/storing your information where we are processing this information on the basis of legitimate business interests. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.
  • Right to withdraw consent – where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
  • Rights in relation to object to automated processing and profiling – you also have the right not to be subject to legal effects of automated decision making and profiling.

If you have cause for complaint about our use of your data, or you would like to exercise any of your rights, then please contact us using the details provided above and we will do our best to solve the problem for you.

If we are unable to help, or you aren’t satisfied with our response, you also have the right to lodge a complaint with the UK’s supervisory authority – The Information Commissioner’s Office (ICO). The ICO can be contacted:

  • By post – The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
  • By telephone – 0303 123 1113
  • Via its website – www.ico.org.uk

Opting out of marketing communications

You can ask us to stop sending you marketing communications at any time by writing to the address at the top of this policy, or by emailing us at enquiries@peepshr.co.uk.

You can also manage the subject and maximum frequency of emails, or unsubscribe completely, on our Mailing Preferences page.

Automated decision-making

We do not use automated decision-making processes.

Third party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How we use cookies

This Privacy Policy applies to Peeps HR’s own website and its subdomains (“Sites”).

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. For further information visit www.aboutcookies.org or www.allaboutcookies.org.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

Cookie Data is collected for the following purposes and using the following services:

  • Google Analytics: Cookies and Usage Data: Google Analytics is a simple, easy-to-use tool that helps us measure how users interact with our website content. As a user navigates between web pages, Google Analytics provides us with JavaScript tags (libraries) to record information about the page a user has seen, for example the URL of the page. The Google Analytics JavaScript libraries use HTTP Cookies to “remember” what a user has done on previous pages / interactions with our website. Further information can be found here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

Our website contains links to and from other websites, including suppliers, partners and affiliates. This privacy policy only applies to this website so when you follow a link to another website you should read and consider their privacy policy. We do not accept any responsibility or liability for these policies. Please note that these third parties may also use cookies, over which we have no control.

Except for essential cookies, all cookies will expire after 12 months.