DLRC Limited: Business Privacy Notice
Data controller: Dianne Lee, DLRC Ltd, Suite 201 Nexus Building, Broadway, Letchworth Garden City SG6 3TA
DLRC collects and processes personal data relating to its business partners and prospective partners to manage the business relationship. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect?
The organisation may collect and process a range of information about you. This includes:
- your name, company details, business address and contact details, including email address and telephone number and gender
- information you supply to us through our website contact form or via email
- in the case of a prospective employee, additional information will be requested, and this is detailed in the Company’s Job Application Privacy Notice.
The organisation may collect this information in a variety of ways. For example, data might be collected through contact forms or emails; from telephone contact or meetings or obtained from your business card or company information that you supply.
Data will be stored in a range of different places, including in our email system, on the company’s databases and in other IT systems.
Why does the organisation process personal data?
The organisation needs to process data to maintain contact with you and your organization, and to enter into business agreements with you. In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations.
In other cases, the organisation has a legitimate interest in processing personal data in order to:
- run recruitment and promotion processes
- maintain accurate and up-to-date employment records
- operate and keep a record of employee performance for succession planning and project management purposes to ensure we are able to meet client needs
- run a client focused business by providing information about our employees in order to meet project requirements or for business development purposes
- obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities and meet its obligations under health and safety law
- ensure effective general HR and business administration
- provide references on request for current or former employees
- maintain training records as required by Good Clinical Practice
- respond to and defend against legal claims
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities).
Who has access to data?
The organisation shares your data internally in order to manage its business effectively and take appropriate advice where necessary.
Your data may be transferred to countries outside the European Economic Area (EEA) for business development purposes. Data is transferred outside the EEA on the basis of declaration of adequacy, binding corporate rules or other safeguards.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. DLRC laptops and cloud-based storage systems are encrypted. Restrictions are set within the system to allow access to personal data by only the necessary personnel.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The organisation will hold personal data for the following periods:
- Candidate CV’s – 12 months from the date of application
- Personal employment data – 7 years
- Training records – 25 years
- Client data personal data –for up to 6 years after any contract has lapsed
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request
- require the organisation to change incorrect or incomplete data
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing
If you would like to exercise any of these rights, please contact Dianne Lee at the DLRC address.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.