NavigateNDC Limited (“NavigateNDC”) is committed to protecting your privacy. This Policy explains how NavigateNDC collects, stores and uses the data collected during your use of our website www.navigategroup.co.uk (the “Website”).
1 How we collect your Personal Information
If you have registered with us, you may have provided us with information such as your name, address, date of birth, telephone numbers and email address (“Personal Information”). We will only use the Personal Information collected during the registration process to provide the services you have requested and in accordance with the Data Protection Act 2018 and the General Data Protection Regulation 2018.
During your visit to the Website, we may collect, store and use information about you and your computer including, but not limited to: your IP address, geographical data, timestamps, content from completed contact forms. This information is collected using cookies (see Section 4).
You have the right to ask for a copy of the Personal Information we hold about you. If you would like a copy of some or all of your Personal Information, please email: firstname.lastname@example.org or write to: Data Protection Officer, NavigateNDC Limited, 2nd Floor, Merchant Exchange, Waters Green, Macclesfield SK11 6JX. We may charge you a small fee for this service but this will not exceed £10.
You are also entitled to ask us to correct, update, or remove your Personal Information from our records at any time by contacting us at the email or postal addresses above.
2 How we use your Personal Information
We may use your Personal Information:
- to maintain your registration with us;
- to provide you with the service you have requested;
- to send you our general newsletters;
We may also you your Personal Information to gather market intelligence, to enable us to understand the recruitment market and prepare demographic, analytical, statistical or market information (which may include aggregating your data with, and benchmarking it against data received from other individuals, clients and employers) and to improve our services. Please note that this will only be conducted on the basis that your Personal Data is completely anonymised, to the extent that you will not be capable of being identified from such information if we were to share it externally.
We will not pass any of your Personal Information from which you can be identified to any person unless you have specifically agreed in writing that we may do so.
We will not export your Personal Information outside the European Economic Area unless you have specifically requested us in writing to do so.
We will keep your Personal Information for as long as you wish to receive our communications and thereafter for the period required to meet our business, legal or regulatory responsibilities.
To determine the appropriate retention period for Personal Information, we will consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
3 Disclosure of your Personal Information
You consent to us disclosing your Personal Information to third parties:
- if we sell or buy any business or assets, in which case we may disclose your Personal Information to the prospective seller or buyer of such business or assets;
- if we are under a duty to disclose or share your Personal Information to comply with any legal obligation, or to enforce or apply such other terms as apply to our relationship, or to protect the rights, property, or safety of our customers, ourselves, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection; and
- if we determine that such disclosure is necessary to any investigation or complaint regarding your use of the Website.
We will not share your Personal Information for marketing purposes with companies outside Navigate.
Certain parts of the Website use “cookies” to keep track of how people search for and visit our website. A cookie is a small data file that is placed on the hard-drive of your device, with your permission, when you visit a website. Cookies allow web applications to respond to you as an individual, by tailoring operations to your needs, likes and dislikes. They do this by gathering and remembering information about your preferences. Ultimately, this helps us to provide you with personalised content and a better browsing experience.
The information stored in cookies is never shared with any third party, except for Google Analytics which is anonymous, aggregated data used purely for statistical purposes and which helps the Website to function. Cookies only contain information such as the pages you have visited. This allows us to calculate the number of visitors to our Website and to see how visitors navigate around the website when they are using it. The only personal information a cookie contains is information that you have personally supplied.
Our cookies do not directly read any other data from your computer’s hard-drive or read cookies created by other websites that you have visited.
You do not have to accept cookies. You can refuse to accept cookies by activating the function on your browser which allows you to decline the setting of cookies. However, if you refuse to accept cookies this may affect your browsing experience and leave you unable to access certain parts of the Website. See http://www.allaboutcookies.org for more information about cookies and how to disable them in your browser.
5 Marketing communications
Where we send marketing communications to you via email, you may opt out of receiving any further marketing communications by clicking the ‘unsubscribe’ or ‘opt-out’ function in the email. In addition, you can also exercise your opt-out right at any time by contacting us at email@example.com or by post (see Section 9 for more details) and providing the following information: your name, your email address, a contact telephone number and details of the marketing communications you would like to opt out of receiving.
Our Website may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
While we will make all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and, for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet.
If you have any particular concerns about your information, please contact us by email at: firstname.lastname@example.org or by post (see Section 9 for more details).
We have put in place strict operational procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
If you have any queries or complaints regarding our use of your personal information, please let us know via the contact points in Section 9 below.
If you are unhappy about our processing of your Personal Information, or our response to your concerns about that processing, you have the right to lodge a complaint with your local data protection authority.
9 How to contact us
By email at: email@example.com
Or, by post: Data Protection Officer, NavigateNDC Limited, 2nd Floor, Merchant Exchange, Waters Green, Macclesfield SK11 6JX.
General compliance statement for clients, candidates, associates and contracting purposes
NavigateNDC’s compliance with the current Data Protection Act (DPA), has assisted us well in managing the new laws and ensuring our practice is transparent to you in terms of how we collect, store, and use personal data. We only store and process data for legitimate business reasons, including the purpose of contracting with clients, candidates and associates.
You have our assurance that:
- We store and process personal information for legitimate business reasons only
- We store and process data internally and pass it to (i) our clients, (ii) our umbrella company Paystream (if the work is subject to the IR35 ruling), and (iii) HMRC when we make quarterly our return to them;
- We always gain separate consent from clients, candidates and associates for separate processing activities. For example, for our associates working in interim roles we will only ever put their details forward for a role we have discussed with them. For candidates involved in permanent campaigns we will not transfer their data between campaigns without their prior consent;
- We maintain an audit trail in our records to show we have gained consent be that through a telephone conversation, an e mail or a data capture process;
- We never send associate’s/candidate’s details to clients speculatively or without their consent; and
- All submissions of associate’s/candidate’s data to a client will be for a valid role. In the case of interim work, we will contact associates and give them details of the vacancy before we send their CV to the client
Confirmation of how and where our data is stored.
Our data is held securely on our encrypted server, backed up to an encrypted off-site server, and is accessible only by NavigateNDC employees whose identity is verified through a secure log-on process.
Our data management software is FileFinder.
Our e mail provider is Microsoft 365.
Our associate data is stored in either Microsoft Word or Adobe PDF format, on an encrypted server on our business site and backed-up to an encrypted off site server to ensure adequate provision for business continuity.
We ensure our contracts and data sharing agreements are compliant through
Our contracts are legally approved as fit for purpose;
Our data management and storage software (i.e. Filefinder and Microsoft word/outlook 365) is secure and only accessible by NavigateNDC employees as per the above;
All associates/candidates whose details we hold have granted their explicit consent to us holding, storing, and sharing their data for legitimate business reasons and
Associates/candidates have the right to withdraw their consent at any time and we will remove their data within seven working days from our systems.
We have been working toward compliance since September 2017 and we are able to show our progress toward compliance at all stages of our project completion.
In return we expect all clients to be similarly GDPR compliant/working toward compliance and to destroy all data from individuals who have been rejected from any recruitment processes, interim or permanent, and that it is compliant in relation to individuals who are successfully appointed into a role.
We hope this provides you with the requisite information about our compliance with the duty and how we at NavigateNDC continue to offer a high-quality service to all with whom we work.