Aston Shaw is committed to protecting and respecting your rights with the data we hold about you and process. This policy explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it or share it with others and keep it secure.
This policy applies to every individual that contacts us and includes client organisations and individuals within those organisations that have access to our portal and contact us for advice. The policy also applies to those consultants, workers and employees that join our team.
How will we collect information from you?
We obtain most of your personal information when you initially contact us to receive services from us or provide services on our behalf. It is your responsibility to inform us of any changes so that we can keep the information we collect from you up to date and accurate. We will practice ‘safer recruitment’ checks for those who undertake work for us.
What type of information will we collect from you?
We will need to collect the following information from each client we work with:
- Names of key stakeholders
- Company/organisation name
- Your contact details, i.e. email address and telephone number
- Your registered address and location addresses for accounting (for invoicing and payment processing).
We need this information to set you up on our system and ensure that we are able to communicate with you, undertake work for you at your service locations, and process transactions in to and out of the business.
We will need to collect the following information for people that we recruit and that will undertake work for us, or on our behalf:
- Name, home address and contact details including phone number and email address
- Your up to date CV to include qualifications, an up to date chronology of work undertaken
- Evidence of qualifications by way of certificates
- Your right to work in the UK, and verification of your identity and home address
- Your enhanced DBS report, or access to your enhanced DBS record using the update service
- References from the most recent employers/ organisations you have undertaken work or, to cover the last 3 years. References sought will be both factual and character references.
- We will also need your bank account details in order to make payments to you.
Following the data protection principles – How we will use and process your data
Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals we hold personal data about (‘lawfulness, fairness and transparency’)
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
- accurate and, where necessary, kept up to date; we will ensure every reasonable step is taken to ensure that any personal data which is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”
Keeping your data secure
When you give us your personal information we take steps to ensure it is stored and treated securely and access is limited to those who need it, such as those working for us, our accountants and other organisations as we will determine and expressly inform you of from time to time. We may, on occasion, share data with our trusted business partners for the purpose of likely future benefits to be gained by the customer or visitor.
Rights of Data Subjects
- The right to be informed
We will inform you what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information will be communicated concisely and in plain language.
- The right of access
Individuals can submit subject access requests, which obliges us to provide a copy of any personal data we hold concerning you, the individual. The regulations give us one month to produce this information, although there are exceptions for requests that are manifestly unfounded, repetitive or we believe are excessive.
- The right to rectification
If you discover that the data we hold about you is inaccurate or incomplete, you can request that we update it. As with the right of access, we have one month to do this, and the same exceptions (as at point 2) apply.
- The right to erasure
Individuals can request that we erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes instances where the individual withdraws consent. The right to erasure is also known as ‘the right to be forgotten’. We cannot erase information about any individual where there are legislative or regulatory reasons for us to keep the data we hold. \we will inform you of any such data and the legal or regulatory reason that we cannot erase it.
- The right to restrict processing
You can request that we limit the way we use your personal data. It’s an alternative to requesting the erasure of data.
- The right to data portability
You are permitted to obtain and reuse your personal data for your own purposes across different services. This right only applies to personal data that an individual has provided to us by way of a contract or consent.
- The right to object
You can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. We will stop processing information unless we can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the data subject or if the processing is for the establishment or exercise of defence of legal claims.
- Rights related to automated decision making including profiling
The GDPR includes provisions for decisions made with no human involvement, such as profiling, which uses personal data to make calculated assumptions about people. There are strict rules about this kind of processing, and you are permitted to challenge and request a review of the processing if you believe the rules aren’t being followed.
Right to Complain
You have the right to file a complaint with the Information Commissioner’s Office (ICO), which is the supervisory authority in the UK for data protection matters (www.ico.org.uk), at any time. However, we would appreciate the opportunity to address your concerns before you decide to contact the ICO. Please reach out to us first, and we will do our best to resolve the issue.
The Information Commissioners Office (ICO): www.ico.org.uk
The Governments website: https://www.gov.uk/government/publications/guide-to-the-general- data-protection-regulation
The EU’s General Data Protection Regulations (GDPR) 2016/679
The UK’s Data Protection Act 2018