Privacy and GDPR
Unilink Software Ltd, a company incorporated in England & Wales (registration number 02924046) whose registered office and trading address is Europoint, 5 Lavington Street, London, England, SE1 0NZ , part of The Unilink Group (registration number 08876317).
Unilink Software Ltd is registered with the Information Commissioner as a Data Controller under registration number ZA014190.
Unilink collects and processes personal data relating to its customers and partners in order to manage the business relationship, and collects and processes contact details for individuals who have asked us to contact them. Unilink also collects and processes information on persons interested in working for the organisation, in order to manage the recruitment process and any subsequent employment contract. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect?
1) If you are a customer, potential customer or have expressed an interest in hearing from us:
The organisation collects and processes a small amount of personal information relating to its customers, potential customers, partners and interested parties. This will include for each contact:
- Name
- Business address (if applicable)
- Email address
- Business telephone number (if applicable)
This information may be stored in a number of different places, including the customer contract file, the organisation’s service management system, the email system, and other document stores.
2) If you are a job applicant:
- your name, address and contact details, including email address and personal phone number, date of birth and gender;
- details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the organisation; information about your current level of remuneration, including entitlement to benefits such as pensions;
- information about your nationality and entitlement to work in the UK;
- information about your criminal record; (for some contracts which it operates, Unilink has an exemption to standard reporting periods and may check beyond the standard 6 year levels under the Rehabilitation of Offenders Act);
- information on any disability for which the organisation needs to make reasonable adjustments during the recruitment process. In some cases, the organisation may collect personal data about you from third parties, such as references supplied by former employers, and information from UK security vetting agencies on your security cleared status.
We may record IP addresses for visitors to our website.
Data will be stored in a range of different places, including on your application record, in the organisation’s HR management systems, and on other IT systems (including email).
What we use your personal information for |
Our reasons (“legal basis for processing”) |
Our legitimate interests |
How long is information retained for |
Make and maintain contact with you via your chosen method of communication; disseminate news and information |
Consent Our legitimate interests |
Develop or maintain a business relationship |
For the duration of our business relationship with you, or until you ask us to delete it. Email records are retained for 6 years by default |
Set up and operate a contract with our customers |
Contract Our legal duty |
For the duration of our contract with you. Financial records are required to be kept for at least 7 years from the end of the last company financial year they relate to |
|
Ensure an effective recruitment process is carried out. Prepare for and enter into a contract of employment at your request |
Contract Our legitimate interests |
Recruiting excellent staff. Ensuring effective HR and business administration |
For the duration of our employment contract with you; (unsuccessful applicants’ information is deleted following selection process) |
Ensure compliance with equal opportunities legislation, and duties in relation to individuals with disabilities; meet obligations under health and safety law |
Our legal duty |
For the duration of the recruitment process and any subsequent employment contract |
|
Respond to and defend against legal claims |
Our legitimate interests |
Protecting the assets and reputation of the organisation |
For the duration of the contract |
Perform checks on your right to work in the UK |
Our legal duty |
For the duration of the recruitment process and any subsequent employment contract |
|
Website performance metrics; see the cookie policy for more information |
Our legitimate interests |
Measuring the performance of our website and improving our service to our customers and visitors |
See the cookie policy for more information |
Who will have access to my data?
Your information will be shared internally within Unilink, with only those members of Unilink staff who need access to it (such as HR for processing of applications) or who may need to contact you. Your information will not be shared outside the organisation or used for any purpose other than those stated above, apart from the following:
The organisation may share your data with third parties in order to obtain pre-employment references from other employers. The organisation also shares your data with UK security vetting agencies (where applicable) in order to confirm or obtain security clearance for applicants.
Personal data may be shared with Unilink’s legal representatives to be used as necessary within any legal process in which the company might become engaged.
Data processors on behalf of Unilink may themselves be situated abroad, and your data may be transferred outside the UK for the defined processing, however, Unilink Software Limited will remain the Data Controller and ensure safeguards are in place for the processing. If your data is transferred outside the EEA, it will be to an approved third country on the GDPR approved country list, or with special precautions in place to perform an international transfer in line with the GDPR.
Unless legally obligated, such as an order from court, your personal details will not be transferred outside the United Kingdom and its Crown Dependencies without obtaining permission, or as required to fulfil a business contract with a non-UK/Crown Dependency client/potential client. Transfers to/from the EEA will be treated in line with GDPR compliant standard contractual clauses or, where possible, binding corporate rules, ensuring that data resident within the EEA/EU is treated in line with GDPR. Depending on the specific data sharing and your role, the EEA Supervisory Authority may differ.
For the purposes of website performance monitoring your IP address and other details pertaining to your use of our website may be shared with third party companies who will process the data on our behalf. This will be done in line with contractual obligations to ensure your data remains safe. In particular, your contact details, if you choose to provide them, are shared with our partner, Mailchimp, for the purpose of maintaining email distribution lists (see their Privacy Policy here). Your IP address, if you consent to our recording it, is shared with our partner, Spotler for the purpose of creating and maintaining business contacts (see their Privacy Policy here).
How does the organisation protect data?
The organisation takes the security of your data seriously. Unilink is certified to ISO27001, the international standard for information security management, and has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by Unilink employees in the performance of their duties.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of either a written agreement specifying what technical and organisational measures they need to take to ensure the security of data, and are under a duty of confidentiality, or as part of a risk assessment against the documented security policies for the third party. Unilink manage this as part of the ISO27001 compliance with Annex A/§15 of the standard.
Your rights
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the organisation to change incorrect incomplete, or out-dated data;
- require the organisation to delete your data;
- object to the organisation processing your data, and ask us to stop.
If you would like to exercise any of these rights, please contact the Data Protection Officer at Unilink.
If you believe that Unilink have not complied with your data protection rights, you can complain to the Information Commissioner.