The Company collects, and processes personal data relating to and provided by existing, potential and former business contacts. To be transparent about how it acquires and uses personal data the Company has policies and notices tailored to the circumstances and purposes under which processing takes place. This Privacy Notice summaries the rights and responsibilities which apply when personal data is captured in the general operation of the business. Where personal data is provided in connection with employment and recruitment the Company Data Protection Policy for Applicants, Employees, Workers and Contractors is available. This governs how personal data in connection with these positions is handled.
Please be aware that where an individual provides personal data to the Company by way of actions and communications whether, visual verbal, written, technological or by any other means this may of itself or in conjunction with other consent, or legitimate purpose constitute acceptance of the processing of personal data in accordance with this Privacy Notice and the company’s data policies as applicable.
1. What Information Does the Company Collect?
The Company gathers a range of information in the normal course of business. Personal information may be acquired through networking, marketing, purchasing, training and recruitment. Information comes from sources such as business cards, e-mail address and business correspondence, job applications, pre-employment assessments, interviews, and general communications.
Information of a personal nature may also be supplied to us in the context of business as part of contractual dealings and commercial activities, in matters governed by law and regulation and in connection with licensing, compliance and membership purposes as well as in connection with our security arrangements, business premises, website interaction, IT systems and so forth.
Personal Information we receive will commonly include but is not limited to:
• name, addresses, gender date of birth, marital status;
• contact details for individuals, and their dependants, next of kin and emergency contacts;
• job title, skills, experience, information about employment (or services);
• financial, taxation, pension, details;
• identification documents and other formal identifiers;
• qualifications, training insurance cover licences and permissions;
• membership of professional or regulated bodies
• electronic information in relation to use of IT systems/swipe cards/telephone systems;
• images (whether captured on CCTV, by photograph or video);
• information about medical or health conditions;
• equal opportunities monitoring information;
• any other category of personal data which may be notified to the Company from time to time.
In some cases, with consent, the Company collects personal data from third parties, such as references, information from criminal records checks, or credit reference agencies as permitted by law.
Data will be stored in a range of places, including the Company’s and or its contractors HR manual and electronic filing system, cloud-based depositories, cameras, the Company’s email facility and other IT systems.
2. Why Does the Company Process Personal Data?
The Company needs to process data to; operate its business; enter into and honour its obligations under contract; comply with legal, regulatory and statutory requirements; audit and monitor its performance and that of subcontractors and contractors. It also processes data in connection with job applications, employment, and other contractual matters including managing any funds in which you are an investor or potential investor therein.
The Company has a legitimate interest in processing personal data before, during and after a contractual or business relationship. Processing data allows the Company to: ensure effective business administration; to operate, control, monitor and analyse systems, resource and productivity; maintain records; manage personnel and business relationships; document Health and Safety provisions, arrangements, incidents and risk assessments; and respond to and defend against legal claims.
Some special categories of personal data, such as information about health or medical conditions, and sensitive data relating to criminal records or driving offences are processed to comply with a legal or statutory obligation, where our insurers require it, or where we believe it is in our legitimate best interests to have made a criminal records check.
Rare circumstances where the Company may elect to release sensitive information might include: where it is in the public domain, or there is a need to protect the interest of someone unable to give consent which may arise in a first aid emergency. Criminal convictions may be referenced during a legal claim and or litigation.
Other special categories of personal data including: information about ethnic origin, sexual orientation, religion or belief, collected for the purposes of equal opportunities monitoring are only processed with an individual’s consent and it is usually anonymised whereupon it ceases to be personal data.
3. Who Has Access to The Data?
Data may be shared internally, as necessary for personnel to carry out their role or for the conduct of our business.
The Company may share data with third parties:
• to obtain references from other employers;
• as required by law sharing data with statutory bodies such as, but not limited to, the HMRC, the Pensions Regulator, and when applicable the HSE and the local authority for RIDDOR reporting, and when requested to do so with the police, court services and similar bodies; and in the context of a sale, assignment or novation of some or all of its business and in those circumstances the data will be subject to confidentiality arrangements.
The Company also shares your data with third parties who directly or indirectly:
• process data on its behalf, in connection with TUPE, HR services, payroll, the provision of benefits and the provision of occupational health services as required and where applicable;
• provide security services at and for company and associated company premises;
• host, maintain, service, develop and secure IT domains, websites platforms and software;
• assist with auditing, compliance monitoring and corporate functions;
• provide goods and services to the company and require personal data in the provision of such;
• are responsible for the safeguarding of persons or property that the Company has a legal or contractual obligation to honour; and
other employees within the Bluefield Group of Companies including Bluefield Services Limited, and Bluefield Operations Limited within the Legal, HR, and Management functions, where such persons are called upon to administer group wide HR, legal and financial matters, and those who create and manage policies, business contracts and business relationships.
The data that we collect may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for one of the third parties we contract with and may be engaged in, among other things, processing of personal data.
4 Where personal data is transferred outside of the EEA,
The Company is committed to a similar degree of protection in respect of personal information whether processing inside or outside the EEA. We will take all steps reasonably necessary to ensure that data is treated securely and in accordance with the provisions set out in the data handling policies to which we adhere and the legal constraints that apply. This will include requiring companies outside of the EEA to adopt acceptable terms and practices under template clauses approved by the EEA, Privacy Shield Protections and template terms conditions template documentation and other secure methods required by the European Commission shall also be used to protect the individuals rights in processing data outside the European Community limits.
5 How Does the Company Protect Data?
The Company has internal policies, procedures, technologies and controls in place, from the point of collection to the point of destruction, to protect personal data against loss, malicious or accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by individuals in the proper performance of their duties Where information is provided to the Company by means of acceptance of website Terms and Conditions or User Agreements with a host company, individuals are reminded to be vigilant regarding the detail and to satisfy themselves that these terms and conditions are reflective of the consent they wish to bestow.
6 How Long Does the Company Keep Data For?
Personal data will be held only for so long as it is appropriate to do so. This period will vary depending upon the reason for retention. Data will be periodically assessed to determine whether a cull or edit of information is necessary.
Where the sole legitimacy for retention is based upon the consent of an individual this will determine for how long it is retained. In other circumstances the period of retention will be linked to any:
• legal period of retention appropriate to comply with the statute of limitations; pending litigation; and or statutory requirement;
• contractual requirement; and,or
• legitimate interest of the Company.
7 Data Subjects and their Rights
A data subject is now entitled to the following rights in connection with their personal data. These are to:
• know what data is held;
• access and obtain a copy of that data on request, and to request a transfer of data to another data controller;
• require the Company to change incorrect or incomplete data;
• require the Company to delete or stop processing personal data, for example where the data is no longer necessary for the purposes of processing;
• object to the processing of personal data where the Company is relying on its legitimate interests as the legal ground for processing;
• not to be subject to automated decision making (with some exceptions);
• to be notified of a data security breach in specified circumstances;
• to withdraw consent to processing where this was the legal basis relied upon for any such processing; and
• to complain to the Information Commissioner Office https://ico.org.uk/concerns/.
If you wish to operate your rights in connection with this Notice the information below will assist you with your communication.
Company Name: Bluefield Partners LLP: registered number: OC348071
Company Address: 40 Queen Anne Street, London, W1G 9EL
Group Data Controller: James Armstrong, Managing Partner, Bluefield Partners LLP
Data Privacy Officer: James Armstrong, Managing Partner, Bluefield Partners LLP
Contact Details: 6 New Street Square, New Fetter Lane, London, EC4A 3BF Telephone: 0207 078 0023
Email: jarmstrong@bluefieldllp.com