Northpoint Management Consultancy Ltd ("NPMC") is registered as a data controller in the United Kingdom for the purposes of the Data Protection Act 1998 and General Data Protection Regulation (GDPR). NPMC's website and online services are designed to protect the privacy of all users. We ensure that the data you supply to us is processed fairly and lawfully, and with skill and care. This Data Protection Policy governs our processing of all personal data provided to us, in all forms. By registering your details with us and using our website, you consent to us collecting and processing personal data supplied by you and disclosing this information to prospective employers and clients in connection with the recruitment process.
This Privacy Notice provides you with clear information as to how we process your personal data. We are obliged to use your information in line with all applicable laws. We do so in a manner that is fair by using your information in a way that you would reasonably expect when providing our work-finding services or recruiting personnel for you, and being transparent so that you know how it will be used.
This Privacy Notice sets out the types of personal data that we collect about you, how and why we use it, how long we will keep it for, when why and who we will share it will, the legal basis for us using your personal data and your rights in relation to us storing and processing your personal data. It also explains how we may contact you and how you can contact us.
WHO WE ARE
Northpoint Management Consultancy Ltd is a consultancy business specialising in the financial industry but cover other industries also. We are registered as a data controller with the ICO in the United Kingdom for the purposes of the Data Protection legislation and General Data Protection Regulation (GDPR). Our registered office address is Old School House, Tidebrook and you can contact us at email@example.com if you have any queries relating to data protection.
LEGAL BASIS FOR PROCESSING YOUR DATA
For prospective clients our processing is necessary for our legitimate interests in that we need the information in order to be able to store personal and business information for contact and consultancy purposes. They will not be shared with third parties unless permission has been expressly granted by the client / potential client.
We do not consider our legitimate interests to be overridden by your interests or fundamental rights and freedoms.
We may also rely on our processing being necessary to perform a contract for you if one is in place, for example in contacting you.
WHAT INFORMATION WILL WE COLLECT ABOUT YOU?
We collect and process personal data only as far as is necessary.
The information we collect may include your name, email address and telephone numbers.
WHERE DOES THE INFORMATION WE COLLECT ABOUT YOU COME FROM?
The data we collect about you is obtained from the following sources:
Directly from you. This may be via our registration process, information requests and applications via our website.
An agent or third party acting on your behalf.
Publicly available sources.
Reference or word of mouth. You may be recommended by a friend, former employer or colleague.
HOW WILL WE USE THE INFORMATION COLLECTED ABOUT YOU?
We may analyse the data internally so that we can offer a more relevant service, for marketing and strategic development purposes or for research purposes to improve our service.
HOW AND WHEN WILL WE CONTACT YOU?
We may contact you by phone, email or social media.
Some examples of when we will contact you are:
In relation to any correspondence we receive from you.
To update you on any material changes to our policies and practices.
WHO WILL WE SHARE YOUR INFORMATION WITH?
Generally, we will process your information within NPMC. There may be occasions where we use third parties to process your information on our behalf. In such situations these third parties will be under strict instructions and they will not be permitted to use your information for their own business purposes.
WILL WE TRANSFER YOUR DATA OUTSIDE THE EEA?
NPMC is based in the UK. We do not generally transfer your data out of the EEA.
In the event that we do need to make transfers to countries outside the EEA, we will ensure the appropriate safeguards are in place.
HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION?
NPMC will only retain information for as long as necessary for the relevant activity. This may be determined by legislation or a decision as to what we consider necessary for the business based on a number of factors.
If you have not registered with us, your data will be retained for 12 months from when it was added to our database or from when you were last contacted. You can request to have your record deleted (see below).
If you do register with us, your data will be retained for 3 years from the last contact or activity on your record. You can request to have your record deleted (see below).
Client contact details are retained for 3 years. You can request to have your record deleted (see below).
WILL WE PROCESS SPECIAL CATEGORIES OF PERSONAL DATA AND CRIMINAL CONVICTIONS?
We avoid processing special categories of data, these are sensitive personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
WILL WE CONTACT YOU FOR MARKETING PURPOSES?
We will only send you direct marketing emails that promote our company or services if you have opted-in to this. You will have the option to opt-in when you are provided with a copy of our Privacy Notice. You can also manage your direct marketing preferences by contacting NPMC, updating your preferences or clicking the unsubscribe link on an email.
CAN YOU REFUSE TO PROVIDE YOUR DATA TO US OR REQUEST THAT WE DELETE YOUR DATA?
You have the right to object to us processing your data based on legitimate interest. You will have the option to delete your data when you are provided with a copy of our Privacy Notice by following the link on the transparency notice email or you can do so by emailing firstname.lastname@example.org
CAN YOU FIND OUT WHAT DATA WE HOLD ABOUT YOU?
You have the right to be informed and access a copy of the information comprised in your personal data. If any of the data we hold is inaccurate, you have the right to rectify it. You can contact us at email@example.com to update your data.
You can make a request to find out what personal data we hold about you. You may exercise this right by making a written subject access request (SAR) to firstname.lastname@example.org . We require you to provide us with proof of your identity and answer security questions before processing your request.
We usually act on such requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
DO YOU HAVE THE RIGHT TO DATA PORTABILITY?
The GDPR introduces a new right to data portability. This will enable individuals to both receive and transmit the personal data they have provided to a data controller in a structured, commonly used and machine-readable format to another data controller.
The right to data portability only applies to the following:
personal data provided by the individual;
personal data that is processed with the individual’s consent or on the basis of a contract (excluding the other legal bases); and
when processing is carried out through automated means.
As we rely on the legal basis of legitimate interests, this right will not apply to the data we hold about you. In addition, references obtained directly from third parties about you will not be subject to the right of data portability.
COOKIES & EXTERNAL WEBSITES
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. Please note that in a few cases some of our website features may not function if you remove cookies from your browser.
We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
Some external links appear on our website to websites owned and operated by third parties. These websites have their own privacy policies and we encourage you to review them. We accept no responsibility or liability for the privacy practices of such third parties and you use them at your own risk.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to change our Privacy Notice at any time. Changes to our Privacy Notice will be displayed on our website.
If you have any issues or concerns then we ask that in the first instance you set this out in writing and send this to email@example.com
If we are unable to satisfactorily deal with your complaint you can complain to the ICO which is the UK supervisory authority. You have the right to claim compensation for damages caused by a breach of data protection legislation.