TERMS AND CONDITIONS OF THE CONTRACT: YOUR RIGHTS UNDER GDPR & EPRIVACY
Your privacy is important to us and we take it very seriously. We want to help everyone who uses our services to get the most out of them. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. Furthermore the Information Commissioner's Office (ICO) has recently laid out its intention to continue with a similar level of regulation post March 2019.
Please take a moment to read through what information we collect about you, who we share it with and how they might use it.
Who controls my personal data?
- The Data Controller is Executive Grapevine International Limited. It is registered in the UK Company Number 2789779.
- The registered address is Rosanne House, Parkway, Welwyn Garden City, Hertfordshire, AL8 6HG.
- The Data Controller's representative is the Director of Data Protection.
- You can contact them by email at [email protected]
- You can call them on 01707 351 451
- Executive Grapevine International Limited is registered as a Data Controller with the Information Commissioner's Office Certificate Number Z4934840
- Executive Grapevine International Limited refers to both the parent company, and all its subsidiary brands, namely HR Grapevine, Recruitment Grapevine, Business Grapevine and Executive Grapevine.
What data will the Controller collect and process?
- The categories of personal data collected are your name, your job title, your company name, your company address and your business email.
- Personal Data may also include a link to a professional profile including a photograph if one is available in the public domain e.g. LinkedIn, Twitter, Business Facebook or Corporate Website.
- No links to personal or private websites – even if they are in the public domain will be collected, stored or processed.
What is the purpose and legal basis of the processing?
- Executive Grapevine will rely on Article 6(1)(f) GDPR as a lawful basis for processing your personal data.
- Article 6 (1)(f): 'processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental right and freedoms of the data subject which require protection of Personal data, in particular where the data subject is a child'.
- Specifically, Recital 47 affirms direct marketing as a legal basis for processing by the Controller or Third Party provided that the interests or the fundamental rights and freedoms of the data subject are not overridden.
- Recital 47: The legitimate interests of a controller, including those of a controller to which the Personal data may be disclosed, or of a third party,may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of the data subject based on their relationship with the controller'.
- 'The processing of personal data for direct marketing purposes maybe regarded as carried out for a legitimate interest'.
- Executive Grapevine undertake to balance the rights of the individual data subject, taking into consideration the reasonable expectations of data subjects and the provision of Recital 47.
- By continuing to receive newsletters and/or visit our websites you are agreeing that you understand and accept this as a valid legal basis for processing your personal data.
- You will always be given a straightforward way to opt out from receiving newsletters or updates we send you each time you receive a communication from us.
Who will have access to my data?
- Executive Grapevine International Limited. All our employees and data processors that have access to, and are associated with, the processing of your personal information are legally obliged to respect the confidentiality of your data and are bound by contract to do so.
- It may be necessary for the purposes of delivering digital communication to share personal data with technology platforms e.g. mail servers. We guarantee to only to use suppliers who meet the GDPR standards.
- We may share your details with clients of EGIL who demonstrate that they satisfy the requirements of Recital 47 through the submission of a Legitimate Interest Assessment. This assessment will be lodged with EGIL and reviewed by EGIL’s Head of Data Protection to ensure compliance in advance of any data sharing. Clients may include HR & Recruitment professionals, as well as supplier firms who serve those areas, including HR & Recruitment Consultancies and Business Services. We charge them for this service. Part of this provision means you will always be given a straightforward way to opt out from receiving communications each time.
Will the data leave the UK? If so, what safeguarding measures are in place?
- Executive Grapevine has advises all parties that at this current time no personal data will be transferred outside of the UK
How long will personal data be retained for? Article 13(1)(a)
- The Retention period for data is five years from the signup date or sooner if you choose it. We have chosen five years because that is the average amount of time a professional in the UK remains in post.
- All Data Controllers will be required to deactivate personal data after the relevant retention period, or when they are in receipt of a data subjects request to do so, whichever is the earlier. The data subject has the right to change their mind and withdraw consent at any point during the retention period. Article 21(4) – ‘Right to Object'.
What are my rights? Article 13(1)(c)
Executive Grapevine confirms the following rights to each Data Subject:
- Personal data shall be processed in accordance with Principle 6 of the rights of data subjects under the Data Protection Act 2018.
- The right of access to a copy of the information comprised in their personal data. To obtain a copy of the personal information we keep about you please send your request to the Data Controller, Executive Grapevine International Ltd, Rosanne House, Parkway, Welwyn Garden City AL8 6HG. We will provide you with a hard copy of the personal data we keep (at no charge) within 40 days. We will, however, require proof of identity.
- The right to object to processing that is likely to cause, or is causing damage or distress.
- The right to prevent processing for Direct Marketing.
- The right to object to decisions being taken by automatic means.
- The right to have inaccurate personal data rectified, blocked, erased or destroyed.
- The right to make a complaint to a supervisory body.