Privacy Notice, Two Purl Row (an HR consultancy and a trading name of One Purl Row Limited
Your privacy is important to us. Please read this privacy notice carefully as it contains information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
Our use of your personal data is subject to your instructions, the GDPR, local laws and our professional duty of confidentiality
The websites are not intended for children and we do not knowingly collect data relating to children. If you are under 16 years of age, you may not submit any personal data to us.
To enable us to ensure your data is accurate and current please let us know if any details change during your relationship with us.
This website may include links to third party websites, plug-ins and applications. We do not control third party websites. If you click on a link which takes you to another website we encourage you to read their privacy notice.
Personal data we may collect from you
- Contact details of you or your employee(s) including your name, address, telephone number, e-mail where required to assist in an HR matter
- Your position, role, employer, company or organisation
- Information to check client identity
- Information to enable us to undertake financial checks on a client
- Information about the matter you are seeking advice about
- Employment records including those of individuals who work for your organisation. Depending on the nature of the issue, this may include any relevant information in your records and may include, for example:
- sickness and attendance
- conduct and grievance
- racial or ethnic origin
- gender and sexual orientation
- religious or similar beliefs
- health information and/or medical records
- racial or ethnic origin
- gender and sexual orientation
- religious or similar beliefs
- trade union membership
- pension arrangements
- learning and development records
- pay records
- details of criminal record data (where permitted by law and appropriate to do so) such as existence of prior criminal offences
How your personal data is collected
We collect most personal data directly from you, but we may also collect personal data from your employer and/or the company which is our client, purchaser or supplier.
We may also collect personal data from:
- Publicly accessible sources such as Companies House, social media platforms such as LinkedIn
- Third party providers such as credit reference agencies, due diligence providers
- Third party providers with your consent such as consultants or other professionals we may engage in relation to an HR matter; your trade union, professional body or pension administrators; your doctors, medical and occupational health professionals
How and when we use your personal data
- To comply with our legal and regulatory obligations
- For the performance of our contract or to take steps at your request before entering into a contract
- To assist you in defending an employment claim
- For our legitimate interests or those of a third party (e.g. when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests)
- When you have given consent
What we use your personal data for and why
|What we use your personal data for||The reasons for using your personal data|
|To register or to obtain details of prospective new instructions||For the performance of our contract with a client or to take steps a client’s request before entering into a contract.|
|To provide HR services||For the performance of our contractFor our legitimate interest or those of a third party|
|Conducting due diligence checks to verify the identity and financial status of our clients||To comply with our legal and regulatory obligations|
|Managing our relationship with clients e.g. notifying clients of changes to our terms of business or this notice||For the performance of our contractTo comply with legitimate interests or those of a third party|
|Gathering and providing information in relation to audits, enquiries or investigations by regulatory bodies||To comply with our legal and regulatory obligations|
|Ensuring business policies are adhered to||For our legitimate interests or those of a third party|
|Statistical analysis to help us manage our business e.g. in relation to our financial performance, client base, work type or other efficiency measures||For our legitimate interests or those of a third party|
|Preventing unauthorised access and modifications to systems and protecting our business and our website||For our legitimate interests or those of a third partyTo comply with our legal and regulatory obligations|
|Updating client records||For the performance of our contract with a client or to take steps at a client’s request before entering into a contractTo comply with our legal and regulatory obligations|
|Ensuring safe working practices, staff administration and assessments||To comply with our legal and regulatory obligationsFor our legitimate interests or those of a third party|
|Marketing our services to:– |
Existing and former clients–
Third parties who have previously expressed an interest in our services– Third parties with whom we have had no previous dealings
|For our legitimate interests or those of a third party|
|Credit reference checks via external credit reference agencies||To comply with our legal and regulatory obligationsFor our legitimate interests or those of a third party|
|External audits and quality checks e.g. our accounts||To comply with our legal and regulatory obligationsFor our legitimate interests or those of a third party|
|Managing our relationships with third party purchaser/supplier||For the performance of our contract with a third party purchaser/supplierTo comply with our legal and regulatory obligationsFor our legitimate interests or those of a third party|
We will only process special category personal data where:
- we have your explicit consent
- where this is necessary to protect your vital interests or those of a third party
- where it is a requirement for reasons of substantial public interest
- as permitted by applicable law
We may use your personal data to send you updates which may be of interest to you about the services we provide.
We usually have a legitimate business interest in processing your personal data for promotional purposes. However, where consent is needed, we will ask you for this before contacting you.
We will not share your data with third parties for marketing purposes.
You have the right to opt-out of receiving promotional communications at any time by using the appropriate links in e-mails sent to you.
We may ask you to confirm or update your marketing preferences if:
- you instruct us to provide further services in the future
- data protection law changes
- business changes occur which require us to do so
Who we share your personal data with
- professional advisers who we instruct on your behalf or refer you to e.g. solicitors
- third parties where necessary to carry out your instructions e.g. Office of National Statistics, HMRC, HSE
- appropriate parties in the event of emergencies
- your employer (to enable us to provide HR services)
- credit reference agencies
- our insurers and brokers
- external auditors (in relation to accounts)
- our banks
- third parties we use to make our business more efficient e.g. IT and communication suppliers, administration services, HR database suppliers, learning and development platform suppliers, telephone answering services
- other delegates, if you attend an event
We may be required to share information with law enforcement agencies and regulatory bodies for compliance purposes.
We may need to share information with third parties if we consider a change in business structure or business ownership.
Where your personal data is held
Information may be held at our office and at the office of third parties. Some of these third parties may store data outside the European Economic Area. If so we will use a clause in our contracts which has been approved by the European Commission. Data may also be passed outside the EEA if you are based outside the EEA or there is a global aspect to the matter we are assisting with.
How long your personal data will be kept
You data will not be kept longer than necessary for the purposes set out in the notice. Different retention periods apply for different types of data.
We may retain your data after we have dealt with your matter to respond to any questions, complaints or claims made by you or on your behalf, to show that we treated you fairly and also for legal compliance.
- to be provided with a copy of your personal data
- to require us to correct any errors in your personal data
- to be forgotten by asking us to delete your personal data (in some circumstances)
- to restrict the use of your personal data
- to receive the personal data you provided to us in a format you can share with another third party
- to object to your personal data being processed for direct marketing
- to not be subject to a decision based solely on automated processing
- to withdraw consent to process your personal data when you have provided such consent
- to raise a complaint with the ICO
Keeping your personal data secure
We limit access to your personal data to those who have genuine business need to access it. If there is any suspected data security breach we will report it in line with legal requirements.
e-mail firstname.lastname@example.org if you have concerns.
Privacy Notice Amendments
This document was published on 22nd November 2018. It may be changed from time to time. Any amendments will be posted on our website.