Personal data is any data that identifies a living person. We process personal data for a number of reasons and the way we collect data and the lawful basis for processing the data will differ. The information provided below explains how we process and manage data.
Our clients are trading companies represented by their managers. We do have a small number of private clients who are senior managers but who come to us as individuals. We do not trade otherwise with consumers.
Data protection registration
We are registered with the ICO, the UK data protection regulator. Our registration number is ZA169801. Our current registration expires on 24 April 2020.
Collection of personal data
We collect and process the following personal data.
We obtain personal information from individuals who we meet at business events. An example is where they give us a business card. We also collect personal data when we converse with potential clients. This information includes the person’s name, job title, email address, company name and contact details.
Publicly available data
We may source personal data from Companies House, company websites, news articles (online, journals and newspapers) and other web-based searches of publicly available data.
When web visitors subscribe to our newsletter via our website we collect only an email address. Where a person asks us to get in touch we will collect name, company, job title email address and telephone number. Where people sign up to our free programmes we collect name, job title, company name and email address. Where people use our free-to-access tools we require an email address to access bespoke reports.
Some of the projects we undertake for clients will require us to access personal data that they control, such as data about their employees and managers. For example, we may undertake job evaluation or job description development, a pay and benefit analysis or implement a redundancy programme. Such projects require TimelessTime consultants to have access to and process data controlled by our clients.
Where client projects involve search and selection of staff as part of a recruitment activity, we will collect details of candidates who match the role requirements. Search will be conducted using online tools. The candidate will be invited to undertake psychometric tests related to personality and ability. We will only collect data where a candidate wishes to be considered for a job for which we are recruiting.
Categories of personal data that we may collect
- Personal details: for example name, job title, company name, email address and mobile phone number.
- Professional details: for example career history, qualifications and other details provided on a curriculum vitae.
- Financial details: for example salary and pension details.
- Health details: for example dietary requirements for those attending our catered seminars. We will also collect data regarding personal health issues if we are supporting client’s employees with health issues.
- Nationality details in order to determine if the person has the right to work in the UK.
- Personality and ability data. This data is collected via psychometric tests completed voluntarily by data subjects. Sue Berry, a TimelessTime Consultant is qualified to administer and interpret such tests (RQTU membership number 248258).
Lawful reasons for processing personal data
We rely on one of four lawful bases for processing personal data.
- Contractual reason. If we have a contract with a client to provide a service, or we are writing a proposal to provide a service to a client.
- Legal obligation. If the law requires us to provide personal data.
- Express consent. Where someone freely signs up to our newsletter, where a candidate freely provides us with their CV or where data is provided by our client in order to provide that client with a service to the general benefit of the subject. In this last case we ensure that our client has express consent.
- Legitimate interests. Where we have a genuine and legitimate reason to process personal data, which is not outweighed by harm to the person’s rights. We have two strands to our legitimate interest. Firstly, we provide a professional consulting service to our clients based on their specific requirements. Those requirements require us to control and process personal data. Secondly, we undertake direct marketing, delivering high quality management and HR content to clients, subscribers and others who express an interest in the field of people management.
We are firmly commitment to your privacy and the protection of your information.
Why did you receive an email from us?
If you received a mailing from us, (a) your email address is either listed with us as someone who has expressly shared this address for the purpose of receiving information in the future (“opt-in”), or (b) you have registered or purchased or otherwise have an existing relationship with us. We respect your time and attention by controlling the frequency of our mailings.
How we protect your privacy
We use security measures to protect against the loss, misuse and alteration of data used by our system.
How can you stop receiving email from us?
Each email sent contains an easy, automated way for you to cease receiving email from us, or to change your expressed interests. If you wish to do this, simply follow the instructions at the end of any email.
If you have received unwanted, unsolicited email sent via this system or purporting to be sent via this system, please forward a copy of that email with your comments to firstname.lastname@example.org for review.
Cookies are used on this site to bring an enhanced browsing experience and allow some of our free tools to function.
Cookies are small text files stored on your computer by your browser. They're used for many things, such as remembering whether you've visited the site before, so that you remain logged in - or to help us work out how many new website visitors we get each month. They contain information about the use of your computer but don't include personal information about you (they don't store your name, for instance).
By accessing this Website, you agree that cookies may be used on your device. You can opt to disable cookies on your browser at any time, however some features may cease to work. More information on this can be found elsewhere on the Internet.
We may collect information automatically when you visit the website, using cookies.
The cookies allow us to identify your computer and find out details about your last visit to our website.
The information collected by cookies does not personally identify you; it includes general information about your computer settings, your connection to the Internet such as operating system and platform, IP address, your browsing patterns and timings of browsing on our website and your location.
Your rights as a data subject
You have the following rights under GDPR.
1. Right to be informed.
2. Right of access.
You have the right to access your data. You can do this by making a subject access request. Once we have the information we need to confirm your identity, we will provide the data to you within one month.
3. Right to rectification.
You have the right to have incorrect or incomplete data updated. Unless we have a valid reason to refuse rectification we will update our systems within one month.
4. Right to erasure.
You have ‘the right to be forgotton’. You can ask us to erase your data. Provided that we have no legitimate obligation to retain data we will erase you data within one month.
5. Right to restrict processing.
You can restrict the use of your personal data, allowing us to store your personal data but not use it. Provided that we have no legitimate obligation to use the data we will comply with your request within one month.
6. Right to data portability.
Data portability refers to the right to allow your data to be transferred to another controller in a structured manner. This right is more relevant to scenarios where you might wish to change your utilities provider and is not really relevant to us.
7. Right to object.
You have the right to object to the processing of your personal data being used for direct marketing purposes. Each newsletter, or other form of information has an unsubscribe button at the bottom of the email. This will automatically unsubscribe you from all direct marketing sent out by TimelessTime. If you wish to object further we will respond to your objection within one month. We may require to keep limited information to prove that we have complied with your request.
8. Right regarding automated decision making and profiling.
We do not make any decisions regarding personal data based purely on automated systems.
Accountability and governance
We manage our business embracing the ISO 9001:2015 international quality standard. As part of our rigorous internal audit process we review all our policies, procedures and processes on a regular basis. This means that we are confident that we are complaint with GDPR since we are compliant with ISO 9001:2015. You can read our Quality Policy on the About page on our website.