Terms and conditions of the contract: your rights under GDPR (General Data Protection Regulation) & PECR (Privacy and Electronic Communications Regulations)
This contract is between you, the data subject, and Executive Grapevine International Limited.
The contract is at the request of the data subject.
Your privacy is important to us and we take it very seriously. We want to help everyone who uses Executive Grapevine International Ltd’s (EGIL) services to get the most out of them. This policy covers all our brands – HR Grapevine, HR Grapevine Live, Recruitment Grapevine, Executive Grapevine and myGrapevine and their associated products and services.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. Furthermore the Information Commissioner's Office (ICO) has laid out its intention to continue with a similar level of regulation post March 2019 or whichever date the UK does leave the EU.
The policy below lays out in simple English how the GDPR and the current PECR (soon to be updated to a new e-Privacy Regulation) applies to the way EG handles your personal data. Our aim is to be responsible, relevant and secure when using your data. Executive Grapevine International Ltd specialises in business and industry news, commercial product information and professional networking across of range of professional industries and services. Our expectation is that individuals giving consent share these aims and objectives. If this is not your expectation, please do not subscribe. Entering your email into the subscription box indicates that you have read and understood the terms and conditions of the policy.
Please take a moment to read through what information we collect about you, who we share it with and how they might use it.
Who controls my personal data?
- The Data Controller is Executive Grapevine International Limited. It is Registered in the UK Company Number 2789779
- Rosanne House, Parkway, Welwyn Garden City, Hertfordshire, AL8 6HG
- The Data Controller’s representative is the Director of Data Protection
- You can contact them at [email protected]
- You can call them on 01707 351 451
- Executive Grapevine International Limited is registered as a Data Controller with the Information Commissioner’s Office Certificate Number Z4934840
What is the purpose and legal basis of the processing?
- At EGIL we will rely on your ‘consent’ to process personal data. This is defined by the new General Data Protection Regulation (GDPR) standard of ‘consent’ as it’s legal basis for processing personal data
- GDPR defines consent as ‘any freely given, specific, informed and unambiguous indication of the data subjects’ wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her’
- By agreeing to the consent box you have accepted that you understand and accept this as a valid legal basis for processing your personal data
- Your data may be used by us to help a selected, GDPR compliant and professionally relevant group of industry suppliers to share their knowledge and insights with you through our branded channels
- We may also share your details with clients of EGIL who demonstrate that they satisfy the requirements of Recital 47 through the submission of a Legitimate Interest Assessment. This assessment will be lodged with EGIL and reviewed by EGIL’s Head of Data Protection to ensure compliance in advance of any data sharing.
What data will the Controller collect and process?
- The categories of personal data are your name, your job title, your company name, your company address and your business email
- If you have an entry in our professional directories it may also include information you have provided on your areas of sector expertise or specialism
- Personal Data may also include a link to a professional profile photograph if one is available in the public domain e.g. LinkedIn, Twitter, Business Facebook or your Corporate website
- No links to personal or private websites – even if they are in the public domain will be collected, stored or processed
Who will have access to the data?
- Executive Grapevine International Limited. All our employees and data processors that have access to, and are associated with, the processing of your personal information are legally obliged to respect the confidentiality of your data and are bound by contract to do so.
- It may be necessary for the purposes of delivering digital communication to share personal data with technology platforms like Twitter, LinkedIn, Facebook, Google, Campaign Monitor, Forfront, Salesforce and Sage. We guarantee to only to use suppliers who meet the GDPR standards.
- We may also share your details with clients of EGIL. Clients may include HR & Recruitment professionals, as well as supplier firms who serve those areas, including HR & Recruitment Consultancies and Business Services. We charge them for this service. Part of this provision means you will always be given a straightforward way to opt out from receiving communications each time.
Will the data leave the UK? If so, what safeguarding measures are in place?
- Executive Grapevine International Limited has advised all parties that data may not be transferred outside of the UK without submitting satisfactory proof of their safeguarding methods and proof of a certified privacy shield
How long will the data be kept for?
- The Retention period for personal data is 5 years. We have chosen five years because it is the average length of time a UK Manager remains in their post.
- EGIL will be required to deactivate personal data after the relevant retention period, or when they are in receipt of a data subjects request to do so, whichever is the earlier. The data subject has the right to change their mind and withdraw consent at any point during the retention period
- What are my rights?
Executive Grapevine confirms the following rights to each Data Subject:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.