Privacy & Data Protection Policy
People Blueprint Ltd t/a ENGAGE (“we”) are committed to protecting and respecting your privacy. The following notice explains what kind of personal data we collect from you, why and how we collect it, what we do with your data and what rights and choices you have when it comes to your personal data. This policy adopts the fundamental principles of the EU’s General Data Protection Regulation (“GDPR”) as the minimum standard to which ENGAGE, its employees and suppliers must adhere.
The collection and analysis of personal information about individuals (data subjects) is crucial to the delivery of ENGAGE’s products and services. Maintaining the confidence of individual participants, clients and partners in the responsible processing of this data is of the highest importance to us. Everyone who works for ENGAGE has some responsibility for ensuring personal data is collected, stored and handled appropriately. It is everyone’s responsibility that personal data is handled and processed in line with this policy and its data protection principles and employees are supported in this through effective training, systems and processes. ENGAGE also expects its suppliers, associates and partners to comply with the principles as set out below.
All personal data must be dealt with properly, irrespective of how it is collected, recorded and processed. ENGAGE adheres to the principles relating to the processing of personal data found in the GDPR:
ENGAGE collects and processes personal data from a number of source; this list is not exhaustive:
ENGAGE complies with all data protection requirements in both its role as a data controller and data processor. All requirements are transferred to any third parties used by ENGAGE to collect, process and store personal data.
ENGAGE collects, processes and uses personal data under the following legal bases:
Every data subject has the following rights. Any exercise of their rights is to be handled within 30 days by the relevant ENGAGE employee and may not result in any disadvantage to the data subject. Where the relevant personal data has been transferred to ENGAGE by a client, the relevant client contract must be consulted in respect of any process to be followed and the client has to be informed about such request immediately.
The data subject may exercise any, or all, of these rights by using the contact details below. Once the request has been submitted, ENGAGE may contact the data subject to request further information to authenticate their identity or to help us to respond to the request. Except in rare cases, ENGAGE will respond within 30 days of receiving this information or, where no such information is required, after we have received full details of the request. It is worth noting, that while some rights apply generally, some are only available in certain circumstances. Where this is the case, ENGAGE will inform the data subject along with the reason for the decision.
ENGAGE, DPO
414/416 Metal Box Factory
30 Great Guildford Street
London
SE1 0HS
020 3176 4531
Personal data is subject to data secrecy. Any unauthorised collection, processing, or use of
such data is prohibited. The “need-to-know” principle applies; ENGAGE employees, partners, associates, suppliers and clients may have access to personal data only as is appropriate for the type and scope of the task in question. This requires a careful breakdown and separation, as well as limitation, of roles and responsibilities. ENGAGE employees, partners, associates, suppliers and clients are forbidden to use personal data for their own private or commercial purposes, to disclose them to unauthorised persons, or to make them available in any other way. All ENGAGE employees, partners, associates and suppliers are made aware of, and trained, in their responsibilities relating to data protection.
ENGAGE will process all the personal data it holds in accordance with its Data Security Policy and take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
The ENGAGE management team are responsible for data processing; they are required to ensure the legal requirements, and those contained in this policy for data protection are met. Management are responsible for ensuring that organisational, people and technical measures are in place so that any data processing is carried out in accordance with these data protection requirements.
ENGAGE’s appointed Data Protection Officer can be contacted on the following:
ENGAGE, DPO
414/416 Metal Box Factory
30 Great Guildford Street
London
SE1 0HS
020 3176 4531
Data subjects have the right to lodge a complaint with a data protection regulator in Europe, or in within the country in which they work or live, where their legal rights have been infringed or where their personal information has or is being used in a way that they believe does not comply with data protection policy. The contact details for the Information Commissioner’s Office (“ICO”), the UK’s independent regulatory body that upholds information rights, are available on their website, which also contains details on how to make a complaint.
ENGAGE reserves the right to change this notice at any time. If any material changes are made we will provide notice to you via email or any other appropriate means to give you the opportunity to review the changes before they become effective.
Effective: 25 May 2018